Linux is not really comparable like this because the distribution matters along with the bootloader configuration.

If you have an immutable distro with SELinux configured and your own UEFI keys or a shim with secure boot, you’ll have a very different set of vulnerabilities from someone running Mint with secure boot turned off.

For a short time Microsoft marketed an upgrade path the a full Unix like operating system for Windows. It was widely known that some of the Windows shell differences from Unix were just arbitrary aliases for the Unix commands.

If you ever get the chance, try using an old Android device you do not use, enable the developer options for the ADB bridge and try hacking around, if you have an interest in understanding how Linux security works in practice when it is done right. The Linux side of Android is an interesting case study if you understand the premises of Android. It is a Linux system that is secure for people with absolutely no understanding of Linux or networking. This is enabled by allowing the app developer to become something like a full Linux user on the Android device. All of the Linux kernel binaries that could modify the kernel in any way are removed and there is no administrative account present. When the hardware manufacturer logs out for the last time, all the administrative and modifying binaries are deleted. This secures the remaining files that are all marked as read only. Android also has a very robust SELinux implementation in place. Every location present has a defined security context. So there are places where you can create temp files and store data, but the things that can be added and manipulated are very limited in their access to other parts of the system. If you mess around with this the way these tools work will become much more tangible.

By comparison, most distros ship with a very open and unconfigured security context. The SELinux configuration is still extremely permissive in distros with SELinix integrated, like Fedora. This is nothing like Android’s setup. The primary reason for a lot of the ROM community on Android and how they have root access is because of exploiting CVE vulnerabilities in the kernel that were found after the kernel was shipped. Android works with orphan kernels that only the manufacturer can update because they retain the source code for the kernel modules that they add at the last minute. This is the depreciation mechanism used by the hardware manufacturer to steal ownership with Android devices.

If you understand how exploiting CVE’s works on a simple abstract level, and why it is necessary in order to bypass the immutable system (read only file system without tools to modify Linux kernel binaries), and how SELinux adds further restrictions based on the context of who is accessing the directory or command/executable, you should better understand the complexity of the question you’re asking. The app developer on Android is like your equal on the device. They can do what you can do, and that is why you are so restricted too. Your measures of control on Android are very limited and just in the app environment spaces.

Once I learned the basics of this system, it has become the way I view all software systems intended to enable ignorant consumers. Tremendous power to alter systems is included in these platforms, platforms like Windows.

Those that are trying to make the Windows games work on Linux are likely completely focused on functionality. When people talk about things like sandboxing, they are almost always talking about library dependencies and not any kind of security context. It is likely that any malware that targets Windows binaries will not work on Linux directly, but something that targets Linux specifically is another matter entirely; it is security through obscurity, which means no security at all. Unless you’ve taken active measures to limit the PID/GID/security context of the process that is running the software, it has all the same permissions of the user that called it. It can delete, view, and write anywhere that you can with the user/group/sc that launched it.

I spent all day stockpiling, building a soldering iron, and messing around with the Evac, first building area. I’ve figured out some of the tech tree and made my second character freeform and much stronger across the board. I have a barricade mentality for now. I haven’t checked out what anyone else has done, but fixated on barricading the basement of that first house and trying to add solar lighting. I dispatched the two zombies at the house to the south with all the cars and cooking supplies, but haven’t ventured beyond. Maybe I’ll check out the helipad and bride soon.

I just spent all afternoon and evening trying to figure out Cataclysm CDDA. After not doing anything meaningful for hours, I drove a car into a lake and was mediately attacked by a couple of rodents and died with a kill to death ratio of 1:0. Thanks.

It was nothing like what I asked for, but exactly what I needed to push me back into a FreeCAD project tomorrow.

If a curious desire for awareness of the the details that surround me is somehow offensive or off putting I apologize. I find it is a catalyst for learning and contextualizing information in several areas of personal interest and plugs some holes in my ignorance.

Looking for a CS/CoD level experience. Steam might be okay, but I haven’t tried it and am skeptical of anything marketing oriented. I really don’t want to see ads or hype of any kind. I’d much rather ask around and go in search of my options when I feel compelled. In other words, I’m aware of my susceptibility to suggestive marketing and am not okay with others manipulating me through that mechanism so I avoid it all together. I will not enter the space at all unless those terms can be met.

I was just skimming a fedora mag post on gaming and it mentions that Steam packages Proton but there are community maintained versions with more advanced features than are possible on the Steam Deck; the most popular being Proton Glorious Eggroll.

Xonotic was one I played some. It has a different hectic vibe that is not really in that CS/CoD space I liked though. I like to feel like I have a measure of control and not in a situation where reckless speed has an advantage.

Invisibly; by trying to post in it and encourage others to do so. There is not much management to do with such a small community. The majority of regular users watch the All feed, so subscriptions are really just a way to bookmark the community to post in it or find it more easily. For smaller or new communities, expect it to be more like your personal blog as it is unlikely to be something others will post in regularly. The majority of communities that are hourly-active were made prior to the rexodus of June 2023, or within a few weeks thereafter.

Unless you’re in a very controversial space, actively micromanaging a community is likely an issue with the mod not the community IMO. The admins take care of the majority of wack-a-mole nonsense here.

Slowly trying to learn sh while using mostly bash. Convenience is nice and all, but when I encounter something like OpenWRT or Android, I don’t like the feeling of speaking a foreign language. Maybe if I can get super familiar with sh, then I might explore prettier or more convenient options, but I really want to know how to deal with the most universal shell.

Maybe look at galnet too:

https://f-droid.org/packages/gal.sli.digalnet/

That one is totally offline and is a simple translation dictionary. I use it and Wiktionary on a browser tab regularly.

I found a Python project that does enough for my needs. Jq looks super powerful though. Thanks. I managed to get yq working for PNG’s, but I had trouble with both jq and yq with safetensor files. I couldn’t figure out how to parse a string embedded in an inconsistent starting binary, and with massive files. I could get in and grab the first line with head. I tried some stuff with expansions, but that didn’t work and sent me looking for others that have solved the issue better than myself.

So can I bang on the Intel 12th gen P-cores with the enterprise microcode to see if they are really fused? I promise to isolate the CPU set if I can pretty please have access to the full AVX instructions for use with llama.cpp. Pretty please.

Funny. “It runs the hacking distro.”

To anyone that doesn’t know, distros largely have specific purposes. One of the primary uses of Debian proper is hardware hacking. This is where a lot of the undocumented nonsense hardware and new unsupported hardware gets worked on by kernel module developers. Like, if you need to get into a bootloader to build Linux from scratch, Debian has the tools and documentation to bootstrap. By saying, it runs Debian, it really means, it barely works at all and is at an extremely early phase, like a proof of concept at best.

I gave it a month off and still felt like coming back. Tried it, and apparently the controversy had passed, so I let it go. I still would like to self host, mostly to self publish a book that no one will read but self hosting is a daunting prospect for the inexperienced.

Ouch

I was early on Silverblue but went to Workstation. The Fedora Anaconda UEFI shim on enthusiast edge class hardware is flawless. The ability to roll back if there are any issues is default config. Encrypted drives are easy. NVME is managed. Nvidia kernel modules are built lightning fast in the background. I have a dozen distrobox container environments each with layers of Python containers within. I occasionally have a minor issue, like upgrading to F40 put me on Python too far ahead for some projects, but it was an easy fix for me.

Unfortunately I must be on a shim, so only Fedora and Ubuntu exist on my main.

So no, the marketing shysters are simply trying to silence the self aware minority. /s

Never talked about the important thing. Are the kernel modules fully open source and is the SoC fully documented publicly. If those two aspects are not a yes, this entire affair is an attempt to steal hardware ownership just like phones.

I only need the ram to initially load an AI model.

The best deal is probably going to be looking for a used machine with a 3080Ti. There were several of these made with Intel 12th gen CPU’s. That is probably the cheapest way to get a 16 GB GPU. They can be found for considerably less than $2k. Anything with a “3080Ti” where the “Ti” part is super important, has a 16 GB GPU, (the “3080” is 8GB). That was the only 16 GB laptop GPU until the newer Nvidia 4k stuff.

That can play any game, and can run some large models for AI stuff if you become interested. On the AI front, you want maximum system memory too if possible. My machine can only address 64 GB of sysmem. Some go up to 96 GB. I wish I could get like 256 GB.

Just because a machine comes with Linux does not mean the problems are solved. You will find many times when people buy machines that have peripheral kernel modules that are orphaned and not part of the kernel. Orphaned kernels are not real Linux and are like phones. Indeed this is the exact mechanism used to steal your phone and prevent you from using it for its true hardware lifetime.

The real solution is https://linux-hardware.org/. Use that to see what works where. You also need to understand modern secure boot with the TPM chip and package keys. These exist outside of the Linux kernel. If delving into this system is too much for you to deal with or of no interest, just stick to using either Ubuntu or Fedora. These both have a special system outside of Linux that will handle the keys for you. Presently, these are the only two distro choices that do this; not derivatives either, it must be vanilla Ubuntu or Fedora. You won’t be able to change anything in kernel space when going this route, but if the keys issue is unimportant, that probably won’t be an issue.

For me, it is not about “lost history.” It is about contextual history and knowing if some tool I built in a distrobox uses only dandified, pacman, aptitude, portage; or if it also uses venv, conda; or if there was some install script.

It would be nice if I was on a stable kernel to avoid such a dependency salad, but that is not within the scope of playing with the latest AI toys where new tools and exploring new spaces is constantly creating opportunities to explore.

It would be nice if I was some genius full stack dev that could easily normalized all the tools under a single dependency containerization scheme, but that is not within my mental scope or interests at the present. For most AI tools, I follow the example given and only add a distrobox container as an extra layer of dependency buffering from the host. The ability to lazily see the terminal history for each of those containers is a handy way to see exactly what I did months ago.

Distrobox supports waydroid to use android apps on wayland. There are many small purpose built apps for android than can be useful on desktop.

No one seems to be mentioning apps in this specific kind of context, and I don’t consider a locked down and stripped orphan kernel to be “Linux” but a lot of this stuff it FOSS and can now run on both.