• 1 Post
  • 24 Comments
Joined 1 year ago
cake
Cake day: August 10th, 2023

help-circle
  • Maybe not some obscure ones, but here are some lesser known ones:

    Talos Linux. It’s an immutable operating system designed specifically to deploy kubernetes.

    OpenSuse Harvester Think Proxmox, but instead of VM’s and LXC containers, it’s VM’s and Kubernetes.

    XCP-NG is a RHEL based distro designed for managing Linux virtual machines using the xen hypervisor, as opposed to KVM. Think Proxmox, but RHEL and Xen (also no LXC). However, it does not come with a web ui out of the box, you have to deploy it yourself. Technically, XCP is a Xen distribution, since Xen is a kernel with nothing but a hypervisor that runs under the main distro, but the primary management virtual machine is RHEL based, and uses Linux.

    Speaking of Proxmox, Proxmox is technically a Linux distro.

    SnowflakeOS is a project that aims to bring a GUI focused experience to NixOS.

    TurnkeyLinux (site is loading very, very slowly for me right now) is not a single distribution, but rather a set of debian based distributions that are designed to be turnkey appliance virtual machines that contain and host a specific app. To deploy the app, all you have to do is set up the virtual machine.

    Now, here are some not-linux, but interesting distros:

    SmartOS. They ported KVM to unix, and also can use Linux syscall translation (similar to wine) to run apps in containers as well. There is also Bhyve. It’s a very interesting hypervisor platform.

    OmniOS is similar. Bhyve, KVM, and Linux syscall translation in containers.



  • Some software is so complex and difficult that Debian does not maintain it on their own, and instead follows the upstream release cycle.

    Browsers are one such example, and as you’ve discovered for me, Thunderbird is probably another.

    Also, please do not recommend testing for daily usage. It does not receive critical security updates in a timely manner, including for things that would effect desktop users. Use stable, Sid, or another distro. Testing is for testing Debian ONLY, and by using Debian Testing, you are losing the advantage of immediate security fixes that come from literally any other distro.






  • Wish I could transcend into declarativity but the thread’s nix survivor ratio is grim

    Yeah lol.

    I will say, that for my server, I decided to use kubernetes + fluxcd for declaratively. My entire kubernetes “state” is declared in a git repo, and this is the popular, industry standard for things like this, called GitOps. It makes it very easy to add an app, since it’s just adding a folder + some new config files. And unlike Nix, Kubernetes and Flux are very well documented with much tooling as well. Nix doesn’t really have a working LSP or good code autocomplete, but with kubernetes, I can just start typing in a yaml file and then hit tab and it spits out the template for me. Code autocompletion with kubernetes feels much more similar to the tooling of other, more mature tooling

    It’s not as declarative as nix though. There are things missing, like OCI containers could theoretically shift if you don’t rely on hashes and some other nitpicks. But declarativity is a spectrum, and I feel like, outside of scientific scenarios (think simulations where versioning, hardware, runtime etc being the same is very important), I think many non-nixos solutions are declarative enough.


  • Advice online seemed like i needed to basically create a nix flake for the app. I still havent gotten it installed because i have no idea what nix flakes are.

    So, the problem is that flakes are technically an “experimental” feature, and thus are not allowed to be included as a primary solution in the official documentation. But, basically everybody uses flakes, so it leads to this crazy documentation split, and is a big part of why documentation on Nix is so bad.

    Some stuff can only be done with flakes, some stuff only with non-flakes and you have to figure out which is which on your own, while also dealing with the poor documentation for either.

    The advice you received was wrong. You could also use a combination of a default.nix file and a shell.nix file to create a package and development environment for your app. But, the documentation is so poor that it’s unlikely you will learn this, and figuring out how to do this on your own, is again, a massive time sink.


  • So, I use Arch, but I don’t use the AUR at all. Instead, I use nixpkgs to get stuff (admittedly only like 3 packages) not in the Arch repos.

    The main reason for this is the quality of AUR packages. Although I don’t really fear a malicious package, I do remember hearing about a package that moved a users /bin to /opt during the install phase.

    Something like that is literally impossible with Nix, due to the way that applications aren’t really installed to the system. But, nixpkgs also requires some level of vetting the package quality, which is also nice.

    I also use nix for managing all my development environments. For example, my blog github repo, has a few nix files at it’s root, and you should just be able to type nix-shell in folder, and then you will get an identical environment to me.

    declarative rollbackable immutability sounds really freakin’ AWESOME

    I have BTRFS snapshots set up, and with grub-btrfs, I can even boot from them and revert to an older kernel (my /boot is stored on BTRFS).

    However, I have given up on NixOS, for many reasons. The documentation is very poor, and it’s more complexity than it’s worth, to make my whole OS reproducible, rather than just my development environments. In addition to that, their are also issues with running certain apps that expect to see a normal FIlesystem Hierarchy, which nix does not provide. Although you can work around this with stuff like steam-run or creating a fake FHS using nix, I would rather not play that game.

    But, considering I installed some stuff in an Ubuntu 22 distrobox recently, because that was what VScode and Unity official provide repos for, maybe this doesn’t really matter. You can probably use distrobox on Nixos, but I’ve seen issues about GPU acceleration with distrobox (and other non-nix apps) as well.

    EDIT: I lied, I use the chaotic aur for some things.




  • Yes. Firstly, it’s about release cycles. Centos Stream is a rolling release distro (although it rolls very, very slowly). But what this means, is that there isn’t a true guarantee of application/ABI/API compatibility between current versions of Centos Stream and future versions.

    In constrast to this, Centos 8 and previous were complete clones of Red Hat Enterprise Linux, which was a stable release distro. During the 10 year lifecycle of each RHEL release, there was a guarantee certain application/ABI/API compatibility not changing, which is what stability in the Linux/software world is defined as.

    Centos 8 was a free alternative, for institutions unwilling, or unable to pay for RHEL stable releases. But, with the death of Centos, an alternative was needed. Alma Linux, Rocky Linux, and Scientific Linux (designed for labs and universities), were rebuilds of RHEL. This meant that, they would take RHEL’s open source code, and recompile it and distribute it in a way that guaranteed application/ABI/API compatibility with RHEL, for the same lifecycle of a RHEL release.

    So Alma Linux and Rocky Linux fill that gap… but recently, RHEL said that they are adjusting policies to make it much harder for people to make rebuilds (likely targeting Oracle Linux, which is a RHEL rebuild), but this change may affect Alma and Rocky as well.

    Rocky said they were going to keep bug-for-bug compatibility, like they used to, but Alma says they are going to do something different. Although they still intend to be ABI compatible, Alma has decided to make some changes to the base system, such as reimplimenting and continuing to support things that Red Hat saw unfit to continue existing in RHEL. One example of this is SPICE, which is a graphics protocol used for low latency display of virtual machines. It had many usecases, and I am very excited to see it back in a distro in the Red Hat ecosystem.


  • https://help.kagi.com/orion/faq/faq.html#oss

    We’re working on it! We’ve started with some of our components and intend to open more in the future.

    The idea that “open-source = trustworthy” only goes so far. For example, the same tech company that offers a popular open-source browser also has the largest ad/tracking network in history, with that browser playing a significant role in it. Another company with a closed-source browser (using WebKit like Orion) is on the forefront of privacy awareness and technologies in its products.

    So, does anyone here remember when all chromium browsers had a secret api that sent extra data to google? Brave, Opera, and Edge got hit by this one, but I think Vivaldi dodged it. They all removed this after they found out, but still…

    When it comes to things like browsers, due to the sheer complexity and difficulty to truly audit chromium, I don’t really consider chromium to be “open source” in the same sense as many other apps. Legally, you can see and edit the code. But in practice, it’s impossible to audit all of it, and the development is controlled by a single corporation who puts secrets in it, or removes features that harm their interests (manifest v3). Personally, I consider Minecraft Java to be closer to open source than chromium is.

    To say that:

    The idea that “open-source = trustworthy” only goes so far

    is really just a cop-out and excuse for not being transparent with their code and what they are doing.



  • I honestly don’t know how this could turn out.

    It could be an amazing change that results in much more progress for hardware acceleration on guests of various types (since that is what vmware is good at) in kvm…

    Or it could mean that they are dropping that feature from vmware altogether.

    Regardless, I like this change because it means I would be able to run vmware machines and libvirt kvm machines at the same time, at least when I am forced to use vmware workstation.

    I also dislike proprietary software in general, so I think less proprietary software and more FOSS is a good thing.



  • I disagree, because they are not the same thing.

    Immutable means read only root.

    Atomic means that updates are done in a snapshotted manner somehow. It usually means that if an update fails, your system is not in a half working state, but instead will be reverted to the last working state, and that updates are all or nothing.

    I create a btrfs snapshot before updates on my Arch Linux system. This is atomic, but not immutable.*

    There is also “image based” which distros like ublue (immutable, atomic) are, but Nixos (also immutable and atomic) are not.

    *only really before big updates tbh, but I know some people do configure snapshits before all updates.


  • I don’t really get how this question pertains to F-droid specifically.

    But, in networks that are more locked down, they can use stuff like deep packet inspection to figure out what traffic is happening, and automatically block it. Socks is a protocol explicitly for proxying, and runs over TCP. Depending on the setup, deep packet inspection can catch it.

    On the other hand, disguising traffic as HTTP/HTTPS makes it very, very hard to detect that someone is doing something other than visiting an innocuous website.

    At the high school I went to, they had Deep Packet Inspection set up to such a level that they could automatically detect and block VPN connections. Wireguard and OpenVPN would be caught basically instantly, and then you would be kicked off of the internet for 10 minutes. Although very extreme, a “10 minutes no internet” punishment is nothing in comparison to prison time or any number of extreme punishments authoritarian countries can come up with.

    To get around the school firewall, I set up a web proxy called Metallic: https://github.com/cognetwork-dev/Metallic/ . This is basically a website, that lets me access other websites from within that website, and it’s very, very difficult to block because of that nature.


  • Is it possible to allow DRM content for just 1 website ( Netflix ) , while other websites on the same browsers are not allowed to do it?

    I would use multiple firefox profiles for this. If you go to about:profiles or use the command firefox -P to launch firefox, you can view and create other firefox profiles. Each firefox profile is essentially it’s own instance of firefox, complete with different history, extensions, and setting. You could have a “Netflix” profile and a regular browsing profile.