Atemu

Atemu , 6 months ago

#2 is strange – why does it matter?

It doesn’t. If you’re running a laptop with a local web server for development, you wouldn’t want other devices in i.e. the coffee shop WiFi to be able to connect to your (likely insecure) local web server, would you?

If one is hosting a webserver on port 80, for example, they are going to poke a hole in their router’s NAT at port 80 to open that server’s port to the public. What difference does it make to then have another firewall that needs to be port forwarded?

Who is “they”? What about all the other ports?

Imagine a family member visits you and wants internet access in their Windows laptop, so you give them the WiFi password. Do you want that possibly malware infected thing poking around at ports other than 80 running on your server?

Obviously you shouldn’t have insecure things listening there in the fist place but you don’t always get to choose whether some thing you’re hosting is currently secure or not or may not care too much because it’s just on the local network and you didn’t expose it to the internet.
This is what defense in depth is about; making it less likely for something to happen or the attack less potent even if your primary protections have failed.

#3 is a strange one – what sort of malicious behaviour could even be done to a device with no firewall? If you have no applications listening on any port, then there’s nothing to access

Mostly addressed by the above but also note that you likely do have applications listening on ports you didn’t know about. Take a look at sudo ss -utpnl.

#5 is the only one that makes some sense; if you install a program that you do not trust (you don’t know how it works), you don’t want it to be able to readily communicate with the outside world unless you explicitly grant it permission to do so. Such an unknown program could be the door to get into your device, or a spy on your device’s actions.

It’s rather the other way around; you don’t want the outside world to be able to talk to untrusted software on your computer. To be a classical “door”, the application must be able to listen to connections.

OTOH, smarter malware can of course be something like a door by requesting intrusion by itself, so outbound filtering is also something you should do with untrusted applications.

People seem to treat it as if it’s acting like the front door to a house, but this analogy doesn’t make much sense to me – without a house (a service listening on a port), what good is a door?

I’d rather liken it to a razor fence around your house, protecting you from thieves even getting near it. Your windows are likely safe from intrusion but they’re known to be fragile. Razor fence can also be cut through but not everyone will have the skill or patience to do so.

If it turned out your window could easily be opened from the outside, you’d rather have razor fence in front until you can replace the window, would you?

Atemu , 6 months ago

Eh. That’s like saying internet routers support Nazis and other hate groups because they route the Nazi’s webservers’ packets.

Atemu , 6 months ago

How is their “support” more “active” than internet routers; not passive?

Atemu , 6 months ago

At the core, the issue is still deeply rooted within capitalism but governments should absolutely be doing their fucking jobs and curb the worst aspects of it a little until we’re ready for something better.

Atemu , 6 months ago

Get in the Laptop Shinji.

Atemu , 6 months ago

🤟

Atemu , 6 months ago

That isn’t really an argument for EVs but rather an argument to build a train stop near them ASAP.

EVs are an interim “solution” at best in the vast majority of cases and the majority of resources should flow to the actual solution instead which is not the case in the slightest.

Atemu , 6 months ago

How much of the population lives in those areas? I can’t imagine it’s more than 10%.

Atemu , 6 months ago

Also most parts of Europe actually but it’s not quite as bad.

Atemu , 6 months ago

Electric cars are creating additional sources of funding for battery research, improvement of the electrical grid (there was a movement to get rid of central power generating and just use generators at each house), and electric generation smoothing.

The kinds of battery used in cars and the kinds of batteries suitable for grid-scale operation only have a small overlap. They have entirely different needs. Car batteries make lots of trade-offs to very lightweight for example which is totally irrelevant in a stationary facility.

I think the only reason Li-ION batteries were even considered for grid-scale is that better suited battery technologies simply haven’t been researched until very recently.

If our goal was energy storage for our grids, we would not be researching BEV battery tech.

Atemu , 6 months ago

Regulated Emissions and Energy Use in Technologies (GREET) model

Wasn’t that the fun model where they ignored the emissions of producing the vehicle?

Atemu , 6 months ago

Thanks for the info. Do you know which combination was used to derive the number in the article?

Atemu , 6 months ago

Right and that was not my point. The 300 person town should get a train station nearby aswell as Missouri’s capital city. I see no reason why one should wait on the other.

If you’re telling me that’s impossible because there aren’t enough resources to do both simulatneously, I can show you an industry that is currently wasting a ton of resources to build poor interim solutions touted as saviours of the world.

Atemu , 6 months ago

I’m telling you that’s impossible from an average person standpoint.

I don’t care about this mythical “average person”.

You don’t have a government that actively tries to stop building rail.

I wish man, I wish.

Just because you have it extremely bad in the U.S. doesn’t mean the rest of the world is doing great, even if it’s quite a lot better. “Quite a lot better” than “extremely bad” still turns out to be “pretty bad”.

Midwest states are literally trying to stop federal money from coming in to build rail. We protest, we argue, but people are literally voting against that.

(More U.S. politics BS)

The reasons for that are a different discussion on an entirely different thing that is a general problem that affects all kinds of sectors and has nothing to do with transport specifically.

I only care about the factually-based way forward, not what a bunch of brainwashed monkeys licking aristocrat arses have to say about it.

Eliminating said monkeys is an entirely separate discussion to me.

I’m going to push for EVs in those areas for those who actually want to change their habits.

That’s the part I most disagree with. The people who haven’t been brain washed quite as much yet should be desiring the proper solution, not the bad “solution” that will still get us killed.

Presenting BEVs as our lord and saviour will do the opposite of that.

I’m not going to actively encourage they keep buying massive trucks that spew pollution, since that’s apparently the only alternative you can give us.

Not once in my argument have I mentioned or implied trucks as a valid alternative to BEVs.

Driving ice cars is knowingly killing the planet, and EVs is a solution for those people who live in places where their government literally tries to kill public transit.

That’s the thing, it’s not a solution; it’s a minor mitigation. It’s still killing our living space but not quite as badly. That is obviously preferable but nowhere near a solution.

What I want is BEVs to be seen for what they are, not for what they aren’t. As a means to an end, BEVs are okay. They’re not an end however and that’s what they’re widely seen as. That’s what I find incredibly dangerous.

Atemu , 6 months ago

EV batteries undercut stationary-optimized batteries in $/kWh because EVs are lucrative enough to drive the research that much harder. Without the EV industry as the incubator for competing battery tech, stationary storage would still cost what it did in 2010.

Cool but that’s beside the point. I don’t care how lucrative a market is for some aristocrat arseholes. I want what’s best for society as a whole, not the pockets of aforementioned aristocrat arseholes.

If we put all the money and effort that went into researching BEV batteries into researching and developing grid-scale batteries instead, I imagine there’s a good chance we wouldn’t need coal power plants anywhere on earth anymore.

I have absolutely no clue about your example but you can ask the same questions: If the R&D went into relay tech instead of IGBTs, wouldn’t you think those would be even less expensive for your use-case?

Atemu , 6 months ago

Öhm, warum reden wir hier eigentlich Deutsch?

Atemu , 6 months ago

I don’t use any snaps though.

Oh sweet summer child…

Atemu , 6 months ago

I’ve felt the need a couple times but Google results were always worse.

Atemu , 6 months ago

Everything about a headphone design influences its sound, not just the driver. If your headphones are crappy, chances are that changing out the driver won’t help much, even if that was feasible which it is likely not.

Atemu , 6 months ago

If your headphones are crappy, a better source won’t really help. It’s not an or here, headphones make most of the difference. Only decent headphones will appreciably benefit from a good source.

MP3 isn’t ideal but, unless you have rather good headphones, 320kbit/s MP3 is pretty damn near transparent.

Atemu , 6 months ago

I’d create an issue on their issue tracker: github.com/tailscale/tailscale/issues/

Atemu , 6 months ago

It can only do that with the unfree unrar plugin. Do not expect your distro to ship it by default due to that issue.

Atemu , 6 months ago

Only with the unfree unrar plugin.

Atemu , 6 months ago

There is unrar which is source-available but its license is unfree because it restricts usage. See: fedoraproject.org/wiki/Licensing:Unrar

Atemu , 6 months ago

Indeed it won’t modify rar archives. What do you need those for?

The typical flow for rar archives is to unpack them and then either leave the files on disk as plain files or put them into a better archive format such as 7z.

Atemu , 6 months ago

Damn rat files…

I just opened a nix-shell with unrar in it on aarch64-linux and am able to execute it, so yes, it can be made to work.

Atemu , 6 months ago

!actualbudget

Atemu , 6 months ago

documentation isn’t sexy so not many want to do it

Don’t think that’s the primary issue. Most of us can appreciate good documentation.

It’s more of a resource problem. We could either be writing docs or working on literally everything else. Docs are important but so are updates, fixes and new packages/modules/etc. Most of us contribute in our free time and would rather spend that little time on ensuring that the distribution works.

nix/nixos maintainers undervalue documentation efforts - I’ve tried to get in pull requests, but they just stall (not reviewed, nitpicked to death, simply not merged, etc.)

Not at all. It’s, again, a resource distribution problem. That happens to many, many PRs, regardless of what they actually do. We have a rather severe shortage of reviewer time.

Nitpicks can be annoying but the people do it because they actually do care; quite a lot.

it isn’t generated from source code

It… is?

nixos.org/manual/nixos/stable/options (warning: humongous page, may crash your browser)

very top heavy decision making process harms the community.

What kind of decisions are we talking about? The RFC process is the exact opposite of “top heavy”.

Some person with hundreds of commits can push through nearly any change (good or bad) relatively quickly, unless other frequent contributors are really really against it.

No. Someone recently got their commit access revoked for self-merging something that was really not good. We care about quality.

However, fresher contributor with a great change is forced to go through a never-ending process and few stay to actually finalize it.

Yup, that happens. We don’t have enough time to give newcomers a really good experience.

Though if I’m honest, a fresh contributor should rather get more of a feel for the processes and conventions for a bit before trying to implement a “great change” (as in: size and complexity) anyways. That massively reduces the need to go back and forth over obvious mistakes a more experienced contributor would simply not have made.

maintainers can simply (and do) create a PR, make a change and merge it.

And it’s frowned upon. Especially if that touches something someone else maintains and no reasonable response time was given.

Again, someone recently had their commit access removed for doing exactly that. We don’t like this either and this issue is slowly but surely getting better now.

These difficulties just make me want to fork nixos.

That won’t help anyone.

Atemu , 6 months ago

The community could do with more people with merge rights or something like The Collective Code Construction Contract (C4).

That is nicely written but we have mostly already implemented that. There’s some critical things like

A new Contributor who makes a correct patch SHALL be invited to become a Maintainer.

which we will not implement as commit access to Nixpkgs is security-critical. Anyone with commit access can push malware to thousands of users. We’re doing good here not handing that out to anyone who contributes a patch.

Most of the nitpicks could be resolved by a linter and auto-formatter.

github.com/NixOS/rfcs/pull/166

It’s also quite annoying when a review is just a bunch of character modifications, renames, replacement of entire sections with no comment whatsoever. Or when knowledge is implied.

As a reviewer, you cannot know the reviewee’s experience level. Simply ask and/or Google if you don’t know something. We don’t explain every little thing in detail that we comment on every 5 PRs. Nobody has time for that.

Why isn’t mkDerivation {} or ./. OK

I don’t know the context of the latter but the former is absolutely okay. It’s just a matter of taste really and reviewers are free to express theirs.

Having it on nix.dev as a suggestion, is not the way to do it.

Why? That’s official docs.

What’s even worse is when you get one review like the above, change it, then get another review that again changes something according to undocumented convention, you change it, and another reviewer comes along with yet another such review. I don’t contribute to nixpkgs anymore, in part, for that reason.

That happens sometimes. I’m guilty of that too to a degree. If all you receive are such nitpicks, it’s a good sign that the other aspects of your PR are good to go.

Also note that this isn’t uniform among committers. Most don’t care about nits very much unless you’re doing something clearly out of the ordinary.

Two of the most notorious committers who did this have gotten their wrists slapped recently btw.

why not the rest? What about stdenv? What about fetchers? build-support?

I don’t know how you imagine that to work? There is no generic way to document bespoke code (LLMs don’t count).

How easy or hard is it to get a repo in the nix-community org?

I don’t have much experience with that but the one time I did that I simply walked up to one of the nix-community admins at NixCon and asked them to. I imagine it works roughly the same without being in-person.

Who is allowed to make large changes to nixpkgs e.g review process, CI/CD, package naming, etc?

Anyone.

Small obvious improvements with little to no downsides or room for opinion can just be done and everyone will thank you.

For “larger” improvements with more room for controversy, you must go through the RFC process. See for instance github.com/NixOS/rfcs/pull/140

How was the official wiki nixxed anyway? Was that an RFC?

I don’t believe there ever was an official wiki? If so, that must have been ages ago.

The inofficial one is still up FWIW nixos.wiki.

Edit: Looked it up and there was an official wiki at some point it was scrapped because it’s better to have the documentation in the Nixpkgs tree together with the code. In a sense, it still exists in the form of the official manual.

When RFCs can simply be closed as “won’t resolve” or whatever the euphemism is for “no, not on my watch” without community consensus, then I’m not sure what else to call it.

Not sure which one you’re referring to.

There have also been packages requested by a few people, a PR from a newcomer attached and it just never crossing the finish line. A reviewer left a comment, the PR creator made a change and asked if it was fine now, only to hear crickets.

Most of the issues you see can be traced back to limited reviewer capacity.

If the OG nix community won’t change (or won’t do it quickly enough), then that’s the beauty of opensource: the project can be forked.

Forking a project is a click of a button but that still won’t solve anything. All problems mentioned here are problems of the community around the project which we sadly haven’t found a way to clone yet. You’d have a project that is dead in the water because maintaining Nixpkgs is an insane amount of work that requires at least a community as large as the one around Nixpkgs.

tar-like movement of the OG nix community (or the maintainers? dunno)

Note that you’re talking about an entirely different set of people here than the rest of the post.

A member finally had enough and just started another one (nixlang.wiki), which IMO already looks and feels much better than unofficial yet officially linked to nixos.wiki

The main difference is that it runs different (IMHO better) wiki software; wikijs instead of a weird mediawiki fork.

It’s great that they set it up separately but I’d fully expect it to become the regular nixos.wiki at some point with most of the content copied over. I don’t think anyone wants to keep maintaining the old one’s technical aspects now that this exists.

That wiki seems to have come from the official wiki being killed, but then a need for a wiki arising and a nix community member taking it upon themselves to create it

No, it’s because nobody is really maintaining the technical aspect of the current unofficial wiki. The reason they went ahed and set up a new wiki is that it’s easier to start from scratch on a new domain than migrating the old wiki in-place; both from a technical and organisational PoV.

as the (for lack of better term) nix top dogs for whatever reason didn’t recreate it.

There is no such thing. I don’t even know who set the wiki up. It’s probably just some person who did it out of passion, just like nixlang.wiki now.

You seem to be assuming some sort of authority structure where there really is none. For better or for worse, there is no person or group of people who call the shots. That’s not how we work.

Most of the NixOS infra for instance was held together mostly by one person in their free time because nobody else stepped up. They’re in the process of transferring that role to a couple others who did eventually step up as we speak.

It’s similar with a lot of things in the Nix community. The wiki is a good example. The person who set up the new one didn’t want to bother figuring out who in the world maintains the old one and how they could get the new one in place, so they created an entirely new one instead.

there seems to be a resistance to change or at least an inability to take advantage of the good will and energy of the community.

There will always be resistance to change. Not all change is good afterall. In moderation, conservatism is a good thing (actual conservatism that is, not the BS kind in current politics).

I think what you’re feeling is mostly correct but it’s mostly due to lack of time and energy, not because we don’t want to change.

The rate of change also isn’t uniform. Compared to the infra or Nix itself, Nixpkgs changes quite a lot IMHO.

Atemu , 6 months ago

Cucumber/Gherkin also has translated keywords (even Emoji… smh) but there it actually makes sense because you actually write it in natural language.

Atemu , 6 months ago

Play some death metal and enjoy the performance.

Atemu , 6 months ago

Not really. If you uninstalled all apps, you’d effectively end up in the same state as a clean install (modulo system settings). Reversely, if you did a clean wipe and then installed all of your apps again, you’d end up in roughly the same state as before.

In 9/10 cases, it’s not the OS that’s bogging down your device but the apps. Take a look at memory usage and uninstall or stop things you don’t need running in the background.

Atemu , 6 months ago

There’s quite a bit of stuff that builds up that app installers don’t remove.

Such as?

Because Android is still pretty open, the rules around this stuff aren’t as mature as say the Windows MSI database.

“Mature” and anything relating to the insanity that is Windows package management do not belong in the same sentence.

By default, Android has pretty strict guidelines where apps are even allowed to store state to begin with and will wipe all of those places upon uninstall. Integration state (default apps, app-related system settings etc.) is quite minimal and I’ve never had any remaining after an app has been uninstalled.
The only possible leftover state after uninstall I can think of is things apps can store in the user storage (“sdcard”) when given explicit permission to do so.

Besides, app data storage of any sort is unlikely to “bog down” your phone anyways unless usage is abnormally excessive, making you run into IO or free space issues.

Atemu , 6 months ago

it still leaves stuff around sometimes. I’ve seen it plenty.

You still haven’t declared what this “stuff” is and, more importantly, where it leaves it.

App data folders left behind

What kind of “app data folders”? In /data/data/? I doubt it.

downloaded files left behind

Duh. If the user downloaded files through the app and explicitly told the app to put those in downloads, those should remain. It’s user data at that point, not app data.

Downloads are also just inane user files. They won’t slow anything down (again, excluding excessive storage use; causing free space issues).

Atemu , 6 months ago

Note that Android usually does a pretty good job of that by itself. Make sure you’re not using (zram) swap or anything that would confuse Android’s memory management.
If your RAM isn’t >50% full, memory used by apps likely isn’t the issue. Keep an eye on that.

Atemu , 6 months ago

And, most importantly, money bags to subsidise the hell out of it. Let’s not kid ourselves here, the damn low price is one of the main reasons why people buy the SD rather than the ~2x more expensive alternatives.

Atemu , 6 months ago

Github isn’t a “store”. It’s just upstream repos where the owner can upload any artifact they like.

Atemu , 6 months ago

That’s just an alternative front-end for the same service. The problem is the distribution itself, not the client used to access it.

Atemu , 6 months ago

it is compatible with a lot of stores including github.

Atemu , 6 months ago

We can recommend apps and provide technical backgrounds for using torrent technology but sites that offer pirated content is not something that should be discussed here.

Atemu , 6 months ago

Because the people who graciously host Lemmy for our benefit can get in trouble for it. Let’s not bite the hand that feeds us.

Atemu , 6 months ago

This has nothing to do with federation really. You’re posting content to platforms hosted mostly by private persons or in some cases small non-profit organisations, that’s the deciding factor.

I’m not talking about breaking hard rules here, I’m talking about common courtesy. Even if they don’t explicitly ban such content, knowingly posting content that can get the host (again, usually a natural person) in personal trouble is just simply something you should not do. It’s a dick move no matter how you look at it.
“Ohhh it’s not explicitly forbidden so I can post whate”-no, you’d just be an asshole.

It’s a different story with for-profit companies as those don’t have a natural person on the hook in the majority of cases. Though I personally think you should still rather abstain from it.

Atemu , 6 months ago

As an example, users of Debian are reporting tons of KDE Plasma bugs that was already fixed, but because they are running an ancient version, they still have the bugs.

The idea is that those bug fixes would be backported as patches; old feature version + new security/bug fixes.

In practice, that’s really expensive to do, so often times bug fixes simply aren’t backported and I don’t even want to know the story of security fixes though I’d hope they do better there.

Atemu , 6 months ago

Debian has an effective Rolling distribution through testing than can get ahead of Arch.

I wouldn’t call a distro “branch” where maintainers say “don’t use this, it’s not officially supported and may even be insecure” an “effective” distribution. I’d consider it a test bed.

Debian tends to align its release with LTS Kernel and Mesa releases so there have been times the latest stable is running newer versions than Ubuntu

• Ubuntu LTS.

Ubuntu’s regular channel releases every 6 months, similar to Fedora or NixOS. That in itself is already a “stable” distro, just not long-time stable (LTS).
So Debian can for a short span of time after release be about as fresh as stable distros which is …kinda obvious? I would not consider a month or so every 2 years to be significant to even mention though, especially if you consider that Debian users aren’t the kind to jump onto a new release early on.

For some the priority to run software that won’t have major bugs, that is what Debian, Ubuntu LTS and RHEL offer.

That’s not the point of those distros at all. The point is to have the same features aswell as bugs for longer periods of time. This is because some functionality the user wants could depend on such bugs/unintended behaviour to be present.

The fact that huge regressions have to be weeded out more carefully before release in LTS is obvious if you know that it’d be expected for those “bugs” to remain present throughout the release’s support window.

Atemu , 6 months ago

Note that some SOHO router appliances block DNS responses with local addresses (“rebind protection”). You may have to explicitly allow-list your domain(s).

Atemu , 6 months ago

I’ll let you in on a little secret: Fstab gets converted to mount units anyways.