• nous@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Nixos still let’s discord and steam download their core files independently of the configuration. These get stored in the users home dir but are effectively not part of the immutable promise. I believe that the crowdstrike problem was caused by a file updated in a similar manor. So would have been an issue on any distro. That is one big problem with a driver relying on files outside the package managers control. At least with steam and discord they cannot take your whole system down.

    • BigDaddyRAAB@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      My understanding is the main problem here is that the machines became effectively unbootable. This wouldn’t happen in nixos because if setup properly all core system files are handled by nixos itself. That being said obviously it depends on how a user manages their system.

      • nous@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Ideally yes. All core files would be handled by nixos. Except I doubt that is how crowedstrike would work on nixos if it existed on nixos.

        Crowedstrikes downloads and manages it own definition file that gets updated multiple times per day. It is this file that was malformed causing the driver to break. This needs to be updated regularly, more then other packages and so would very likely not be something managed by nix package manager but more treated as application data and outside the scope of the nix package manager.

        This is how updates to steam and discord are handled in nixos. Only the core updater is packaged and the rest of the application is self managed. So there is a precedence for this behaviour on nixos (although these won’t break your system if a bad update happens as the files are in your user dir).