Neat! What proccess did you follow for building distroless? I was using buildah, mounting dir, yum installing into the mount, and exporting that container off.
Eh…the usual “FROM: alpine:edge”, pull everything in with git, change the code as needed, static compiling everything, strip dead code out of the binary, send the binary in a scratch image and then assigning a non-root user to it.
Why wrap a CLI tool in a docker container? Wouldn’t it be simpler to directly compile nyancat to multiple architectures if the goal is to make it run on all platforms?
Because I’m doing this as a “self-learning” process. Plus, docker is an excellent tool and even “silly” images like this one can give me an edge while looking for (more) jobs, so there’s that. Coding could grant me the same “edge” as well yes, but docker has “more value” since it requires you to code -AND- to have some knowledge/depth regarding typical “dockerization” processes.
I first heard of it in the early 2000s, with my dad talking about replacing our buggy Windows ME with Lindows. Eventually, that computer died without us ever attempting to install it.
In college, I hung out with someone who used linux and thought it looked cool. I successfully dual booted Ubuntu on my PC around 2005 or 2006, but could never get the video drivers working properly (it was stuck at the lowest resolution) and eventually gave up on it.
I started adminning a web forum around 2014 or so, and the previous admin talked me into dual booting Fedora rather than only using Putty. So I started using it intermittently whenever I started working on the forum, though I never really got into GNOME. He also told me about raspberry pis, so I picked up a pi 2 and started tinkering with it.
When my wife moved in (2018), she (a software developer) was working on a project and asked me if I’d heard of raspberry pis, as she was recommended to use one but hadn’t looked into it yet. I pulled my pi 2 out of storage and she fell in love with it, so we started buying loads of pi 3s and zeroes, with me testing out different distros and setups for her while she was working on the project code.
Finally, somewhere around 2018 or 2019 my laptop started running like shit on Windows. I tried out Xubuntu and fell in love with it. It ended up becoming our go-to distro, getting slapped on old desktops she brought home from work and a used laptop I bought for our daughter. So that became the daily driver on my laptop, even as she moved onto Alpine with i3wm.
And now we both have Pinetab 2s, so I think it’s fair to say we’re full on linux nerds at this point. We still have Windows on some of our desktops, though, so we’re more pragmatists than linux proselytizers.
TL;DR: I heard about it young, and that interest grew into dabbling, until I finally got addicted to it.
Nearly all settings are stored in .config in your home directory. It’s a hidden directory so you may need to find that option in your file browser.
Rename .config to something else, .config_old for example, then reboot. The system will notice the lack of config files and generate new default ones.
Some settings are stored elsewhere like .local/share but this should reset most of the settings while still allowing you to restore the old configurations if needed.
Don't bother "securing" directories like that. The meaningful permission bit is the write permission on the directory holding the file. cat ~/.bashrc > ~/.bashrc.new; put-malware-in ~/.bashrc.new; rm -f ~/.bashrc; mv ~/.bashrc.new ~/.bashrc or the like will still work if you have write permissions to /home/username at all. Marking the file immutable with chattr +i as root might be slightly more effective, but realistically still not enough in a lot of cases as the parent directory can still be renamed. Not to mention you've only found some of the low-hanging fruit; your text editor most likely also has a few ways to accomplish arbitrary code execution in its config/scripting/plugin files but it absolutely doesn't stop there.
Don't bother buying old systems because they can have free firmware. Ever since Spectre, CPU vulnerabilities have made old machines completely unsuitable for high-security purposes time and time again. Not all mitigations are equally effective and with mitigations on, performance takes a massive hit on those 10 year old machines. If you can get a reasonably new system with free firmware, that's good, though.
Thats important… are you sure you can delete files without write permission? Couldnt this be avoided? Because if you cant delete or write to a file, it is basically immutable right?
Chown sudo is still missing so currently its useless. But how do you do that without a root account?
I don’t know if you should, but you can. I use Artix for my only computer (also used for uni). It never killed itself. I did once, which was my fault. But I just fixed it.
but depending on who you ask Arch is either the most stable distro they’ve ever used or bricked their pc ten seconds into the install process
This very funny, and true. Arch is almost as stable as its user :)
In general, the articles found on privsec.dev are excellent reads and provide both guidance and motivation. With their article on Desktop Linux Hardening being my personal favorite.
Different distros are better for different things. For example, some require give you more control over the OS but are more difficult to learn, or require learning more things at once. Others will be easier to try out but may make choices on your behalf that you don’t like - or distribute software in ways you don’t like.
Linux from Scratch will have a fairly steep learning curve. Nothing wrong with that, but you’d want to prepare yourself to be cool with things breaking or not making sense for a while.
Puppy Linux is minimalist, which is something people usually only want after they’ve tried out something else that’s not minimalist. I would recommend trying out something more general-purpose and try out different desktop environments and applications first.
As pointed out, they don’t use it. However, there are loose plan for KWin to migrate to wlroots one day, and in fact a hostile fork exists that is exactly that (KWinFT). So a compositor can make use of wlroots to implement Wayland functionality, sway for example does exactly that, unsurprisingly since they’re sister projects by the same author.
It should be noted that libwayland (mentioned in the patch notes) also exist, and wlroot actually depends on it, so I guess libwayland is like the lower level stuff while wlroots saves you some work to integrate libwayland into your compositor; the motto is “Pluggable, composable, unopinionated modules for building a Wayland compositor; or about 60,000 lines of code you were going to write anyway.”
wlroots is a library that can be used to implement a compositor like KWin or mutter (GNOME). In practice wlroots is used in Sway, Hyprland, river, and more.
What wlroots-based compositors, KWin, and mutter share is that they implement a similar set of the display protocol Wayland. E.g. KWin and Sway implement the Wayland extension wlr_layer_shell
Laptop is fine as a tinkering device, but if you have something critical it’s best not to trust a rolling release. I would recommend Fedora Silverblue or something else immutable that automatically updates and does not have a lot of incompatibility issues.
Arch is not something to be relying on consistently. You can make it stable, but then one day you will do a yay -Syu and all of a sudden your critical machine is offline pending troubleshooting that is not required with more stable distros.
EOS is the best out of the box Arch experience I’ve had, it makes it a lot more user friendly than just the base, and it can be customized just as much as the base. When I was running Arch I was running EOS and it was good for what I needed, although I have had it basically brick itself with an update. I am currently running Fedora Silverblue on my laptop and it’s been very stable.
For starters, consider another distro if you want to make things easy on yourself. Alpine is probably a poor choice unless you have a reason to use it. I guess you could use it as a desktop if you really want to, but it’s more geared for containers and embedded devices. It uses musl instead of glibc so you will have problems running software that isn’t packaged for Alpine. The issue with Puppy is you will have a hard time getting help when you need it because it’s kind of a niche distro.
For your first time, you’re better off using something more mainstream. You are going to run into some issues and it’s a lot easier finding solutions for popular distros. Debian would be a fine choice because it’s widely used and runs great on older hardware. Beyond that, you could look at Ubuntu, Fedora, PopOS and Mint.
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.