Together with secure boot and your own signing keys, it could be a good way to en/decrypt the a dm-verity secured read-only rootfs. But for the home partition I would probably still want to enter my own decryption key, maybe via systemd-homed. From there you can update the kernel/initramfs and read-only rootfs image and sign them for the next boot.
This is complicated to set up. Otherwise maybe use TPM as a 2FA, so you still have to enter a pin?
Sure, Steam seems fairly okay, especially their Linux support, but I still mostly prefer GOG, wherever possible, because it offers more control to their customer over the product they bought.
It helps that Valve is not publicly traded, but I fear that if the current owner (Gabe Newell) dies, there might be a shift in business practices.
Enshittification can still happen in privately traded/owned companies, it generally happens slower and in case there are other reason for the owner(s) to maximize short term profits (e.g. business built on VC money), it can happen faster.
Well, if the text file uses git(hub/lab) flavored markdown, you can check/uncheck the boxes from the webui of git(hub/lab). No need to write an app for the apple device.
https://docs.gitlab.com/ee/user/markdown.html#task-lists
In gitlab you might need to edit the markdown file via an webeditor and create a commit this way.
Instead of relying on a specific cloud service, why not generate a text file from for the todo list data and checkbox state and push/pull it to a git repo?
There is gitpython, a pure python implementation of git.
That might make it even more dangerous, because you get used to flash to usb sticks on “/dev/sda”. And when you then use a device with a built-in sata drive, you might forget checking in a hurry.
Happened to me a once or twice. I am now only using bmap tools for this.
If you don’t like the term “toot” it’s fine, it shouldn’t matter who coined it. Don’t make your likes or dislikes dependent on who stuff or ideas come from.
I just wanted to explain some history of that term.
The knowledge of that history and context is what should influence your taste, not the specific individuals involved.
There is a bigger history on this. Involving the Mastodon developer Gargon and a famous YouTuber Hbomberguy:
https://mastodon.social/@Hbomberguy/146524
Gargon, at that time wasn’t aware of the double meaning, as they where non-native English speaker.
It got changed back to “publish” relatively recent.
Personally I liked “toot” it was unique and funny. Many Mastodon-Users still prefer or use “toot”.
This is the same between many different software development disciplines, fpga devs (or hardware devs for that matter) vs. driver devs, driver devs vs. backend dev, backend devs vs frontend devs, integrators vs everyone.
Nix on non-NixOS distributions would be great, if it would support installing apps into the users home directory instead of a global directory (without recompiling everything).
(When I looked into it, it wasn’t possible, but if you made it work, please share.)
I used to use Ubuntu in the past, and it wasn’t Unity, Upstart, Bazaar, Mir, Launchpad, Snap, Amazon ads integration etc. that convinced me to look elsewhere, it was that I found out how other, not commercial distributions, integrated and instrumented its user base into their development.
Instead of having to sign a CLAs when contributing and signing your right away to some corporation, you become part of the community. (Update: It seems they have switched from their Copyright assignment, so something not as invasive in 2011, which is good. But they still require you to sign a CLA.)
So always look who is developing the distribution first, are they individuals or is it one company. And don’t let yourself be bated into the dependency of one company, because then you will be the victim of enshittyfication eventually.
Nobody? That was a general statement, sorry if that was unclear formulated. I just see many people that first set a label for themselves and then try to fit into it, instead of just doing what ever they want and just use them as a short hand to explain themselves.
Yes, and labels suck. Don’t limit your yourself involuntarily just to fit into one.
Well, I consume more open source software that I will ever produce, so I am in a dept to the community. If it means working a bit more to make my contribution useful to others and fit it into the bigger whole, I will gladly do so.
Valve contributed to Linux before, so the fact that they don’t have any direct upstreaming plans right now indicates that something is causing friction.
I would avoid reading too much into it. They and their developers are still contributing on other stuff. Also when working together, there will always be some friction, in any public collaborative project ever.
Nothing of this is a burden, it is just part of being a good contributor that reads and follows the rules. Contributing is pretty easy, when you have read and are following the guides. If you haven’t already, you should give it a try.
I am pretty sure that this isn’t the first contribution of Valve to the Linux kernel. It sounds more to me like “works for me, don’t care about others” attitude. Which is not a good attitude to have when working in any collaborative project. (Not necessarily against the developers, could also be management.)
Well, it is about code quality. And the same codebase should work on different hardware, which is not something that is required in downstream forks.
But it is sad to see that the driver was submitted in the past, is still actively developed and improved, but there doesn’t seem to be plans of submitting them again.
Also I don’t think that a platform driver is so complicated that it requires such a long time for mainlineing. It not a filesystem or VPN.
On a more interesting topic, the SteamDeck platform drivers are still not merged into mainline Linux… :'(
Last news about it: https://www.phoronix.com/news/Steam-Deck-Platform-Driver-2024
That is why (A)GPL and not MIT/BSD, that is why no CLA.
I don’t understand why so many open source devs just gift their work and time to big corporations by choosing permissive licenses or signing away their contributions via CLA.
I started using Fedora Silverblue on a tablet, seems to work fine so far, but requiring a reboot in order to install new system packages is a bit cumbersome and the process itself takes a while, but ordinary Fedora also doesn’t win any races when asked to install a new package
I think switching to FCOS or Flatcar on servers that just use containers makes sense. Since it lessens the burden of administrating the base system itself. Using butan/ignition might be unusual at first, but it also allows to put the base system configuration into a git repo, and makes initial provisioning using ansible or similar unnecessary. The rest of the system and services can be managed via portainer or similar software.
I also do not have long term experience with FCOS, but the advertised features of auto-update, rolling-release, focus on security and stability makes it a good fit for container servers, IMO.
An alternative to Debian on servers might also be Apline Linux. Which also has more a focus on network devices, but some people use it on a desktop as well.
If you have many different systems, and just want to learn to operate them all, maybe NixOS might be interesting. Using flakes, you can configure multiple machines from just one repo, and share configurations between them. But getting up to speed on NixOS might not be so easy, it has a steep learning curve.
What’s ACC?
ACC - Advanced Charging Controller, which allows to set charge limits, thus extending the battery life, which should have been part of Android from the beginning,
Anyway I would strongly discourage using root under Android as it breaks the security model.
Security isn’t a binary, security works like an onion, you have multiple layers of security and multiple decisions to make on every level. Currently you might be right, that having root access to a device might compromise it in some ways, but that isn’t necessarily so and depends on how it is done.
You should find ways around using root and if you can’t you probably shouldn’t be doing on your phone anyway.
This kind of thinking is the ‘I know better than you’ mentality, that I sometimes see around people advertising GrapheneOS. Having ‘root’ permissions to the device is owing it, I want to decide what to do with it, not the vendor of the ROM, or who ever else. They aren’t me, they don’t know what I want to do with it.
The goal of security models is allowing me, the owner, to do what ever I want with my device, while preventing others, non-owners, un-trusted applications or the internet from doing what they want with my device. If the security model doesn’t allow me, the owner, to do what I want, then it failed its job at least partially.
Root is very dangerous as it can survive a factory reset.
Why is that dangerous? The first thing I do, when I get a new phone is boot into the boot loader, and overwrite the whole partition, then the system is trusted again, at least if I trust the vendor of the boot loader. When I want to do a factory reset, I do the same, overwrite the flash with a fresh OS image.
IMO, there are other reasons why the current implementation of root are dangerous: They currently considered binary and I think they could be implemented more gradually. Like one application having root over individual other applications, e.g. accessing their files. Allowing/Disallowing individual privileged system calls, or access to specific system files, etc. All of this could be hidden behind a switch in the developers menu. Maybe only allow applications to gain root access when using a registered hardware token, etc.
As for MicroG, it is sandboxed but it does require device admin for full functionality. It isn’t running as root but it requires a lot of device permissions. You can turn off the permissions you don’t need but that could break things.
In order for MicroG to work full, you need to fake the signature, which requires a patch to the system, or root privileges.
In what region is Elden Ring available on GOG?
Gog is also much easier to deal with via a VPN. I bought some region locked games easily doing that and could play them anywhere, because they are DRM-free. Steam is much more difficult, because each account belongs to a specific region. Moving accounts means you have to have an bank account and address in different countries, so easy for rich people, more difficult for ordinary folks.