• 1 Post
  • 38 Comments
Joined 3Y ago
cake
Cake day: Mar 21, 2022

help-circle
rss


I rebooted and now it works. /etc/resolv.conf is not the file you edit, but that localhost DNS is interesting. Saw that a long time ago (Obi wan face)


I was looking for such a guide but could not find it back then.

I followed this guide

Which may be overcomplex but it is complete and lots of things where not intuitive at all.

As I said, you could easily automate this step, instead of making it that manual. Or course I can do that, but why need to, if a sudo apt distro-upgrade would do it?


Strange, Fedora39 to Fedora39, I use that atomic base always (like 15 different installs, GNOME, Plasma6, Secureblue, Cosmic, Sway,…)


Its overcomplex. For sure I could get used to it and maybe this is the way to go.

But you could wrap this tedious process in a function.

Fedora has a distro upgrade command (that totally sucks but okay) since many years, while on Debian I needed to follow some random Guide to get on the hyped Debian 12.


I tried IOT too and it the bootloader didnt install.

Then I just installed Atomic Sway (because not that much bloat), and before logging in rebased to secureblue server-main-userns-hardened. It worked but I have no DNS? Damn…


Probably I got none, just this “do you want to use the maintainers version” which is always a bit confusing. VirtualBox also gave issues but just dont use that crap.


Why is there apt-get and apt? Also on regular updates there are sometimes package conflicts that need manual configuration. Maybe -y deals with some.


I am completely confused about ublue currently, (okay all they did is remove the image list, its the same on Github)

Debian is old and crusty with all its tooling. Apt sucks, automatic updates are strange, there are no snapshots afaik, it uses ext4, its like Fedora was 10 years ago


Automatic updates are overcomplex and not even preinstalled. Install a package, change some configs, so some more.

I dealt with it and its annoying.

And there is a lot more that is completely manual with no good default presets


Do you run an image-based Server?
I use Fedora Kinoite daily and find it to be the only OS to make sense really. I find Fedora CoreOS totally confusing (with that ignition file, no anaconda, no user password by default, like how would I set this up anywhere I dont have filesystem access to?) But there are alternatives. I would like to build my own hardened Fedora server image that can be deployed anywhere (i.e. any PC to turn into a secure and easy out-of-the-box server). As modern server often uses containers anyways, I think an atomic server only makes sense, as damn Debian is just a pain to use. Experiences, recommendations?
fedilink

Incus is a weird name lol.

But jokes aside, I think Docker and Podman have more adaption?


Podman runs without a daemon which for some reason makes podman compose an a bit tricky replacement for docker compose.

But for a single purpose, why not just install nextcloud as a system package via layering? I think that should be pretty secure through SELinux and would be the easiest choice.

Other problems with coreOS:

  • ignite file make monkey brain confusion
  • updates always require a reboot unlike on Debian, where only kernel updates need that (downtime is minimal and can be automated using a systemd service)
its not that hard
pkexec cat /etc/systemd/system/nightly-reboot.service <<EOF
[Unit]
Description=Update rpm-ostree and reboot
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/rpm-ostree --reboot update

[Timer]
OnCalendar=daily
AccuracySec=1h
Persistent=true
Unit=rpm-ostree-update.service

[Install]
WantedBy=multi-user.target
EOF

But I would honestly try it. Maybe give secureblue server a try, should be more similar to your desktop than coreOS (which seems to be made for wide deployments)


Lol

Open source vulnerabilities typically stem from poorly written code that leave gaps, which attackers can use to carryout malicious activities.

Dont write or accept bad code then?



I am building a minimal, debloated Win11 QEMU image currently. But windows doing that on Purpose? I dont think so


Its just not that you want to pay a company that sold your data and stuffed ads down your throat. Like, at all. Will they still track you using Premium? I am totally certain.



Okay, they are probably offline install ISOs with all the software included right?

On Linux its also a little different, as uninstalling “bloat” is just one command or GUI button. On Windows you need shady external software for that and it doesnt feel like its meant to be at all, with all those cmd windows popping up etc (BCU)



Yeah I know the projects. GrapheneOS hates F-Droid which is annoying, but I am 100% sure its the more secure and complete OS. DivestOS probably has more user-facing features.

I think every Custom ROM should build on top of GrapheneOS, extend the device list (with worse security but only for some threat models) and add better apps.

Here you get the GrapheneOS apps (very few): https://github.com/GrapheneOS/Apps/releases




Firefox doesnt provide a webview for some reason.

Its really shitty, because it could be a better standard for webapps on Linux too. But now we have electron, which is basically compatible with firefox as its web technology


Yeah I did that too. Mulch or Vanadium, I would recommend Vanadium. Bromite is dead. Cromite maybe, but really just use Vanadium its the most degoogled and secure one.

But apart from that, the developer options make no sense if there is no way to actually install one without root.

Also, openwebview replaces the installed one, doesnt it?


They will strip out the DRM part, maybe. GrapheneOS, other than even Firefox or any Linux Distro, has many DRM packages installed. Widevine and lots of others.

So it may be that they dont even remove it from the Vanadium Webview. But if they do, Apps may break as the Developers looove the extra control. And then GrapheneOS needs to do annoying work again, to for example have a sandboxed Webview-DRM app that can be enabled per-App.


Yes, they provide these Webviews, meaning they get a shitload of work probably, to remove that DRM BS. Until random apps (like all those Playstore apps) stop working on non-DRM webview… yay!

Like, there are already services that just work with apps. If these apps dont work anymore, well…





Very true. In germany we had “Ytitty”, a group of young guys doing music parodies and comedy stuff. They went more and more professional and less funny, not realizing thats not how comedy works.

30M Views

LOL




Whats also awesome is, that SiFives devices run Coreboot out of the box.

I own a Thinkpad T430 and soon a Clevo NV41 and both are also Coreboot compatible. Most excited about the new hardware, even though it will need a fully blobbed Coreboot… SiFive on the other hand is probably fully FOSS?? This is crazy!


I think thats a pretty unmotivated approach. Imagine every invention replacing previous ones, just getting piled on top of each others?


I hope Risc-V will make it. Even though idk? But it literally has no weird proprietary shit like ARM and it actually makes sense.

Going away from x86_64 is important, even for the environment



I dont get Bluesky. I dont even care for this “app” what and why? Who would use that?