Kelsey Hightower on Nix vs. Docker: Is There a Different Way?
Kelsey Hightower took the stage last month in Pasadena, California, for the 22nd annual Southern California Linux Expo. His talk was on a new subject for the Kubernetes expert: Docker alternative Nix.
NixOS foundation president Ron Efroni interviewed Hightower for “An Outsider’s Look at Nix.” Hightower began by saying that last year, he’d finally read the original 2004 Nix paper, which warns that safe, flexible software deployment and upgrading is “a deceivingly hard problem” — before offering its solution.
It had felt like he’d found a “buried treasure,” Hightower told his audience — while putting it in its historical context. “It feels like there was a fork in the road a couple of decades ago, where this problem was definitely apparent.”
He’s remembering again a life-changing moment: the release of Docker. “The reality was that no one had solved this problem.” Reading about Nix’s approach to repeatable software deployment “after going through this whole journey” was almost like a revelation — an epiphany. “I was like, ‘Where were you two decades ago when I was at that fork in the road?’
“Maybe we would’ve went in a different way…”
Why Nix Now?
Asked last September about his 2023 retirement, Hightower told The New Stack it was “more of a saying yes to everything, all the things I was too busy for” — even learning about his own house’s electrical wiring and plumbing. “I just want to know how it all works … And can I do it, too.” But he’s not abandoning tech. Two months ago, Hightower joined cloud native service provider Civo as a board director.
So when Efroni asked why he’d waited so long to read that 2004 Nix paper, Hightower had a ready answer. “I have more time! I retired a year and a half ago. And so I don’t need to pick the technology that is easy to monetize.
“I no longer work at a large cloud provider where customers want to go in a particular direction. So now I just get to do the thing that you get to do in your spare time. I have a lot more of it.”
The Promise of Repeatable Software
And there’s a clear question to answer, Hightower suggests: “How could you make Docker better if you had something like Nix in the middle?” If you look at the image-building instructions in most people’s Dockerfiles, Hightower said, “it’s like a big-ass Bash script, the way most people do things, right?” There are commands to install everything without pausing for confirmations, Hightower jokes, and commands to “download all the npm modules, just in case I need one. And then my app.
“And then you ship this 4TB thing to servers…”
While Dockerfiles ensure this monstrosity is “repeatable” software, “then you spend half your time scanning, looking for vulnerabilities,” Hightower says. “We’re right back to where we were 20 years ago… They just packaged it in another artifact this time…
“I was like: what if we were able to do this differently?”
Hightower also sees a clear connection between what he calls the “SolarWinds debacle” and “a rise in interest in secure supply chains… I think now people are open to a different approach… So instead of generating [a Software Bill of Materials] after you’ve built the application through reverse-engineering, what if you could be way more explicit up front…? That’s been appealing to me.”
Making Problems Better
The potential is there — with caveats. “Notice I’m not saying ‘Nix will replace all the Docker things,'” Hightower emphasized — but it doesn’t need to. “If you can make the current problems better, that’s how I think you bring in more people… It definitely was attractive to someone like me.”
Hightower added honestly that, “A lot of my initial feedback has been: this ain’t usable.” He said it was like showing people Vim’s powerful but complicated command-line interface when all they’d known was the simpler point-and-click world of Microsoft Word. “It feels very foreign if you don’t understand the benefits of what it does when you first look at it.”
Hightower didn’t mince words. “Look, if I had to choose one — I’m choosing Docker.” Mostly because the ultimate goal isn’t better packaging, but to ship something. “So if you’re a developer, you look at all the things you can ship to — Heroku, Cloud Run, Lambda, a VM — and then you’ve got to work on a team of other people. And the hardest thing I’ve seen in technology is to get global consensus…”
That’s Docker’s advantage, Hightower said — it has a rich and established ecosystem. “Is it a better packaging tool than Nix? No. Do people know it? Yes.”
He drove home his point. “That cute little whale did something. People identify with it. So when you say ‘Docker,’ a lot of people understand what that means. You’re probably gonna have a Dockerfile — that moved the needle in terms of at least knowing how to rebuild software.” And he can also quantify Docker’s rich ecosystem. “There’s Docker registries, there’s metadata, there’s all of these things.”
But there’s also a lesson here, Hightower said. In the Docker vs. Nix debate, “It’s not one versus the other, it’s just this usability curve.” And Docker “meets people where they are, then shows them what’s next.” (He also jokes that some tech movements fail this basic test, telling new users, “Delete everything you have and start the right way.”)
Still, when looking at Docker and Nix, beyond the either/or binary choice, “I’m hoping that the two can find some synergies where it’s pragmatic.”
Specifically, Hightower said, “I do think Nix inside of a Docker file, for a lot of people, will solve the reproducible build problem” — while also preserving Docker’s tremendous ease of use on other platforms. “I think that’s probably where you’re going to get a lot of new people learning about this technology for the first time. So when you see them, welcome them.”
Nix represents a different way of building reproducible software, but Nix has its own challenges, and in many ways Docker already won.
So what hope is there for something like Nix in the long run? Come find out tomorrow at the @flox.dev virtual event.
— Kelsey Hightower (@kelseyhightower.com) February 25, 2025 at 10:43 AM
Hard-Won Lessons
Efroni asked for “blunt, hard lessons learned” from Hightower’s journey with Kubernetes (and Docker), and some may have found his answer surprising. “When Kubernetes came out, they were super humble…,” Hightower remembered, adding, “It’s probably hard to believe that now, given their position in things.”
But Docker already had achieved palpable levels of excitement, which Hightower remembers as “like a religion.” (Someone even had a Docker tattoo.) And in real-world production systems, “A lot of people built their culture around it.” There was nothing to do but keep trying to improve. “Every gap there was in Docker on a single server, we focused on. And those became features we called Kubernetes.”
In the end, it was the API-extending “CustomResourceDefinition” (CRD) that was “the game-changer that allowed people from the Mesos community to build their own schedulers. It allowed people from the Docker community to build their own volume types, or whatever custom workload that they wanted to do.”
Hightower had arrived at his message to the Nix community. They’d been welcoming to everyone, with Kubernetes just becoming a kind of underlying layer — “and we were okay with that.” So today, “No one talks about Kubernetes independent of its ecosystem.
“So my advice to you all: What is the Nix ecosystem? Everyone’s going to have different ideas on how to make this core technology work, and I think you’ve got to figure out a way to make sure that they feel like they’re first-class citizens as well… Figure out how to let people solve their own problems, and that will take a little pressure from the core… There’s no reason to not hedge your bets by allowing more people in the community.”
Looking Backwards — And Forwards
Toward the end of the interview, Hightower found himself looking back to when it all began — buying Linux magazine from CompUSA, and installing Linux distros off the CD that came with it.
He also remembered that “a lot of people were just building that stuff in their spare time — they just wanted it to exist.” But this leads to some advice for the Nix community.
“The problem is sustainability.” Communities need a long-term plan, since, among other things, you have to maintain the software and review its pull requests “forever,” or find someone to pass it on to.
“It’s not a marathon, it’s a relay race…. Think about Vim and Neovim, right? Did he pass the baton, or was the baton taken? What happens when the community naturally splits and moves on?”
Another thing to look at: “We’re getting to a point now where people are starting to age out…”
This doesn’t mean projects have to seek out commercial applications — but sometimes they come anyway. (“Linux probably didn’t see itself powering the cloud.”) But here Hightower remembers something else Linux did well, when it enabled functionality-expanding modules for the kernel. “They had that release valve, where you can go build any file system you want without changing the entire kernel.”
And it’s become actionable advice for the Nix community.
“So I would think of it this way: If you want there to be peace in the project, give people extension points where necessary. So that everything doesn’t have to flow into the core in order to feel like it’s a first-class citizen.
“That would be my #1 thing as a maintainer. Give yourself an easy way to say no — and for people to give themselves their own ‘yes’ as long as they’re willing to do the work.”
