I’m the Never Ending Pie Throwing Robot, aka NEPTR.

Linux enthusiast, programmer, and privacy advocate. I’m nearly done with an IT Security degree.

TL;DR I am a nerd.

  • 0 Posts
  • 18 Comments
Joined 1 month ago
cake
Cake day: November 20th, 2024

help-circle


  • N.E.P.T.R@lemmy.blahaj.zonetoSelfhosted@lemmy.worldMy thoughts on docker
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    11 days ago

    Docker is good when combined with gVisor runtime for better isolation.

    What is gVisor?

    gVisor is an application kernel, written in memory safe Golang, that emulates most system calls and massively reduces the attack surface of the kernel. This is important since the host and guest share the same kernel, and Docker runs rootful. Root inside a Docker container is the same as root on the host, as long as a sandbox escape is used. This could arise if a container image requires unsafe permissions like Docker socket access. gVisor protects against privilege escalation by only using root at the start and never handing root over to the guest.

    Sydbox OCI runtime is also cool and faster than gVisor (both are quick)


  • Linux Mint is built on top of Ubuntu, which itself was a fork of Debian. Ubuntu is not something I would call a “clean base”. It is clunky, slow to adopt new technologies, and very (Canonical) opinionated. Linux Mint actively works against its Ubuntu base by removing Snap and other Canonical weirdness.

    Tumbleweed and Leap offer the option to add or remove ANY package from your system before you even install it through their GUI installer, actually 2 GUI package choosers for either simple or advanced users. I don’t think it is accurate to suggest that Linux Mint is minimalist with its packages, especially when comparing to openSUSE distros.

    I will not argue against Linux Mint being user friendly, it is pretty good. But “not bloated”, especially when comparing against openSUSE, is inaccurate.


  • How is Linux Mint less bloated? Linux Mint also suffers from poor Wayland support and isnt a (semi-)rolling release distro like Fedora or Tumbleweed. I wouldn’t recommend to anyone other than people who are tech iliterate. Even then, I would still suggest VanillaOS or Fedora Workstation. I used Mint as my daily driver for a year and it was fine, nothing amazing.

    Bazzite is a good distro, I convinced a friend to move to Linux from Windows 10 and Bazzite was the only one that worked well with their nvidia hardware.








  • Some made a pull request with all the changes made already. The issue that the PR addressed was the excessive use of he/him in the docs when referring to developers (aka the person reading the docs). Contributors expressed that they didnt think using male only pronouns in the docs made much sense when referring to any developer reading the docs. This wasn’t some entitled person trying to force the ladybird dev to rewrite the docs, all they needed to do was merge the changes.




  • N.E.P.T.R@lemmy.blahaj.zonetoLinux@lemmy.worldNyxt - lisp browser
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    29 days ago

    In addition, on that website under “Manual>Troubleshooting”, the manual states the following:

    Bwrap error on initialization (Ubuntu)

    If Nyxt crashes on start due to bwrap, then disable or configure the apparmor service.

    This vague wording is terrible advice. Disabling AppArmor outright destroys Snap sandboxing and the general security of your operating system. Configuring AppArmor is a better option, but a specific should be given as an example.

    For example, from the readme file on Cromite’s Github repo:

    “”" 1. Creating an apparmor profile for cromite

    Create /etc/apparmor.d/chrome, and write:

    abi <abi/4.0>,
    include <tunables/global>
    profile cromite /home/user/cromite/chrome-lin/chrome flags=(unconfined) {
    userns,
    include if exists <local/chrome>
    }

    replacing the cromite binary path with where you have placed cromite.

    Now, run sudo apparmor_parser -r /etc/apparmor.d/cromite to apply the changes.

    2. Disabling the restriction until next reboot

    sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

    3. Disabling the restriction permanently

    Add kernel.apparmor_restrict_unprivileged_userns=0 to the file /etc/sysctl.d 60-apparmor-namespace.conf. Create the file if not exists. “”"

    EDIT: I hate trying to get Lemmy to format multiline code blocks.


  • Currently only supports WebKit and Blink (experimental) as underlying browser renderers. The description of the browser starting with the words “Nyxt is a browser with deeply integrated AI […]” is a turn-off for me. If it is for powerusers, call it what it is. It could be a LLM or some algorithm, idk.

    I may check it in a year. For now, for Blink (Chromium) engine use Cromite browser + uBlock Origin Lite, for Gecko (Firefox) use Librewolf or Mullvad browsers.

    The browser app is the only program where (to me) Security/Privacy fully supersedes any concerns customizability and usability.