Windows 11 has the option to protect parts of your filesystem. You may want to enable that.
Why? Because otherwise, pretty much any app with the exception of those locked in a web browser can read anything in userspace on your pc. Which is basically everything unless you've taken extra steps.
That's been the norm for quite a while, and unlike android, microsoft is hesitant to ditch the old thing and add in a prompt "app x is asking for file permission (yes/no)" because they want old software to work with new things.
On for linux, you'll have to make an extra user, install acl support and pray it doesn't accidentally get written incorrectly by some random app. That is, if you get something like hexos for example. You can roll your own as well.
On mac, don't bother. Apple has been caught routinely lying about their security and just straight up not fixing major security flaws. Dump your stuff on an external drive and unplug it when you're done. That goes for their desktops and phones.
edit: inb4 "whats on your iphone stays on your iphone"
I might just start bundling my apps inside an environment setup with nix inside docker. A lot of them are similar to identical, So those docker images actually share a lot of layers under the hood.
My apps after compiling and packaging are usually around 50mb. That's 48mb of debian, which is entirely shared between all the images that I build. So the eventual size of my deployed applications isn't nearly as big as they seem from the size of the tarball being sent around. So for 10 apps, that's not 500mb, that's 68mb.
If anything, the docker hub and registry are a bit of a mess.
you can trust the nix repositories aren't going to change
That, I do not. And storing the source and such for every dependency would be bigger than, and result in essentially the same thing as an image.
I think you're trying to achieve something different than what docker is for. Docker is like installing onto an empty computer then shipping the entire machine to the end user. You pretty much guarantee thing will work. (yes this is oversimplified)
The issue is, nix builds are only guaranteed to be reproducible if the dependencies don't change. Which they shouldn't, but you can't trust the internet to be consistent. Things won't be there to be fetched forever.
Images do. And you can turn one into a container in seconds. I suppose it's a matter of preference. I like one a package to be independent
Hold up, nix added containerization? How did I miss that? I will have another look now!
Also, you're right. For small quick scripts docker can be a hassle. Nowadays though I add building a docker image as part of my project's build/compilation process. The main reason I do this is so that I can work with whatever machine I happen to be on, then just copy paste the app to whatever machine I want it on. No extra config or even a look at the environment required. Just install docker and forget about the rest
update: installing docker on nixos (on a vm) with a nix package failed, not sure why. Perhaps some dependencies were no longer available?
update: nix is is available as a docker image. I'm running it now, we shall see how it goes
Perhaps it's improved over the last year, I can give it a shot. But yes, for my own packaged applications without shared dependencies, docker is handy. And that's exclusively what I run
When I tried it it looked really cool. Up until it just.. didn't work. And then looking around I found a bunch of people giving me better snippets of scripts and it was not helpful
But given I just need docker and nothing more, I did not bother and looked further
Tried it, but some apps depend on spawning other python processes. Half the time that results in them breaking out of the env cuz they're using the python in the system path
Yep, and for cars most of the noise comes from the tires. A muffler won't help that