Stage HUFF
Playlists:
’38c3′ videos starting here
/
audio
This talk announces the first public release of sixos, a two year project to create a nixpkgs-based operating system using skarnet’s s6 supervisor instead of systemd.
The monolithic design of `systemd` is inconsistent with the UNIX userspace philosophy. Its our-way-or-fork-off policy attracts influence-seekers, and thereby encourages *platform decay* within the free software ecosystem. Systemd’s failure to provide Linux-grade ABI stability („we don’t break userspace“) creates a large and tempting attack surface for *enshittification*.
This talk announces the first public release of [sixos](https://codeberg.org/amjoseph/sixos), a two year project to create a nixpkgs-based operating system using [skarnet](https://skarnet.org/software/)’s [`s6`](https://skarnet.org/software/s6/) instead of `systemd`.
Sixos replaces NixOS modules with the simpler [`infuse`](https://codeberg.org/amjoseph/infuse.nix) combinator. This allows sixos to treat services the same way nixpkgs handles packages:
– A service (`svcs/by-name/…/service.nix`) in sixos is a Nix expression, just like an uninstantiated package (`pkgs/by-name/…/package.nix`) in nixpkgs.
– A sixos target is a derivation, just like an instantiated package in nixpkgs.
– The sixos target set (`targets`) is a scoped fixpoint, just like the nixpkgs instantiated-package set (`pkgs`).
– The `override`, `callPackage`, and `overrideAttrs` tools work on targets and services, just like they do on instantiated and uninstantiated packages.
Whenever possible, sixos retains good ideas pioneered by NixOS, like atomically-activated immutable configurations and the layout of `/run`.
Sixos is not a fork of NixOS. It shares no code with `nixpkgs/nixos`, nor is any part of it derived from NixOS. Sixos and NixOS both depend on `nixpkgs/pkgs`.
On [ownerboot](https://codeberg.org/amjoseph/ownerboot) hardware all [mutable firmware](https://codeberg.org/amjoseph/ownerboot/src/branch/master/doc/owner-controlled.md#clarifications) — all the way back to the reset vector — is versioned, managed, and built as part of the sixos configuration. This *eliminates the artificial distinction between firmware software and non-firmware software*. On NixOS, either the initrd „secrets“ or the software that decrypts them ([ESP](https://en.wikipedia.org/wiki/EFI_system_partition), [initrd ssh keys](https://github.com/NixOS/nixpkgs/blob/6b88838224de5b86f449e9d01755eae4efe4a1e4/nixos/modules/system/boot/initrd-ssh.nix#L73-L76)) is stored unencrypted on writable media. Ownerbooted sixos closes this loophole without any „trusted computing“ voodoo, eliminating all unencrypted storage except for an eeprom whose hardware write-protect pin is connected to ground.
The speaker runs ownerbooted sixos on his workstations, servers, twelve routers, stockpile of disposable laptops, and on his company’s 24-server/768-core buildfarm. So far all of his attempts to run sixos on his snowboard have failed.
Licensed to the public under http://creativecommons.org/licenses/by/4.0
Download
These files contain multiple languages.
This Talk was translated into multiple languages. The files available
for download contain all languages as separate audio-tracks. Most
desktop video players allow you to choose between them.
Please look for “audio tracks” in your desktop video player.
Tags
