- SUSE is an in germany founded company (now in Luxembourg)
- https://www.sovereigntechfund.de/
- Not having a government directly develop a "blessed OS" is probably for the better
NekkoDroid
joined 1 year ago
Got myself an IFixit Mako a while ago, really nice even if I mostly just use the philips head ones
I genuinly hate NV as a company and their propriatary software, but I can say that the software they provide is decent/good. Like... good cards and software, terrible company and philosophy/moral
I don't really bother with AV on my linux system. What I do is just use trusted software from my repos and run containerized applications.
What I am currently working on is using secure boot with a Unified Kernel Image (already doing that) that boot into a read-only /usr/ partition with verity + signature (one UKI only loads a certain partition with a specific signature, or nothing at all). Any other things I need I create a systemd sysext that gets overlayed ontop of /usr/ (also read-only) or they get installed as flatpak. For development I would just be using nspawn containers and podman/OCI containers for services that are outside of the other scopes.
This is all based on https://0pointer.net/blog/fitting-everything-together.html which is a nice write down of what I am doing/following.
That already covers a lot of different attack vectors by just not having my system be modifyable outside of my control or apps just being containerized.
The thing with Wayland and X11 is: this couldn't really be done because of how fundamentally ~~broken~~ incompatible X11 is (and there is XWayland for most clients that mostly works)
I suspect they skipped checking who controls that domain at the time and just saw that it would make for a good name. Not good practice but I can see how that happened.
https://kbin.social/m/random/p/4648694/To-the-people-who-are-like-What-did-you-expect
Arch: Move more of the things shipped by the distro to /usr/, too many things are still in /etc/, /var/ and /srv/. Generally this isn't a problem, but when you want to make an A/B updated image where only /usr/ is shipped it is a bit annoying. Also, bash has no way to have a "distro" version of /etc/profile.
Another benefit is: no .pacnew files in /etc/ (or anywhere else) since those would all be managed by the system maintainer and aren't touched by the package manager
Those benchmarks under "Upstream" does not include esync/fsync from my understanding
I have NekkoDesktop, NekkoLaptop, NekkoLaptopJr (new laptop) and NekkoServer :) (Phones are just Nekko <Release> with release being S9 and S21 for Samsung or G6 for LG)
You should see the comments on the Phoronix forums...