Max-P

If we allow derivatives, I’d say SteamOS despite being Arch. It’s putting Linux in non-technical people’s literal hands and it’s not a locked down and completely different platform that happens to run Linux like Android is. It’s almost designed by Valve to give people a taste of Linux by the addition of its desktop mode, and people that would be modding consoles are now modding SteamOS and learning how much fun an open platform can be. I’ve seen people from sales talk about their Decks on my work Slack.

Otherwise, NixOS, no contest. It’s been a really long time since we’ve last seen a fundamentally different distro that’s got some real potential. For the most part, Arch, Debian and Fedora do similar things with varying degrees of automation and preconfiguring your packages, but they’re still very package oriented. We’ve been mostly slapping tools like Ansible to really configure them to our liking reproducibly, answer files if your package manager has something like that. And then NixOS is like, what if the entire system was derived from evaluating a function, and and the same input will always result in the exact same system? It’s incredibly powerful especially when maintaining machines at scale. Updates are guaranteed to result in the exact same configuration, and they’re atomic too, no halfway updated system the user unplugged the system in the middle of.

That implies that it already existed in X11 environments?

Not necessarily. Especially in the gestures department, those tend to be Wayland exclusive and is probably why you need to press Alt on X11. I think applications pretty much only get scroll wheel events on X11, while on Wayland they get proper touch events so it’s possible to also implement pinch to zoom and the other usual ones.

Both Gnome and KDE only support 3-4 finger gestures on Wayland as well, like 3 fingers up for overview in Gnome just like macOS.

I would expect Wayland to work great on a Chromebook, I’d recommend giving it a try.

Security comes in layers, so if you’re serious about security you do in fact plan for things like that. You always want to limit the blast radius if your security measures fail. And most of the big cloud providers do that for their container/kubernetes offerings.

If you run portainer for example and that one gets breached, that’s essentially free container escape because you can trick Docker into mounting and exposing what you need from the host to escape. It’s not uncommon for people to sometimes give more permissions than the container really needs.

It’s not like making a VM dedicated to running your containers cost anything. It’s basically free. I don’t do it all the time, but if it’s exposed to the Internet and there’s other stuff on the box I want to be hard to get into, like if it runs on my home server or desktop, then it definitely gets a VM.

Otherwise, why even bother putting your apps in containers? You could also just make the apps themselves fully secure and unbreachable. Why do we need a container for isolation? One should assume the app’s security measures are working, right?

I’m not playing Netflix games unless they bring back the good ol’ cable TV games from the late 90s to dick around with your remote on the TV for 10 minutes.

Internally it’s even stored as a vote of either +1 or -1, so sending an undislike of a like probably also results in the vote’s removal. Lemmy just sums up all the votes and you have the score.

A like and a dislike activity are also contradictory, so even if you don’t unlike something, if you send a dislike it replaces the like as well.

Kernel exploits. Containers logically isolate resources but they’re still effectively running as processes on the same kernel sharing the same hardware. There was one of those just last year: https://blog.aquasec.com/cve-2022-0185-linux-kernel-container-escape-in-kubernetes

Virtual machines are a whole other beast because the isolation is enforced at the hardware level, so you have to exploit hardware vulnerabilities like Spectre or a virtual device like a couple years ago some people found a breakout bug in the old floppy emulation driver that still gets assigned to VMs by default in QEMU.

Both Docker and Podman pretty much handle all of those so I think you’re good. The last aspect about networking can easily be fixed with a few iptables/nftables/firewalld rules. One final addition could be NGINX in front of web services or something dedicated to handling web requests on the open Internet to reduce potential exploits in the embedded web servers in your apps. But other than that, you’ve got it all covered yourself.

There’s all the options needed to limit CPU usage, memory usage or generally prevent using up all the system’s resources in docker/podman-compose files as well.

If you want an additional layer of security, you could also run it all in a VM, so a container escape leads to a VM that does nothing else but run containers. So another major layer to break.

It flopped because it doesn’t really work, and most stuff we stick batteries on these days already do a good job of extracting all the energy out of the batteries. It’s mostly already built-in.

EEVblog made a few videos on it:

• https://youtu.be/Z-m-7jex88k?si=KhEtCmvGkeyEtj4h
• https://youtu.be/Tl90m2KHbNk?si=0LK6Op_E32w3tMSO
• https://youtu.be/dnXiLBabSTU?si=DufjcVHCvlLSGi5Q

Dead old batteries are dead, if there’s almost no energy in them they’re done. Best case you might be able to stick them in a remote or an LED candle or whatever. But it’s a physical limit: almost dead batteries just can’t supply high currents because of internal resistance.

Another way to look at it is those potato batteries: yeah, you can measure a voltage off them. Yeah, you might be able to light up an LED. But you will never be able to power something higher power, not even for a couple seconds. It’s physically not able to provide much current.

It… Seems fine to me so that might be a user setting. Do you see the same problem when logged out?

That’s interesting given the community is hosted on lemmy.world, it should be the one with the authoritative view. And I see plenty of lemmy.world comments on lemmy.ca on that post.

Of course it’s a 737 Max.

Boeing’s really been dropping the ball on the 737 Max upgrades, first the Max 8 now the Max 9.

At this point I kind of avoid airlines with Boeing fleets, the Airbus planes are nicer anyway in general.

Can you share examples?

It’s much easier to pinpoint when you can see it for yourself, and look for patterns like is it missing a particular instance’s comments, or is it all from instances running a newer/older version of Lemmy.

Imagine a post from a tiny instance running on the cheapest VPS going viral and now all of the top Lemmy instances are trying to embed it from the tiny instance. It would immediately blow up.

That would increase the barrier to entry massively, and all that to save a few GBs of disk space. It’s small enough it wouldn’t even fill up half of my phone’s storage that I’m carrying in my pocket all the time.

What’s wasteful is the MBs of JavaScript you load on most modern website infested with all the video ads.

What Lemmy does is also very effective because each instance acts as a cache for the other instances. If any given post is viewed more than once from a remote instance, it ends up cheaper in CPU and bandwidth.

On bigger instances, the cost of federation is very small compared to the load of serving the instance’s users.

It also allows instances to have their own sorting algorithms, discovery algorithms, you name it. You have the data, you can crunch the numbers however you want for your users. You can develop your own spam filters and tools.

Even on my small 5 users instance, that’s 4 users worth of traffic that never hits the bigger instances. Probably more because I refresh the home page a few times a day whenever I open up my app to scroll a bit.

You may disagree with it and may even be right, I didn’t bother watching all those videos. But the thing is, it’s always a potential liability for admins, and we’re at the mercy of what the law says and what a potential judge or jury would rule if brought to court.

And we all know how that goes when underage people are involved: everyone goes “but the children!”. Therefore, admins side with caution, because nobody wants to deal with legal trouble if they don’t have to. Just blur it and make everyone happy.

Plus, in the current AI landscape, the mere availability of nude children imagery even if it’s not sexually suggestive at all means someone can alter it to become so. People have already been arrested for that.

Nothing to do with people being too prude to see naked children. It’s about consent and what nasty people will inevitably do with it. Does that girl really want videos of her naked all over the porn sites even through heroic actions? Probably not.

That’s a very weird hill to blow alts on.

(a) Yes. Instance admins have the ultimate say in what’s on their server. They can delete posts, entire communities, ban remote users and delete remote users. At least they had the decency of notifying you!

Since lemmy.ca owns the post, lemmy.world can’t federate out the removal, so it’s only on lemmy.world.

(b) You have to go appeal to lemmy.world. Each instance have its own independent appeal process.

That’s the beauty of the fediverse: instances can all have their rules to tailor the experience to their users, and it doesn’t have to affect the entire fediverse. Other instances linked to lemmy.ca can still see and interact with your post just fine, just not lemmy.world.

Not really different than any other M.2 SSDs, that it’s over USB doesn’t matter.

The only consideration for USB sticks is that they’re usually quite crap, so running a system off it tends to use up the flash pretty quickly.

RAM is the kind of thing you’re better off having too much than not enough. Worst case the OS ends up with a very healthy and large file cache, which frees up your storage and makes things a bit faster/lets it spend the CPU on other things. If anything, your machine is future proofed against the ever increasing RAM hungriness of web apps. But if you run out of it, you get apps killed, hangs or major slowdowns as it hits the swap.

The thing with RAM is that it’s easy for 99% of your workload to fit comfortably, and then there’s one thing you temporarily need a bit more and you’re screwed. My machine usually uses 8-12/32GB of RAM but yet I still ended up needing to add swap to my machine. Just opening up the Lemmy source code and spinning up the Rust LSP can use a solid 8+GB alone. I’ve compiled some AUR packages that needed more than 16GB of RAM. I have 16 cores so compiling anything with -j32 can very quickly bring down a machine to its knees even if each compile thread is only using like 256-512MB each.

Another example: my netbook has 8GB. 99% of the time it’s fine, because it’s a web browsing machine, and I probably average on 4GB usage on a heavy day with lots of tabs open. But if I open up VSCode and use any LSP be it TypeScript or Rust, the machine immediately starts swapping aggressively. I had to log out of my graphical session to compile Lemmy, barely.

RAM is cheap enough these days it’s nice to have more than you need to not ever have to worry about it.