Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)F

fruitycoder

@ fruitycoder @sh.itjust.works

Posts
8
Comments
1274
Joined
3 yr. ago

  • What is the technical hill you are willing to die on in your industry?

    Jump

  • If you don't understand that development, security, and operations are all one job you will constantly make crap and probably point at some other team to make excuses about it, but it will be actually be your fault.

    Programs have to run. They have to be able to change to meet needs. Implementing working security measures is one of those needs.

    The amount of times I've had to slap devs hands that wanted to just disable security or remind security that just shutting it down is denial of service is crazy. If it can't deploy or is constantly down or uses stupid amount of resources it's also worthless no matter what it looked like for split second you ran on on the dev machine.

    The next patch isn't going to fucking fix it if no one that writes patches knows about the damn issue. Work arounds are hidden technical debt and you have to assume that they will fucking break on some update later. If you are not updating because it breaks your unreported workarounds you will get ignored by the devs at some point, and they are right in doing so.

    If you depend on something communicate with the team that works on it. We can send a fucking petabyte of info around the world and to the moon and back before some people write a fucking Ticket, email, or even a IM. Look dumb and asking the stupid question rather than being an actual idiot and leaving something broken for the next decade. We're all dumb, it's why we built computers, get over it and just talk to people. If you really struggle with, don't just communicate, try to over communicate, say an obvious thing now and again just to keep the dialogue open and test that you really on the same page.

    That's my rant/hill borne from ulcers supporting crappy IT orgs and having to overcome my own shortcomings to actually say something in channels where things can actually change and not just griping in private about it.

  • You can pry pattern matching from my cold dead hands

    Jump

  • So Mojo and Python then?

  • Torvalds On Linux Security Modules: "I Already Think We Have Too Many Of Those Pointless Things"

    Jump

  • To be fair. SELINUX always seems like THE answer with flexibility it provides with App armor being just SELINUX light...

    It would make more sense to me to have better support for leveraging SELINUX primatives to accomplish the same things. I at least, don't know of any LSM features that can't be covered user:role:type:security level:catagorey and namespaces?

    The issue is always that info is hard to know sometimes and programers can barely stop ourselves from running as root with all files in 777 mode let alone conceptualize those other attributes for files and services

  • Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase

    Jump

  • Right. There is probably a certain point where other hardware support is just a happy accident or miniscule effort. Its just there yet for them though it is getting close!

  • Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase

    Jump

  • Why should they do it again?

  • Yep, Xbox Is Bleeding Out

    Jump

  • They are basically the exclusive target for GrapheneOS for their feature set:

     
        
Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:

    Support for using alternate operating systems including full hardware security functionality
    Complete monthly Android Security Bulletin patches without any regular delays longer than a week for device support code (firmware, drivers and HALs)
    At least 5 years of updates from launch for device support code with phones (Pixels now have 7) and 7 years with tablets
    Device support code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they're released)
    Linux 6.1, 6.6 or 6.12 Generic Kernel Image (GKI) support
    Hardware accelerated virtualization usable by GrapheneOS (ideally pKVM to match Pixels but another usable implementation may be acceptable)
    Hardware memory tagging (ARM MTE or equivalent)
    Hardware-based coarse grained Control Flow Integrity (CFI) for baseline coverage where type-based CFI isn't used or can't be deployed (BTI/PAC, CET IBT or equivalent)
    PXN, SMEP or equivalent
    PAN, SMAP or equivalent
    Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode / decode, image processor and other components
    Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
    Verified boot with rollback protection for firmware
    Verified boot with rollback protection for the OS (Android Verified Boot)
    Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)
    StrongBox keystore provided by secure element
    Hardware key attestation support for the StrongBox keystore
    Attest key support for hardware key attestation to provide pinning support
    Weaver disk encryption key derivation throttling provided by secure element
    Insider attack resistance for updates to the secure element (Owner user authentication required before updates are accepted)
    Inline disk encryption acceleration with wrapped key support
    64-bit-only device support code
    Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers
    Support for disabling USB data and also USB as a whole at a hardware level in the USB controller
    Reset attack mitigation for firmware-based boot modes such as fastboot mode zeroing memory left over from the OS and delaying opening up attack surface such as USB functionality until that's completed
    Debugging features such as JTAG or serial debugging must be inaccessible while the device is locked

    From https://grapheneos.org/faq#device-support

  • Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase

    Jump

  • The rapid growth model only makes sense for people looking for investors and the promise to snag a customer base once their hooked.

    Value has a lot to lose but mostly margins to gain.

    Listen I'm for keeping them pushing towards ethical contributions to the ecosystem, but I also entirely understand them not doing so just for charities sake alone.

    Fair on the release part lol. I didn't know that, but I guess the ignore part is still an issue since people want them to get it to work with other hardware out of scope, or worse Nvidia

  • Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase

    Jump

  • Project scope. It makes more sense for them to make a distro that solves currently unsolved spaces directly related to their market (merging PC with handhelds, consoles, and VR). More scope either means more hours or more spread of the existing hours accros the added work.

    They have been contributing alot back to upstream which does help Linux gaming in general alot.

  • Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase

    Jump

  • You want them to release SteamOS and ignore all user feedback except for Steam hardware some how? Otherwise that's all cost. Or significant brand risk.

    Tbh I'm not sure what the conversion rate to sales actually would be. The numbers of sold games on the steam machine vs the average machines rates will be a better indicator of that IMHO. The Steamdeck is biased in that showing the form factor support is also an important point for games on the deck.

    I would rather them keep investing in the ecosystem then try to rush for growth and have to enshitify to keep it.

  • Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase

    Jump

  • Largely people pay for games regardless. From Steams perspective investing the store profits into Linux gaming is a market risk reducer and a cost center for producing viable hardware platforms.

    Its not a revenue stream at the moment. If a million more people started running it tommorow on non-steam hardware and didn't adjust the game buying habits, it would be a net loss for Value, as their support costs would rise with no increase in revenue.

    The best case for them is that it acts as a conduit for good PR, and user generated content for the platform (i.e. mods, apps, and of course FOSS merge requests).

  • ✨ ECI, Ethical Computing Initiative

    Jump

  • Sweet! Great place showing off the projects and companies that are truely working towards respects your freedom type of computing!

    I would add Oxide to the server list they are definitely in this space

  • Removed

    I made my own self hostable social media platform with no silly rules!

    Jump

  • Linux is awesome at home, but aren't y'all forced to use Windows at work?

    Jump

  • Was macos at work, now Linux dev machine. Its a big up.

    To be honest, all those are web apps now shrug. Zoom, slack, teams, docs, sheets,

    <insert word named app here>

    , all open in the browser. So IDC what the OS is for them. Linux Zero-Touch deployments are still in progress IMHO so I get why they arent here yet for a lot offices, but we are closer now than ever (thanks atomic OSs!).

  • What is your development environment?

    Jump

  • Bazzite and Kinote though I use distrobox and k8s alot for messing with other distros/apps. Vscodium and neovim. Vscodium is loaded up with nearly anything IaC or kubernetes related and Continue for some AI stuff (pointed to local and mistrial). Also heavy opinionated stuff for Python like black, etc (I want my ide to yell at me to make better code). Some GitHub and git lab add-ons too. Nvim is just as is.

  • How do you manage your home server configuration?

    Jump

  • Definitely overkill lol. But I like it. Haven't found a more complete solutions that doesn't feel like a comp sci dissertation yet.

    The goal is pretty simple. Make as much as possible, helm values, k8s manifests, tofu, ansible, cloud init as possible and in that order of preference because as you go up the stack you get more state management for "free". Stick that in git and test and deploy from that source as much as possible. Everything else is just about getting to there as fast as possible, and keeping the 3-2-1 rule alive and well for it all (3 backups, 2 different media, 1 off-site).

  • How do you manage your home server configuration?

    Jump

  • Fleet from Rancher to deploy everything to k8s. Baremetal management with Tinkerbell and Metal3 to management my OS deployments to baremetal in k8s. Harvester is the OS/K8S platform and all of its configs can be delivered in install or as cloudinit k8s objects. Ansible for the switches (as KubeOVN gets better in Harvester default separate hardware might be removed), I'm not brave enough for cross planning that yet. For backups I use velero, and shoot that into the cloud encrypted plus some nodes that I leave offline most of the time except to do backups and updating them. I user hauler manifests and a kube cronjob to grab images, helm charts, rpms, and ISO to local store. I use SOPS to store the secrets I need to boot strap in git. OpenTofu for application configs that are painful in helm. Ansible for everything else.

    For total rebuilds I take all of that config and load it into a cloudinit script that I stick on a Rocky or sles iso that, assuming the network is up enough to configure, rebuilds from scratch, then I have a manual step to restore lost data.

    That covers everything infra but physical layout in a git repo. Just got a pikvm v4 on order along with a pikvm switch, so hopefully I can get more of the junk on Metal3 for proper power control too and less IPXE shenanigans.

    Next steps for me are CI/CD pipelines for deploying a mock version of the lab into Harvester as VMs, running integrations tests, and if it passes merge the staged branch into prod. I do that manually a little already but would really like to automate it. One I do that I start running Renovate to grab the latest stable for stuff for me.

  • Linux Exposing Support For Lenovo ThinkPads Being Able To Detect Hardware Damage

    Jump

  • As THE USB-C PD evangelist. I have to say. Fair. Like PD EPD is definitely reaching the limits of the USB-C form factor to me, and data over copper is a dead end at some point too.

    Still want ever device I have on it. Though as we scale past the 260 watt range (and I do...) or longer distances (also me) it's just going to have to be another interface and probably medium for data for the protocol. So far MPO for data and honestly pogo pins for power are the best I'm seeing.

    Again for everything thats not a serious power device like well pumps, servers, AC/Heat pump, Power tools, etc or serious data server/client. Its fine, which is seriously impressive.

    Rant over I also like the idea of better hardware stats reported to the OS. Its one reason I fell in love with software raid over hardware raid

  • what do y'all use for CI/CD?

    Jump

  • Git lab CI is my goto for git repo based things (unit tests, integration tests, etc). Fleet through Rancher for real deployments (manages and maintains state because kubernetes). Tekton is my in between catchall.

  • Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase

    Jump

  • Are people paying for SteamOS? I thought the only revenue streams around it was the Steam Deck and soon the Steam Machine and the VR thing.

    Largely it's a risk reduction thing for them. Otherwise their dependent on a monopolistic OS and their largely uninterested in collaboration competitor.