There were talks a few years ago about changing sd-tmpfiles name but it was decide not worth it due to the churn and bikeshedding it would cause.
sd-tmpfiles is generally used to create, modify (e.g. permissions) and remove directories on the system. The home.conf is intended for systems that only ship /usr/ (e.g. containers) to create /home/ and /srv/ as a separate subvolume on btrfs
The BSOD really isn’t something to be mad at, it actually in theory is good but there is only so much you can do when a kernel panics. What you should be mad at is shitty drivers causing BSODs
which definitely seems out of scope.
Doesn’t seem out of scope for a system and service management suite. Like, the timeperiod where systemd was “just an init” was relativly brief (like half a year).
I don’t really bother with AV on my linux system. What I do is just use trusted software from my repos and run containerized applications.
What I am currently working on is using secure boot with a Unified Kernel Image (already doing that) that boot into a read-only /usr/ partition with verity + signature (one UKI only loads a certain partition with a specific signature, or nothing at all). Any other things I need I create a systemd sysext that gets overlayed ontop of /usr/ (also read-only) or they get installed as flatpak. For development I would just be using nspawn containers and podman/OCI containers for services that are outside of the other scopes.
This is all based on https://0pointer.net/blog/fitting-everything-together.html which is a nice write down of what I am doing/following.
That already covers a lot of different attack vectors by just not having my system be modifyable outside of my control or apps just being containerized.
The thing with Wayland and X11 is: this couldn’t really be done because of how fundamentally broken incompatible X11 is (and there is XWayland for most clients that mostly works)
Arch: Move more of the things shipped by the distro to /usr/, too many things are still in /etc/, /var/ and /srv/. Generally this isn’t a problem, but when you want to make an A/B updated image where only /usr/ is shipped it is a bit annoying. Also, bash has no way to have a “distro” version of /etc/profile.
Another benefit is: no .pacnew files in /etc/ (or anywhere else) since those would all be managed by the system maintainer and aren’t touched by the package manager
Those benchmarks under “Upstream” does not include esync/fsync from my understanding
I have NekkoDesktop, NekkoLaptop, NekkoLaptopJr (new laptop) and NekkoServer :) (Phones are just Nekko <Release> with release being S9 and S21 for Samsung or G6 for LG)
The thing with AppImages is: it requires FUSE2 which doesn’t really get packaged/included by default anymore in a lot of places and the recommendation is “build on the most old and crusty distro you want to support” which just sounds like a nightmare in multiple ways :)
And with snaps the sandboxing only really works on Ubuntu and nowhere else last time I looked into it (then there is also the entire problem if you want to host your own repository/“storefront”).
So really the only universal sandboxing method that effectivly makes sense is Flatpak.
Bruh, I read this as ELF instead of EFL and was hoping on learning something interesting about the format.
But then I started the TTS to read out loud and noticed it said E-F-L.
I download noto-fonts{,-{cjk,emoji,extra}} and ttf-nerd-fonts-symbols{,-mono}
deleted by creator
Apparently google doesn’t even offer new registrations anymore
whatever the Windows App Store is called.
Officially it’s called the “Microsoft Store” but I don’t think anyone really calls it that (Same with the “Windows Explorer” until they renamed it to “File Explorer” as everyone has been calling it)
The entire linux-firmware package is just a conjuntion of binary blobs from different vendos (one of with is AMD). This is nothing special.
IIRC it’s because they wait for the X.1 release of GNOME before actually updating
I am not entirely sure, but I think it depends on the page if it warns if text is in an input and you want to leave the page.
Accent colors are coming with GNOME 47.