The Linux Thread - The Autist's OS of Choice

  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
Max Weber said:
>immutable system
>no package manager
>only flatpaks
>system update just replaces the entire system image

Man, I'm so glad desktops continue to devolve into glorified phones!
Click to expand...
We might be at a point where Linux will be diverging into three different branches that are partially incompatible with each other. You got the GNOME camp with its wayland version incompatible with the KDE camp, and everyone else is sticking with X11
 
Max Weber said:
>immutable system
>no package manager
>only flatpaks
>system update just replaces the entire system image

Man, I'm so glad desktops continue to devolve into glorified phones!
Click to expand...
Forgive me for being very out of date on this stuff but flatpaks have always seemed to me like just reinventing static linking?

What was wrong with having a /home partition with stuff you want to survive an OS install present? Seems like the sin here was having package managers mostly target installs into /usr rather than a per user install, which you can accomplish now with something like homebrew for linux.
 
Baraka Obama said:
Forgive me for being very out of date on this stuff but flatpaks have always seemed to me like just reinventing static linking?

What was wrong with having a /home partition with stuff you want to survive an OS install present? Seems like the sin here was having package managers mostly target installs into /usr rather than a per user install, which you can accomplish now with something like homebrew for linux.
Click to expand...
flatpaks install copies of all dependencies into effectively a chroot jail, that's part of the reason people call them bloated
 
Anti Snigger said:
flatpaks install copies of all dependencies into effectively a chroot jail, that's part of the reason people call them bloated
Click to expand...
Yeah so years ago we would static link dependencies into an executable. It made them large and then if they didnt get updates the dependencies would not get fixes, but fixed "dependency hell" and made the binary more portable.

You could even partially static link like leave out GTK or something but include everything else.

We stopped doing this because it was obviously stupid.

IDK flatpaks just seem like the same thing but with containers.
 
Last edited:
Baraka Obama said:
Yeah so years ago we would static link dependencies into an executable. It made them large and they if they didnt get updates the dependencies would not get fixes, but fixed "dependency hell" and made the binary more portable.

You could even partially static link like leave out GTK or something but include everything else.

We stopped doing this because it was obviously stupid.

IDK flatpaks just seem like the same thing but with containers.
Click to expand...
I guess one difference is that _in theory_ because the executables aren't actually statically linked, which is a pretty irreversible process, you could take the shitpack or crapimage or whatever the fuck, extract the files therein, and remove/replace particular outdated libraries that the real app binaries are linked against so that it operates more like a proper first class application on a Linux system. But I assume anyone who would actually do that would just rebuild from source rather than fool around with a random image they downloaded off some probably dangerous website.
 
⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛ said:
I guess one difference is that _in theory_ because the executables aren't actually statically linked, which is a pretty irreversible process, you could take the shitpack or crapimage or whatever the fuck, extract the files therein, and remove/replace particular outdated libraries that the real app binaries are linked against so that it operates more like a proper first class application on a Linux system. But I assume anyone who would actually do that would just rebuild from source rather than fool around with a random image they downloaded off some probably dangerous website.
Click to expand...
Iirc the thought process is that .so libs can conceivably leak state between applications, so removing the shared part is more secure at the cost of ram and disk space
 
Baraka Obama said:
IDK flatpaks just seem like the same thing but with containers.
Click to expand...
Except without the container, in my opinion.
Flatpak's use many of the same kernel isolation that a container engine like podman or docker use but worse.
Here's the horrifying technology underlying it: https://docs.flatpak.org/en/latest/under-the-hood.html

In theory it will share the same version of libraries, but I have no idea if that actually works.

I like AppImages for my one file, one application. It even works most of the time without all the overhead of Snap or Flatpak.
 
Last edited:
Betonhaus said:
let's say someone wanted to make a super bare bones window manager, one that doesn't even support tiling, basically runs an application directly on X11 with no windowing or decorations, and you can switch between applications by using shortcuts or by launching a dedicated app that basically shows all running apps as tiles, possibly doubling as a start menu where you can click on the tiles of unopen apps and they will launch. this would be intended for tablets and HTPCs, running native linux apps and PWAs through a basic Chromium browser. Is there something like that already? and how hard would it be to add some sort of transitions between apps (or transitions between the apps and the menu) and ensure it supports HDR and smooth fonts?
Click to expand...
It sounds like CWM is what you are looking for.


DavidS877 said:
Except without the container, in my opinion.
Flatpak's use many of the same kernel isolation that a container engine like podman or docker use but worse.
Click to expand...
Generally I hear bubblewrap, considered sandboxing. Rather than being containerized. I'm guessing the distinction is that it's made in their own invisible temporary namespace. Which things are bind mounted into, to have them work. And are included or excluded, depending on whether you want them to have access.

Where a normal container is just a chroot, but with further isolation. At least generally speaking.

If you want a lightweight way to improve isolation between the applications you are using using bubblewrap, or firejail, are good ways to do it. If you know what you are doing.

I was just listening to lundukes latest video. The one about the un and open source.

And something occurred to me all of a sudden. With the thing about Asians being mentioned. Because Asians are excluded from being considered "minorities" in this dei stuff.

The thought. Is trannies are by far over represented in tech, and open source related jobs. So by their own logic. They should be excluded from being considered disadvantaged.

I wonder if people started pushing the idea that trannies should be excluded from dei, in tech. How that would go. People would have to do it all over the place.
 
Last edited by a moderator:
DavidS877 said:
In theory it will share the same version of libraries, but I have no idea if that actually works.
Click to expand...
It does as long as the library a Flatpak app wants to load is at the same inode as something already loaded into memory.

So if you're running multiple Flatpak apps that all depend on the same runtime you're not constantly duplicating it.
 
Static linking is retarded, also thank God for static linking. It seems like everything is build on a fucking quick-sand these days. You ship an application, and tomorrow it might not work, because of l33t-jeet engineering or because some tranny's brain is buzzing the wrong way that day. No wonder that people are choosing to ship whole environments with their apps. Soon, we'll be shipping entire "OS"s with our programs to boot, like in the good ol' days!
 
HalHalliday said:
Soon, we'll be shipping entire "OS"s with our programs to boot, like in the good ol' days!
Click to expand...
Companies have been shipping VMWare OVAs for years now, sure it won't boot on bare metal but it's an entire OS for whatever crappy product you're running.

And most users of containers are too stupid to strip them down, so most are almost a full OS, some abjectly retarded ones even have systemd.

There is some feeble attempt to stem the tide with things like Google's "distroless" but most people aren't that smrt.
 
analrapist said:
Next consider this one weird semitic tribe and its overrepresentation...
Click to expand...
Trying to get them to not consider trannies, as underprivileged is already, probably beyond reality. Even though it worked for chinks. Either way. I'm just putting out ideas. Tranny's having power over any decision making in open source. Is just icing on the shit cake, that is modern tech.
 
Ferryman said:
In the wake of the recent (west)world-wide push for increased surveillance, I want to start a little discussion: what do you think would be the best way to insulate yourself from prying eyes at the OS level? [...] I'm only focusing on one machine directly exposed to the Internet here, [...]
Click to expand...
Imma be real with you. Connecting a fully featured OS directly to the internet is suicide. All the services that are running even on something minimal are a huge attack surface and if you are "interesting" you're going to get fucked. At a minimum you need a device/router with a relatively secure, for-purpose OS (like pfsense), running a NAT that is dropping all incoming packets you didn't specifically ask for. This is also why IMO IPv6 is cancer.

That done (and I know this is trite but it is true) you should be asking what your threat model is. If you're just trying to browse anonymously the OS doesn't really matter so much as the browser. I would setup the tor browser with ublock and to not save history/cookies/etc. Just yeeting the tracking pixels and a cookie cleaner extension is like 90% of what you need.

If we're worried about advanced, personalized attacks then I think your outward facing router/device needs more attention. Running on something that doesn't have an IME/PSP. Auto-updates enabled. Fail2ban (not that you should have ssh from WAN enabled anyway). use dnscrypt, etc. Browsing from your actual PC with javascript disabled.

If you're worried about the government then it pains me to say this but depending on how mad they are they're probably going to get you anyway. Actual physical arrest, an intentional supply chain attack (or maybe you really do read and understand ALL the code on your machine perfectly?), or a 0-day aren't really stoppable. The trick is to not get to this point where they're big mad and know who you are because at that point it's already ogre.

prollyanotherlurker said:
The thought. Is trannies are by far over represented in tech, and open source related jobs. So by their own logic.
Click to expand...
"Minority majority country."
"But what if the shoe was on the other foot? :smug:"
"White people can't be discriminated against"
And so on and so forth.
 
This is kind of a specific question but do u know a VPN with a client that works on nixos
I use ivpn but the client service doesn't work on nixos for some reason and nobody's bothered to patch it
Only requirement is bittorrent and no logs
 
wafflesies said:
This is kind of a specific question but do u know a VPN with a client that works on nixos
I use ivpn but the client service doesn't work on nixos for some reason and nobody's bothered to patch it
Only requirement is bittorrent and no logs
Click to expand...
Now I’m no expert but can’t you use Wireguard with the ivpn credentials?
 
DavidS877 said:
Looks like ivpn also supports OpenVPN, which Nixos seems to have a client for too.
Click to expand...
Yeah I have used ivpn a long time and am dithering over their cli or wireguard for my pi (🧩) but don’t have a clue about Nix.
 
You must log in or register to reply here.
Back
Top Bottom