Can’t Ventoy bypass secure boot with the shim thing? i.e. ENROLL_THIS_KEY_IN_MOKMANAGER.cer

Or is secure boot just to ensure that “this kernel uki hasn’t been tampered with”?

Furthermore, if it’s secure boot autounlocked by TPM, won’t I have to password protect my bootloader too to avoid kernel parameter oopsies? (Lol changing kernel parameters right then and there reminds me of the windows utilman trick)

The secure boot route seems fraught but perhaps I’m looking at it wrong

You probably already know, but scheme artists avoid pure #000000 out of contrast concerns. (e.g. DarkReader can give some headaches if the background is straight black with offwhite text). That makes a #000000 scheme very rare - manual intervention required :P

If you still wanna get crackin’, just tweak a preexisting dark theme and change navies/greys to black. And if you’re talking about the palette instead of actual themes to install, this still works – just check the source for whatever colors they’re using and tweak those. (grep for hexes then sort uniq? shell exercise is left to the reader)

I’d recommend taking one of vinceliuice’s themes and just turning navy blues into blacks. For example, Graphite-gtk (has a matching qt theme) is pretty grey even with a --black tweak, but you could blacken it with some effort. Same with Colloid-gtk (also has a --black tweak).

You could probably even blackify the KDE theme’s greys if you so fancied, but then you’d need to tune down the contrast on the other colors in the set. And this and that…

If this is too inexact an answer, then ouch. I wish you luck!

Too late, I asked algernon. O.O

but yeah I don’t think I’ll make my OS an absolutely pure mathematical function that I prove the correctness of at every boot _{cool af tho}

I do rely on correct dev envs so I’ll try my hand at nixos-shell -ing. Thanks for the input

So instead of commenting inside of nix files, you put nix files into .org documents and collate them so you can make your nix files an OS and a website and a zettelkasten-looking set of linked annotated nodes.

That puts a stupid grin on my face (ᐖ )

Dammit I was sure I was just going to stick with Arch until I saw this

Questions:

• You have home on tmpfs. Isn’t that volatile? Where do you put your data/pictures/random git projects? Build outputs? How’s your RAM? (Sorry if I’m missing something obv)
• What’s your bootup like?
• Another commenter mentioned difficulties in setting up specialized tools w/o containerizing, and another mentioned that containers still have issues. Have you run into a sitch where you needed to workaround such a problem? (e.g. something in wine, or something that needs FHS-wrangling)

The “stable unstable” setup is a beautiful concept. Thanks for the dotfiles mention – I keep hearing “you need to rebuild if you edit a dotfile” but I guess that’s a myth encountered by people trying to nix too nixily, falling into said archetypal rabbit hole

Questions:

1. Does mixing streams “infect” other packages? I remember an old Gentoo thing where ~amd64 unstable packages would want to spread on its own. Since it’s nix I assume that an unstable package will require a bunch of unstables but they’d be installed alongside respective stable versions – i.e. taking up disk space but not “spreading” per se

For packages its basically 0 time.

Is that really true for you? I assume you refer to the length of time it takes to copy paste a flake from online but how reliable is that really? And the other commenters mention that there’s still wrestling to be had for certain tools

Thanks for the input!

I’m nervous about faking FHS as well, especially for specialized stuff. I don’t know much about steam-run or its caveats – so I can’t debug it (Maybe it turns out to be really simple and solid? Who knows…)

Thanks for mentioning the gpu accel issues in distrobox – I was considering using containerization to fight off any FHS issues but it seems I can’t jump the gun. I’ll probably just tighten dev envs by trickling in nix-shell usage; multiple versions of a package at once is an issue I’d def love to solve (in a way that’s more than just dockerfile)

Interesting that this is the third comment suggesting just using btrfs snapshots to resist Arch update experiences. I have root and home on two flat btrfs subvols so it shouldn’t be that hard to implement. (yeah yeah “What backup?” is bad)

Seems like the simplest way out is those two smallish changes. Wish I could transcend into declarativity but the thread’s nix survivor ratio is grim

Yep this is my diagnosis. I had a lot of time at the start to config horns and halos and miniguns and waffle toasters onto my craptop but now everything is constrained

o(╥﹏╥)o

Building on this, I recommend zoxide instead of only fzfing or regexping.

For people who like to keep everything they ever create, like college students, you can use z 18.04/1 to get to a directory like ~/hw/random-school/fresh-1/analysis-18.04/pset1.

Lets you nest without fear.

(Also, about your question: I’ve personally used ~/git/<projname>/ and ~/git/<org>/<projname> at the same time – e.g. ~/git/aur/fuzzel-git)

Wow, you’re right, autotools dev work started a decade prior to Linux 0.01’s release. And looking deeper into ./configure, there looks to be checks running here that only matter on old Solaris systems…

At least it’s not node_modules

They call it a polyfill because it polyfills your disk

Terrible bait

Is that considered bait? I’ll remove it, I don’t mean to be hostile.

What do you mean by “more powerful” wrt CMake? Are you referring to, say, integration abilities with other projects (since know CMake is really widely-used)?

Thanks for the advice and the example!

Yeah I was considering using one of these two, out of curiosity.

I’ve heard complaints about CMake… on pre-2015 forums, so I don’t know where it’s at now.

I’ve done very little from the developer side of Meson but I do recall having tried a sound theme that, inexplicably, had a Meson-based installer. (It was just .ogg files iirc.) That’s probably a good sign if someone picked it over an install.sh

Though you’re right, there’s probably little advantage in me not using a Makefile here, except again, curiosity

I tried a bunch of boot-from-USB tests and it fixed itself. Woot

I couldn’t roll back the kernel easily so I booted with linux-lts. Since this didn’t resolve the issue, I assume it isn’t a kernel problem (or it still is one and linux-lts isn’t the right way to solve it). Same errors too.

I also tried Cheese on a few old rescue USBs (Kubuntu still on Plasma 5, old Devuan copy) to see if luck would grant me working drivers – no dice.

Thanks though! x ᴗ x

lmao, what?

Lots of good answers here but I’ll toss in my own “figure out what you need” experience from my first firewall funtime. (Disclaimer: I used nftables – it should be similar to ufw in terms of defaults though).

• Right off the bat, everything unneeded was blocked. I “needed” no configuration, except for maybe…
• Whatever CUPS runs on (when I use it)
• Sometimes I ran python -m http.server – I unblocked port 8000 for personal use.
• I chose to unblock port 53 (DNS). I wanted to connect to another computer via hostname IIRC (e.g. connecting to raspberry-pi.local. I might be misremembering this though).
• At one point I played with NGINX – that’s port 80 (HTTP) and port 443 (HTTPS).
• SSH was already permitted (port 22 – you need root access to enable traffic through ports below 1024 anyway so this wasn’t an issue for running typical apps)

I didn’t use WireShark back then, really. I think I just ran something like

sudo lsof -nP -iTCP -sTCP:LISTEN

which showed me a bunch of port traffic (mostly just harmless language servers).

You don’t have to dive to deep into all the “egress” and “ingress” and whatnot unless you’re doing something special. Or your software uses a weird port. (LocalSend lol)

Oh I love the “walk me through what I’m about to do” concept. Dry runs should be more common – especially in shell scripts…

The world would be a better place if every install.sh had a --help, some nice printf’s saying “Moving this here” / “Overwrite? [Y/N]”, and perhaps even a shoehorned-in set -x.

Hope your r/w wasn’t eaten up by the subfolder incident (that I presume happened) :P

The depth of a dive is always delightful! Does K8s have a solid use-case for the project or did you just sK8 for fun?

Round two, hell yeah.

The aesthetica of a stack of notes, born from a “dead end”, is secretly an odd motivator. You look back and see

Here is the breadth of what we did wrong.

and then beyond you, the effort lays itself out in a pretty trusswork.

__{or_maybe_i_just_think_well-used_notebooks_are_pretty}

Hah, stochastic parrots.

Makes me wonder. Every laziness I’ve had with the vector guessers, I’ve seen an exact counterweight.

One, you can invoke more often (throw ChatGPT configs against the wall until it doesn’t error); the other you can invoke more deeply. So I can’t help but wonder – when we cancel out all the terms – if the timesaving sum is positive or negative. ¯\_(ツ)_/¯

Yeah, it’s pretty funny how distros just passed each other by like that. Back then it was Debian that was regarded as the hyper-poweruser distro:

The reason I havn’t used Debian is because I can’t install it. “This guy is totally clueless” you might think. My only response is that I’m writing this on a Gentoo box that I have installed myself.

And then now there are plenty of people reading this thread who liked Windows 7. As time passed, their grade on the ease-of-use of A passed the don’t-get-in-my-way of B, and a load of Windows 10ers jumped ship to Linus & Friends, the last place their Windows 7 selves would have expected to go. Always a reminder that the end of history isn’t now.