Max_P

Max_P, 1 year ago

Install from source is fairly likely to work: wiki.ros.org/noetic/Installation/Source

It doesn’t seem to have any outrageously complicated dependencies to work, just C++, Boost and a few other recognizable names, at least at a glance. They also seemingly have an ArchLinux package, which means it’s likely to at least be buildable on latest everything. Mint will fall in between, so the odds it’ll compile are pretty good.

Max_P, 1 year ago

It’s not even always necessarily about trust, but risk management as well. I’ve definitely coded a crash handler that exposed my database credentials in it. There’s also the network aspect of it: your ISP/job/coffee shop can see the DNS request and TLS server name from the telemetry ping. That can be used to track you, or maybe you trigger some firewall alarm at work because of the ping.

We’ve kind of just started accepting that most apps will phone home and that there’s constantly some chatter on the network from all those apps. But if you actually start looking at what all your devices and apps are doing in the background with say, a PiHole, it’s pretty shocking.

I’m not that paranoid and would certainly accept some level of telemetry if asked nicely. “Hey I’m a small dev, I appreciate receiving detailed crash reports to make the app better”. And as a developer, users might be willing to offer way more than what would be reasonable to do in the background. I might even agree to submit a screenshot on crash, but if and only if I’ve been asked before and told what it’s used for, and I get the option to disagree if I’m going to be handling private information and don’t want to risk my data be part of a stack trace.

Max_P, 1 year ago

Any reason the VPN can’t stay as-is? Unless you don’t want it on the unraid box at all anymore. But going to unraid over VPN then out the rest of the network from there is a perfectly valid use case.

Max_P, 1 year ago

For KDE specifically I think there’s a dbus interface that can be called to switch it. You can find it with QDBusViewer or D-Feet.

I’d imagine XWayland would follow the same since it’s essentially a Wayland client. But if you ran the xmodmap under xwayland, that may have inverted it in xwayland, and it’s already inverted in KWin which would double invert it aka put it back to default.

Otherwise doing it at the evdev level will definitely work. It’s a bit of a nuclear option but if it works…

Max_P, 1 year ago

Sometimes “ugly” is even “not pretty and wealthy looking”.

Wind turbines aren’t pretty but they’re not any more of an eye sore as overhead power lines or whatever. And at least it’s a symbol of caring about being sustainable.

A lot of people like to move all the “ugly” elsewhere out of their sight and then call those places shitholes. It doesn’t bother them they’re just moving the infrastructure where the less wealthy have to deal with it. They’d rather a coal plant destroy a lower class city in pollution than see wind turbines near their upper class neighbourhood.

Max_P, 1 year ago

Kernel exploits. Containers logically isolate resources but they’re still effectively running as processes on the same kernel sharing the same hardware. There was one of those just last year: blog.aquasec.com/cve-2022-0185-linux-kernel-conta…

Virtual machines are a whole other beast because the isolation is enforced at the hardware level, so you have to exploit hardware vulnerabilities like Spectre or a virtual device like a couple years ago some people found a breakout bug in the old floppy emulation driver that still gets assigned to VMs by default in QEMU.

Max_P, 1 year ago

Both Docker and Podman pretty much handle all of those so I think you’re good. The last aspect about networking can easily be fixed with a few iptables/nftables/firewalld rules. One final addition could be NGINX in front of web services or something dedicated to handling web requests on the open Internet to reduce potential exploits in the embedded web servers in your apps. But other than that, you’ve got it all covered yourself.

There’s all the options needed to limit CPU usage, memory usage or generally prevent using up all the system’s resources in docker/podman-compose files as well.

If you want an additional layer of security, you could also run it all in a VM, so a container escape leads to a VM that does nothing else but run containers. So another major layer to break.

Max_P, 1 year ago

Of course it’s a 737 Max.

Boeing’s really been dropping the ball on the 737 Max upgrades, first the Max 8 now the Max 9.

At this point I kind of avoid airlines with Boeing fleets, the Airbus planes are nicer anyway in general.

Max_P, 1 year ago

It indeed doesn’t, its purpose is to show the differences and clarify why/where OP might have heard you need special care for portable installs on USB sticks.

All the guides and tutorials out there are overwhelmingly written with regular USB sticks in mind and not M.2 enclosures over USB. So they’ll tell you to put as much stuff on tmpfs as possible and avoid all unnecessary reads and writes.

Max_P, 1 year ago

Not really different than any other M.2 SSDs, that it’s over USB doesn’t matter.

The only consideration for USB sticks is that they’re usually quite crap, so running a system off it tends to use up the flash pretty quickly.

Max_P, 1 year ago

How is it unrelated? Running MongoDB in a container so that it just works and you have a portable/reproducible dev environment is a perfectly valid approach.

Max_P, 1 year ago (edited 1 year ago)

As an aside, distro doesn’t matter but should make sure realtime is set up properly for the optimal latency. That usually requires the linux-rt kernel. The default one isn’t quite as bad as it used to be, but linux-rt will be able to guarantee low latency processing without dropouts. Also worth tuning/hardcoding latencies in JACK or PipeWire if the audio delay is too big out of the box.

Max_P, 1 year ago

I’ve never had to restart the Lemmy container and tracking down the reason why is probably a good idea.

Also rule 5, this belongs to !lemmy_support

Max_P, 1 year ago

<span style="color:#323232;">sudo machinectl login the-user@localhost
</span>

That will handle all the PAM stuff as if you actually logged in.

Max_P, 1 year ago

Maybe a Steam Deck if they’re into gaming, boy do people love to tinker with their Decks.

Max_P, 1 year ago

Installing Ubuntu isn’t breaking any DRM or any anti-piracy measures.

Unless your country is really strict about using devices exclusively as the manufacturer intended, but that’d be countries that also want to monitor everything you do. Hard to tell without knowing what country that is.

That said, I’m pretty sure Google is perfectly okay with people doing that. Even on the Pixel phones, they openly let you unlock the bootloader, and even allows you to add your own keys so you can relock the bootloader with a custom OS. They only care about security and people not getting a device from eBay full of malware. That’s why there’s a message during boot that’s either orange or yellow warning, to tell the users the device has been tampered with. But everything works fine otherwise.

Max_P, 1 year ago

At this point there should probably be a generic “just ask random questions for other Lemmy users” community to direct those people to. People don’t seem to get that this one is similar to AskReddit in purpose, but Lemmy is small so there’s no immediately obvious general communities.

Max_P, 1 year ago

The only reason it will not work would be if OP has manually configured stuff in /etc/X11 in some way. You can even have both in the system at the same time (which does require a little bit of extra configuration). Absolute worst case you check out /var/log/Xorg.0.log it tells you the config you forgot in /etc/X11/xorg.conf.d/20-nvidia.conf 5 years ago doesn’t work because the GPU is gone, you delete it, restart Xorg and you’re good to go.

Even on Windows it’s kind of a myth. Some people are like you need to DDU the old driver in safe mode before swapping them out. You can really have them both installed it’s just going to be weird because on Windows both vendors come with ridiculous amounts of bloat.

AMD cards just works as long as your distro is reasonably up to date. No extra drivers, in fact, installing AMDGPU-PRO is usually worse unless you fit some specific use cases.

Max_P, 1 year ago

What is even the value of Netplan on… desktop? Most people just pick their WiFi in the menu in Gnome. That sounds like a lot of unnecessary complexity.

For servers, sure, it’s fairly nice. But, desktop? Why?

Max_P, 1 year ago

And like and comment as appropriate about the same as I would on Lemmy and used to on Reddit.

Not because they asked for it, but because I genuinely liked it and want to boost it, and because I genuinely have something useful to say/add to it in the comments.

Max_P, 1 year ago

Similarly, the high availability of source code may lead to malicious instances, actors, and/or back-end modifications that would favor specific instances resounding consequence throughout the Fediverse.

That’s ultimately just the Internet being the Internet.

On the fediverse, any instance shouldn’t blindly trust any other instance for that exact reason. That’s part of the game. Instances share the data over ActivityPub, and it’s up to you to process and make use of that data. That includes spam filtering and whatnot. Some instances have CSAM detection for example.

Every instance that’s subscribed to a user or community gets the full set of data: every vote, from every user, from every instance involved. We have the data, we can analyze it. And that’s what really matters.

It doesn’t matter if there’s rogue instances trying to manipulate votes. Everyone have the data to detect and filter out the noise. Maybe one day it’ll be like E-Mail where the majority of the traffic is spam. But just like E-Mail, we’ll make filters and make it work. If all else fails, there’s always the allowlist method: only see content from sources you trust not be spammy. You can even run AI models on it to filter the data if you want. You have the data, you can do whatever you want with it to make it useful for you.

I have faith in the protocol and its openness, not the software that runs it.

Max_P, 1 year ago

and then it will reach out to other instances to grab content from every external community that at least one local user has subscribed to

It’s the other way around. The local user subscribes to the community on the remote instance, which causes the remote instance to then push you every action that occurs on that community as it happens. The pull method is only used once and doesn’t bring in comments, it’s meant as a preview for when a remote community is used for the first time.

And this is why their content won’t make it to your instance: it expects the other instance to send it to you, but they’re refusing to. Similarly, they won’t accept content from your instance, even though it’s trying to.

Local and remote communities are pretty similar internally, federation happens as a separate process in a queue system.

This leads to this:

you can still subscribe to subs on defederated instances, it’s just the interactions that don’t get passed back and forth.

Max_P, 1 year ago

I think 0.19 is reverting that behaviour, because it was indeed a certified bad idea.

I think the idea was to attempt to bulletproof potentially crappy clients especially after the XSS incident, but the problem is it’s simply not even always rendered in a web context which makes the processing kind of a pain.

Wouldn’t surprise me if it becomes double and triple encoded too at times because of the federation. Do you encode again or trust that the remote sent you urlencoded data already?

Best format is the original format and transform as late as possible, ideally in clients where there’s awareness of what characters are special. It is in web, not so much in an Android or terminal app.

I don’t think the Lemmy devs are particularly experienced web developers in general. There’s been a fair amount of dubious API design decisions like passing auth as a GET parameter… Thankfully they also fixed that one in 0.19.

Max_P, 1 year ago

– People choose to share nudes or go into porn for a very wide variety of reasons, and you should not be assuming anything about their self-esteem, dignity or self-worth, because you don’t know them or anything about them other than they chose a different lifestyle than yours.

I have an entire friend group that shares nudes like it’s selfies because for us it’s just body parts like any other and we can admire the beauty of the human body. No feelings of vice or dirtiness involved whatsoever. I can go around seeing naked people and just appreciate the beauty without feeling dirty or even thinking about sexual intercourse and look respectfully. I feel comfortable being naked around my friends, I’ve been around friends literally hooking up next to me, it’s no big deal at all. I’m cute you’re cute, do you wanna sword fight? I’ll happily talk about my sexual life (within respect of privacy of course). I’ll talk you through your kitty issues and not think any differently. It’s healthy in my opinion.

IMO healthy porn exists, there’s a whole world between anti porn and hardcore fetish porn. I see nothing wrong with a casual pair of boobies or a dick.

Some people are indoctrinated by religion to feel like their body is dirty and needs to be hidden away, and feel shame to even think about sex or feel sexually stimulated by anyone but their spouse, and that’s okay if that’s their choice. And for some people it’s just normal life stuff. I personally think religion is harmful and worthless but I don’t go around calling people practicing it low life sheeps with no self worth or sexually frustrated closeted perverts.

Max_P, 1 year ago

This, the algorithm doesn’t care whether you like enjoy it or not, it cares whether you engage with it or not. Even dislikes are engagement.