Favorite Social Media Timesink
When you take a break from work, where are you going?
Video clips on TikTok/YouTube
X, Bluesky, Mastodon et al...
Web surfing
I do not get distracted by petty amusements
CI/CD / Linux

Flox Readies Nix for the Enterprise

An alternative to Docker, Nix offers cross-platform reproducibility to app deployment, and Flox will offer some much needed management, security and collaboration features.
Feb 9th, 2024 8:00am by
Featued image for: Flox Readies Nix for the Enterprise
Image courtesy of Flox.

Word on the street is that Nix is a fascinating technology — a hybrid of a Linux operating system and package manager — but too unwieldy to be used commercially.

Now, a start-up called Flox is working to dispel that notion and is about to launch a commercially polished version of Nix as a competitive alternative to Docker.

“It’s a whole new approach to building software,” said Ross Turk, head of marketing and developer relations for Flox, in an interview with TNS.

Investors included NEA, Hetz Ventures, and Addition Ventures. Also throwing their money into the hat are angel investors GitHub CEO Thomas Dohmke, Snyk founder Guy Podjarny, and former Docker vice president and current Sotheby’s CTO James Turnbull.

What Is Nix?

Flox got its start as a project of the global investment firm The D.E. Shaw Group. Naturally, the financial firm had a strong set of computational requirements around consistency. Given how much the firm was audited, it was all about reproducibility.

“They needed something that would allow them to be reproducible, even if they were having to reproduce an environment that they created from public sources, which is something that is really, really hard to do,” Turk said.

This is why Nix caught the company’s eye.

Introduced in 2004 as a research project, NixOS is a Linux distribution that uses its own packaging system, Nix, to build itself and support other Linux applications, using a declarative model, a functional build language, and cryptographic hashes that compute unique paths for component instances.

“It produces reliable, reproducible software that’s portable,” Turk explained.


Courtesy of Flox

And this approach has proven to be quite popular.

In its annual Octoverse report, GitHub notes that NixOS/nixpkgs has topped the list of open source projects by contributors, for the last two years.

The Cloud Native Computing Foundation found that, in the past year anyway, Nix has more commits (57,941) than Kubernetes itself (42,680), though Kubernetes has a few more contributors (3,662) than Nix (3,087).

Overall, Nix is in the top five of all open source projects, in terms of contributors, following only LinuxReactKubernetes and Pytorch.

How D.E. Shaw Fixed Nix

The problem DE Shaw soon found was that “Nix is really, really hard for an enterprise to adopt,” Turk admitted.

Nix is complex and multi-layered.  Turk recalled an engineer showing him some code in the Nix configuration language, and, pointing to one line, said this is where the magic happens. Turk recalled looking at the line and remaining befuddled.  “And I’m like, how would anybody ever know that?”

Jokingly, Turk explained “Nix is for people who would like to line up the peas on their fork before they roll them into their mouth.” Meaning, it is for system admins who take an “all-or-nothing approach” and plan out every detail before committing to running the software.

This can be difficult for enterprise adoption.

And because Nix has been such a decentralized community, the tool development has been inconsistently executed. There still is very little in the way of ancillary features for sharing, security, auditing and collaboration.

Nix is a package manager, but lives in user-space.

So work was done at D.E. Shaw to make Nix more admin-friendly, wrapping it in basic package semantics. And thus Flox was born. So instead of writing code or “derivations,” an admin can simply install private packages from a single repository, which basically serves as an internal app store.

“So everybody inside the shop get the same collection of packages. They don’t get them from Debian. They don’t get them from Red Hat. They get them from Flox,” Turk said.

This approach, then, would allow the enterprise to centrally push updates, cache everything, and control what the software the developers deploy.

How Flox Will Work

It starts with the command line interface. You can install the CLI on any version of Linux, and it installs Nix. With the CLI, you can then install packages and activate them, create environments and even layer environments (something you can’t do with Docker). There is also an exchange, an interface for users to easily share environments.

The CLI and the exchange will be ready to go in March, and Flox has built prototypes and is building out the other major components needed to equip Nix for commercial use.

In addition to the CLI, Nix has also created a catalog. The Nix community has already generated 80,000 packages for the platform — Nix-tailored versions of most all the infrastructure-oriented open source software available today. The Flox catalog will republish these. It will also provide a conduit for businesses to store their own, private packages.

The second new component will be a factory,  or online hub, that will execute and automate the build of new environments.

“Let’s say for example, I create a Flox environment on my Mac, and I push it to Flox Hub. The Flox Hub will build that environment for Linux in the background,” Turk said. “The factory is doing proactive builds, so that anytime anybody pushes an environment up, it’s rebuilding it for all the other different targets.”

The last component is the manager interface, built at DE Shaw, which gives managers the ability to do fleet upgrades, and get information about all the environments currently running.

Who Will Run Flox and How Will They Be Charged?

The initial audience will be anyone who is juggling multiple work environments, such as software developers, AI engineers, or data scientists, who may be juggling multiple Jupyter Notebooks or other types of workbenches, noted Graham Hudgins, Flox head of product.

Flox will make it easy for them to spin up environments in a few steps, or to share environments with colleagues, even if you use a Mac and someone else uses Windows.

It will also allow enterprises to dip their toes into Nix, testing it on a small subset of projects.

Flox will run on the open core model, charging for services rendered in the cloud. At this point there is no plan for open sourcing these components.

The catalog will include the paid option for storing private packages. And with the factory, the company will charge per build time. The manager will be available as a paid service as well. There will also be premium features, such as support for generating Software Bill of Materials (SBOMs).

Initially, the company hopes to offer these services in a Software as a Service (SaaS) model on the major cloud providers, and will eventually prep a self-hosted managed version as well.

Courtesy of Flox

How Flox Is Different from Docker

Nix offers more of a declarative environment than Docker; it takes fewer instructions to incorporate the software packages you need, compared to building a Dockerfile. The user, however, is more limited to the packages that can be used — only those available in the repository.

Unlike container, Flox components can easily communicate with applications on the host machine. A copy of VSCode on a machine can interact with a Flox environment.

“It’s not isolated,”  Turk said. “With containers, you usually have to spin up the container, then you have to spend a good five minutes figuring out how to break a hole into it so that you can get your tools in there.”

With Flox, your workspace can be in one environment, a copy of podman can be layered over that in another environment, and the project data can be layered in yet another environment on top of that — all interacting on a single machine.

Nix lets you to do a stack of sets and layer sets together,” Hudgins elaborates. As a result, “you can get a lot more lean images and better sharing and efficiency by building images that way.”

TNS analyst Lawrence Hecht contributed to this report. 

This post has been updated with clarifications around Nix and Flox.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Docker.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.