Skip Navigation

Nobody

@ nobody_1677 @lemmy.world

帖子
18
评论
41
加入于
3 mo. ago

  • The zero-days are numbered | The Mozilla Blog - Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation [of Mythos Preview]

    跳过

  • Not zero bugs, but it should help. A benefit for defenders is that they can use AI review on code before they make it public or release it in a stable release

  • Coldbrew package manager

    跳过

  • Correct, that’s what I meant by calling it a lightweight sandbox that’s mainly used to isolate dependencies.

    Though the cool thing about cold brew is that it’s simply a shell script. Not even a crazy long one at that. It would not be difficult to modify the bubblewrap flags to increase security.

    Though filesystem isolation is not its goal, it’s meant to emulate that homebrew use which is unsandboxed.

  • Bluefin Dakota Alpha 1 | Bluefin

    跳过

  • That's my gripe with Atomic distros. I feel like they don't take the time to think things through and throw together. Instead, they throw together a new thing to address the shortcomings of the previous five things.

    Love them or hate them, it feels like the only player sticking to their guns is Canonical with snap. It's the only package manager that really does it all: GUI, CLI, IDEs, server, daemons, even the kernel and GRUB. Honestly, when the permission prompting is stable, I might be tempted to give it another chance.

  • Bluefin Dakota Alpha 1 | Bluefin

    跳过

  • Coldbrew kinda works like that. It uses bubblewrap and uses Alpine's packages: https://gitlab.postmarketos.org/postmarketOS/coldbrew.

    The unfortunate thing about snap is that of all options, it is the most capable. You get GUI, CLI, server, full filesystem access if needed (aka classic snaps). But Canonical really drags the project down and handicaps it with poor decisions.

  • Bluefin Dakota Alpha 1 | Bluefin

    跳过
    • It's pretty minimal out of the box (a bit like Arch). Unlike Fedora with SELinux or Ubuntu with AppArmor which come configured and enforcing out of the box.
    • Nix is a programming language, and a complex one at that. There are plenty of ways to achieve the same goal. But as a novice or even intermediate user, it's hard to know which is the best way. It also doesn't help when you go with Way A and later want to do something else, but you find someone's setup that uses Way B. Should I switch to Way B too? Or should I try to combine both ways into Way C?
    • Flakes. First off, it's annoying to have everyone say that NixOS is declarative and reproducible. Then you look into it a bit more and the story changes to "oh actually you need to enable this experimental feature to get better reproducibility". But the part that actually annoys me is how everyone uses flakes and expects you to too, but it's been an experimental feature forever and doesn't seem any closer to becoming not-experimental.
    • Linking issues. Say I install something like nvim with nix, then an nvim plugin wants to install something. That plugin isn't aware of nix and tries to do things the Unix way, but that breaks. I know there are two solutions/workarounds to this problem; some packages are patched to avoid this and there's something you can put in your configuration that "emulates" a more traditional environment that's more compatible.
    • I like sandboxing so I would use flatpak in NixOS. But there was some issue with fonts and icons I believe. I can't remember if this PR fixed it or not: https://github.com/NixOS/nixpkgs/issues/119433
    • Not the best UX out of the box. It's common to find people with nix caches of hundred of gigabytes large because the system doesn't automatically clean things up.

  • Bluefin Dakota Alpha 1 | Bluefin

    跳过

  • Brew installs both applications and their dependencies. When brew is added to the PATH, it also puts all those dependencies on your PATH.

    For the most part, this does not cause issues. The OS usually uses absolute paths for binaries and dependencies. But for some programs, they will rely on PATH and may not be compatible with what brew provides.

    Ideally, I think brew should fix this by only adding what you explicitly install to your PATH. When you launch it, it should launch a wrapper script that updates PATH with the homebrew dependencies. Though that wouldn’t exactly work for those who install a shell like zsh since then that would inherit the brew libraries anyway.

    Or instead of changing PATH at all, use a fancy linking mechanism like Nix.

    Universal Blue does some path tinkering to fix this, not sure how though. KDE Linux also has their own workaround, where they instead prioritize system dependencies over brews so that it’s brew that would break instead of the OS.

    Little more info from KDE:

  • Bluefin Dakota Alpha 1 | Bluefin

    跳过

  • I've used NixOS, wasn't that big of a fan. I certainly love the idea, but not the execution. Fedora Atomic just comes out of the box as a more complete, configured system that's easier to understand.

    I have been meaning to use Nix on Atomic, but the problem is that since / is immutable, Nix cannot create /nix and so doesn't work properly. But there are workarounds for that issue, I just haven't tried them yet.

    Nix certainly fixes the PATH issues of homebrew since it has its unique linking system.

  • Bluefin Dakota Alpha 1 | Bluefin

    跳过

  • Not sure how I feel about this "distroless" pattern. It's interesting to be able to get components directly from upstreams from like Gnome, but it makes certain tasks more difficult.

    The lack of any distro packages to fall back on when flatpak, distrobox, appimages, and brew fails is simply annoying. I've experienced this multiple times.

    • When I would flash OSes on my Pixel, I couldn't use flatpak/distrobox/brew. I would either have to (1) overlay a browser and ADB tools, (2) overlay ADB and maybe use an Appimage browser, or (3) boot into a traditional distro like Debian that has an unrestricted browser. Distroless has no recourse for me here.
    • Using sshfs: installing sshfs from brew or distrobox would not work without host configuration changes made by overlaying sshfs. Distroless has no distro package to fall back on
    • Using tailscale: tailscale from brew didn't work. Had to fall back on distro package. Distroless would fail me here, but in this case, I believe Jorge preinstalls it. So simply adopt all of Jorge's tastes and applications and you'll be fine...
    • No upstream Steam support since there's no rpmfusion or official valve package to use, you'd have to use something like the unoffical Steam flatpak

    While I love Fedora Atomic and atomic distros in general, I constantly feel like they do not think things through. They made the system harder to break, but with severely limited (if you use them the way you're encouraged to, like no layering). They then address these gaps one by one with more and more solutions that are imperfect and that do not fit all needs.

    • Flatpak is good for GUI apps, but not CLI.
    • Brew is good for CLI stuff, but does funky PATH things that could break host OS at times (and as mentioned, did not work for sshfs or tailscale for me). KDE Linux initially promoted Brew, but then later recommended not using it at all due to its PATH shenanigans
    • Distrobox is good if you need distro packages, but the containerization has limitations with desktop integration and more complex tasks, like I mentioned with flashing OSes on my Pixel.

    At least with Fedora Atomic (and containerfiles with bootc stuff), I can get a robust system, seamless OS upgrades, and install any packages that do not work well as flatpaks/distrobox/appimages.

  • Linux @lemmy.ml
    Nobody @lemmy.world

    Bluefin Dakota Alpha 1 | Bluefin

    docs.projectbluefin.io /blog/dakota-alpha-1/
  • Linux @lemmy.ml
    Nobody @lemmy.world

    This Week in Plasma: Per-Screen Virtual Desktops and Wayland Session Restore

    blogs.kde.org /2026/04/18/this-week-in-plasma-per-screen-virtual-desktops-and-wayland-session-restore/
  • Linux @lemmy.ml
    Nobody @lemmy.world

    This Week in Gnome #245 - Infinite Ranges

    thisweek.gnome.org /posts/2026/04/twig-245/
  • Linux @lemmy.ml
    Nobody @lemmy.world

    Hello old new “Projects” directory! – Ximions Blog - New XDG Directory

    blog.tenstral.net /2026/04/hello-projects-directory.html
  • Gnome @discuss.tchncs.de
    Nobody @lemmy.world

    This Week in Gnome #245 - Infinite Ranges

    thisweek.gnome.org /posts/2026/04/twig-245/

  • Apple's $599 MacBook Neo Sold Out Through April Amid Surging Demand

    跳过

  • My concern lies squarely with the 8GB of RAM. MacOS has great swapping implementation, but swap is not magic.

    Inevitably, the OS and applications will get heavier, requiring more swap and therefore more disk reads and writes.

    8GB on phones isn’t bad as iOS and Android are designed to freeze and kill background apps quickly. As an app developer, it’s something you design around. But on a desktop, that’s not an option, apps should only be frozen and killed at the last moment to avoid locking up the OS.

    I’d be more comfortable buying an older/used M1 Mac with 16GB of RAM. And given that Neo and M1 are roughly comparable, they should hopefully be supported for the same length of time.

  • Linux @lemmy.ml
    Nobody @lemmy.world

    New NTFS File-System Driver Submitted For Linux 7.1

    www.phoronix.com /news/New-NTFS-Driver-Submitted-Linux
  • Linux @lemmy.ml
    Nobody @lemmy.world

    Proton 11.0 is now available in Beta

    github.com /ValveSoftware/Proton/releases/tag/proton-11.0-1-beta1
  • Linux @lemmy.ml
    Nobody @lemmy.world

    Mid-life transitions - Christian Hergert officially stepping back from Red Hat and Gnome, so some major Gnome components are currently unmaintained

    blogs.gnome.org /chergert/2026/02/06/mid-life-transitions/
  • Linux @lemmy.ml
    Nobody @lemmy.world

    daniel stenberg: The AI slop security reporting is basically extinct [in curl]... [bugs] are found with AI tools and normally high quality bug reports.

    mastodon.social /@bagder/116407367327224765
  • Linux @lemmy.ml
    Nobody @lemmy.world

    openSUSE Tumbleweed now defaults to systemd-boot on new installs

    dominique.leuenberger.net /blog/2026/03/tumbleweed-review-of-the-week-2026-13/

  • stillOS 10(.1) is released

    跳过

  • It's based on Alma Linux, which is on version 10.1.

  • Ubuntu 26.04 Will Be the Worst Ubuntu Release Ever

    跳过

  • It's a utility app that is that is available on Linux, Windows, MacOS, iOS, Android. It's a decently popular app and is more likely to be used by regular people than in a business setting.

    It's in the top 50 most popular apps on Flathub.

  • Ubuntu 26.04 Will Be the Worst Ubuntu Release Ever

    跳过

  • Ubuntu being shit for personal users is all but new (Who wants 2 year old software?

    A lot of people. From a snap I maintain:

    So not only are some people fine with 2 year old software, they're choosing to use 4 year old software more often than 6 month old software (granted in this second case, you can argue it's because Ubuntu promotes the LTS as the main version).

  • What’s new in security for Ubuntu 26.04 LTS?

    跳过

  • If you have all the AppArmor patches and use a custom snap store, I believe so. There's some inefficiencies with flatpak that are currently ignored. For example, every flatpak app has its own bubblewrap processing running, though they are light on resource usage. However, inter process communication is really inefficient, there's a lot of context switching. You have the app talking to the dbus proxy and the proxy talks the real dbus (there might even be a step between the dbus proxy and real dbus).

    Meanwhile, for snap, this security stuff is handled by AppArmor security profiles. There's no need for a dbus proxy.

  • What’s new in security for Ubuntu 26.04 LTS?

    跳过

  • That's part of what I mean. Snap could be so much more interesting and useful if not for Canonical doing stuff like only allowing one store and slacking on proper support for non-AppArmor distros.

    One of the more bizarre experiences I've had is that a Canonical employee packaged a version of a Minecraft launcher. It was absolutely garbage, didn't even start. The first thing that comes to mind is that snap is just garbage. But for fun, I made my own package of it, and it just worked perfectly. Which just leaves me the question of why a Canonical employee who works on snap can't create a good snap package.

    There's also the weird fact that Ubuntu dropped the ball with its core24 runtime. For some reason, Canonical's own snaps stuck to core22 up until this month. Like, why wouldn't they upgrade to their latest runtime? If there was an issue with it, why has it been broken for 2 years? Doesn't inspire trust.

  • What’s new in security for Ubuntu 26.04 LTS?

    跳过

  • I can understand MIT being an issue in some cases. For example, VSCode is a proprietary fork of the MIT open-source Code. If Microsoft wanted, they could stop publishing the MIT open source version. Of course that code would still exist as MIT, but development would slow down without Microsoft.

    But I don't see uutils being MIT as an issue. It's primary goal is to be compatible with GNU coreutils. You can't really rug pull a project with a goal like that. And permissively licensed utils have been around thanks to BSD and it's never been an issue. You don't see companies like Apple using proprietary forked versions as benefit. The "value" they add is higher up the tech stack with their own truly proprietary stuff or open stuff that encourages lock-in to its ecosystem, like Swift.

  • What’s new in security for Ubuntu 26.04 LTS?

    跳过

  • Snap as a technology is so interesting and more versatile than other formats. It's just unfortunate that Canonical is in charge of the project, they've made some baffling decisions and continue to shoot themselves in the foot.

  • Linux @lemmy.ml
    Nobody @lemmy.world

    What’s new in security for Ubuntu 26.04 LTS?

    ubuntu.com //blog/ubuntu-26-04-lts-security-updates
  • Linux @lemmy.ml
    Nobody @lemmy.world

    Flatpak 1.16.4 Brings Important Security Fixes For Sandbox Escape & Deleting Host Files

    www.phoronix.com /news/Flatpak-1.16.4-Released
  • Linux @lemmy.ml
    Nobody @lemmy.world

    Libinput Hit By Security Issues With Its Lua Plug-In System

    www.phoronix.com /news/Libinput-Lua-Security-Issues

  • Is anybody running Linux on ARM laptops? (Mediatek, Qualcomm Snapdragon, etc.)

    跳过

  • Haven't done it personally, but I think Ubuntu would be one of the better choices. You get the Ubuntu ARM debs and ARM snaps out of the box.

    You can then install Flathub and Fedora Flatpaks.

    Fedora Flatapks is small and not without controversy, but one of its benefits is that all of its packages are built for ARM. Flathub and Snap aren't consistent in doing that. Any many times you'll find that Snap has an ARM build and Flathub doesn't, and vice versa.

  • Tech Talk: How Electron went Wayland-native, and what it means for your apps | Electron

    跳过

  • It certainly has it's issues. Takes up quite a bit of space since each app tends ships its own copy of electron (though distros like Arch do try to make apps share a single Electron build). Apps may ship out of date versions that may have security vulnerabilities, though it's not always the end of the world since they tend not to access outside of their own domains. As for slowness and resource usages, it's bit of a tricky subject; an Electron app can be optimized, but will always use quite a bit of RAM.

    Though undeniably they have been beneficial for Linux if only because it allows some companies to support Linux without too much extra work.

  • Tech Talk: How Electron went Wayland-native, and what it means for your apps | Electron

    跳过

  • SSD is still supported, just tested Spotify and Flathub's Electron test app in a VM with Plasma.

  • Linux @lemmy.ml
    Nobody @lemmy.world

    Tech Talk: How Electron went Wayland-native, and what it means for your apps | Electron

    www.electronjs.org /blog/tech-talk-wayland