Fun fact: you don’t need to add the nixpkgs channel for the determinate systems installer, even when using channel commands or other things since it adds an option to your nix.conf to reference the nix flake for nixpkgs.
I don’t know how to update this flake though.
There’s also the needy users that create tickets for every prompt, dialog, message, delay… Pretty much anything that could happen at all ever, whether it affects their ability to do their work or not.‘’
This could be weaponized incompetence. “Oh I keep having issues with my computer that interfere with my work, so I can’t work and IT is incompetent and can’t help me, look at all these tickets and how long IT takes. I just can’t get any work done!”
You could say the same thing about sudo. Sudo’s codebase is massive, compared to alternatives like doas, but it comes with many features doas does not have, like being able to ask a remote LDAP server if a user will be able to escalate.
I find it absurd that we have just simply accepted the idea of a setuid binary with built in networking code, as our primary admin escalation tool. 100,000+ lines of C code, code that has had multiple buffer overflow exploits*, in a setuid binary, just for temporary admin privileges. Does that seem necessary to you?
Polkit provides an alternative to that. If you don’t need the features, then fine, you don’t have to use run0 — but then you can’t use sudo without being a hypocrite. No longer do I have to have rely on a setuid binary that tries to do everything in one program when I really need sudo’s features, instead polkit handles authentication (including asking remote resources if an action is okay), and run0 handles actual escalation.
In another comment in this thread, you mention sudo being lightweight — which is outright false. Compared to doas or su, it’s extremely heavyweight, and with that complexity comes more risk of vulnerabilities. You also mention pkexec, for executing with polkit, but pkexec is also setuid, and has many of the same pitfalls.
*Buffer overflow exploits in sudo:
No one complained when s6, another init system, also offered a sudo alternative (before systemd did, too). But when Poettering does it, it’s bad and wrong and ununixlike!
Maybe setuid has been extremely problematic, and more than one entity has sought alternatives?
If you really need Windows, then there is Windows 10/11 Internet of Things, Long Term Servicing Edition.
It’s Windows, for enterprises, without any of the bloat they force upon consumers normally.
It doesn’t even come with the Windows store, but that is trivial to reinstall, like only a single powershell command.
Its like people only watched the opening scene and the one in which he murders Allen.
And the business card scene. But yeah, I think a large portion of people didn’t watch the actual movie, and only saw those three clips on youtube (including me).
I can spiral my tongue, so that the front part is fully upsidr down - but only to the left. I can’t rotate it to the right at all for some reason, it’s like the equivalent muscles are missing.
After Twitter went to shit, where else do customers have to go for customer support like this?
Admittedly, I didn’t read the article, but I have seen plenty of other cases woth cloudfare or other big providers where people have only been able to set things right by kicking up a fuss on social media — like that recent one with amazon aws.
Old version docs tend to offer you a redirect to more recent docs
Sadly, the docs, I’ve worked with (openstack and ansible) frequently, don’t do this. They have a button to go to the latest version of the docs, but not to the equivalent page on the latest version. This means I have to find the equivalent page again, from the integrated search usually.
And yes, a lot can change between versions. New features can get added that solve your problems or older stuff can get removed.
Putting something on GitHub is really inconsequential if you’re making your project open source since anyone can use it for anything anyway,
Except for people in China (blocked in China) or people on ipv6 only networks, since Github hasn’t bothered to support ipv6, cutting out those in countries where ipv4 addresses are scarce.
So yes, it does matter. Both gitlab and codeberg, the two big alternatives, both support ipv6 (idk about them being blocked in china). They also support github logins, so you dob’t even need to make an account.
And it’s not a black or white. Software freedom is a spectrum, not a binary. We should strive to use more open source, decentralized software, while recognizing that many parts are going to be out of our immediate control, like the backbone of the internet or little pieces like proprietary firmware.
I agree with this.
Sometimes I’ve seen people complain about people using asklemmy for not askreddit style questions, but I actually think that’s ok and I’m in favor of that as it means more discussion, content, and visibility.
Eventually asklemmy will reach “critical mass”, and split into more niche communities.
What was it? I’m planning to do a nextcloud deployment via helm soon.
Because some of us have fat fingers and accidentally downvote when we scroll on mobile.
One of the things I liked about reddit was that, since it saved downvoted posts, I could go through the list every once in a while and undownvote the accidents.
Can’t do that here though, and I sometimes notice posts or comments I’ve accidentally downvoted.
Anyway, people shouldn’t care so much, we don’t have a karma system or the like here anyways, so why does it matter?
I can’t find the source code for this extension
One of the downsides to hardcoding snap to only be able to use a single repo/store is probably added difficulty in creating testing infra for testing if uploads/CI/CD work.
lol, one of the first one’s I click on: https://snapcraft.io/test-snapd-public (by Canonical)
A basic buildable snap that is expected to be published in public mode
Maybe if they didn’t insist on holding a monopoly over the store, they would be able to have an internal version of the store for testing, rather than cluttering the public one.
It’s a shame the price you pay for that is no crossplatform support.
If you have a little bit of server management know-how, you can set up https://geysermc.org/, which allows for crossplay between bedrock and java on a java server.
LXD/Incus. It’s truly free/open
Please stop saying this about lxd. You know it isn’t true, ever since they started requiring a CLA.
LXD is literally less free than proxmox, looking at those terms, since Canonical isn’t required to open source any custom lxd versions they host.
Also, I’ve literally brought this up to you before, and you acknowledged it. But you continue to spread this despite the fact that you should know better.
Anyway, Incus currently isn’t packaged in debian bookworm, only trixie.
The version of lxd debian packages is before the license change so that’s still free. But for people on other distros, it’s better to clarify that incus is the truly FOSS option.
Edge WebView2
I’m like 90% sure this requires edge to be installed, even though the EU mandated that they make edge uninstallable. So that might be their game here.
Dockers manipulation of nftables is pretty well defined in their documentation
Documentation people don’t read. People expect, that, like most other services, docker binds to ports/addresses behind the firewall. Literally no other container runtime/engine does this, including, notably, podman.
As to the usage of the docker socket that is widely advised against unless you really know what you’re doing.
Too bad people don’t read that advice. They just deploy the webtop docker compose, without understanding what any of it is. I like (hate?) linuxserver’s webtop, because it’s an example of the two of the worst footguns in docker in one
To include the rest of my comment that I linked to:
Do any of those poor saps on zoomeye expect that I can pwn them by literally opening a webpage?
No. They expect their firewall to protect them by not allowing remote traffic to those ports. You can argue semantics all you want, but not informing people of this gives them another footgun to shoot themselves with. Hence, docker “bypasses” the firewall.
On the other hand, podman respects your firewall rules. Yes, you have to edit the rules yourself. But that’s better than a footgun. The literal point of a firewall is to ensure that any services you accidentally have running aren’t exposed to the internet, and docker throws that out the window.
You originally stated:
I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.
And I’m trying to say that even if that was true, it would still be better than a footgun where people expose stuff that’s not supposed to be exposed.
But that isn’t the case for podman. A quick look through the github issues for podman, and I don’t see it inundated with newbies asking “how to expose services?” because they assume the firewall port needs to be opened, probably. Instead, there are bug reports in the opposite direction, like this one, where services are being exposed despite the firewall being up.
(I don’t have anything against you, I just really hate the way docker does things.)
I just use termux + the simple http server built into python