Sun Mar 10 2024 05:19:19 PM EDT from zelgomerWhat you guys described, how do namespaces make any of that easier to implement than chroot?
"Easier" is actually the answer. Yes, you can do the same thing with chroot + network namespace + cgroups + whatever, and then manually set up the OS image and hook things together etc.
LXC sets it all up for you, including the OS install, with one command. If you want to do it the hard way, no one is stopping you.
Let me give you an example. Over in the Citadel Support room someone is saying that an install fails on a particular Linux distribution on an ARM board. I don't have that one. But I can spin up an LXC of that distribution on my NanoPi and run the exact test, replicate the results, write a fix or a workaround, and blow it away. Just like a virtual machine but in a fraction of the time. If I tried that with chroot I almost certainly would not replicate the correct environment.
Sat Mar 16 2024 02:20:08 PM EDT from Nurb432so, is minix development dead at this point?
I will take it one step further: is Andy Tannenbaum dead at this point or is he still kicking around telling us that microkernels are the only way to go?
He wanted Minix to be a teaching platform rather than a "real" OS. He got his wish. And he discovered that no one wanted a teaching platform OS any more than they wanted to write real software in LOGO.
Yes hes still around. Not sure if he is doing anything tho. Would be in his 80s.
And it should not surprise you i support micro kernel concepts.
Sun Mar 17 2024 18:55:10 EDT from IGnatius T Foobar
Sat Mar 16 2024 02:20:08 PM EDT from Nurb432so, is minix development dead at this point?
I will take it one step further: is Andy Tannenbaum dead at this point or is he still kicking around telling us that microkernels are the only way to go?
He wanted Minix to be a teaching platform rather than a "real" OS. He got his wish. And he discovered that no one wanted a teaching platform OS any more than they wanted to write real software in LOGO.
ouch, that xz issue even snuck into NetBSD pkgsrc -> https://mail-index.netbsd.org/netbsd-announce/2024/03/30/msg000368.html
~~~~~~~~~~~~~~~~~~~~~
"Recently, a backdoor was discovered in the xz compression library.
xz/liblzma are included as a part of NetBSD and used by the project
for distribution of new releases and packages.
The version of xz shipped in all stable (and unstable) versions of
NetBSD predates any code changes by the author of the backdoor.
NetBSD is therefore safe and unaffected by the recent discoveries.
It is believed that the attack only targets Linux/glibc, but checking
this allowed us to rule out any other attempts at compromising the
library by the author.
The version of xz shipped in pkgsrc, however, is affected. Using
xz from pkgsrc is a non-default setting on NetBSD, and requires
explicit opt-in. Most users of NetBSD will not install xz from
pkgsrc because the version from the base system is preferred.
However, users of pkgsrc on other platforms will need to take
precautions.
Regardless of NetBSD being affected or not, the discovery of the
backdoor is a wake-up call and further discussion will be happening
internally over how to proceed.
Have I mentioned lately that systemd sucks?
its a backdoor/virus all by itsself.
Mon Apr 01 2024 21:35:30 EDT from zelgomer
Have I mentioned lately that systemd sucks?
Last time something like this happened, people were calling for government involvement/regulation..
Sat Apr 20 2024 11:49:02 EDT from IGnatius T FoobarSome people are using the xz backdoor as an argument that the entire open source model is flawed. As if their favorite software doesn't have deliberate backdoors in the shipped version.
New 9Front release out this evening.
Literally an hour after I got the previous release to boot and run on a vultr instance.
Oh well, it was a nice way to burn a little vultr credit, I didn't plan to leave it running there anyway.
it will run under QEMU, and they distribute a pre-built image.. At least the x86 version, i have heard of people struggling with running an ARM version that way. I have done it myself under KVM on PVE too, using the regular ISO.
( A long way to say, you could run it at home.. )
( A long way to say, you could run it at home.. )
That was my long term plan. Basically a smaller scale version of what Ig is planning.
I have not tried it one of those cheap-o lenovo Mp3p's i was buying like water last year, I bet it would work. Cheap, small, real hardware and pretty solid. Doubt the wifi would work tho, and you cant easily swap them with another card or they are liable to refuse to post, and just scream at you ( learned that the hard way ).. If i get a chance this weekend i might try, just to see.
Unrelated, now that im not using them in my farm, they need to go away. too bad i upped their CPU beyond what most people would want. So not 'dirt cheap' now. But still not expensive i guess. Been debating ebaying them away, which is how i got them in the first place.. and my NVIDIA jetson crap too. also collecting dust.
That was my long term plan. Basically a smaller scale version of what
Ig is planning.
IG changed his plans. :)
I ended up building an adorable little 12VDC-powered MiniITX with enough guts to provision the whole minihomelabdatacenter on one box. You can follow my nonadventures in the Hardware room in the unlikely event you find *that* interesting.
And here's one to tickle those with Poettering Derangement Syndrome:
[ https://outpost.fosspost.org/d/19-systemd-wants-to-expand-to-include-a-sudo-replacement ]
I'm not so sure it's possible to completely replace sudo. Maybe just another tool that does some of the same things. Supposedly `run0` is different from `sudo` in that it starts a new session and pty's it back to the controlling terminal, inheriting none of the parent environment. To me, that sounds a lot like `ssh root@localhost` or even just using `su` rather than `sudo`.
But it does turn the terminal background red to remind you that you are running with escalated privileges, so there's that.
That is what has been said many a time. "cant" then while people are not fighting it, it does.
And at this point, screw it, if him and his crew take over completely and ruin things, ill either go back to BSD, or just shut it all off and walk away ( liable to do that anyway . sick of the industry ). As long as i can listen to my music and watch my cat video files and DVDs ( can always use dedicated hardware ) then i'm fine.
Tue Apr 30 2024 22:07:33 EDT from IGnatius T Foobar
I'm not so sure it's possible to completely replace sudo.
But it does turn the terminal background red to remind you that you
are running with escalated privileges, so there's that.
That actually is a darn good idea. The rest of the proposed functionality is kind of a yawner, but I'll give it a try once it's available. I've never been all that impressed with how sudo works, and generally don't bother with it on Debian. With the predictable side effect of occasionally doing things as root that were a Really Bad Idea to do as root. The red background would presumably eliminate that oops-avenue.