Yes, it’s not just a DE and default package set but actual system improvements other distros aren’t offering. Kudos to the Asahi team for making this possible!
I use Ubuntu for work and have no issues with it to be honest. I install everything via apt, I think a few things are via snap but nothing that I’ve installed directly. It’s stable and I can get on with stuff. I definitely am not a fan of the move towards snap and the app store: if I was to choose I’d go vanilla Debian.
I’m daily driving Ubuntu and my experience aligns with this.
My only gripe is snaps can break copy/paste and prevent me from saving files where I want. This might make Ubuntu unusable for people using Linux for the first time and makes no sense if you dont understand how snaps are sandboxed and how permissions work. The solution is install with apt.
The installer, system configuration programs and UI experience is really good. I argue it is a much superior experience to Windows and arguably better than OS/X. A lot less garbage being shoved down customers throats.
I checked on my machine, and out of all the packages I had on snap, only Inkscape, VLC and Slack were also available on apt. Spotify, Whatsdesk (a WhatsApp client) and Signal were among the most commonly used missing.
Yes, it can be done. Not to the point of deleting your key (that makes no sense - you need the key), but ssh-agent is what you want. Add it to your shell config and it will only ask to be unlocked once per however often you define.
I have this function defined and called:
<span style="color:#323232;">function ssh-agent-setup() {
</span><span style="color:#323232;"> # SSH agent
</span><span style="color:#323232;"> pid_file="$HOME/.ssh/ssh-agent.pid"
</span><span style="color:#323232;"> SSH_AUTH_SOCK="$HOME/.ssh/ssh-agent.sock"
</span><span style="color:#323232;"> if [ -z "$SSH_AGENT_PID" ]
</span><span style="color:#323232;"> then
</span><span style="color:#323232;"> # no PID exported, try to get it from pidfile
</span><span style="color:#323232;"> SSH_AGENT_PID=$(cat "$pid_file")
</span><span style="color:#323232;"> fi
</span><span style="color:#323232;">
</span><span style="color:#323232;"> if ! kill -0 "$SSH_AGENT_PID" &> /dev/null
</span><span style="color:#323232;"> then
</span><span style="color:#323232;"> # the agent is not running, start it
</span><span style="color:#323232;"> rm "$SSH_AUTH_SOCK" &> /dev/null
</span><span style="color:#323232;"> >&2 echo "Starting SSH agent, since it's not running; this can take a moment"
</span><span style="color:#323232;"> eval "$(ssh-agent -s -a "$SSH_AUTH_SOCK")"
</span><span style="color:#323232;"> echo "$SSH_AGENT_PID" > "$pid_file"
</span><span style="color:#323232;">
</span><span style="color:#323232;"> >&2 echo "Started ssh-agent with '$SSH_AUTH_SOCK'"
</span><span style="color:#323232;"> fi
</span><span style="color:#323232;"> export SSH_AGENT_PID
</span><span style="color:#323232;"> export SSH_AUTH_SOCK
</span><span style="color:#323232;">}
</span><span style="color:#323232;">
</span><span style="color:#323232;">ssh-agent-setup
</span>
This way it stores the unlocked key in memory until the end of the session.
But if it’s stored in a keyring or similar (like on windows) and the client reads from it you don’t need the file with the plain text key. Like you don’t store the git credentials in a file, but with libsecret.
I would prefer something that never ask for the password.
Things like the gnome-keyring or kwallet keep all the passwords in an encrypted file, they get decrypted and kept in ram using your login password when you log into gnome/KDE session and programs can ask for passwords using some API. Once you log out the passwords are removed from ram and no one can read them. My goal is to have something like this, so I’m never asked for a password, I just log into my session and everything is available
I’n Windows it is not stored in a keyring but instead in the registry. This has basically the same security threat model as a local key file.
The ssh-agent on Linux will do what you want with effectively the same security. The biggest difference being that it doesn’t run as a system service but instead runs in userspace which can make it easier to dump memory. There are some other agent services out there with additional security options but they don’t change the threat model much.
Yes this. Imagine posting to a stack themed site, your question would be closed for being incomplete. A screenshot of the failed boot would be great, and some info about the options you chose when installing and the type of machine you’re using.
The Optiplex 710 supposedly supports Ubuntu 10 and 11, so booting Linux should be possible. May require installing without UEFI, though.
I know some distros have issues with old Intel GPUs, try booting with nomodeset and the other my-graphics-card-doesnt-work kernel parameters, and figure out what driver options you may need from there. You may need to boot a kernel older than Linux 6.3 for some VERY old GPU hardware to work.
If I develop anything with a GUI I use GTK4. It has a bit of a learning curve to it but honestly I’ve come to like it.
I am currently creating a program for simulating networks and the drawing area is great for drawing the actual simulation because it basically allows you to have a cairo area as a widget so your possibilities there are basically unlimited and cairo is just a great drawing API.
Also gtk is basically the only modern GUI toolkit that can be used with C, which is great because it is pretty much the only language I know well enough to program a big application with. (But GObject still feels like black magic to me)
In the screenshots of people setups, there are always fancy terminals.
Ha, they’re just showing off their hacker side for the screenshot, plus terminals resize nicely. Tiling window managers work well for most apps. The only GUI issues I’ve had are some pop-up windows being tiled instead of floating, but that’s an easy fix. They’re not for everyone, but they work great with GUI apps.
Yup. Main issues I’ve had are GIMP (seriously, what’s with that floating toolbar) and weird pop-ups in browsers.
I forget why I switched away from them because I was annoyed at games messing stuff up, but it really wasn’t that bad. I currently don’t use it because my kids use my computer and I’m not interested in teaching them my shortcuts.
“just browse the internet” doesn’t indicate that you don’t need a powerful computer in 2023. Modern browsers are really heavy - and rendering websites are much more complex now.
Unless you’re really frugal about your PC budget, I think it’s definitely “to-go” for 32G
Just wait. In 10 years 32 gig is on the low side to just run the OS. Hardware getest faster and bigger, but software scales with it.
The more resources are available, the more people will program computers to use them.
My first graphics card had 128mb memory. These days it goes in gigabyte and they use the memory and processing power to produce amazing things.
On the other hand, they also are not as critical on efficiëncy as used to be, because there are simply more resources available anyway. As a consequence, some programs use a silly amount of resources for basically doing nothing. Sometimes I really feel like my browser is eating RAM…
A program that can run on 1GB but uses 2GB is more wasteful, OS and FS level caching and memory reclamation only work if the memory is available, and a program wasting it takes it from everything else, unused RAM is wasted, but so is RAM being used for no actual function.
Not to say programs cant use large amounts, but they should provide a level of functionality for the amount of memory used, and some programs of late have been more than a bit inefficient, in short, filling the RAM is good, but do make sure its actually being used.
i dislike horizontal tabs, so i go with sidebery / tree-style-tabs. also use a lot of pinned tabs and they sit on top of the list of tabs. this way i can have ~10 pinned tabs and still remember what all of these are.
"The browser chrome" is the name historically given to the parts of the browser that are not the website. Then Google created a web browser and decided to name it after it - but userChrome.css existed before the browser Chrome did :)
Yeah, it’s not really advertised as an init system anymore. It’s an entire system management suite, and when seen from that angle, it’s pretty good at it too. All of it is consistent, it’s fairly powerful, and it’s usually 10-20 lines of unit files to describe what you want. I wanted that for a long time.
I feel like the hate always comes from the people that treat the UNIX philosophy like religion. And even then, systemd is very modular, just also well integrated together: networkd manages my network, resolved manages my DNS, journald manages my logs, timesyncd manages my NTP, logind manages my logins and sessions, homed mounts my users profiles on demand.
Added complexity, yes, but I’ve been using the hell out of it. Start services when a specific peripheral is plugged in? Got it. Automatically assign devices to seats? Logind’s got you covered, don’t even need to mess with xorg configs. VM network? networkd handles it. DNS caching? Out of the box. Split DNS? One command. Don’t want 2000 VMs rotating their logs at exactly midnight and trashing your ceph cluster? Yep just slap a RandomizedDelaySec=24h to the units. Isolate and pin a VM to dedicated cores dynamically? Yep it’ll do that. Services that needs to run on a specific NUMA node to stay close to PCIe peripherals? Yep easy. All very easily configurable with things like Ansible or bash provisioning scripts.
Sure it may not be for everybody, but it solves real problems real Linux admins have to deal with at scale. If you don’t like it, sysvinit still works just fine and I heard good things about runit too. It’s an old and tired argument, it’s been over 10 years, we can stop whining about it and move on. There’s plenty of non-systemd distros to use.
“Hmphhh”, breathing heavily, one of your half-informed brethren approaches you. In front of you is a bizzare creature that spends day and night modding his kawaii, unproportionally large breasted and rainbow-eyed waifu desktop. On one hand is his aformentioned waifu pillow stained with, let’s not talk about that. On his legs are two large stocking-like socks, no pants and a shirt that says “I ❤️ Poettering”
“Akshually…”, and as he says that, you can hear the velled up mucus, ready to launch itself upon further tickle to the nose. Quickly, you hand this poor lad a box of tissue. Nodding his head, as to be grateful for your act of kindness, he empties all the air out of his lungs. “That’s a lot you’re holding in there”, you silently whisper.
“…As I was saying, systemd is not an init system, it is more than that”, smirks this weird man. As you try to process all of that, to your horror, you realise that you’re speaking to a modder, or as they call it in politically incorrect terms, a ricer. One of those people you’ve never wanted to meet in real life.
“But I do care about security, and the attack surface is now pretty larg…”, you say, to which the man interrupts, “Linux does not have any viruses, s…stop spreading FUD…banned, 1 day”. The last part doesn’t make a lot of sense, but you assume that he’s pretending this conversation to be on a forum, and he is a “moderator”.
“I do care about the basic UNIX philosophy, which is modulari…”, again, to which this gentleman in front of you interrupts, “If you want modularity, then start from making a micro-kernel. Banned, 5 days”, he scoffs and laughs at you.
“But Poettering left a mess behind that is Linux audio, atd you trust that guy? Also systemd is not as fast as he claims to be, how can y…”
“SHUTTTT UPPPP! IF YYOU THINK SOMEONE IS NOT GOOD WITH THEIR SKILLS, THEN MAKE ONE YOURSELF! POETTERING LETS ME CUSTOMIZE WAIFU DESKTOP WITH EASE, STOP ATTACKING LENNA-SENPAI! BANNED, 30 DAYS!”.
“Akshually…”, you mumur, as you leave the room, but the man heard you clearly. “…I am a big fan of Scheme, so I learnt Guile. Now I use GNU Shepherd”, you say, as you close the door behind.
“ARRRRRRRR! BANNED, 2 MONTHS! BANNED, 3 MONTHS! ARRRRRRR!”, you hear the noise behind, content that you’re not one the one following the herds to the cliff.
Actually, I use systemd because it just works for me and operating systems aren’t my hobby. Linux is my job, and things that work well cause less overtime for me.
The one thing you can learn from sysv init isnthat asking devs to pitncode into their programs or into starter scripts does not work. They will not bother: Those will notmworkmcross platform.
So you need to cebtralize that task. You can either write a wrapper program that sandboxes starts applications in a sandbox or do that whereever the programs as are started anyway.
A separate sandboxing app that starts services complicates configuration: You basically need to configure two things the starter and the service. On the up-side you have the sandboxing code separate. Merging the sandboxing into the program starting the service makes configuration simple but adds moremcode into the the starter program.
So it is basically a decision on what you value more. Systemd decided to favor simpler configuration. The cost for adding the sandboxing is small anyway: It’s all Linux kernel functionality that does need a bit of configuration to get rolling, with much of that code being in the systemd-init anyway: It uses similar functionality to actually separate the processes it starts from each other to avoid getting confused by programs restarted and thusnchanging PIDs – something still a thing in many other inits.
I am convinced that making sandboxing easy does a lot formits adoption. No admin will change the entire startup configuration to add a sandboxing wrapper around the actual service. It is way more likely for them to drop in a override file with a couple of lines and without any problems when upstream changes command line options.
linux
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.