she/they
Using Guix SD instead.
Real answer, NixOS is very tied to Systemd (the init part anyways). Removing it would amount to rewriting the entirety of <nixpkgs/nixos>, and writing a bunch of extra service definitions for packages that are only supported on systemd. Also you’ll have to reimplement UserDB (which is what this PR is for) to get GNOME (maybe also KDE?) to work.
Basically this means you as a user dont have to do anything but switch away from projects that depend on SystemD’s UserDB (like Gnome), not SystemD as a whole
You can also just… not put your PII into UserDB. It can store clear names, mail addresses, postal addresses and now birthdates… but it can also just serve as an interface to /etc/passwd. Which conveniently also works with LDAP accounts (unlike your hand written /etc/passwd parser) if you’re an organisation that uses LDAP.
This is the entirety of what UserDB knows about me:
userdbctl user --output=json $(whoami)
{
"userName" : "sky",
"uid" : 1000,
"gid" : 100,
"homeDirectory" : "/users/sky/home"
"shell" : "/run/current-system/sw/bin/fish"
}
I don’t expect that to change with this PR.
The other user data is already stored in the userdb versions that nearly everyone who uses a systemd distro already has. You can check what data is being stored with userdbctl. On my system that looks like this:
userdbctl user --output=json $(whoami)
{
"userName" : "sky",
"uid" : 1000,
"gid" : 100,
"homeDirectory" : "/users/sky/home"
"shell" : "/run/current-system/sw/bin/fish"
}
Honestly this PR is a bit of a nothingburger. I’m not aware of any distro really using userdb to store data beyond what you’d store in /etc/passwd (maybe Ubuntu does?). The main value of userdb seems to be as a frontend so other programs don’t need dedicated code to handle /etc/passwd, LDAP, etc. Notably GNOME recently eliminated their dedicated code in favor of just using userdb.
And Userdb doesn’t really handle data validation at all. It enforces that you input a valid date after 1900, but that’s kinda it. I guess you need root/sudo privileges to change the birthdate but that’s not much of a hurdle for most Linux users.
Really this entire PR boils down to:
ALTER TABLE users ADD birthdate date;
The infix syntax is not great, but you can at least write frac(n (n + 1), 2) and it renders the way you would expect.
Edit:
This is not even an option in typst, which uses the space as an escape character.
Technically LaTeX does this too with omitted curly braces:
\sum_{n=1}^9 % works
\sum_{n=1}^10 % doesn't work
Everyone just quickly learns to not do that.
I can only speak for myself but I like Typst a lot more than LaTeX. Typst compiles instantly and the markup language is very reasonable. LaTeX by comparison is slow and arcane, with a macro language that is unlike anything else in common use today. It also has pretty awful defaults to be honest, especially if you’re writing in a language that isn’t English. There are a few things that Typst can’t quite do, but that gap is shrinking as well.
Edit: This blog post has some examples and showcases a lot of the core functionality, including the scripting. Typst has a playground which you can use to get a feel for the basics (though installing it locally isn’t a massive pain either, unlike LaTeX). Overleaf allows trying LaTeX in the browser for free as well, although only with an account (partly because LaTeX tooling is a pain and expensive in CPU resources).
Of course, legislators are getting more and more technically knowledgeable so trying to rebel against OS age verification by simply cosmetically making a computer different from your typical desktop like systems might not suffice…
I’m admittedly not especially familiar with how law is practiced in the US but in my opinion trying to skirt the letter of the law while blatantly violating its intention is usually a bad idea. The more you piss off prosecutors and judges the more effort they will put into finding something to prosecute you over, and it also makes them more likely to push for the harshest fines/convictions that are legally possible.
Of course unfortunately a lot of the time the law is just bullshit, and this particular bill appears to have at least a few issues, but still…
Nevertheless, I did not know about Cage! At least now I know how the hacks make those IoT control panels with their SBCs! Perhaps I’ll set up something cool in my living room like… A weather forecast screen? The stock market? Live GPU prices?
For completeness sake, Cage isn’t the only way to do this. Gamescope is another popular “kiosk compositor”, notably used by the Steam Deck (in the “Deck mode”). And of course the same thing is possible with X window managers as well, Openbox seems to be a popular choice for X11 kiosks.
Oh no I wasn’t talking about your tone at all, sorry about my poor phrasing there. I meant the tone of Timothy Roscoe which rubbed me the wrong way.
I might be a bit overly sensitive since it reminded me of how science cranks like to talk about their “discoveries” - You know, how people like Avi Loeb or Eric Weinstein will go on Joe Rogan and complain how nobody in academia is taking them seriously. Obviously that’s not at all what Roscoe is doing (and not just because he’s right) but it sounded a tiny bit like that to my ears, at least before the Q&A section (which I hadn’t watched before writing my comment).
I was mostly just trying to convince myself this morning I wasn’t insane. I had thought it was the standard terminology.
No you are actually correct, “bare metal” does in fact mean “without an OS”. It just got co-opted to mean… other things additionally, and in the case of servers specifically the new usage ended up crowding out the original one. Hence the original misunderstanding.
There was a really interesting talk at USENIX a few years ago (Usenix 21 keynote with Timothy Roscoe, I just looked it up) that was basically saying that a modern OS like linux, isn’t even accessing hardware and is just an OS in a system of OSs on a computer.
This was indeed a very interesting talk. Not sure if the accusatory tone (Edit: Of the speaker!) was warranted but I’m not really the target audience so who am I to judge.
One aspect that he only mentioned in passing is that hardware manufacturers seem to be very happy to entertain Linux’s (and Windows’) assumptions about memory, just like they seem to be very happy to entertain assumptions about execution order. Nobody wants to make hardware that requires a weird bespoke operating system because of its bespoke microarchitecture (except perhaps for Apple, though I’m not confident they’re really innovating in this regard). Maybe I lack perspective but I don’t really see a nice way out of this either, since nobody wants to buy hardware that requires weird bespoke operating systems either (except once again Apple). And I don’t see how an operating system could be widely supported across many different SoC designs without accumulating a similar complexity to modern Linux.
We should definitely be feeling mildly uncomfortable about this entire thing though.
Yeah I understand that’s what you meant, but it’s not what people think when they hear “bare-metal server” (anymore… not saying you’re wrong!) or what the commenter I was responding to was talking about.
I’m not sure anyone is really deploying servers without an OS, even though I’m sure the concept has a lot of merit. Unfortunately there’s a strong trend of putting the absolute minimum possible effort into deployment at the expense of basically everything (which is how you end up with really stupid ideas like “serverless computing”).
Most TVs are probably already compliant because using them requires creating a Google or Apple account, which already want your age information (and the California bill explicitly allows using existing data like this IIRC). That’s good for avoiding disruption, but not so good from a privacy perspective.
The other advantage of a bare metal server is that the computing resources are guaranteed to actually be there when you need them. VM Providers are known to overbook their actual hardware, so if other customers happen to use more compute than anticipated then your VMs mysteriously won’t have the performance you paid for.
There’s also a computational cost to virtualization itself, so you can add slightly more performance to a single server before you have to use a distributed system, but I doubt that’s significant for more than a handful of businesses.
Theoretically you could create an appliance with just a Linux kernel, Cage and Firefox (plus dependencies) and boot that with init=/bin/cage firefox. This is how most information and advertisement displays and other kiosk systems (think of stuff like the McDonalds order machines) are made.
It would be difficult to argue that this isn’t an operating system though, because typical definitions are very broad. In particular, you will always need “a program that manages a computer’s resources”, and you also need “the allocation of those resources among other programs” because websites are programs (in reality a browsers will liberally fork itself to take advantage of kernel process isolation, but even if it didn’t the in-process threads would still qualify).
Vendors of kiosk systems probably have better chances arguing that their devices aren’t general purpose than that they don’t use an operating system. However if your “kiosk” system is advertising on the basis that you can do general purpose computing within a browser then your chances of arguing that you’re somehow not selling a “general purpose computing device” aren’t going to be very good.
I tried a git log --grep=claude but it doesn’t net much, basically just this PR (which in fairness does look vibecoded).
Maybe there’s some development branch in the repository that has a commit authored by Claude but if so it’s not on main.
I think this is the right take on this.
All of this is fundamentally rooted in legal compliance things and the only reason you can see any western open source organizations not following suit is because their “violation” has flown under the radar so far. While going European-based helps with a lot of other US bullshit, in this case it doesn’t because the sanction situation is largely the same across most of the world. You could go with one of those Chinese or Russian (maybe Indian?) distributions I suppose, but those come with their own problems.
Even if you’re prepared to make your own Linux distribution - If you’re in the US, Europe, or much of the rest of the world, you’re in the same legal situation as all the existing projects and risk criminal persecution for violating sanctions. Well, in theory at least, I haven’t heard of many arrests or convictions actually happening because of open source software. If you want to gamble on it never actually happening then sure, go ahead.
As humans we like our agency, which makes it tempting to think of \<any world problem\> as something that can be solved by making mildly inconvenient lifestyle decisions, but unfortunately that’s just not how things work at this scale. Solving this issue requires lifting the sanctions, which requires a successful left wing (or at least left leaning) political movement to happen in a large chunk of the world. It’s perfectly fine to also make that lifestyle decision, but it’s important to keep the bigger picture in mind.
Clarification edit: At the same thing, it’s also important to see that the problem is happening, so signal boosting blog posts like this absolutely has value despite all of this.
Bad RAM is still a thing (even on regular PCs), there’s a reason ECC memory has a market (true ECC, not the stuff that DDR5 has built-in). But I agree that it’s likely just an OOM/Thrashing situation. Linux famously doesn’t handle them very well, and the behavior OP is seeing is very much consistent with that.
Ignoring the interactive features (or lack thereof) in dash/ksh, removing bash is not really something that’s possible on most distros (excluding Alpine and possibly Debian) since it’s used in scripts everywhere. And if you need to have bash installed anyways, why opt for the less pleasant shell in daily usage?
If your DE/Launcher uses systemd scopes properly you might be able to see something in the journal. As an example somewhere in my logs I can see this:
Jan 17 17:52:50 sky systemd[2171]: app-niri-steam-40213.scope: Failed with result 'oom-kill'.
Jan 17 17:52:50 sky systemd[2171]: app-niri-steam-40213.scope: Consumed 6h 32min 39.773s CPU time, 9.4G memory peak, 6.2G memory swap peak.
That’s pretty clearly severe thrashing and an eventual OOM event caused by a game. If you’re not familiar, the command journalctl -e -b -1 gives you the last log lines from the last boot. Use d and u to navigate the pager and q to quit. This will only work if the launcher you are using sets up transient systemd scopes and doesn’t just fork-exec into the application (Fuzzel does the wrong thing by default, as do many others).
I’ve also seen large Steam downloads causing such issues, so capping your download speed might help. As could enabling ZRAM.
Edit: Also, this is most likely completely unrelated but do note that Neon is basically abandoned. You should very much consider switching to a maintained distribution, whether that’s another Ubuntu spin or Fedora or something else entirely.
But /etc/fstab has the same UUID for every drive, I have no idea what to do with it.
That would be because every entry (except /boot and /tmp) is a subvolume of the same btrfs volume. Your other drives just aren’t in there.
You might want to read man fstab and maybe the Arch wiki pages for fstab and NTFS. It’s not that difficult as long as you make sure to not reboot with a broken fstab (using nofail is also a good idea). And yes you can just mount them to /media if you want, as long as the mount point is an empty directory.
Ubuntu Studio might have achieved this in a different way but since you’re in Arch land now it’s probably better to do what the Arch documentation recommends.
From what I can tell, it has to do with the drives mounting on /run/media, and apparently /run is a temp folder or something.
Probably not. Yes /run is a tmpfs, but that doesn’t affect any other filesystems mounted inside of it - those have their own permissions (or don’t in the case of FAT).
Since the drives are being mounted in /run/media they’re probably being mounted by your file manager, not via /etc/fstab. You could instead have them mounted on boot by the root user via /etc/fstab (the classic way) or systemd.mount (slightly friendlier), or configure polkit to allow mounting drives without a password (more reasonable if you’re talking about external or thumb drives).
The permission issue is probably for a different reason. Are you sure the filesystem(s) you’re mounting supports POSIX style permissions? FAT doesn’t, and NTFS requires a special flag for it. The files might look like they have permissions, but they’re coming from the mount options and modifying them will either fail outright or not do anything.
Edit: Run lsblk -f to see all connected drives, partitions and file systems and their file system type.
In the xdg-desktop-portal PR there is a very interesting discussion about how OS level parental controls probably should work:
Presumably an app would send a list of specific OARS tags (which exist for precisely this purpose) to the OS via xdg-desktop-portal, and the OS would respond by classifying each tag as acceptable or unacceptable. The app then is only responsible for not displaying the unacceptable content, and tweaks to the filters based on jurisdiction and new laws/amendments happens in a clearly defined place which is the portal implementation (which could be in an optional package, e.g.
xdg-desktop-portal-content-controls).Of course that system wouldn’t comply with any of these new laws because they’re just bad. Even ignoring all technical considerations, most of them have a ridiculously broad scope (or large uncertainties). They’re very poor legislative work.