Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
AnthonyMouse 7 hours ago

How is it in any way a disaster?

Consider how Linux distributions work. Every distribution is distributing variants on the same kernel and utilities, but there are hundreds of distributions and dozens of popular ones each with their own repositories. You can choose whichever you like, and make a different choice than someone else.

Coming in at #31 on DistroWatch is a lightweight distribution called Alpine Linux. It's popular on things like firewalls and VoIP servers but is rarely recommended to ordinary users because that isn't its niche. It doesn't matter that most people haven't heard of it because the people relevant to it have. It's fine for things to have a niche, and the people in that niche are the only ones who need to be familiar with it.

Meanwhile around half of Linux users use Debian derivatives. Debian and Ubuntu are very similar, but their repositories are maintained by different organizations, so even when choosing between two things that are nearly the same, you have different options.

And the distribution is not the only place to get software. Maybe you like a stable distribution in general but you want the bleeding edge drivers for your GPU. You can add the repository for the hardware vendor and still get everything else from the distribution. The vendor doesn't even need to maintain their own full distribution to have enough of a reputation for people to make an informed choice about where they want to get their drivers.

> Building broad trust requires scale on some dimension.

The flaw is in assuming that broad trust is a requirement. Narrow trust is good.

danielmarkbruce 5 hours ago | parent [-]

The long tail of linux distributions work precisely because they need very little trust and are consumed by highly technical users who can verify all manner of things themselves. They especially don't require multi-party verification.

Broad trust is required in lots of situations. Hardware attestation, financial clearing networks, or even physical supply chains. Ie, you have multiple independent parties who need mutual, verifiable trust to operate. Establishing that requires transaction costs like audits, SLAs, legal liability, and cryptographic integration. The economics don't work for 30 different players to cross-verify each other. So, we have oligopolies...