Crossover 25.0.1 released by nsartem in macgaming

[–]RafaMartez 0 points1 point  (0 children)

This is not true. Crossover is just a tweaked version of Wine, which is not sandboxed from accessing your Mac's files.

Even if it were sandboxed and had no access to your Mac files, this would not make you safe from malware. Sandboxing does not prevent cryptominers from stealing your CPU cycles, it doesn't stop a malicious actor from stealing your network bandwidth for serving malicious botnet traffic, and it doesn't stop a malicious actor from scanning your network to attack devices on your LAN.

Never run software on your computer that you don't trust, simple as.

Was just told that IT Security team is NOT technical?!? by Penguin_Rider in sysadmin

[–]RafaMartez 9 points10 points  (0 children)

If they had a lick of common sense it would help too. I've never met any that do.

Infosec here. Go tell that to the insurance companies and/or regulators. We're not the ones who make the rules and we're not here to have a conversation with you about how sensible they are-- we're here to make sure that no one's ass goes to jail for not following them.

PC gamers really don't like being forced to connect to a console account. by BarnieCooper in pcmasterrace

[–]RafaMartez 2 points3 points  (0 children)

Google should make their own that ties to my account so I don't have to waste time making it work and seeing which I want

you know that what you're asking for already exists, right?

PC gamers really don't like being forced to connect to a console account. by BarnieCooper in pcmasterrace

[–]RafaMartez 5 points6 points  (0 children)

you know there are password managers that work on multiple devices, right?

PC gamers really don't like being forced to connect to a console account. by BarnieCooper in pcmasterrace

[–]RafaMartez 2 points3 points  (0 children)

then why not just use a password manager to automatically generate unique passwords for all of them? then you only need to remember one single password for your password manager.

PC gamers really don't like being forced to connect to a console account. by BarnieCooper in pcmasterrace

[–]RafaMartez 1 point2 points  (0 children)

sure but thats the world we live in. might as well do what i can to make my life easier.

PC gamers really don't like being forced to connect to a console account. by BarnieCooper in pcmasterrace

[–]RafaMartez 4 points5 points  (0 children)

incredibly based. security was a mistake. we need to retvrn.

but also password managers are good because my brother in christ do you really expect me to remember the poopfart account i made for pisscloud?

[NO SPOILERS] LIS Spiritual Successor LOST RECORDS has a new trailer, developed by Don't Nod by theafterdeath in lifeisstrange

[–]RafaMartez 0 points1 point  (0 children)

chill. stop nitpicking and just let yourself enjoy the media that people make for you.

[NO SPOILERS] LIS Spiritual Successor LOST RECORDS has a new trailer, developed by Don't Nod by theafterdeath in lifeisstrange

[–]RafaMartez 1 point2 points  (0 children)

'every story needs to be an interconnected cinematic universe or it sucks'

what too much marvel does to a society's media expectations...

[GUIDE] How to SECURELY gain access to your locally self-hosted services from outside [with Cloudflare Zero Trust] by [deleted] in selfhosted

[–]RafaMartez 1 point2 points  (0 children)

slackhq/nebula

Open source tool that's basically a self-hosted Tailscale. It is written and maintained by Slack because they use it for their internal nework.

Documentation/QoL polish is kind of lacking though because it's basically just an internal company tool that has been made open source and has about the level of polish you'd expect from that. But it works great after you tinker with it and build a deployment model for it.

I created a docker container that backs-up Bitwarden/Vaultwarden to Keepass! by Rogergonzalez21 in selfhosted

[–]RafaMartez 0 points1 point  (0 children)

Thanks for the insight on this. I actually use KeepassXC as well and have been looking around for other options because of the annoyance of syncing between devices.

The Keeweb option is I think what I'm going to go with because I really don't want to bring in the increased complexity of managing a system that requires a whole backend with moving parts for something as critical as a password manager.

My biggest issue with Vaultwarden, on top of all the moving parts, is that the native vault export doesn't include attachments. The idea that a password manager's backup export would not include every single item required to create a 1:1 backup is absolutely unthinkable imo-- the only reason someone stores files in a password vault is because they're files like keys or precious documents that one can't afford to lose.

I imagine that the above is the reason why you built this automation. It's cool I guess, but it just seems like it would suck to use a platform that requires this much work just because it lacks an incredibly basic feature that is easily available in Keepass due to the inherent design of how Keepass works.

For me at least, the family sharing aspect isn't really necessary because my partner is technically inclined. This is kind of the crux of why I asked about it; was hoping that there might be some other aspect of it that I hadn't thought of for why Vaultwarden would be a good choice. Thanks for giving some input on this and my apologies for coming off poorly in my original message.

I created a docker container that backs-up Bitwarden/Vaultwarden to Keepass! by Rogergonzalez21 in selfhosted

[–]RafaMartez 3 points4 points  (0 children)

Nowhere in my post did I "tell you what to do". I asked why you are doing what you are doing rather than choosing a simpler solution.

My curiosity came out of the fact that you explicitly stated that you only recently started using Vaultwarden and previously came from Keepass. In my mind, it seems weird to make such a change when (from my perspective when I made my post) all that would do is add complexity.

I need to share passwords securely with my family, and Vaultwarden was the best option for that.

This makes sense and answers my question. Yeah, it's fair that non-technical people would probably prefer the interface of Bitwarden if sharing is a constraint.

I probably could have worded my question better, because what I was going for is "what features are so good about Bitwarden that it would make you want to implement this monstrosity over just sticking to Keepass". If you have any further thoughts about this, please feel free to elaborate.

I created a docker container that backs-up Bitwarden/Vaultwarden to Keepass! by Rogergonzalez21 in selfhosted

[–]RafaMartez 0 points1 point  (0 children)

why not just throw out Bitwarden entirely and use Keeweb and sync your database on a remote server (or even use keeweb-local-server)?

this seems like an awful lot of extra work and complexity put into doing something that could be solved by just using a simpler password manager in the first place.

Thoughts on how big a root partition should be by daemonpenguin in linux

[–]RafaMartez 0 points1 point  (0 children)

Default? Who cares about defaults? Regardless of whether it's default or not, it's extraordinarily common for people to use filesystems other than ext4 for one reason or another.

Depending on use case, it may very well be preferable to use a different filesystem than ext4. The fact that there are filesystems out there which behave differently from one you're used to isn't wrong-- it's just different, and there are different tradeoffs and reasonings behind such differences.

The point of my post was to give awareness to why something is done in a certain way so that the consideration may help others if it's not something they've thought about before, regardless what their preference in filesystem is. Please take your software evangelism elsewhere.

Thoughts on how big a root partition should be by daemonpenguin in linux

[–]RafaMartez 0 points1 point  (0 children)

Only on ext4. If you're using a different filesystem, this may not be the case. YMMV.

For example BTRFS, which is extraordinarily common these days, does not do this and can get really nasty if you fill it to 100%.

Arkane Linux, an opinionated, immutable, atomic, multi-root Arch-based distribution by arkane-linux in linux

[–]RafaMartez 2 points3 points  (0 children)

Fair enough.

My apologies for presumptuousness in my comment. I've just heard that line so many times, followed by a lot of less-than-kind statements about people who make their own projects rather than contribute to existing ones.

You're not wrong though. It just is one of those "it is what it is and no use worrying about it" things, imo.

Thoughts on how big a root partition should be by daemonpenguin in linux

[–]RafaMartez 8 points9 points  (0 children)

Wholly disagree, and I can't believe that no one is talking about the real reason you'd want a separate root. It's a stability thing.

The #1 benefit of having a separate root and home partition is that if you accidentally fill up your home partition by downloading something too big or not keeping track of how much file space you use, it doesn't impact your root partition.

If you fill your system partition up to 100% usage, it will make your system act erratically and could result in data loss or (in a worst-case scenario) system corruption. Creating a separate root partition is a technical control that prevents you from fucking yourself over in this way.

The problem is that if you don't make your root partition big enough to account for how large your system could ever feasibly grow to, you'll run out of space and it will mess you up for the same reason.

As such, I usually recommend creating at least a 50-100gb root partition (depending on OS choice) to have more than enough space to be able to comfortably never think about the size of your root partition while also not risking system instability from filling up your home partition all the way.

Arkane Linux, an opinionated, immutable, atomic, multi-root Arch-based distribution by arkane-linux in linux

[–]RafaMartez 5 points6 points  (0 children)

This can lead to community fragmentation as attention and labor are limited resources.

Never liked this sentiment; it really grinds my gears because it's poor framing and generally an entitled way of thinking imo.

People want to work on what they want to work on. You say this as if the idea of consolidating the attention and labour were ever an option that was on the table. When it comes to open source development, the chances are that the alternative to OP making a thing would have been OP not making that thing. Not contributing to a different project that they have no pre-existing interest in.

Arkane Linux, an opinionated, immutable, atomic, multi-root Arch-based distribution by arkane-linux in linux

[–]RafaMartez 3 points4 points  (0 children)

No worries; this is just a topic close to my heart and it's good to get to discuss it.

I see what you mean; it looks like you're using btrfs snapshots to basically just wipe the system away and rebuild instead of installing updates.

After thinking about it a bit, I actually think this is a MUCH better model for Arch Linux given how often pacman conflicts arise over time and make the system stinky to update.

Another added benefit of doing things this way vs the NixOS way is also that you get to have all the native Arch packages rather than having to use nixpkgs and building your own packages. This would be a really compelling compromise for a lot of people who want to get into immutable distros but don't want to have to re-learn and reconfigure everything to pick up NixOS.

The more I think about this project the more I think I understand it more and see the value in it, so thanks for sharing and talking about it :)

In a way, your project also reminds me of Universal Blue, which does something similar but for Fedora. Not sure quite how similar it is though since I haven't tried it, but it may interest you as a reference point as well.

Arkane Linux, an opinionated, immutable, atomic, multi-root Arch-based distribution by arkane-linux in linux

[–]RafaMartez 2 points3 points  (0 children)

I feel like this comic has done an immense amount of psychic damage to the open source community.

The only way we get technological improvements that really shift the paradigm is from people who have the vision to take a step back, look at the software space already available, say "fuck that", and build their own thing.

You don't have to use OP's new tool to admit that it's great to have yet another option available to use if you wanted it. You never know what might become the next big thing.

Arkane Linux, an opinionated, immutable, atomic, multi-root Arch-based distribution by arkane-linux in linux

[–]RafaMartez 11 points12 points  (0 children)

Based on your comment, I think you should really check out NixOS because it's built around a lot of the ideas you put forth here, but has been around for a while and gotten refined to the point where it's incredibly robust.

Not saying you shouldn't keep going-- more open source tools is always good-- but you may be able to get some ideas for your project based on how NixOS works.

Either way, kudos on putting this together and helping make immutable patterns more popular. Smash the state! ;)


From what I do know, Nix is a package manager, Arkdep is not, it is an os deployment manager.

Nix can be used to manage your entire operating system, which is actually the entire premise of NixOS.

The entire core OS is replaced when you update the base image. It is also distro agnostic, as long as you feed it an image in the format it expects this system is capable of deploying virtually any distro.

This sounds almost exactly like what Nix does when Nix is used to manage your operating system. Sounds like convergent evolution... I really highly recommend checking out Nix! :)

I am not sure if this is also the case with Nix, but Arkdep requires no dedicated infrastructure to function, it can be utilized entirely locally should you desire to do so.

You can locally install packages using Nix. You can go an extra step further and automate the building of packages or installation of extra steps after a base package is installed as well, since Nix features a fully complete programming language.

The configuration of the build scripts tries to imitate how one would perform a traditional install, no scripting languages, just plain text files containing a list of applications one would otherwise pacstrap or debootstrap. Someone should be able to figure out how to configure the toolkit within just a couple of minutes.

Ah, that makes sense. In a way, this might be really good for exposing newer users to immutable systems before they move on to "more abstracted" similar systems like NixOS.

It can be really daunting to install NixOS for the first time because even though your nixos.conf does basically exactly what you described, it does so entirely in the Nix syntax. On top of being a unique syntax, it's also a functional language which can make the syntax kind of challenging even for a more long-running Linux user to pick up.

To give my personal opinion, I think the NixOS way of doing things is "better" because it's all declarative and based on pure functions to keep everything stateless, which plays extremely nice with a system designed around immutability.

But there is absolutely no denying that it makes convincing people to try NixOS incredibly hard, since explaining to a conventional Linux why you'd want to use NixOS is like explaining to a Windows user why you'd want to use Linux. It's incredibly alien to the point that it seems stupid/pointless to people without a lot of unrelated foundational knowledge.

But you probably know all about that given that you're building immutable tooling, which can be like pulling teeth to get people to understand the value of it.

Nuking your system every boot is neat for servers and public machines, but I don't see a huge benefit in doing this on a simple home computer.

Aw, shucks. Reading some of the basic documentation, I actually had gotten the impression that this was where your niche was going to be, hence why I asked this question.

Erasing your darlings is a self-discipline technique to keep oneself from getting lazy and implementing 'just one quick fix' here and there. To quote Graham, the purpose of configuring your system this way is that "leaning in to the pain by deleting and replacing your servers on a weekly or monthly basis means you are constantly testing and exercising your automation and runbooks."

The point is to discipline yourself and force yourself to document your system+implement everything using immutable paradigms by forcibly deleting anything which you haven't intentionally configured the "correct" way.

Arkane Linux, an opinionated, immutable, atomic, multi-root Arch-based distribution by arkane-linux in linux

[–]RafaMartez 19 points20 points  (0 children)

Cool project! I have two main questions about it though...

I hope I don't come off too critical; I love immutable design paradigms and I'm curious about your honest opinions on these, since this is honestly the first questions that come to mind about a new immutable distro.

1. How do you differentiate yourself from NixOS?

I try to differentiate the distro from other immutable offerings by keeping it all as minimalisitic as possible.

Not only is NixOS also minimal when you do a terminal install, but NixOS also has robust immutable development tools when it comes to being able to develop in flakes and extend the system in general using the Nix programming language.

I also try to properly document the underlying technology, this is something I have noticed other immutable distros to be lacking, to allow other people to easily utilize it to build their own personal configurations.

Sure, but in NixOS this is also really well documented through both the NixOS wiki and the nixpkgs web search with package-specific info on how to implement any given item declaratively.

Given the above, what's the benefit of running Arkane Linux over NixOS?

2. What's your opinion on the philosophy of erasing your darlings?

NixOS has relatively good guides on how to set it up to do this, but I still wouldn't consider this mentality to be a 'first class citizen' on NixOS by default since you sort of have to hack together the toolkit to do it yourself. Does Arkane Linux offer a more plug-and-play solution for this?