Well, I think you already mentioned the key thing about encrypting disks. It’s not about protections when the block device is already decrypted and the filesystem already mount. At that point your disks are decrypted and anyone with or without physical access to your device, if gaining any access to it you’re toast. That’s true, but that’s not what disks encryption help you with, and you already mentioned. If you turn off your device, and someone steals it, or gains access to it, they can’t look at your contents, that’s it. That wouldn’t prevent malicious people, to instead plant something through UEFI for example, and you are right about that case. And if you never turn off your computer, and just do sleep to memory, then you depend on how strong your password is, or any other authentication mechanism you have…

Can you explain why if someone get access to your encrypted disk, they would have access to its contents?

Well it’s a bit confusing. On Guix’ wiki General features you can read:

Guix keeps track of these references automatically so that installed packages can be garbage collected when no other package depends on them - at the cost of greater storage requirements, all upgrades in Guix are guaranteed to be both atomic and can be rolled back.

The roll-back feature of Guix is inherited from the design of Nix and is rarely found in other operating systems, since it requires an unorthodox approach to how the system should function (see MicroOS).

And then on its wiki Guix System (operating system) Roll-back you can read:

This is accomplished by a combination of Guix’s functional package manager, which treats each package and system configuration as an immutable and reproducible entity,[58] and the generation system which maintains a history of system configurations as “generations.”

So the system configurations on a Guix system are actually immutable, as opposed to regular gnu+linux distributions, which can change the system configuration on the fly. What else is immutable on Guix, I can’t tell, but at least you can not change its system configs. What is atomic is the upgrades.

I’m not sure, but as Guix borrowed these properties from Nix, I’d think this applies to Nix as well.

In other words, at least the Guix system has immutable components. And further, the system config which is immutable, is also declarative. Combining those two things might be intimidating, since it’s not like on the fly one can go and change the system config, which might be required when debugging some misbehavior, and it’s what most distros document, then one needs to learn about guile, and a bit about functional programming I guess or at least their basics… Deploying systems might take advantage of such declarative configurations though…

The only reasons I sometime back looked into betterbird was thunderbird breaking TbSync and its companion “Provider for Exchange ActiveSync”, which I really need for work, and because of their tray support (I don’t like the modern way which rejects the benefits of the tray functionality, or notification area which is how it’s also called now a days).

For the first thing, I was able to live with thunderbird by reverting the upgrade and keep its package from upgrading at all, until the two extensions I required eventually supported the new thunderbird version which broke them. I looked into betterbird as an alternative since someone suggested it given betterbird wasn’t moving as fast at that time as thunderbird was, and at that moment they were not breaking the extensions I’m force to use if wanting to use thunderbird as email client at work.

For the tray, ohh well, it doesn’t work on wayland if you don’t use gnome or kde (I use wayfire), so it couldn’t help me at all. I found a bug reported on mozilla (not sure why not also on betterbird) which matches my case, so no luck with their tray support, :(

Other than that I really didn’t find a compelling reason to use betterbird instead of thunderbird. But if I were a gnome or kde user, perhaps its tray support might be compelling enough.

First of all, it’s been a while since it’s no longer his code, and the contributions from whatever amount of people must be respected. That was used some time back as justification to never moving to GPL3 or latest.

Second, there’s now a huge foundation behind it. Although he has gating approval for whatever he wants, the money coming from big enterprises would cease. Remember now MS already claims it loves linux.

Third, although it’s pretty linked to second, the project is not an independent community project anymore. Even risc-v people took care not to create a so nation specific project (even though its origins are totally linked to the academy from a particular one), that it doesn’t matter which country imposes sanctions to others, no country can prevent another from using its open ISA to build their own stuff. Linux, and its linux foundation failed on this, and as it’s pretty dependent on the big tech and enterprise, now it has no options to be compliant. Which you could see recently from banning developers and the legal reasons involved (well done, as risc-v, that would have had minimal impact, or better yet, if a community project not linked to any country, then that would have gone differently).

All in all, linux’s success has lead it to be a non community driven, non independent project, and I would guess the enterprise and big tech, which is pretty reliant on linux now a days, wouldn’t let linux go away unless they already have an alternative.

Though never say never right? But my take on this is both, no single person owns linux, so no single person can take it away, and there’s too much reliance on it from big tech and enterprises as to let such important project, and key on their software supply chain (years back thinking on software supply chain was in no one’s mind) or so they say.

If ever getting to administrate non systemd boxes, and in need to deal with the system logging mechanism, then syslog-ng comes close to the most probable mechanism use. And no, non systemd gnu+linux distributions are not legacy, there are quite a few out there, just not the major or mainstream ones, like Artix, Void, Guix, and several others, not to count non gnu+linux OSs like BSDs…

I don’t get this comment. Again, the virtio-win is an ISO that’s easily mounted on a qemu (whether libvirt environment or not, which is not required, it just helps making the qemu configuration easier), which comes with several virtualized drivers that accelerate the windows experience quite a bit.

Changing the storage driver is complex on plain qemu (I don’t think it’s easier through libvirt just because the heck of it, the issue is the windows guest), first one need to run qemu with a dummy storage driver using virtualized driver, so that windows detects it. On the guest one needs to install the driver for the discovered storage from the ISO, then reboot and the dummy disk can go away and windows will find a driver for the main disk). Other drivers like the ethernet one, graphics cards, memory baloon, and other stuff need to change the corresponding driver manually, but no need for immediate reboots, but for sure several reboots are expecting while changing the windows drivers.

I no longer use a VM for windows, thankfully, but here it’s a command line meant not to use a GUI qemu front end, but rather a Spice backend (requires virtualized special serial driver and special graphics driver):

qemu-system-x86_64                                                                                                                                                                           \
        -name win-10                                                                                                                                                                     \
        -enable-kvm                                                                                                                                                                          \
        -machine type=q35,accel=kvm                                                                                                                                                          \
        -cpu host,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time                                                                                                                            \
        -smp cores=1,threads=2,sockets=1                                                                                                                                                     \
        -m 4G                                                                                                                                                                                \
        -device intel-iommu                                                                                                                                                                  \
        -device virtio-balloon                                                                                                                                                               \
        -drive file=/home/vasqueja/.qemu/imgs/win10-coe.qcow2,index=0,media=disk,if=virtio,aio=native,cache.direct=on,l2-cache-size=10M         \
        -drive file=/usr/share/virtio/virtio-win.iso,index=1,media=cdrom                                                                                                                     \
        -drive file=/usr/share/spice-guest-tools/spice-guest-tools.iso,index=2,media=cdrom                                                                                                   \
        -device virtio-net-pci,netdev=net0                                                                                                                                                   \
                -netdev tap,id=net0,ifname=tap0,script=no,downscript=no,vhost=on                                                                                                             \
        -usb                                                                                                                                                                                 \
                -device usb-tablet,bus=usb-bus.0                                                                                                                                             \
        -display none                                                                                                                                                                        \
        -vga qxl                                                                                                                                                                             \
        -device virtio-serial-pci                                                                                                                                                            \
                -chardev spicevmc,id=spice0,name=vdagent                                                                                                                                     \
                        -device virtserialport,chardev=spice0,name=com.redhat.spice.0                                                                                                        \
                        -spice unix,addr=/tmp/win10_spice.socket,disable-ticketing                                                                                                           \
                -chardev socket,path=/tmp/win10_qga.socket,server,nowait,id=qga0                                                                                                             \
                        -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0                                                                                                      \
        -device intel-hda -device hda-duplex                                                                                                \
        -rtc base=localtime                                                                                                                                                                  \
        -monitor stdio                                                                                                                                                                       \
        -k es                                                                                                                                                                                \
        -device usb-host,bus=usb-bus.<...>,vendorid=<...>,productid=<...>                                                                                                                      \
        -device usb-host,bus=usb-bus.<...>,vendorid=<...>,productid=<...>                                                                                                                      \
        -device usb-host,bus=usb-bus.<...>,vendorid=<...>,productid=<...>

Some investigation on your side is required if wanting to use spice (to add copy/paste cabalities on the guest, but perhaps that’s not needed anymore with libvirt and some of the popular forntends from GTK/QT), and the QLX dirver needs to be chosen correctly since it depends on the windows version (there was one for windows 10, not sure if there’s a 11 one).

Again, all this just to improve the windows guest experience. Some of this might have been made easier through libvirt, but the windows side of the drivers is a manual windows process, one driver at a time, and using virtualized storage is tricky on windows guests…

BTW I was setting a tap interface, with IP tables, because I found it to be the easier way to share my host VPN connection with the guest, without the need to establish a host and a guest VPN connection…

virtio-win allow for much better performance using virtualized drivers rather than plain emulation from qemu. Virt Manager doesn’t offer windows guest paravirtualized drivers, that’s on the guest side, and virtio-win ISO helps a lot with this.

There’s no need to jump into conclusions when it’s too early to tell.

If later, it so happens it gets removed, and you don’t want use out of tree stuff, which is still possible through several means, including building your own linux (your own kernel), then you can back all contents of your partitions up, create new partitions with the FS of your preference (ext4, btrfs, whatever), and finally copying over the contents of that last backup. No need to stress out this early, :)

Arch and Arch based distros like Artix have linux-libre available from AUR if one doesn’t have an issue with building from source. Also see my other comment about Guix, there’s a non official repo with ucode and hardware firmware…

Not sure why you mentioned this. At least on Arc, or any distro based on it like Artix, the ucode per CPU is offered as a separate package:

% pacman -Ss ucode
system/amd-ucode 20241111.b5885ec5-1
    Microcode update image for AMD CPUs
world/intel-ucode 20241112-1 [installed]
    Microcode update files for Intel CPUs
world/iucode-tool 2.3.1-5
    Tool to manipulate Intel
galaxy/amd-ucode-xz 20230625.ee91452d-4
    Microcode update image for AMD CPUs
extra/intel-ucode 20241112-1 [installed]
    Microcode update files for Intel CPUs
extra/iucode-tool 2.3.1-5
    Tool to manipulate Intel

If your distro doesn’t help with ucode packages, you can ultimately download it from intel/amd/whatever. And the same applies for the hardware firmware in general.

So it’s true that some hardware won’t properly work out of the box by using libre-linux, but nothing prevents you from getting the required firmware from other packages or sources. Granted that doesn’t make things easier. And granted that might defeat the purpose of using linux-libre, but you might at least only add only strictly required binary blobs for your current hardware.

linux-libre is harder because if you want cpu ucode plus hardware firmware support in general so that you can make your bad citizen hardware work, you’ll need to add it out of the linux package.

Someone mentioned Guix as a gnu + linux distribution was hard, and in general that’s true, but not because of linux-libre since there’s a non official Guix repository providing non libre/free cpu ucode plus hardware firmware, see:

https://gitlab.com/nonguix/nonguix

The complex part of Guix comes from it being a inmutable distribution based on the ideas from NixOS, though it’s not a fork from Nix since it’s even based on Guile rather than the Nix language, but their packages and configurations are quite different than any other distribution, the same as its inmutable system and I believe on both reproducibility is a thing…

But bottom line, for Guix you can even get packages to make linux-libre work with your hardware provided you find the corresponding firmware in the non official repo, and in general (not just Guix) as long as you find the firmware somewhere else (not in linux-libre) you would be OK, and depending on your distro that might be a really hard task.

I use Artix, and though I haven’t explored it yet, I’ve been wondering how hard it’d be to install linux-libre, and get the strictly required firmware from the AUR, perhaps it’s possible. The package is actually offered from AUR:

% aur search linux-libre
aur/linux-libre 6.11.9-1 (+37 0.35%)
    The Linux Libre kernel and modules
aur/linux-libre-docs 6.11.9-1 (+37 0.35%)
    Documentation for the Linux Libre kernel
aur/linux-libre-firmware 1.4-1 (+3 0.00%) (Orphaned)
    Firmware files for Linux-libre
aur/linux-libre-headers 6.11.9-1 (+37 0.35%)
    Headers and scripts for building modules for the Linux Libre kernel
aur/linux-librem5 6.6.57-1 (+0 0.00%)
    The Linux kernel for Purism Librem 5
aur/linux-librem5-docs 6.6.57-1 (+0 0.00%)
    The Linux kernel for Purism Librem 5 (documentation)

Neither servo rendering engine (like gecko), nor verso (an actual rust based web browser based on servo) are quite ready for prime time. But I’m hoping they will be there sooner rather than later. I don’t use Firefox directly, but rather wrappers based on it, Librewolf for the desktop and Mull in part because I’m lazy (I prefer the ankerfox stuff and other to be done for me), and if I want to avoid chromium based browsers, dominating big time (MS browser edge is as well chromium base, electron is chromium in disguise, and now a days QT web engine underneath is chromium as well) well there’s no option yet.

On the other side, nothing guarantees servo and verso (or whatever other servo based browsers in the future) will care about net free advocacy, neither user freedoms, just be concerned about being better technical solutions, :( But I still have high hopes as you might…

Just being a good technical alternative is not good enough now days, :(

This is sad, not just because it’s a trend on Mozilla, but because it shows how mozilla has embraced the corporative kind of mindset. The advocacy team was fundamental for net free principles.

Mozilla based browsers keep being the only practical alternative to web browser dominance, but it itself has degrading its status of resisting bad practices against users and the web in general. And emerging alternatives are also technical alternatives only, with no intention of net freedom advocacy, GPL sort of principles to protect the user and so on.

Sad days indeed, :/

Ohh, do you have miniflux self hosted somewhere so it does the feeds collection, and then on newsflash you hook with the miniflux reader?

What I do to sync (I don’t read feeds on the phone) between desktops is to rsync these 3 dirs:

~/.config/news-flash
~/.local/share/news-flash
~/.local/share/news_flash

That so I don’t lose the feed subscriptions neither the history of what I have already looked at, neither what I’ve kept as starred (there are interesting feeds I want to keep). If miniflux had sort of a client, similar to newsFlash, but that set everything in miniflux rather than locally, so that no matter different desktops (even phones) will have the same starred kept feeds, and the whole history and the like on miniflux… There’s a python client, but I don’t know if it gets any closer to newsFlash. I guess having miniflux, one can hook to it through any web browser as well, but I really like newsFlash interface, hehe.

The sad thing is needing to somehow keep miniflux running somewhere, which is not feasible for me, and perhaps for others, but it’s interesting…

Is it because Fedora doesn’t enable zswap by default?

https://wiki.archlinux.org/title/Improving_performance#zram_or_zswap

https://wiki.archlinux.org/title/Zswap

https://wiki.archlinux.org/title/Zram

One down side of zram is that you won’t be able to hibernate to swap, if that’s a requirement. On consoles this might be totally irrelevant though.

ok, thanks

what stopped you from using it? Or did you stop following rss/atom feeds?

Anyone using NewsFlash? I really like it, specially to keep the seeds locally.

Sorry about that. I was not aware of other meanings. I’ll try to remember to use the complete “software” word instead of its acronym I was used to since the 90s… Hopefully under the context what I wrote doesn’t get misinterpreted. Thanks !