December 23, 2025
VMs, Vibes, and Very Loud Opinions
Towards a secure peer-to-peer app platform for Clan
Clan’s P2P app plan sparks fight: freedom boost or control creep
TLDR: Clan proposes a peer‑to‑peer app platform using tiny virtual machines and Nix to make apps fast, safe, and shareable. The crowd split: some love the promise of speed and isolation, others warn it’s app‑store vibes with trust issues—especially around Nix’s supply chain—while a few suggest alternatives like OpenZiti for networking.
Clan says it’s building a peer‑to‑peer app platform so communities can share apps fast and safely, powered by Nix (a package system) and microVMs (tiny virtual machines) with desktop and GPU support. Translation: apps that boot in a blink, look native, and ask for permissions instead of taking them. Sounds sleek—but the comments were chaos.
Skeptics pounced first. One baffled reader asked if this actually solves the “Big Tech convenience” problem or just invents a new sandboxed app store with extra steps. Another went full rebel, calling it “a solution in search of a problem” and warning it could trade user control for slick UX. Then came the grenade: a long rant about Nix’s supply chain—no signed commits, self‑merging maintainers, and build servers you have to trust—ending with “massive attack waiting to happen.” Ouch.
Defenders liked the promise: predictable installs, fast launches, and hardware‑backed isolation that feels safer than today’s patchwork sandboxes. Meanwhile, a helpful commenter dropped a link to OpenZiti for private networking, turning the thread into a feature wishlist. Jokes flew—“VM all the things,” “Is this just Docker with extra drama?”—as the vibe split between dreamers of a FOSS app future and watchdogs shouting “trust is the real bottleneck.”
Key Points
- •Clan is developing a Nix‑based peer‑to‑peer app platform focused on fast installation, pre‑connected services, strong isolation, and permissioned sharing.
- •The platform will integrate a microVM hypervisor with Wayland, GPU virtualization, and D‑Bus portals to balance security with usability.
- •Hardware virtualization is preferred over Linux namespaces to improve security, reproducibility, and portability across host OSes.
- •MicroVMs, popularized by AWS Firecracker and used in Lambda, boot directly into the kernel and achieve sub‑second launch times.
- •Clan adopted Asahi Linux’s muvm (built on libkrun) and combined it with Bubblewrap to run NixOS system closures via the munix script.