I’m the Never Ending Pie Throwing Robot, aka NEPTR.

Linux enthusiast, programmer, and privacy advocate. I’m nearly done with an IT Security degree.

TL;DR I am a nerd.

  • 4 Posts
  • 158 Comments
Joined 3 months ago
cake
Cake day: November 20th, 2024

help-circle

  • Mostly because Fedora is more popular. I like both.

    openSUSE Tumbleweed gives you much more control of what gets installed by default (you can customize every package during the GUI installer). It has been the most stable distro ive used. It is a “rolling-release” distro, meaning that packages usually get updates quicker from upstream. If you dont like getting frequent updates it may not be for you. A key feature of openSUSE distros is the system management apl Yast, which allows you to manage a lot of stuff from a GUI.

    Fedora is also quite stable. I think it’s more user-friendly in my experience. After Debian/Ubuntu based distros, Fedora is the most likely to have packages built for it by developers (I’m talking 1st-party builds, not repacks). Fedora is a semi-rolling release, meaning updates are frequent but not constant.

    Fedora is currently my distro off choice, but I may soon use Tumbleweed again. I daily drove Tumbleweed for a year on both my general PC and my admin computer.









  • Actually, in the case of a web browser, Flatpak weakens both Firefox’s and Chromium’s internal sandboxing, possibly allowing for breaking of cross-site or site-host boundaries. Firefox is even weaker then Chromium as a Flatpak because it can’t use the zypak fork server. Both are weakened, best to avoid.

    For basically any other app, Flatpak can be beneficial as a sandbox.

    Basically, don’t sandbox browsers because its like wearing 2 condoms. The only sandboxing tool I know that doesn’t interfere with the browser’s sandbox (and also doesnt allow for the possibility of privilege escalation, like Firejail) is Bubblejail

    PS: Since you mentioned you are on Fedora, Bubblejail is offered through this COPR repo from the Secureblue team. It provides a sandbox without interfering with the browser’s sandbox. It comes with profiles for Firefox and Chromium. Only issue ive experienced is that the sandbox works, aka it means I can’t access files from my home directory unless explicitly given permission to a folder.



  • All the different tests ive seen comparing Rust and C put compile times in the same ballpark. Even if somehow every test is unrepresentative of real-world compile times, I doubt it is “order[s] of magnitude” worse.

    I remember watching someone test the performance of host a HTTP webpage and comparing the performance of Zig, Rust w/ C HTTP library, and Rust native. Rust native easily beat them out and was able to handle like 10s of thousands more client connections. While I know this isnt directly relevant to Kernels, the most popular C HTTP library is most likely quite optimized.

    Memory related vulnerabilities are consistently in the top reported vulnerabilities. It is a big deal, and no, you can’t just program around it. Everyone makes mistakes, has a bad day, or something on their mind. Moments of human fallibility. Eliminating an entire class of the vulnerabilites while staying competitive with C is a hard task, but entirely worth doing.