The Linux Thread - The Autist's OS of Choice

[Creative Username]

I don't understand how it sucks so bad at shutdown.
Kill all the processes.
Unmount all the filesystems.
Anything that won't unmount, switch to read-only.
Sync.
Power off/reboot.

Should take less time than it took me to type that.

I think it happens whenever some process triggered to start when I shut the computer down gets really confused and hangs.

At this point I just want to fucking use my computer, not think about its underpinnings too much. I am very much willing to play with all these other init systems, but the spurious waits for a service to shut down is the only thing I'm agitated by.

I only get it in rare cases after a system upgrade. It's probably some shutdown trigger that shits itself because a file was removed.

 

[Lone Wandering Courier]

Despite usb flash drives being incredibly slow, it is still possible to run an actual linux install off of one if you have to. It can be a bit sluggish while doing writes like when updating/installing software but for web browsing it's not THAT bad. Windows on the other hand is just a miserable experience.

Also, I noticed SSDs are rising in price again while I was searching for one to buy for my thinkpad.

 

[Yandex Captcha Solver]

Anyone here installed Linux on a laptop? I wanna give it a shot on my secondary work machine as it's getting a bit too slow for bloaty windows.
I've heard a lot of mixed things from spurgy Reddit threads.

Depends on the laptop. I used to run Arch/Fedora on my Thinkpad and it worked flawlessly from the start, wifi, bluetooth, etc working out of the box. Lenovo laptops generally have great Linux support as RedHat uses them for development (or used to). There will always be a high priority for them to work out of the box without fucking around. Battery life isn't the best on Linux, or at least it wasn't a couple a couple years ago.

The biggest issue with laptops is the wifi and bluetooth drivers. Check device manager on Windows, go to network adapters, and see what wifi module your PC uses. Then just search the wifi module + Linux to see if others have issues with it. Believe Intel cards are the most hassle free but it's been a long time since I've looked into it.

 

[Vesperus]

The biggest issue with laptops is the wifi and bluetooth drivers. Check device manager on Windows, go to network adapters, and see what wifi module your PC uses. Then just search the wifi module + Linux to see if others have issues with it.

It's not something I've done for the sake of installing Linux, but bear in mind there's a good chance you can swap out the module on the motherboard if it's a funky one.

 

[Betonhaus]

is there a webui advanced file manager that can do bulk file moves and renames? And if it could do renaming rules like the windows app ReNamer?

 

[Friendly Primarina]

It's fine until I get that dreaded message about waiting for service to stop on shutdown, because something didn't close gracefully. And it ignores custom timeout settings, so I would probably have to edit offending service file.

I always wondered what that was about. I had always forgotten to check by the following morning, though.

 

[Sperg Coalition]

I don't understand how it sucks so bad at shutdown.
Kill all the processes.
Unmount all the filesystems.
Anything that won't unmount, switch to read-only.
Sync.
Power off/reboot.

Should take less time than it took me to type that.

Slackware works exactly like you described thanks to the fact that it doesn't use systemd but instead uses plain old shell scripts, which means that you can actually read them and see how the system shuts down.

is there a webui advanced file manager that can do bulk file moves and renames? And if it could do renaming rules like the windows app ReNamer?

Have you tried SpaceFM by any chance? Probably it suits your use case.

 

[autosarcophagy]

null should really follow some info on the distros he uses. and definitely when its something like arch. also its already fixed. he can even use telegram to do so. and i don't know shit about Linux.
mesa update might break your system - sudo downgrade mesa

 

[Ahriman]

Running Fedora 39 and so far, considering all the bitch and moaning about Wayland, it just works. Haven't had a single issue yet.

 

[pigbearman]

Isn't their a security issue with flatpaks sandboxing? Or something to do with the fact that its up to the developers to setup the portals? At least that's what this website that I see getting thrown around states (the site), I'm not sure how accurate it still is to this very day though.

There was a response to that My understanding is, that no, it's not perfect (but nothing is), but you can improve the Flatpak, with Flatseal without needing to rebuild it. Developers of flatpaks are supposed to use bubblewrap.

I heard snaps might have a slightly better sandbox system but it also has some issues,

For ages it only supported cgroupsv1 (as late as 2021). With Systemd 254 removing cgroupv1 support, they've had to fix that. Snaps can be sandboxed but unfortunately often are not and it requires things like AppArmor to harden that. You also cannot add a private repository for snaps, they must be on snapcraft's server as the server is closed source.

AppImages

These have no sandboxing, and are just a convenient way to distribute a binary. The most you can do is use Firejail but that also has issues.

Obviously RPM/Deb have no sandboxing, and would require AppArmor or SELInux policies.

 

[ShooterOfCum]

Running Fedora 39 and so far, considering all the bitch and moaning about Wayland, it just works. Haven't had a single issue yet.

I will always recommend Fedora to everyone. Yeah, I know, trannies and systemd, but it just does what it is supposed to do. It doesn't rely on dead software like Cinnamon in Linux Mint or retarded software like in Ubuntu. It's a staging project for a non-meme corporate distribution that solves real problems and it shows.

 

[Doctor Neo Cortex]

There was a response to that My understanding is, that no, it's not perfect (but nothing is), but you can improve the Flatpak, with Flatseal without needing to rebuild it. Developers of flatpaks are supposed to use bubblewrap.

I knew about Flatseal and how it makes dealing with flatpaks security issues much more easier, but I didn't know flatpaks are meant to use bubblewrap, I hope that flathub makes it a requirement as I don't see a lot of dev's putting in the effort to implement it.

For ages it only supported cgroupsv1 (as late as 2021). With Systemd 254 removing cgroupv1 support, they've had to fix that. Snaps can be sandboxed but unfortunately often are not and it requires things like AppArmor to harden that. You also cannot add a private repository for snaps, they must be on snapcraft's server as the server is closed source.

Now this is interesting, as the sandboxing I heard was better than flatpaks but still no where near as good as something like android or ios's sandboxing. But snaps reliance on systemD (which I consider a negative) and canonicals slow response/dev time has resulted in the sandbox being weakend makes that one of the few positives for snaps moot. I did know about the AppArmor reliance but I thought work was also being done on SELinux support, still wouldn't suprise me if that went know where. I also did notice that things like blender or VS code where unconfined on the snap store which makes it seem that programs that need all file access become unconfined. I also knew about the private repos issue, but I believe there is work being done by the community to make private snap repos a thing, but they still aren't as easy to use as flatpaks custom repos. Come to think of it, I don't know a lot of custom flatpak repos as most software I know of just sends you to the flathub page to download the flatpak. There are still way more issues I have with snaps than flatpaks but I think my paragrapgh has gone long enough.

These have no sandboxing, and are just a convenient way to distribute a binary. The most you can do is use Firejail but that also has issues.

Obviously RPM/Deb have no sandboxing, and would require AppArmor or SELInux policies.

Appimages I knew had no sandboxing as it left up to the developer, and requires the use of Firejail (which has the privlege escalation issues), I also thought that work was being done to use AppArmor or SELinux to contain Appimages, which might be an improvement, but its still up to the developer to implement and it would require policies for the appimage.

Debs/RPM's do indeed have no sandboxing unless you use AppArmor or SELinux policies, I just prefer to use them as they perform the best for me and have the least amount of problems (in my experience). Which is why I stated I tend to use them unless I'm not given the option too.

Unfortnately none of the options are perfect when it comes to security and all of them have positives and negatives, which is why I believe that everyone shouldn't assume a sandbox means its safe, and that everyone should use common since and caution when running software they know nothing about.

 

[pigbearman]

I heard was better than flatpaks

I haven't heard that, nor have I seen research that indicates so. I think the main issue is that a lot of Flatpaks and Snaps aren't sandboxed by default due to lazy devs. My understanding is that Flatpak is better if you have used bubblewrap as it defines only what is needed.

no where near as good as something like android or ios's sandboxing

User apps on Android are confined by a SELinux policy, and everything on Android/iOS is done through the SDKs. Software on a linux system is fundamentally not designed in the same way.

systemD (which I consider a negative)

FYI, there's a lot of FUD around Systemd, most of it is from whingy neckbeards who think some great tragedy has occurred. My personal experience is that I've found it a LOT less flakey than OpenRC (used on Gentoo and Alpine Linux), both of which I had used for years. There was even some talk about replacing that in Alpine Linux with s6, the original maintainer uses NetBSD now, and is dying of cancer. Every other init, is not really maintained. With Alpine Linux most of the usage actually is in containers anyway where there is not init anyway. Every distribution which uses something else is "niche".

People assume that the project and anything under it are all hard requirements and that's not so. Lennart Poettering has been doing great work with systemd-cryptenroll and systemd-ukify. Unsigned init ram disks have always been a huge problem, and so has the lack of being able to use your TPM to rate limit decryption. The idea of having completely separate home directories is also a really good idea that don't rely on files in /etc. It means you could have a home directory on a CIFS share or portable NVMe that doesn't crap on the main system. You can also use your own LUKS key for that too.

sandbox being weakend makes that one of the few positives for snaps moot. I did know about the AppArmor reliance

I think Flatpak and Snap will never really go away. The main issue with software on Linux is the lack of sandboxing, and users want the latest software "now". Software developers also haven't got the time necessarily or expertise to package the software for every distro, and these mechanisms are a way of distributing to a huge number of platforms. One of the major issues with Debian currently is the huge amount of unmaintained software in their repo, and frankenstein patched software because they refuse to upgrade to the "next version" when there is a security vulnerability. It results in a massively stale distribution or undefined behavior as you've now made franken-software (not what the original developer intended). Downstream distributions like ubuntu simply just freeze testing repo every release. Debian also has a huge number of bits of software that don't contain security fixes, because nobody ever reported it. I think this problem will get bigger as package maintaining is not something people want to do (there's less each year, and more software to package).

As with most things Ubuntu/Canonical based they heavily AppArmor for confinement, which is not as granular as SELinux. I've noticed that a lot of the AppArmor policies that exist are old and not really maintained, eg the Firefox one and others. I also think it's absolutely ridiculous that security should be the user developing policies. like lulwut. Got better things to do with my time. I've also noticed that Microos switched to SELinux, for their immutable OS, when in the past they've used AppArmor for SUSE/SLES etc. Microsoft is working on a high level language to make it easier to write SELinux policies.

I don't know a lot of custom flatpak repos as most software I know of just sends you to the flathub page

I can think of an example, 1Password has their own repo, there's probably heaps of others out there too. I think from an idealogical point of view though it should be possible, otherwise we end up in walled gardens of what is an isn't allowed. It also gives greater power to those which want to force their opinions on others. We've seen a few things like that with Google Play, for example when Element was removed from the Google Play. I'm sure there's been plenty of other things like that too. That the main reason I dislike snap over Flatpak.

I believe that everyone shouldn't assume a sandbox means its safe, and that everyone should use common since and caution when running software they know nothing about.

That is totally true , but that's not the sandbox's fault, that's the supply chain, both are different issues.

 

[Rusty Metal Skull Gun]

FYI, there's a lot of FUD around Systemd

Not really - it's shite, and Poettering is cancer

 

[ShooterOfCum]

I never had any problems with systemd. I just write a service file. The service file components are simple to understand. I just enable them, and forget about them. The whole thing with systemd versus other init systems never resonated with me, because systemd never got in my way or did anything that made me go "Man, this really fucking sucks ass. I wish I used something else right about now."

Now, I am not a system administrator and don't make use of the many features of systemd, I just use it for my home desktop and a simple server. I can certainly believe it has problems for more advanced usage, but for my personal computing it is perfectly satisfactory.

 

[pigbearman]

For system administrators it's really useful because unit files use a declarative language that doesn't involve repeating a huge amount of template code. When you control the flow, there is more risk of issues occurring and things you haven't thought of, race conditions etc. Systemd timers tend to work a lot better too than cron jobs, because they can restart services, (there is supervision) and user systemd units also work a lot better for users who don't have root, or want to use root. environment.d also solves a lot of issues, such as not importing all env variables which happens with shitty shell scripts that run on boot. With containers now there are quadlets which are also pretty cool.

 

[Rusty Metal Skull Gun]

For system administrators it's really useful because unit files use a declarative language that doesn't involve repeating a huge amount of template code. When you control the flow, there is more risk of issues occurring and things you haven't thought of, race conditions etc. Systemd timers tend to work a lot better too than cron jobs, because they can restart services, (there is supervision) and user systemd units also work a lot better for users who don't have root, or want to use root. environment.d also solves a lot of issues, such as not importing all env variables which happens with shitty shell scripts that run on boot. With containers now there are quadlets which are also pretty cool.

Why the fuck would an init system be reimplementing cron?

 

[ShooterOfCum]

Why the fuck would an init system be reimplementing cron?

This is the part of the debate I don't really get, as someone who is neither pro systemd nor pro any other init system. I am not too convinced by systemd timers either, so I just continue using cron, since it's easier to use for me. Nothing about systemd forces me to systemd timers, and my crontab happily coexists with it. I do not understand what the issue here is. Am I missing something?

 

[Susanna]

Why the fuck would an init system be reimplementing cron?

Because the two are intrinsically connected. An init system runs a set of services on boot, cron runs a set of services at certain intervals. If my service says “run at boot and once an hour after”, it makes sense for the init to handle that. That it’s also much easier to configure than cron, and will log nice and neatly into journalctl is just a bonus.

 

[Rusty Metal Skull Gun]

Because the two are intrinsically connected. An init system runs a set of services on boot, cron runs a set of services at certain intervals. If my service says “run at boot and once an hour after”, it makes sense for the init to handle that. That it’s also much easier to configure than cron, and will log nice and neatly into journalctl is just a bonus.

No they're not. The init system starts services, cron does janitorial stuff like run btrfs scrub or what have you.
And why the fuck is an init system reimplementing syslog...?!