Atemu

Atemu, 4 months ago

Distro doesn’t really matter here. Choose any that you like.

Atemu, 4 months ago

Which of the drives does this happen with? Or does it happen with both?

Atemu, 4 months ago

Boot a live ISO with the flags recommended in the kernel message and do some tests on the bare drives. That way you won’t have the filesystem and subsequently the rest of the system giving out on you while you’re debugging.

Atemu, 4 months ago

I’d start by generating some synthetic workloads such as writing some sequential data to it and then reading it back a few times.

badblocks concerns partial failure of the device where (usually) just a few blocks misbehave while the rest remains accessible. The failure mode seen here is that the entire drive becomes inaccessible and it’s likely not due to the drive itself but how it’s connected.

If synthetic loads fail to reproduce the error, I’d put a filesystem on it and copy over some real data perhaps. Put on some load that mimics a real system somehow to try and get it to fail without the OS actually being ran off the drive.

Atemu, 4 months ago

Did you boot with the kernel flags from the log?

Could you show the dmesg from the point onwards when the drive dropped out?

Atemu, 4 months ago

Snapshots are cheap to create but they do still have a cost. Any file you delete will only free up the space it used once the last snapshot which contains the file is deleted.

So yes, if you’re low on space, you should look into deleting snapshots. Otherwise, snapshots are an extremely useful tool.

Atemu, 4 months ago

Claims 7-10% performance improvement on an old AMD FX thing. No information about the baseline though; whether it’s the terrible Snap or Firefox’s official binary package. I suspect it’s the former because it has known performance issues IIRC and the latter has quite good compiler optimisations already (LTO+PGO making most of the difference).

When I built Firefox for x86_64-v3, I saw no measurable improvement over x86_64-v1 in speedometer. I didn’t dare to build the most security critical application on my system with unsafe compiler optimisations though…

Atemu, 4 months ago

Everything involving -O3. That usually stands for “enable all standards-compliant compiler optimisations, no matter how how little their benefit or their stability”.

What would be even worse would be -Ofast which won’t even care about strict standards compliance. No sane distributor distributes -Ofast and the only distributor I’d trust to use -O3 correctly is Intel’s Clear Linux.

I don’t know about OPT_LEVEL but it’s likely an abstraction of the build system for this flag.

Atemu, 4 months ago

Note that anti-virus can only assert that you are infected, not the opposite.

Atemu, 4 months ago

That’s a really hacky method and should not be in the manual tbh.

You should be able to update by “installing” your env again though.

It’s a bit overkill but for declarative package management under non-NixOS, I use home-manager’s home.packages option. It does essentially this but wraps it in a nice package and home-manager can do a lot of other things too.

As for flakes: No, you don’t require them to do any of this. They solve an entirely different problem.

Atemu, 4 months ago

Security-critical C and memory safety bugs. Name a more iconic duo…

I’d have kinda preferred for public disclosure to have happened after the fix propagated to distros. Now we get to hurry the patch to end-users which isn’t always easily possible. Could we at least have a coordinated disclosure time each month? That’d be great.

Atemu, 4 months ago

I’m afraid I don’t understand what you’re trying to say.

Atemu, 4 months ago

They did follow that. You can read their disclosure timeline in their report.

Problem is that the devs of glibc aren’t the only people interested in getting glibc patched but us distro maintainers too.

What I would have preferred would be an early private disclosure to the upstream maintainers and then a public but intentionally unspecific disclosure with just the severity to give us distro people some time to prepare a swift rollout when the full disclosure happens and the patch becomes public.

Alternatively, what would be even better would have been to actually ship the patch in a release but not disclose its severity (or even try to hide it by making it seem like a refactor or non-security relevant bugfix) until a week or two later; ensuring that any half-decent distro release process and user upgrade cycle will have the patch before its severity is disclosed. That’s how the Linux kernel does it AFAIK and it’s the most reasonable approach I’ve seen.

Atemu, 4 months ago

nodatacow is a hack and will disable any and all consistency mechanisms for that file’s contents. Tools should not be setting nodatacow for virtual drives, certainly not by default.

Atemu, 4 months ago

Yikes.

Atemu, 4 months ago

I’m switching to AMD since the 7800x3d is the new king now

Do you have any games that would be CPU bottlenecked at that resolution with your new setup and benefit from large L3 cache?

My favourite game is yes to both, so AMD’s CPUs with stacked caches are a no-brainer for me but yours might not. If they aren’t, stacked cache CPUs are a waste of money and you’d likely have the same result with a CPU half the price.

I mainly use Linux, aside from a Windows partition for that only game that needs it, so AMD also seems more logical in my opinion for my setup.

Good decision.

---

The motherboard appears to be quite expensive; does it have any specific special features you need? If not, I’d recommend downgrading to ~half the price.

There is no RAM in your setup?

If you need 4TB, I’d get either 4TB in one drive or two of the same drive. The 20€ won’t explode your budget and the 980 Pro is quite a bit better.

Atemu, 4 months ago

Planetside 2

Ah, so we share a favourite game then :)

About the Mobo, I’m planning to take advantage in the future to the 5.0 PCI lanes

I don’t forsee any use-case for PCIe 5.0 until this PC would be EOL.

but what’d you suggest in a lower price range?

I’m not an authority on that.

I sorted by price and chose between the first few that seemed decent and had the better connectivity.

Oddly, people suggested me the contrary, to downgrade from the 980 pro to the WD. Would be better to have the Samsung one?

It’s been a while since I researched it but the 980 Pro was pretty much the best you could reasonably want in RND4kQD1 and that’s the most important metric for desktop use to my knowledge.

Atemu, 5 months ago

#2 is strange – why does it matter?

It doesn’t. If you’re running a laptop with a local web server for development, you wouldn’t want other devices in i.e. the coffee shop WiFi to be able to connect to your (likely insecure) local web server, would you?

If one is hosting a webserver on port 80, for example, they are going to poke a hole in their router’s NAT at port 80 to open that server’s port to the public. What difference does it make to then have another firewall that needs to be port forwarded?

Who is “they”? What about all the other ports?

Imagine a family member visits you and wants internet access in their Windows laptop, so you give them the WiFi password. Do you want that possibly malware infected thing poking around at ports other than 80 running on your server?

Obviously you shouldn’t have insecure things listening there in the fist place but you don’t always get to choose whether some thing you’re hosting is currently secure or not or may not care too much because it’s just on the local network and you didn’t expose it to the internet.
This is what defense in depth is about; making it less likely for something to happen or the attack less potent even if your primary protections have failed.

#3 is a strange one – what sort of malicious behaviour could even be done to a device with no firewall? If you have no applications listening on any port, then there’s nothing to access

Mostly addressed by the above but also note that you likely do have applications listening on ports you didn’t know about. Take a look at sudo ss -utpnl.

#5 is the only one that makes some sense; if you install a program that you do not trust (you don’t know how it works), you don’t want it to be able to readily communicate with the outside world unless you explicitly grant it permission to do so. Such an unknown program could be the door to get into your device, or a spy on your device’s actions.

It’s rather the other way around; you don’t want the outside world to be able to talk to untrusted software on your computer. To be a classical “door”, the application must be able to listen to connections.

OTOH, smarter malware can of course be something like a door by requesting intrusion by itself, so outbound filtering is also something you should do with untrusted applications.

People seem to treat it as if it’s acting like the front door to a house, but this analogy doesn’t make much sense to me – without a house (a service listening on a port), what good is a door?

I’d rather liken it to a razor fence around your house, protecting you from thieves even getting near it. Your windows are likely safe from intrusion but they’re known to be fragile. Razor fence can also be cut through but not everyone will have the skill or patience to do so.

If it turned out your window could easily be opened from the outside, you’d rather have razor fence in front until you can replace the window, would you?

Atemu, 4 months ago

In my case I have a number of sockets from spotify, and steam listening on port 0.0.0.0. I would assume, that these are only available to connections from the LAN?

That’s exactly the kind of thing I meant :)

These are likely for things like in-house streaming, LAN game downloads and remote music playing, so you may even want to consider explicitly allowing them through the firewall but they’re also potential security holes of applications running under your user that you have largely no control over.

Atemu, 4 months ago

But I could easily see nixpkgs implement functions that allow nixos-rebuild switch to use either live patching method, or even implementing one specifically for NixOS.

Sadly, I could not. Live patching requires extensive knowledge of the previous system state and that is the antithesis to NixOS where any system state is fully independent of any other possible system state.

nixos-rebuild switch isn’t very magical at all once you understand this principle.

Live patching is also not really something you want to use or use frequently. It’s more intended for “this super critical box can only be taken down next Saturday but there’s a fix for a 0-day in the kernel today that we need ASAP”. If it’s at all possible to simply reboot, simply reboot (or kexec).

Atemu, 5 months ago

Now that’s meta.

Atemu, 6 months ago

Pushes Apache License

Atemu, 6 months ago

Depending on what you want to do with it, more cores might require more RAM.

Atemu, 6 months ago

In my 4 years of intensively using Nix/NixOS, I’ve never used the NUR. I wouldn’t know what for tbh. as it’s easier for everyone to have things in Nixpkgs instead.

Atemu, 7 months ago

Approaching at $9.99/month.

Atemu, 7 months ago

You’re converting to analog and back, each time generating a bunch of noise (how much depends on the converters). The ideal solution is to cut out the analog signal here.

The only digital way of transferring audio streams I know of are TOSLINK (no idea whether that can work between computers) and custom protocols over standard ip like @usrtrv mentioned.

Atemu, 7 months ago

No, that’s still a DAC. You don’t want any analog signal in the loop here.

I would rather not go network wise

Why not?

Keep in mind that you can always run a dedicated Ethernet cable between two computers, it doesn’t have to go through your home network.

Atemu, 7 months ago

Just saw this: lemmy.ml/post/8343747

Atemu, 7 months ago

Oh, Windows is in the mix, that’s unfortunate.

Gaming on Linux has come a long way but it’s not 100% yet; more like 90%. You could try looking up your favourite games on www.protondb.com, it even supports loading up your library to give a more personalised picture.

Atemu, 9 months ago

You might want to inform yourself whether tree NFTs actually achieve anything useful in the real world.

Atemu, 7 months ago

You are also DuckDuckGo’s, StartPage’s and Qwant’s products. They sell your space on screen for ads. Now, they haven’t enshittificatied to nearly the same degree as Google and full enshittification happening is of course not a given but making the user a product is basically step #1 to enshittification.

With Kagi, the product is the search engine service. You pay money and in return you get search results, lenses, bangs and all those neat little features. You are not being sold to 3rd parties. (At least not right now but I honestly don’t see that happening any time soon.)

Atemu, 7 months ago

Their operations are very small scale still. I imagine as the economy of scale does its thing, that price/search will fall drastically.

Atemu, 7 months ago

You also have no idea what kagi is doing with your data

We in fact do have an idea what they do and don’t do:

• Searches are anonymous and private to you. Kagi does not log and associate searches with an account.
• We do not log or store your IP address. Your IP address is used only temporarily when enriching location/maps searches, and is not shared with any other party.
• We only store cookies needed for site functionality.
• We do not use any web browser analytics or other frontend telemetry.
• We do not display any ads, or have any first-party or third-party tracking in service of ads.
• We do not share customer data with third parties, except as needed to perform explicitly accessed services. In those cases, we will share the minimum amount of data needed to provide the service, and will do so in an anonymous way.
• We collect only the data needed to provide and protect the service.
• We proxy all images to prevent tracking from third parties.
• We use HTTPS encryption everywhere. All passwords are hashed and salted.

kagi.com/privacy

These terms are legally binding. If they did log searches despite these terms, that could end their business.

it’s inherently eventually unprivate since it relies on a login.

Not anonymous != unprivate.

Even if it was, I don’t think it’s different for all of the other search engines. For example: I do not believe for one second that Google can’t identify you without being logged into your account; even with all the blocklisting your typical ad-blocker does.
Go try and fool abrahamjuliot.github.io/creepjs/ if you want to go try how little even things like incognito mode help against identification on the web and this is all just relatively simple client-side analysis without behaviour tracking.

There is nothing wrong with ads

I disagree that there is nothing wrong with modern propaganda but that’s a topic for another discussion.

The search results on free search engines are also the product here, since they only get paid from using them for results.

No. That’s the thing, they’re not. Search results only serve to attract users. They only need to be good enough to be acceptable to users; everything beyond that is a waste of time and money from a business perspective.
They receive exactly $0 from you as a user. There is no sale contract between you. Therefore, you are not their customer, you are the product they sell to their actual customers.

Atemu, 9 months ago

Super Paper Mario for the Wii also has a mechanic like that. You’re in a 2D paper world (obviously) but you have the ability to temporarily turn 90°; walking through enemies and opening the possibility to i.e. pass some walls.

Atemu, 10 months ago

for a somewhat decent price.

Well, that’s the thing: With the additional cost of games, it’s not really more affordable. You cannot use the hardware for anything but expensive games.

With just 5 games, that’s already $100 more than the same games on PC would have cost.
Depending on how many games you’re going to buy, you could spend hundreds more on the PC’s hardware and it’d still be cheaper overall.

Atemu, 10 months ago

I was wondering what Twitter had to do with gaming…

Atemu, 10 months ago

Given this is Nintendo, I highly doubt this code would be portable to the new console.

Atemu, 9 months ago

Aw, thanks <3

I’ve thought about digital ones too but I think the a Seiko 6m26/6m25 might actually fit me quite well, so that’s what I think I’ll be going with.

Atemu, 5 months ago

smartwatch, but the level of overkill, given what you want, would be silly.

That and I actively do not want a smartwatch anyways because at least three of these apply:

• Doesn’t show the time all the time (huh?); you need to do weird flick motions or whatever
• Has heavy batteries and still extremely short runtime
• Is a privacy nightmare
• Is likely to become a paperweight in 5 years

while even one of these properties would be a no-go for me.

My personal experience has been that analog quartz watches often have some of those features

Do you know of any other models with a count-down timer? I’ve actually had a hard time finding even just the Seiko ones.

You would probably do best with a hybrid that has both kinds of display.

At this point, I’m considering that aswell.

While presenting these functions via the analog display the way the Seikos do is just so incredibly neat, using a little LCD panel for these wouldn’t be too bad either.
These might have the option to be be radio controlled or solar-powered too which would both be a medium boon to me.

I also simply haven’t been able to find these old Seikos in good condition anywhere here in Germany. Physical shops usually either only carry expensive show-off watches (Rolex etc.) or newer Seiko models and listings on after market sites usually don’t look very good or are only sold for parts. Although you did just prompt me to look again and I found an insert on Kleinanzeigen that looks very promising…

So thanks a bunch for your comment either way! :)

Atemu, 5 months ago

Here’s a link to a whole lot of Casio watches with countdown timers on Amazon. As is always the case with Amazon, some of the search results are incorrect, but the majority are fine and there are hundreds of them.

Sorry, I meant analog watch face ones.

There’s obviously lots of digital watches with this complication and anadigis aswell as you mentioned.

Atemu, 10 months ago

Note that Firefox has this translator built in if all you need is whole-page translation.