Atemu

Atemu, 1 year ago

Voting is another concept that would become unhackable overnight

No. Voting on the blockchain is an even worse idea than money on the blockchain.

In many cases, there are good reasons why these things are done they way they are. I have yet to see a software system that is better at preventing voter fraud than humans looking at your government-issued ID at a poll site and humans overseeing other humans manually counting votes.

A single actor might be able to commit voter fraud in the order of dozes or hundreds of votes perhaps but with a digital voting system based on blockchain, they could do so on the order of thousands or even millions by compromising end-user devices used for voting or buy enough work/stake/whatever to perform a 51% attack.

Same goes for money btw. Our current system is by far not a perfect one but removing the ability for governments to i.e. freeze accounts of bad actors is not a boon.

Atemu, 1 year ago

nobody’s made a solution that is simple and effective

This one isn’t that either by the looks of it but it’s certainly a problem where something like blockchain could provide a solution.

Atemu, 1 year ago

This is false. Protonmail has supported Web Key Discovery for external domains since 2019: proton.me/blog/security-updates-2019

Atemu, 1 year ago

Homomorphic encryption enables votes to be both public and obfuscated at the same time.

That’s nice but has nothing to do with voter fraud prevention.

I will not reply to the stupid ad hominem. You have made it exceptionally clear that you have no idea what my political views are.

Atemu, 1 year ago

So PM claims it has on the order of 10^8 users. Let’s assume each user has one email address with one public ed25519 key, both of which are likely false.

Each key is 32Byte; 32B * 10^8 = 3.2GB.

Could someone do the math how much fiat it’d take to store such an enormous amount of data on the Ethereum or monero blockchains?

Atemu, 1 year ago

It actually is. The file gets opened by bash and bash passes the file descriptor to cat but cat is the program which instructs the kernel to write to the device.

Modern cat even does reflink copies on supported filesystems.

Atemu, 1 year ago

systemd has become like the JavaScript of init systems

Likening systemd to JavaScript is incredibly inappropriate.

systemd now handles DNS, cron, bootloader, and is a suite of tools tightly coupled with the init system)

No. Except for the cron replacement, all of those are stand-alone tools that can be run with systemd, without systemd or replaced with any alternative.

They just happen to be developed under the systemd project umbrella and are obviously tested to work well with another.

This argument is especially weird for systemd-boot; it’s not even a Linux program ffs.

There are some components that are harder to replace with alternatives but mostly because no good alternatives exist. Systemd might be partially to blame here in how easy it is those parts can be ran independently and replaced with equals and you could certainly criticize it for that but you didn’t even mention one of them.

Truth be told, the birth of systemd really heralded in the death of the UNIX philosophy

There is no truth in this sentence.

Doing one thing only, and doing it well, while looking good on paper, and oftentimes is a good general rule of thumb, doesn’t apply to modern application development, for better and worse.

What? Please google “Microservices”.

---

Your whole wall of text hinges on the assumption that systemd is a simple “init system”; a root process spawning a set of other processes. This is false.

systemd (as in: PID1) does service management, not init. It happens to also fit into the “job description” of init because starting and cleaning up dead services also fall under the responsibility of a service manager but reducing it to just an init system is just plain wrong. All the other things are handled by separate components/processes.

Thus, it still follows the “unix philosophy”. The “one thing” it does simply isn’t what you think it does.

It’s like saying cp doesn’t follow the UNIX philosophy because you could copy files with cat. cat is soo much simpler to understand, why would anyone ever use the bloated cp? Must be the pesky commercial influence of Bell labs!

Truth be told, the birth of cp really heralded in the death of the UNIX philosophy.

Atemu, 1 year ago

simple_cat which does a simple read/write loop

You just proved my own point. cat does the write(). Bash just configures where it writes to.

re the reflink thing, you were probably thinking of cp, not cat.

No, I was specifically thinking of cat. I just copied a 73G non-sparse incompressible file in 3 seconds using cat file > copy.

copy_file_range does reflinks on btrfs.

Atemu, 1 year ago

Any distro that ships relatively recent libraries and kernels.

With the exception of Debian, RHEL, SLES and the like, pretty much everything.

Atemu, 1 year ago

This kind of integration testing is best left up to the individual distros. Same as the integration (as in: packaging) itself.

Distros don’t want your binary package, they want your source code, build instructions and a build system that won’t make them cry. Some distros even explicitly disallow re-packaging external binary distributions.

As a distro maintainer, I appreciate your wish to do QA on all the distros but that’s just too much work. You focus on making your software better, we focus on making it work with the rest of the software ecosystem.

Providing a package for one or two distros (i.e. your favourite one) is good practice to ensure your software can be reasonably packaged but it’s not the primary way your users should receive your package in the traditional Linux distro model.
Additionally, you might want to package your software for one of the cross-distro package managers such as Flatpak, AppImage, Snap, Nix, Guix, distri or homebrew. This can serve distro maintainers as a point of reference; showing how it is intended to work so they can compare their packaging effort. If there’s some bug present in the distro package but not the cross-distro package, that’s a good sign the issue lies in the distro packaging for example.
Again, don’t put much time in this. Focus on your app.

Atemu, 1 year ago

I use NixOS but I don’t bother with automatic deployment or even automatic formatting. I don’t feel it’s necessary in a homelab setting as hardware failure rarely happens at such small scale and the manual steps left aren’t that significant.

Atemu, 1 year ago

atproto.com/guides/overview

Atemu, 1 year ago

Not just read but modify even.

Atemu, 1 year ago

I don’t know about timeshift but it appears to have a configuration tab for snapper.

Atemu, 1 year ago (edited 1 year ago)

What you’re doing is perfectly fine.

It is however more of a mitigation for bad distro installers than general good practice. If the distro installers preserved /home, you could keep it all in one partition. Because such “bad” distro installers still exist, it is good practice if you know that you might install such a distro.

If you were installing “manually” and had full control over this, I’d advocate for a single partition because it simplifies storage. Especially with the likes of btrfs you can have multiple storage locations inside one partition with decent separation between them.

Atemu, 1 year ago

except for hdds without cache

The “cache” on HDDs is extremely tiny. Maybe a few seconds worth of sequential access at max. It does not exist to cache significant amounts of data for much longer than that.

At the sizes at which bcache is used, you could permanently hold almost all of your performance-critical data on flash storage while having enough space for tonnes of performance-uncritical data; all in the same storage “package”.

Atemu, 1 year ago

Note that bcache and bcachefs are different things. The latter is extremely new and not ready for “production” yet. This post is about bcache.

Atemu, 1 year ago

WDYM by “overheat”?

Atemu, 1 year ago

TL;DR Amazon is building a Linux distro that starts a chromium to run react native apps. Apparently, you need hundreds of people for that.

Atemu, 1 year ago (edited 1 year ago)

AMD platform support is coming to coreboot in the next few years, consumer platforms much later and even there I’m doubtful it’d come to your laptop in particular.

Get a Frame.work with Intel chip if you want coreboot on a modern laptop soon-ish. I know the guy working on that port ;)

Atemu, 1 year ago

In regular FHS distros, an upgrade to libxyz can be done without an update to its dependants a, b and c. The libxyz.so is updated in-place and newly run processes of a, b and c will use the new shared object code.

In Nix’ model, changing a dependency in any way changes all of its dependants too. The package a that depends on libxyz 1.0.0 is treated as entirely different from the otherwise same package a that depends on libxyz 1.0.1 or libxyz 1.0.0 with a patch applied/new dependency/patch applied to the compiler/anything.

Nix encodes everything that could in any way influence a package’s content into that package’s “version”. That’s the hash in every Nix store path (i.e. /nix/store/5jlfqjgr34crcljr8r93kwg2rk5psj9a-bash-interactive-5.2-p15/bin/bash). The version number in the end is just there to inform humans of a path’s contents; as far as Nix is concerned, it’s just an arbitrary name string.

Therefore, any update to “core” dependencies requires a rebuild of all dependants. For very central core packages such as glibc, that means almost all packages in existence. Because those packages are “different” from the packages on your system without the update, you must download them all again and, because they have different hashes, they will be in separate paths in your Nix store.

This is what allows Nix to have parallel “installation” of any version of any package and roll back your entire config to a previous state because your entire system is treated as a “package” with the same semantics as described above.

Unless you have harsh data caps, extremely slow connections or are extremely tight on disk space, this isn’t much of a concern though.
Additionally, you can always “garbage collect” old paths that are no longer referenced and Nix can deduplicate whole files that are 1:1 the same across the whole Nix store.

Atemu, 1 year ago

Why is it that GrapheneOS/CalyxOS always seem to attract these kinds of people?

Atemu, 1 year ago

I somehow doubt that’s all you said.

Atemu, 1 year ago

Well, you can roll back with a switch too; no reboot required.

The VM protects you from accidental state modification however (i.e. programs enabled by some DE by default writing their config files everwhere) and its ephemeral nature makes a few things easier.

Atemu, 1 year ago

Post the journal after wakeup, not before.