[Nix-dev] The Church of Suckless NixOS is looking for followers

Adrien Devresse Adev at adev.name
Tue Mar 21 13:47:00 CET 2017


Le 21. 03. 17 à 11:52, Alexey Shmalko a écrit :
> Eelco Dolstra <eelco.dolstra at logicblox.com> writes:
>
>> Hi,
>>
>> On 03/19/2017 12:10 PM, Jan Malakhovski wrote:
>>
>>> William Casarin <bill at casarin.me> writes:
>>>
>>>> I tried to run NixOS on my eeepc, it feels a lot more sluggish than when
>>>> I used to run arch on it. I would love to see how this plays out, if
>>>> only to have
>>>> a smaller, lightweight version of NixOS to run on my pi's and eeepc.
>>> For eeePC try disabling hardening. Seriously. 
>> Hm, I wasn't aware hardening has a significant performance impact. Do you have
>> more info on that?
> Basically, most of hardening is inserting runtime checks into
> application. (e.g., inserting buffer overflow checks.) So it takes some
> additional CPU cycles to check.
>
> Some hardenings also insert additional values on stack (e.g., canaries),
> so application consumes more memory.
>
> I could say, on modern desktop computers the performance penalty is
> neglectable, but there are old hardware (where software is sluggish
> already), embedde devices, and various cases when "performance matters."

That also depend of the kind of hardening :

- _FORTIFY_SOURCE=2 is static and has, we can say, no impact.

- -fstrack-protector-strong has almost not impact on any modern machine
from Raspberry PI to modern laptop

- PIE can have an impact on some specific code ( with performance
critical sections with bad inlining )


However, all major Linux distributions without exceptions enable
"moderate" hardening by default for very good reasons, and all of them
can run on eeePC without issues.

If your aim is not to run NixOS on arduino, or little embedded MIPS or
RISC-V machines, it does not matter at all. If you want to run on this
can of machine, you know what you are doing and you know how to tune
your code anyway.


Regards,
Adev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170321/308eddc7/attachment.sig>


More information about the nix-dev mailing list