Atemu

Atemu, 5 months ago

And, even more importantly, search.nixos.org/options to figure out which options to set. Always search for options first. “Installing” something by just adding the package to systemPackages etc. is usually the correct thing to do for end-user applications but not for “system things” such as services.

Atemu, 5 months ago

As an example, users of Debian are reporting tons of KDE Plasma bugs that was already fixed, but because they are running an ancient version, they still have the bugs.

The idea is that those bug fixes would be backported as patches; old feature version + new security/bug fixes.

In practice, that’s really expensive to do, so often times bug fixes simply aren’t backported and I don’t even want to know the story of security fixes though I’d hope they do better there.

Atemu, 5 months ago

Debian has an effective Rolling distribution through testing than can get ahead of Arch.

I wouldn’t call a distro “branch” where maintainers say “don’t use this, it’s not officially supported and may even be insecure” an “effective” distribution. I’d consider it a test bed.

Debian tends to align its release with LTS Kernel and Mesa releases so there have been times the latest stable is running newer versions than Ubuntu

• Ubuntu LTS.

Ubuntu’s regular channel releases every 6 months, similar to Fedora or NixOS. That in itself is already a “stable” distro, just not long-time stable (LTS).
So Debian can for a short span of time after release be about as fresh as stable distros which is …kinda obvious? I would not consider a month or so every 2 years to be significant to even mention though, especially if you consider that Debian users aren’t the kind to jump onto a new release early on.

For some the priority to run software that won’t have major bugs, that is what Debian, Ubuntu LTS and RHEL offer.

That’s not the point of those distros at all. The point is to have the same features aswell as bugs for longer periods of time. This is because some functionality the user wants could depend on such bugs/unintended behaviour to be present.

The fact that huge regressions have to be weeded out more carefully before release in LTS is obvious if you know that it’d be expected for those “bugs” to remain present throughout the release’s support window.

Atemu, 5 months ago

Depends. There was that one F2P COD clone which used TCP and IIRC it did fine?

Atemu, 5 months ago (edited 4 days ago)

You could take the revision number. nixos-unstable has 567011 commits currently.

Atemu, 5 months ago

Problem is that the average person cannot discern between an actual expert and a charlatan.

Atemu, 5 months ago

It’s unkown whether he improved his temper or whether he just built a very good mail filter for himself though.

Atemu, 5 months ago (edited 4 days ago)

I meant that as a reply to the second paragraph which generalised anarchism; including the non-Linux world.
I also disagree that this isn’t an issue in the broader Linux community however. See for example the loud minority with an irrational hate against quite obviously good software projects like systemd who got those ideas from charlatans or “experts”.

Atemu, 5 months ago

Not really. It was publicly available information. It’s, by definition, not private.

Atemu, 5 months ago

You gave them an irrevocable license to basically use your content in any way they see fit. Them not showing posts you deleted is just them being nice, not being obligated to do so. They could simply ignore your request or restore posts later.

You should have thought about that when you gave them that license to your content.

Atemu, 5 months ago

I was worried about possibly needing to change license.

I’d rather ask the contributors to consent to licensing their code under the new license. You don’t need the copyright in the hand of one entity to change license, it’s enough if all copyright holders agree.

The situation is made seemingly complicated by the possible need to use copylefted images

WDYM by “images”?

As in art assets? I’m not sure those would even be infectious. I think it’s possible to even use non-free assets in a GPL’d application. It may be better to treat them as such to keep the licensing simple though.

Even then, it’s usually possible to “upgrade” permissively licensed code (such as Apache 2.0) to a copyleft license as long as the original license’s conditions are still met which usually involves denoting which parts of the code is also available under the permissive license.

Atemu, 5 months ago

Why does it need to be public-facing? There may be solutions that don’t require exposing it to billions of people.

Security is always about layers. The more independent layers there are, the fewer the chances someone will break through all of them. There is no one technology that will make your hosting reasonably secure, it’s the combination of multiple.

You’ve already mentioned software ran inside an unprivileged sandbox.

There’s also:

• Sandbox ran unprivileged inside a VM
• VM ran inside unprivileged sandbox
• Firewall only allowing applications to open certain ports
• Server running all of that hosted by someone else on their network with their own abstractions

Atemu, 5 months ago

Not what you’re asking for but a potential solution: Your TV itself might support Miracast.

Atemu, 6 months ago

The best way I know of is to get yourself a VM and get into the weeds; try to configure a system to your liking.

Follow the NixOS manual. The Wiki is unofficial; often opinionated, out of date or just plain wrong. Take it with a grain of salt. The canonical source of documentation is the NixOS manual and it’s not nearly as bad as you may have heard.

Make extensive use of search.nixos.org/options or man configuration.nix. Finding and making proper use of options and the module system is the bread and butter of using NixOS.

Eventhough everyone and their mom will recommend them to you for nebulous reasons, ignore flakes for now. You will know when you’ll benefit from using them; namely when you need to use something outside of NixOS/Nixpkgs. You’re going to have enough to figure out with plain old NixOS on its own though; I don’t have external dependencies in my config to this day.

To wrap it up, make sure to ask the community if something’s not working as expected: github.com/NixOS/nixpkgs#community

Atemu, 5 months ago (edited 3 months ago)

This is a lot to take in; it’s basically an overview of all the interesting features of Nix. When starting out, you don’t need this kind of in-depth knowledge. I personally gathered most of what was covered here in over 6-12months of using it and I did just fine.

It might still not be for you but don’t take this as the reference point.

Atemu, 5 months ago

While that is true, it’s also r13y on another level: Reproducible evaluation. That mostly stems from pure eval and locking.

In the “before times”, you’d get your Nix expressions from some mutable location in the Nix path, so running i.e. a nixos-rebuild on your configuration could produce two different eval results when ran at two different times, depending on whether anything about your channel configuration changed in the mean time. This cannot happen with flakes as all inputs are explicitly given and locked.

You could achieve the same using niv etc. before but that had its own issues.

Atemu, 5 months ago

I haven’t used channels in years, but doesn’t that just refer to the running system, not using Nix to build projects?

I have no idea what you’re trying to say here.

Atemu, 5 months ago

There’s the WIP NixOS-based SnowflakeOS that aims to make NixOS approachable for mere mortals but that’s still declarative configuration and of course still NixOS under the hood.

There’s a bunch of immutable distros out there that use OStree or some other imperatively managed snapshotting mechanism such as Fedora Silverblue or VanillaOS.

Atemu, 5 months ago

How do you compose Guix projects?

Atemu, 6 months ago

I’d highly recommend setting up a swap partition instead.

Atemu, 5 months ago

If you need to set up a special dedicated subvolume, might aswell set up a partition instead; it’s just simpler.

With a swapfile you also can’t do multi-device setups which is a limitation I personally couldn’t live with.

Atemu, 6 months ago

The “av1” numbers, which codec is that? There are many av1 encoders and even for Intel HW accel, there are at least two.

Atemu, 6 months ago (edited 5 months ago)

Why is this not being developed inside Mesa? There’s even precedent for it; gallium9.

Atemu, 6 months ago (edited 5 months ago)

ifconfig.me. Can also be be curl’d.

Easier to remember is to just search for what is my ip in clear net DuckDuckGo (or Kagi if you have it).

they all ask for CAPTYA which is an obvious attempt to obtain ones true IP.

How exactly is a CAPTCHA supposed to discover your “true IP”?

Also note that your IP address is by far not the only thing used to fingerprint you. See abrahamjuliot.github.io/creepjs/ and browserleaks.com.

Use TOR browser if you want your starting conditions to be reasonably anonymous.

Even more critical for fingerprinting is user behaviour though.