i’m lizard

  • 0 Posts
  • 65 Comments
Joined 1 year ago
cake
Cake day: June 21st, 2024

help-circle









  • PUID is indeed handled inside the container itself, it’ll run a container-provided script as whatever the container’s UID 0 happens to be first which then drops to whatever $PUID happens to be inside the container. user= is enforced by Podman itself before the container starts, but Podman will still run as root in that setup. That means Podman is running “rootful”, while if you started the container manually as $uid using the regular Podman CLI, it would be “rootless”. That is a major difference in a lot of respects, including security, and you can find quite a bit of documentation on the differences between those operating modes online; it wouldn’t fit in a comment. Rootless is generally considered the better mode, though there are some things that still require a rootful container.

    In the upcoming NixOS 25.05 or current unstable, there are some tools you can use to run containers rootless as another user more easily using a new $name.podman.user = ""; setting. From what I understand they’ll still be root-managed systemd system services that require sudo to operate, but that means privileges get dropped by systemd before running Podman, instead of dropped by Podman before running the container. This stuff is recent and I haven’t used it, I just happen to know it exists, relevant nixpkgs commit if you wanna dig into it yourself: https://github.com/NixOS/nixpkgs/commit/7d443d378b07ad55686e9ba68faf16802c030025





  • That’s about right. That said, we also don’t know how long regular Switch/Switch 2 carts are going to last. The MaskROM used in the N64/DS and earlier eras is significantly more reliable when stored for a long time than the modern NAND Flash memory as used in the 3DS/Switch+. I suspect key carts won’t have any NAND Flash inside (they don’t need gigabytes of capacity just to store a game name + icon) and might physically last longer.

    Of course, key carts are all going to drop to zero value practically overnight when Nintendo eventually pulls the plug, while real carts will die one by one.


  • We won’t know for sure what’s actually going on under the hood until the console is cracked wide open or there’s a devkit leak, but my speculative guess is that some details of the GPU are ‘emulated’/recompiled. PC AAA games tend to include lengthy shader pre-compilation wait times, console games don’t have that wait time because the shaders are pre-compiled by the developers when building the game, specifically for one piece of hardware. The games themselves then fully rely on those pre-compiled shaders. They’re going to need shaders that work with the Switch 2’s GPU, which is going to involve some kind of imperfect translation process.

    AMD was able to design better hardware that works with older compiled shaders, as done in the PS5/Xbox Series (and Pro consoles). That’s not a super common feature, but I imagine that AMD is more motivated to keep Microsoft/Sony happy than Nvidia is to keep Nintendo happy. AMD’s graphics division might as well shut their doors if it wasn’t for the consoles, meanwhile Nvidia is raking in trillions from the AI boom and would rather forget about gaming.


  • Windows prefers to deactivate or minimize the write cache on removable devices, most of the common Linux distros generally don’t make such changes. Microsoft has a very good reason for that default: not a lot of people actually use the “safely remove hardware” option and if the cache is enabled, using and waiting for that is a hard requirement for the data to have actually made its way onto the drive.


  • I don’t think it really makes a lot of sense to look for FOSS alternatives based on country of maintainer origin when it’s something popular enough to be shipped by a lot of independent Linux distros and supported by local IT consultants in more or less any country. That said, to my knowledge, lighttpd is mostly German in origin and is actively maintained. It definitively lost to nginx in the great popularity contest but I don’t think it’s really any worse.




  • Borg or the like with ‘hardcoded’ plaintext/regularly full-disk-encrypted key is acceptable. Someone that has your unencrypted private key sitting on your server has almost certainly already obtained access to the entire set of data you’re backing up, with the backup key itself only meaningfully guarding access to older backups.

    The more important thing is to securely keep extra copies in case the server fails. I keep mine in a group in my password manager, one per repo.