• 0 Posts
  • 45 Comments
Joined 2 years ago
cake
Cake day: June 17th, 2023

help-circle




  • radau@lemmy.dbzer0.comtoLinux@lemmy.mlWorth using distrobox?
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 months ago

    I wouldn’t use it for security, use VMs if you need isolation.

    I used Distrobox for various dev projects on Fedora Atomic and it worked great for that. I did a separate homedir mainly just to avoid dumping a bunch of crap into my real home but definitely have the expectation that anything you install has full access to the system.

    I run FreeCAD via Distrobox as well since the flatpak performance was pretty bad and it’s wayyyy faster which is nice and preferable to rpm-ostree in my instance.




  • Proton with a domain you control and use their Simplelogin which you can self host down the line should there be a rug-pull event. I think you need to manually export this so make it a habit as you add them!

    You can put your eggs in one basket, just make sure you have a plan B if the basket catches on fire, using their domain in my eyes you’re going down with the ship, if you control it you’re just repointing records to a new host and getting simplelogin going.

    This is part of the reason I like to keep ALL of my emails on disk still as well, if you can’t decrypt your mailbox for some reason they’re about as good as gone.


  • I switched off of BSD about a decade ago so I can’t weigh in on it’s current state at all. I generally avoid Flatpaks at least in Qubes. I do have a template that supports it but it’s only running on my Music VM currently which is offlined, the rest follow the traditional template+AppVM approach which I keep updated on a schedule.

    I have never operated under the assumption that flatpaks are sandboxed or secure because they really aren’t. It’s a system to bundle packages with your software without contaminating the host environment. The big issue really is in the package maintainers shipping outdated packages, containers were never a security measure in my eyes due to the shared kernel and especially not with the default share of the homedir for flatpaks. If you need that kind of isolation you really need a VM. I treat them as a standard install personally without any expectations of isolation, and really with Silverblue I’m leaning more towards installing apps directly in Distrobox and exporting them to the host, it still has the shared homedir issue but you’re getting up to date packages in a desired environment that you fully control (this is both good and bad since maintenance is on you).

    I think it’s a good idea if there were stricter requirements, maybe vulnerability scanning as a requirement to releasing and pulling stale flatpaks after a period of no releases to start. It’s difficult to appease everyone in this situation and breaking changes would be inevitable so it is difficult to fully solve now that it already exists as it does. I do think supply chain attacks will only get more common though so they definitely need work.


  • As someone who does a lot of infrastructure work on AWS, Azure, GCP etc, it’s just about the only operating system I’ll use at this point for that kind of work. The isolation I get per-client and per-environment is unmatched. There’s a little more upfront work to get everything the way you like (putting ZSH configs on /etc/skel of your templates for example) but once it’s set up it’s really solid. Having the windows named and color coded really helps me keep from crossing wires when stuff gets chaotic and I’m jumping around a lot.

    It’s obviously MUCH worse at certain things such as CAD, but they’re still workable in it. HVMs can remedy this pretty easily but it’s not quite as seamless as the standard Qubes unfortunately but it’s progressed a LOT in a short amount of time so we’ll see what the future holds!



  • radau@lemmy.dbzer0.comtoLinux@lemmy.ml*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    4 months ago

    Immutable was the only thing that got me to switch back from QubesOS on my desktop. I was doing Qubes with a win10 HVM with my 3070 passed through and it was a couple frames off from native performance. Still keep Qubes on my T480 for infra specific work but my “dev” machine with no creds is the desktop now.

    Couldn’t get the performance quite right for a Linux based HVM and was wanting the HW accel for some of my work (CAD, figma) so I loaded Bazzite with KDE which runs Fedora Atomic and it’s been amazing for both gaming and work.

    Distrobox with boxbuddy and rootful containers where needed has been extremely pleasant and they all live as a subdirectory of my home with a ZSH install script I have to load the terminal styles I want into any new containers. Any apps you install in the container you can export to your start menu and launch seamlessly without tainting your host with any weird dependencies you might need for a project.

    We use ddev a lot so needed a rootful container for Docker but other projects I just treat like a VM almost (R projects for instance), install whats needed to get an env going real quick and fire up the IDE in the container and get to work.

    EVERYTING I care about is in /var, including my home which makes backups and snapshots stupid simple which I love coming from a traditional Linux distro


  • radau@lemmy.dbzer0.comtoPrivacy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    39
    ·
    edit-2
    4 months ago

    Best part is it’s $5000 because they get to name their price. These sensors, headlights, etc, cost nowhere near that, but where else are you gonna go get em?

    So in a few years when your new car has depreciated to somewhere around 10k and you get a massive repair bill? Well most people are scrapping it and getting another car, convenient for them…


  • Same here, saw the writing on the wall after 7 and tried Linux gaming a few times but it was rough back then so I always came back. I did however start at least dual booting with 7 onwards so apart from gaming I was a convert at that time.

    This year finally got tired of all the crap, them trying to railroad AI junk in, ruining the control panel, absolutely BURYING settings, turning ones back on with updates, the entire operating system is a dark pattern when it used to be so much more streamlined. Switched to Bazzite and it feels like I’m almost back to Windows 7 except I don’t have to install drivers or anything, just install it, add any apps through the store and you’re off. What they’ve done to windows is ridiculous to me and I’ll never come back.






  • Fwiw I had to tinker a bit to get good video playback, Fedora was always choppy for me for some reason but debian is typically smooth with hw accel disabled.

    As for the gaming, depending on your setup (I have a desktop and T480 I keep in sync) you can absolutely run two video cards and do PCI passthrough on one to a gaming VM. I have mine set up with a dedicated NIC and USB card and just use a KVM to swap between Qubes and Windows (for now) and it’s worked really well. Had to play around a ton to get the full speed out of the GPU though and it only seemed to work in windows so hopefully get that going for a Linux hvm one day.

    Absolutely agree there is no going back, I have all of my work stuff entirely hardware agnostic and a full on replica of my work desktop ready to go in a moment should the desktop die. Apart from that keeping client work isolated has been such a game changer.


  • Fwiw I used to daily an x210 and then an x230 in IT and pretty frequently typed with one hand while carrying with another without the weight bugging me but your mileage may vary.

    You can definitely send them flying and not damage them my coworker launched theirs across the office and the bezel just snapped back together.

    I have a T480 now since I do more dev work and needed a slightly bigger keyboard/screen and it’s phenomenal with Qubes and 48gb of memory on the quad core i5. Love the ease to repair I just swapped a motherboard on it in around 30 minutes and was back up and running