boredsquirrel

joined 7 months ago
[–] boredsquirrel@slrpnk.net 1 points 3 hours ago (1 children)

So how is this vendor lockin?

[–] boredsquirrel@slrpnk.net 1 points 4 hours ago (3 children)

I can imagine that theirs is safer and more suited for targeted devices. Linux is extremely generalistic and has a ton of cruft.

But I have never looked at their code or tried to port a Linux app to Android. The #Krita devs might have some insight here.

[–] boredsquirrel@slrpnk.net 1 points 19 hours ago

Just saying what some guy told me.

It is also a highly modified kernel, extremely reduced. They do all filesystem stuff in userspace for example, which is pretty cool. And they add a ton of garbage out of tree drivers.

[–] boredsquirrel@slrpnk.net 2 points 20 hours ago (7 children)

They dont use GNU or glibc or systemd

[–] boredsquirrel@slrpnk.net 6 points 20 hours ago

Anything that supports EPUB, AZW3 or MOBI. So basically anything.

And should have like 8GB of storage at least.

I used a Kindle Touch, just didnt connect to the internet and used Calibre to convert EPUB to MOBI without issues.

[–] boredsquirrel@slrpnk.net 1 points 1 week ago* (last edited 1 week ago) (1 children)

Oooh crazy!

You didnt layer aurora on bazzite, you rebased.

This is very problematic and I didnt know this could happen. OCI images dont have a concept of "removing packages". Instead, they are always removed on the local system.

The firefox issue is uBlue people being weird. They remove it, preventing anyone from installing it. Instead you need to use the firefox tar archive from their website, works well too but is kinda random as you need to place it in some nonstandard folder.

Steam is interesting. Please report that. I am not sure how these things work but my theory is that the installer (anaconda) wrote the system to your PC with the default configuration (with steam).

Then you rebased to Aurora but the system was still originally Bazzite. Which is odd, ai thought there was no such state. Please report that to them!

My idea is to rebase to their main image and then back to aurora. This may remove this steam error. The main images also still have firefox and just the codecs etc added, so I can recommend them.

UBlue removed the instructions on how to do that from their website with the redesign.

Use the rebase command you used, but use ublue-os/kinoite-main:latest instead of ublue-os/aurora:latest in the rebase command.

Then rebase back to aurora after a reboot. But tbh I didnt like Aurora it is weird and kinda random. I like ujust and yafti though. I am on Fedora Kinoite with a huge set of layers. Works very fine too, still worlds faster than Windows updates LOL

[–] boredsquirrel@slrpnk.net 2 points 1 week ago (3 children)

Well often the answer is just to layer stuff. It is not true that containers fix everything, and rpm-ostree is a tool that manages RPMs.

rpm-ostree install steam \
libvirt-daemon-driver-network \
libvirt-daemon-driver-nodedev \
libvirt-daemon-driver-qemu \
libvirt-daemon-driver-storage-core \
qemu-audio-spice \
qemu-char-spice \
qemu-device-display-qxl \
qemu-device-display-virtio-gpu \
qemu-device-display-virtio-vga \
qemu-device-usb-redirect \
qemu-system-x86-core

After reboot

systemctl --now enable virtnetworkd.service
systemctl --now enable virtqemud.service

Source

[–] boredsquirrel@slrpnk.net 0 points 1 week ago (6 children)

uBlue Aurora

getaurora.dev

[–] boredsquirrel@slrpnk.net 1 points 1 week ago (2 children)
[–] boredsquirrel@slrpnk.net 7 points 1 week ago* (last edited 1 week ago) (4 children)

You might want to shrink the headers to ###

And there are quite some more formatting issues :)

 

You know, immutable enterprise systems.

I installed HeliumOS (Almalinux bootc) on a corebooted Chromebook. Works really well, but audio needs to be configured.

The script needs a recent python which is not available there.

Go and rust can be installed for a user only. Is there something similar for python?

112
submitted 3 months ago* (last edited 3 months ago) by boredsquirrel@slrpnk.net to c/piracy@lemmy.dbzer0.com
 

Questionable if this is only about movies, and not about any Bittorrent traffic.

 

They did some crazy stuff, also implementing core technologies from the ground up.

full changelog

  • ABRoot v2: Complete rewrite using OCI images for reliable updates, improved support for atomic transactions, system state dumping, changing kernel flags, a built-in method to edit the configuration, ability to generate local images with extra packages (for drivers, codecs, and libraries), ability to rollback, and re-generate the initramfs.
  • Hybrid Debian Base: Transition from Ubuntu to a hybrid base made of Debian packages and Vib modules for increased flexibility and control over updates and configuration.
  • LVM Thin Provisioning: Efficient disk space usage with logical volumes, allowing virtual filesystems larger than the available physical storage and supporting the dynamic allocation of space as needed for the two roots.
  • PolKit Policies: Replaces sudo for secure privileged operations.
  • VSO v2: Acts as system shell, package manager, and supports Android apps via Waydroid integrated with F-Droid. Improved the tasks automation system to cover infinite scenarios.
  • DEB/APK Sideloading: Install .deb and .apk packages with Sideload Utility.
  • Apx v2: Custom environments, supports various package managers, and introduces stacks for replicating environment configurations. Includes package manager mapping, stack creation, and subsystem management. Distrobox updated to version 1.7.2.1.
  • Apx GUI: Graphical interface for APX management with ease.
  • FsGuard and FsWarn: Boot-time system integrity checks to ensure system security and reliability.
  • Vanilla Installer: Uses a reduced GNOME session, a new Albius backend that replaces distinst, new configuration screens, OEM support, and support for encrypting the /var partition with LUKS2. Supports manual partitioning and network configuration during installation.
  • First Setup: Uses a reduced GNOME session, added network configuration, user creation, hostname configuration, allows picking your browser of choice, and improved screens.
  • PRIME Profiles: A new GUI for switching graphics cards, enhancing hardware compatibility.
  • Vanilla Tools: Utilities for managing system features: cur-gpu to display the GPU in use, nrun to run a command using the NVIDIA GPU, prime-switch to switch PRIME Profiles.
  • Kernel 6.9.8: Ensures compatibility with the latest devices and peripherals.
  • GNOME 46: Updated GNOME to version 46, introducing the new pill icon to switch between workspaces plus all the UI and stability improvements.
  • Vib (Vanilla Image Builder): Our new OCI recipe system. Recommended method for creating custom and derivative OCI images of Vanilla OS, facilitating modular and scalable system builds. We have created a template for users to easily create custom images for Vanilla OS.
  • Recovery Mode: Integrated in the installer with recovery tools like terminal, GParted, and documentation access for system restoration.
  • Prometheus: Container library/engine for OCI image management, enhancing deployment processes in Albius and ABRoot.
  • Eratosthenes: Platform for browsing package details from our Debian repositories, providing detailed package information.
  • Atlas: Platform for browsing our OCI image details, aiding in system transparency.
  • Pico, Core, Desktop Images: Structured for modularity and flexibility, forming the base of Vanilla OS.
  • VM and NVIDIA Images: Proposed at installation time if the right hardware is identified.
  • Dev Image: Can be used in APX, and provides a large set of development libraries/SDKs and tools.
  • Chronos: Unified documentation server and frontend combining all guides and documentation for easier access and management.
  • Update Feedback and Control: A new icon now appears on the top right of the screen when an update is being installed, click on it to stop the ongoing operation.
  • New Wallpaper: Designed by community member hrstwn.
  • Build Provenance: We are attesting our OCI images using GitHub Actions to ensure build provenance.
  • New Branding: Introduced a new refreshed brand. Plymouth updated using our new brand.
  • Deprecation of Vanilla Control Center: We have deprecated Vanilla Control Center and implemented all our settings in GNOME Settings.
  • Updated AdwDialog Utility: With many UI and UX improvements.
  • New App Tour: Introduced a new Tour app that shows after the first setup process.
  • New Differ Utility: Used to extract info between OCI images.

 

He has an ASUS laptops, one of the only ones you can get, got Arch on there.

The devices are not even shipped for the most part, people are booting Windows, using the ACPI dump to build the device trees.

Then those need to be upstreamed into the kernel, drivers need to be written.

Its not Asahi Linux, but still hard.

But there is progress, quite fast!

 

Hey, I am looking for a router to use as a mesh device behind a Fritzbox.

In the future I may use it as the main device.

I am looking for something good, open, Wifi 6 or higher, with good support.

 

talking points

 

Google Pixel phones, especially with GrapheneOS, are worlds more secure than other technologies.

Every user account is decrypted with a key generated by the secure element, and the pin is just used to unlock that key.

But the secure element is rarely used in other applications.

Here is how to unlock your KeepassDX Storage with it:

  1. Create a password storage with a very secure and long password. Length is especially important, prefer to use tons of nonsense words, over hard to remember symbols
  2. In KeepassDX Settings, under "unlock settings" enable "use system unlock"
  3. Enter the password for the password storage.
  4. Instead of pressing Enter, press on the button in the bottom left to register the password in the Android Keystore.

From now on you can unlock your password storage using all the security that your device offers.

The only weakness is the password, so make it as long as possible.

To copy-paste passwords relatively securely, you can use Florisboard's internal clipboard. Enable "sync from system clipboard", and disable "sync to system clipboard".

If you copy things using the button on Florisboard, it will only be saved in Florisboards internal app storage, not your system clipboard, which is accessible to all input devices (keyboard apps) and foreground apps.

To delete things from the system clipboard (which only holds one entry) you can use apps like this one

I recommend Obtainium to get the latest versions of these apps.

Here is a list of available app configs

 

I spend way too much time on this. It has awesome features, a good mobile UI, maaany many systems to sort things, flexible permissions and more.

Examples:

  • Fedora
  • KDE
  • uBlue
  • Tor project (they also have an onion site)
  • Manjaro, EndeavorOS, Garuda
  • Brave
  • Nextcloud
  • ZorinOS
  • PrivacyGuides, Techlore
  • Audacity
  • Anki
  • Joplin ...
1
submitted 4 months ago* (last edited 4 months ago) by boredsquirrel@slrpnk.net to c/linux@programming.dev
 

WAIT!

before you start commenting that TUI musicplayer xy is the best, my priorities:

must have:

  • support for m3u playlists (synced to Android with Syncthingy) should autodetect them in a single folder I use also for the music files, and read/write them
  • support for viewing all files
  • support for custom music directories
  • support for deleting music files
  • Flatpak OR clutterfree on KDE

would like:

  • Pipewire output
  • nice simple GUI
  • modern, clutterfree design OR customizability
  • subtitles, cover images, etc.

I used G4Music which looks awesome and has minimal playlist support. It works really well but it cant write to the playlist. It is blazingly fast, and I made an issue, offering a bounty for write-to-playlist support.

I found Lollypop, the old GTK UI is way better than the Qt alternatives, while still kinda ugly. But it seems to tick all boxes, apart from Pipewire support.


What I tried:

G4Music

  • UI perfect
  • no file deletion
  • no playlist addition
  • no playlist creation

Lollypop

  • UI is bareable
  • pulseaudio, no setting at all
  • playlist support including writing to! You need to enable it
  • lots of internet stuff for artwork and subtitles
  • sane defaults

GNOME music

  • does not detect my .m3u playlists
  • slow
  • needs pulseaudio
  • settings are a joke
  • no folder view

Strawberry

  • UI is horrible and not customizable enough
  • no Pipewire support
  • no .m3u detection
  • cluttered, no UI zoom possible
  • system icon theme is not applied

Clementine

  • like strawberry but different?
  • more online stuff
  • interface less customizable
  • cursor broken on the Flatpak

Amarok

  • Strawberry in even older?
  • bloat?
  • retro-development status

MusicPod

  • UI hides too much stuff
  • no playlist support
  • no filesystem hierarchy support
  • strange Ubuntu look, but good UI, fancy background
  • no podcast backup file support (so Kasts is better for that)
  • but pipewire support!

Plattenalbum

  • no playlist support
  • otherwise looks great

Resonance

  • modern, GTK4 Libadwaita, UI is damn lit
  • freezes, fills up the entire RAM (scans every title at once!) -> not optimized at all, made system freeze and needed to hard shutdown.
  • no playlist support?
  • no pipewire support?

Melody

  • uses soon EOL GNOME 42 runtime

Amberol

  • beautiful but too minimalist
  • why are there soo many GNOME music players??

moosync

  • very nice UI
  • electron: tiny cursor on Wayland, no Pipewire support
  • plugin support for Youtube, Spotify (using librespot) and LastFM
  • local playlists seem broken
 

Background & Licensing

How comes GrapheneOS people find themselves in situations like these often?

Their software is all permissively licensed, allowing vendors to make it proprietary. Mainly though, they allow them to restrict user freedoms by not allowing to install another OS than GrapheneOS (which is the most secure OS anyways).

Cryptographic verification of the OS can be done with the Auditor, you dont need to reinstall to verify it is not malware.

Still, they contact stores that sell end of life or insecure phones, to stop doing this under their name.

PrivatePhoneShop sold devices as old as the Pixel 4a with GrapheneOS.

Is an EOL phone not secure?

I have a pixel 4a and GrapheneOS is awesome, I still get security updates at least as frequent as normally on LineageOS. But it is end of life, meaning Google and the hardware suppliers dont support it anymore. This means

  • firmware issues of any kind will not be fixed (the vendor needs to sign the firmware, this is not possible for anyone else)
  • the kernel, specificically patched for this device, will not be upgraded to the next LTS kernel, thus losing support in a while. This would be possible, but is immense efford without Google doing it upstream in AOSP.

"privatephoneshop"

Following the Mastodon post, you can see "privatephoneshop"s selection. They sell devices that are not cheap, but pretty cheap.

Ease of Installation by yourself

You can buy a used Pixel 7 for that price and flash GrapheneOS easily, using the webinstaller, even from another Android phone, with zero Terminal knowledge needed.

CalyxOS and LineageOS

PrivatePhoneShop sells devices with CalyxOS, which is a lot less secure in its architecture, and delivers slower security updates. It is less secure, because their webview is not as hardened, they dont use hardened_malloc, they preinstall random 3rd party apps etc.

LineageOS is not privacy hardened at all. It may now be degoogled, after GrapheneOS's effords to replace every connection to Google, even for Widevine DRM or A-GPS (SUPL) with at least their selfhosted proxy servers, stripping sensible data.

Only DivestOS can be assumed as reasonably secure, implementing sandboxed microG and other important architectural security measurements. GrapheneOS recommends DivestOS if your device is EOL or not supported.

So the store is selling phones with insecure software, that are also past or near the end of support by upstream.

Background on Android updates

There is no phone company that supplies as fast and complete security updates as Google. Google publishes recommender AOSP security patches, and a complete set. Pixel phones get all of them, while most other cheaply made devices struggle to even get the recommended ones.

GrapheneOS has updates about once a week, which is insanely good.

Btw, Fairphone plays in the same bad league as the cheap manifacturers, getting only the minimal amount of updates.

Hardware

Google Pixel phones are not just a choice because GrapheneOS devs love Google. They are the only phones that meet their security requirements

Since they expanded their security fixes, like implementing a way to disable the USB port (which involved a ton of lowlevel work and is more secure than what Android ever shipped), this list is a bit long.

But even the minimum requirements are not fulfilled. Samsung is close, but security features like verified and measured boot are arbitrarily blocked for external operating systems.

Debates & Harrassment

I only focus on this case now. GrapheneOS transparently asked them to stop selling EOL devices under their name.

Maybe they also asked to stop selling CalyxOS and LineageOS devices along with them, but "privatephoneshop" didnt give any evidence for that.

As a response, "privatephoneshop" posted this joke explanation

While GrapheneOS remains a top choice for security and privacy, we feel the toxic nature of its founder (and specifically his attacks on our business) no longer make GrapheneOS a viable choice.

For YOU, because you scam people. LOL

Early in November, GrapheneOS sent us a message on X (fka Twitter) stating they did not approve of our selling older phones such as the Pixel 4a with GrapheneOS, nor did they approve of our offering CalyxOS as a choice. Having previously seen how a typical conversation with GrapheneOS goes (more on that below), we blocked them.

Wow. Does this need any explanations?

But it gets better:

Why we sell older phones like the Pixel 4a

  • Not everyone can afford a newer phone.

You sell outdated devices for up to 650$. People can buy used Pixel 7 phones on eBay for like 200$. You can do that too. Sell refurbished ones, better than insecure ones. Repairing pixels is easy (in contrast to repairing OnePlus phones, wtf OnePlus).

  • Not everyone wants a phone made by google.

LOL. I think I explained why this is not some fanboy choice.

  • Not everyone wants a 5G phone.

What? You can just disable 5G in the settings to my knowledge. Also, WIFI is always using something similar to 5G.

These are fake arguments, hiding behind esotheric misinformed people.

  • Not everyone wants a large phone.

Very understandable, I miss my (honestly underpowered) Pixel 4a, also for the headphone jack. But this is a tradeoff, if you sell "privacy phones".

There is no privacy if you can get hacked.

  • Everyone has a right to the level of privacy and security that they desire.

So, sell refurbished phones or upload instructions yourself on how to do it yourself.

Thoughts

I honestly think GrapheneOS should switch to a license that actually gives them some teeth. Bitching around back and forth on "social media" sounds like a pretty annoying thing to do apart from delivering the most secure OS on the phone market.

I am also very unhappy about Louis Rossman and Techlore for spreading bad opinions on them.

Yes, the devs can be harsh, yes they are sometimes a bit annoying. But look at their Github issues!, 500 open, over 2,5k closed!

They do free Software that helps anyone to be as private and secure as possible. They are a blessing for our world. Please donate to them, as they are doing an incredible job.

Btw, they are also against Nazis.

 

TIL about WOAM

Works On My Machine!

A huge pain, that is removed when using containers and ostree/image-based distros.

view more: next ›