bisby

bisby , 19 hours ago

Except this isn't true at all.

https://security-tracker.debian.org/tracker/CVE-2024-6387

Regresshion impacted bookworm and trixie both. Buster was too old.

With the downside of me doing an apt update and seeing that openssh-server was on 1:9.2p1-2+deb12u3 and I had no idea at a glance if this included the fix or not (qualys's page states version 8.5p1-9.8p1 were vulnerable).

If you are running debian bookworm or trixie, you absolutely should update your openssh-server package.

bisby , 6 days ago

That didn't take long.

bisby , 10 days ago

The thing I hate about the "value your time" argument is that windows is shit.

Let's be generous for a minute and assume that windows and linux have the same amount of problems. Someone who is on windows for the past 30 years has 30 years of acquired knowledge and will probably know quickly how to solve it on windows, but not linux. Someone who is on linux for the past 30 years has 30 years of acquired knowledge and will probably know quickly how to solve it on linux, but not windows.

So the entire argument is just "but I have muscle memory tied to windows, and I already know how to solve those problems, but I dont know how to solve the linux ones, so they take me a lot of research and time to solve, therefore all linux problems always take a lot more time to solve"

On windows, I have to spend time fighting BSODs and finding out where to download software from that isn't just bloated up with viruses, and how to run registry hacks to get rid of start menu ads and to stop microsoft from phoning home. None of those things i have to do on linux.

On linux, today my biggest issue was figuring out how to change the keybinding for taking a screenshot... And that was an easy issue, but it's also not even possible on windows.

So I guess different types of problems. My "wasted" time is customizing my OS/environment so it works the way I want it to, not trying to fight back any ounce of control.

bisby , 10 days ago

Don't have to spend time troubleshooting if you just never fix the BSOD and just kinda live with it. Point for windows

bisby , 9 days ago

my rant was not about your meme. But people actually use this argument seriously, and that frustrates me.

And I will admit that learning a new system has a time cost, but once you reach experience parity, the time cost per problem is less, and the number of problems is less. In that way, the "time spent" is an investment rather than wasted.

So A+ meme, it triggered me in all the ways it was supposed to.

bisby , 14 days ago

I also hate "reading a book" as a proxy metric for intelligence. I know plenty of cultured smart people who watch documentaries but don't read. And I know some dense, not that bright people who read a lot of Twilight style books.

bisby , 13 days ago (edited 13 days ago)

Sure. but there are plenty of reasons to not read other than "uneducated". And associating ability to focus with intelligence and education isn't fair either.

If an American couldn't tell me how many states there are, I would question their intelligence or education.

If an American told me that they don't read books, I would just assume they find books boring.

bisby , 26 days ago

I have a few cheap TLDs because as an individual I didn't want to pay a lot of money for the dot com versions. But I'm not a company.

bisby , 1 month ago

It'll also break all your keepassxc plugins soon. Because debian version to version compatibility is not a priority. They also don't care if them breaking something triggers a ton of upstream bug reports, because it will only "be painful for a year"

Linus for the kernel has a strict "don't break userspace" policy, and Debian has a "break things whenever you want, and just blame the user for not reading the news file" policy.

bisby , 1 month ago

IMO it doesn't matter. People don't read news on updates. Should they? Yes. Do they? No. Should they have to? Also no.

Linus's point is to never blame the end user for something the kernel changed. If you want software to have widespread adoption, adding homework to simple updates isn't how you do it. People don't want a hobby or something to babysit, they want an operating system. Debian will go out of their way to make in-release updates go as smooth as possible, but are willing to through out entire parts of functioning packages between releases.

But this isn't even about breaking things for the end user. This will create excessive amounts of noise on the upstream repo. People will say "Hey! My keepassxc broke!" and they report it to keepassxc, and not to Debian. To which keepassxc just has to constantly reply "no, debian changed this on you, this is not a bug." If Debian had to deal with the fall out of their own decisions, I would say "yeah, im not sure if i agree with the decision, but oh well"... But they are increasing the workload for other teams.

It is already happening. The debian dev's stance is "This will be painful for a year." But it will be painful for keepassxc, NOT debian. The keepassxc devs asked them to not do this. Debian's response might as well be "Im inflicting this pain on you, even though you've asked me not to. But on the plus side, it won't hurt me at all and it will only last a year for you." If they really have that much disdain for the project, they should just stop packaging it altogether.

So yeah, debian has the legal right to do whatever they want because keepassxc is open source. but "just because I can, and you cant legally stop me, and its extra work for you, not me" is kind of a jerk move. This is what drives FOSS contributors to get burnt out and abandon otherwise good projects.

bisby , 1 month ago

Hard to unlock the house based on media playing if the kid is outside though.

bisby , 1 month ago

Definitely make sure you think through all the physical security implications of having your house automatically unlock in any scenario.

Have the house auto unlock when getting home on a bicycle, sounds convenient until, as you point out, they could get stolen and now the thief has a convenient way to unlock your house. So you would not want that.

You would definitely not want the house to STAY unlocked when something like a tag is in range. If your kid is home alone, you want them to be able to re-lock the house (or in general, you want to be able to lock your house while the kid is home).

Whatever solution you wind up with, you are going to be trading physical security for ease of use (and complicated fun task). Be safe. Make sure the tradeoffs are actually thought through and worth it.

bisby , 1 month ago

I'm not an expert, but it has something to do with full words vs partial words. It also can't play wordle because it doesn't have a proper concept of individual letters in that way, its trained to only handle full words

bisby , 1 month ago

In pineapple express they call it "the dopest dope I ever smoked"... But I now realize that movie is almost 20 years old.

bisby , 2 months ago

I use wayland, but be warned that there are downsides.

X11 is 40 years old. Which means that even though it has 40 years of bad decisions baked into it, it also has 40 years of features and tooling built around it.

And in some cases, things are purposefully broken in the name of security as mentioned above. Writing a keylogger on X11? Easy. Every app can watch the keyboard even when they aren't in focus. So if I type my password into firefox, Discord can listen. Hope you don't have any malicious apps just patiently listening to all your keystrokes.

Getting rid of input listening sounds great! .... Except for the concept of global keybinds. Have a Push to talk button in discord that you need it to be able to listen to while youre playing a game? Sorry, the game is in focus, so discord can't see ANY of your input. Including the push to talk button. Different wayland servers have different ways of handling this with their portals. Some don't have it at all. And the ones that do don't always have great solutions.

One major issue that has been in wayland debate hell... how do multi-window apps communicate with each other. For example GIMP. The editor window is a separate window from the toolkit which is a separate from the layer view. GIMP on X11 knows where all of its windows are because it can see everything. if you wanted GIMP to save all the window positions, it could. GIMP on Wayland has no idea where each window is relative to each other. Each window knows its own size and shape. And thats it. It doesnt know where on the screen it is. Which means it doesnt know where it's other sub windows are relative to itself. Which means GIMP on Wayland can't really save the window positions for next run. Wayland is working on a protocol for handling this, but its been caught up in debate hell last I saw. This is a prime example of a thing X11 had. And Wayland will someday have, but the 40 year headstart and disregard for security gives X11 a huge headstart.

Most of these problems have workarounds and solutions, but you might find yourself in a situation where you do in fact need to implement a workaround instead of having everything Just Work.

"Better" means different things to different people. Architecture and security and technologically? Wayland is better. Just Works and its what your apps were probably built to run on so less weird edge case issues? X11 is still better just due to inertia. (And again, I use Wayland, I'm willing to deal with the workarounds, but you do you).

bisby , 2 months ago (edited 2 months ago)

The most commonly cited monitor in recent years for this is "AW3423DWF"... Which is AlienWare 34" (no idea what 23DW is) Freesync. I assume the 23DW has a point to it too.

Point is, people see a lot of characters and complain when in reality it is exactly what you are referring to. The name is an encoded version of its capabilities. Its just that the encoding isn't always clear because if every company used the same encoding they would have the same name. and if there are 2 similar monitors you would need to have every feature in the name to differentiate them, so the shorthand encoding becomes necessary. (Eg, AW3423DW and AW3423DWF only really differ on freesync vs gsync, thus the F at the end)

Edit: W is for WQHD: 3440x1440

bisby , 2 months ago

Knocking as well

bisby , 2 months ago

Its enough for me too. But not everyone has the same use case and environment. I definitely see why someone would want this.

What I disagree with is that it needs to communicate to the internet to do this. It adds delay and potential for outage if your internet is out. But they do this so they can force you to get their app and milk you for extra data to sell. Internet capable smart devices are to harvest data not grant features. Features could be done better by ZigBee and a hub, but that doesnt grant the device a way to phone home

bisby , 2 months ago

Oh good, if that is all true, you wont have to change anything to be compliant with new laws and should have no issue with them.

bisby , 3 months ago

The original is an ad for a Posturite mouse. Then reddit added the mouse. then someone else added saddam.

https://lemmy.world/pictrs/image/d85a88bf-f37c-4330-a581-a34e18a26275.png

bisby , 3 months ago

"update" here referring to the version update, eg bullseye to bookworm. hence the title sources.lists because version updates disable all ppas.

Also, because of the "stable" nature of things, instead of a slow trickle of updates, when you finally update the version, you get a flood of updates. Changing from $PACKAGE version 5 to $PACKAGE version 9 very likely has breaking config changes... Avoiding breaking config changes is the entire purpose of a "stable" distro right?

If on arch, you get those breaking changes once a month, a two year release cycle means that the update to the next debian will have 24 breaking changes involved that you get to deal with all at the same time, while accounting for the fact that your /etc/apt/sources.list.d are all disabled.

bisby , 3 months ago

The point of the meme is "Debian users are so proud of not having frequent updates... but when they do update, they have a huge backlog of things to update" ... so yes, the fact that it's not apples to oranges, and yet Debian users act superior is kinda the point.

And I use arch on my desktops but debian on my servers. I understand the difference. and yes, 20+ config changes is a bit of an exaggeration. I more frequently have to do minor tweaks to fix things on arch, but I also don't need to set aside time to do arch updates "just in case" ... because I have had debian upgrades cause weird side effects that wound up taking up my whole day.

The fact that i can go 2 years between those weird update days means I will still use it for my server, because "just security upgrades" is good enough for a server (even though I would love to have an updated tmux and neovim, so i could share config files, but oh well, i can go without config files on my server, debian DOESNT manage user config files, definitely not any more than arch does.). I don't "not get it" or something. I understand why people use debian, I use it in certain contexts, but it does also have it's own set of drawbacks.

bisby , 3 months ago

This was fixed ages ago, but you are using Debian because it is "stable" and thus software from ages ago and don't have the fix.

bisby , 3 months ago

Debian is not all about "stability" in the sense of "doesn't crash". Debian is all about consistency. The platform doesn't change. That means if there is a bug that crashes the system for you... it's going to consistently be there.

For me, it was when stable was on kernel 3.16, and 3.18 was in testing, but the latest kernel was 3.19. And this was an era where AMD's drivers not fully OpenGL compliant yet. Which meant games would crash. And knowing "this game will always crash until 3 years from now when we finally get a newer kernel" was enough to chase me off.

debian's neovim package is 0.7.2. Sid is 0.7.2. Experimental is 0.9.5... If there are any bugfixes between 0.7.2 and 0.9.5 that are critical for your workflow... too bad. If its not a "security" release, its not getting updated. You can live with knowing the bug.

"Never change anything, stick to known good versions" only works if you know 100% that the "known good version" is actually bug free. No code is bug free, so inevitably the locked down versions in Debian will have still some flaws (and debian doesn't backport bugfixes, they only backport SECURITY fixes). For most use cases, the flaws will be minor enough to not matter. But inevitably, if a flaw exists, it affects SOMEONE.

If you actually want to do any sort of complicated computing, debian is not a great choice. if you want a unchanging base so you can run a web browser and processor, I'm sure it's great.

bisby , 3 months ago

Most people use stable to refer to something that doesn't crash or cause issues. Something that you might call "rock solid" which implies it's not going to fall over. Something to put on your server because you'll get great uptime without issues.

Debian is one of the few places where stable might crash more than unstable, because known bugs in Debian don't get backported unless they cause security issues.

I use Debian on my servers because "some testing" is nice and the only thing I run on my servers is docker. And ironically, I have to use a PPA for docker.

So for me, it's a stable enough base OS, but it "too stable" for anything that actually runs on the servers.

bisby , 3 months ago

(although my ~15 years as a windows sysadmin probably bias my opinion)

So basically: it's not any harder in linux, but you have more than a decade of muscle memory in windows, so it's harder for you.

That's like saying "Japanese is a less efficient language than English, all of the words are different, and when I want to say a word, I have to learn it first, but in English I just know the words! English is so much better! (My 30 years speaking english probably bias my opinion)"

Things are certainly different, but its hard to compare which is "harder" for the advanced use cases.

There's no shame in having long term experience with one platform and having that shape your expectation about how a solution should look.

bisby , 4 months ago

I know someone who got to interview him once. He spent the whole time complaining about how he never wanted to be a celebrity and just wanted to do the science part of the job and that he hated having to do interviews and talk to the public.

They wound up obviously having no good material from the interview and didn't have anything to run. It was a very "don't meet your heroes" moment for my friend.

But yeah, according to himself, he DOESN'T want to share science or educate. It's a burden to him.

bisby , 4 months ago

They might include it. Or they might not. If they don't have time to test it, they just won't, and you may wind up with 5.27 for longer than just the next year if you're waiting for debian's stable repos.

debian's neovim is on version 0.7.2 (even in trixie/sid, you have to go to experimental to get to 0.9.5, which is the current). If there are any bugfixes between 0.7.2 and 0.9.5 that aren't security backported... too bad. You aren't getting it any time soon, because it's not landing in Trixie, and it's not guaranteed to land in whatever is after that either.

Debian's "stable" refers to "predictable" like you said. Which includes bugs being predictable. Not resolved. Predictable. And if you have a bug that crashes your system, that bug will stay there unless it's a "security" issue. Predictable crashing. NOT the "doesn't crash" that people seem to think "stable" means.

bisby , 4 months ago

I still find it super weird. A (remote) coworker bought an ioniq 5 after 9 months on a wait list... 3 months later, I went to a dealership. they had one on the lot (3 actually). Was able to get one with 0 wait.

Looking at their website, they have 4 2024 ioniq 5s available right now, an SEL, SE, and 2x Limited.

So apparently my local dealership is the sweet spot. Or is this purely a Canada vs US thing?

bisby , 4 months ago

If you found a person who had never seen any of these. they could accurately guess what most of the icons on the right are for. And they could probably only guess gimp from the left.

Also, the apple side are app icons, while the FOSS side are a mix of icons/logos/mascots.

Icons don't need "personality" as much as they need to be descriptive and useful. And for Apple default apps, they don't need to be branded with a flashy mascot, because they aren't trying to win your brand loyalty, you already are using macOS, so they already won.

bisby , 4 months ago

I'd argue it's literally the opposite of what you're saying. They are trying to make the product easier to use by making it explicit what the icon is for. If that makes you happy, that's not locking you in.

They do plenty of locking in. This is not that.

I'd much rather tell grandma "the music player is the music notes" ... she'll remember that. and not "the music player is the one with the lightning bolt" because she won't remember that.

Even if you don't like him. I highly doubt Jony Ive designs things by just googling cartoons. Lots of thought went into these icons. I feel like these are from multiple eras of macOS... Theres the "consistent" ones (the circles) and the "skeumorphic" ones (the stamp, the contact book, calendar)

As far as ICONs go, I vastly prefer the ones on the right. As far as brand mascots go, I prefer the ones on the left.

We're not even comparing apples and oranges here. Neither side is soulless, theyre just achieving different objectives and you seem to have a bone to pick with apple.

bisby , 4 months ago

safari, and the app store aren't great.

I dont have a mac or an iphone, but actually follow tech, so Im at least aware of what apps exist... if I had to guess the rest:

calendar, contact book, video call, time machine backups (this one probably requires knowing that backups are a thing), some sort of e-reader, music app, launcher (macOS did the thing where they added an iOS type launcher when they started making "fullscreen" its own special thing right?), and given the final one is a stamp so... apple mail?

So unless I'm wrong, and we say safari, app store, time machine, and the launcher aren't clear. that's still 6/10 icons that ARE clear. Even if we take out the reader.... 5/10... it's still mostly recognizable

Compared to the FOSS side, which gets GIMP. 1/10.

and I agree there assumptions being made. Things like "App store" needs an A because English is not very inclusive, but I dont think that makes things soulless. If their assumptions were "we're making luxury items for affluent Americans (who generally speak English)" then they made a fine decision for reaching their target audience. I'd argue that the app store icon has the most "creativity" put into it.

bisby , 4 months ago

My dad once told me my mom didnt feel safe walking alone at night in the neighborhood and asked if I felt the same. I said I didnt feel any concerns, but added the caveat that Im not a small woman, and Im a large man.

He paused for a minute, nodded and said "that makes sense." Then after another few seconds goes "That's not white privilege."

bisby , 4 months ago

He saw himself having an epiphany about privilege in general, so he had to swerve and add race into the mix so he could say a true (albeit unrelated) thing and miss the point.

It's like when anti BLM people say "All lives matter" ... Sure, all lives DO matter, but they're intentionally missing the point, so they don't have to acknowledge that police brutality disproportionately affects black lives.

Saying unrelated "true" things to undermine the original statement is a bit telling about intentions.

bisby , 4 months ago

When you're a trans teen from OK getting beaten to death by classmates, the culture war feels a lot more urgent to focus on in the moment. Survival isn't something you can be passive about.

Some people partake in the culture war as part of manipulation by the rich... Some people are forced into it by defending themselves from the first group. And some people are compelled into it to protect the second group.

While you're not wrong about how we got here, it feels like it would be too easy for one side of the culture war to spin this as "Ignore my bigotry, Wall St is the real enemy!"

bisby , 4 months ago

What are we doubting? That their friend runs a pinephone? I agree.

I have a pinephone and pinephone pro. and neither one has felt good enough to be a daily driver. but then again, i havent really tried using it since like february 2022 when I got the pro. maybe the software has gotten a ton better since then. (I dont have high hopes. Drew Devault has a real nice blog post about pine64 chasing devs away: here)

Realistically all I need in a phone is password manager, phone app, camera, signal. And I dont think I ever had any of those things work in a "actually reliable and smooth enough for daily driving" state.

bisby , 4 months ago

LineageOS doesn't support Play Integrity either. Custom ROMs seem to be doing just fine.

There's the stories about "I have to have Windows because the school's exam proctor software requires Windows and doesn't work with Linux" but ultimately that's not the thing that stops the year of the linux desktop. And banking apps won't be what breaks the year of the linux phone.

bisby , 4 months ago (edited 4 months ago)

I believe you, but the hard part about "It was good enough for me" is that an old Nokia brick phone is "good enough" for some people. I have no idea what your standards are.

Maybe there's a way to get it to that state. But the lock screen on my pinephone pro stutters, much less "making apps work". I was able to do all the things I wanted to do, it just was a horrible experience.

I bought two pinephones. I REALLY want this to work out. I'm not some sort of anti-linux phone antagonist. I've tried to make it work personally. I would love to know what the setup (what OS, phosh, etc?) I need to make my devices work great, if they are truly that usable.

edit:
https://wiki.pine64.org/wiki/PinePhone_Pro#State_of_the_software

The "official" state of the software from pine64.org itself states the modem crashes often and results in missed calls, camera still a WIP, and no push notifications when the phone sleeps (so the phone just never sleeps, thus the terrible battery, i presume).

"Good enough" feels like it's only true if you're the kind of person who otherwise argues that smart phones are bad, and not if you're the kind of person who uses your phone as a multi-tool in your pocket.

bisby , 4 months ago

The main difference is that the old Nokia phone runs proprietary software.

The point was that different people have different standards. There are a lot of people on places like HN that will say things like "People use their phone too much, a Nokia has everything that everyone needs! That's what I use!" without accounting for other people's use cases. That's a very self centric view. I need X, some people might need X+Y or X-Z. If you have to hedge your "it's good enough" with "if you can handle these 100 workarounds" then it's more accurate to say "it's not good enough, unless you're ok dealing with these 100 workarounds."

I haven’t noticed any missed calls on my original PinePhone

That's awesome. I rarely answer phone calls anyway, so that doesn't impact me much. This was purely reflective of the state of things. "Probably fine" and "definitely works" can be a MAJOR difference in the scope of daily driver readiness for most people.

camera

The camera on my pinephone actually opens and can take pictures. it just looks terrible. To the degree that I'm at least 75% sure that it's a sensor issue, and no amount of software tuning is going to bring the sensor up to the level of other phones. Considering my primary use for my phone is taking pictures, "the camera works, but its terrible" doesn't fit my use case (admittedly, this may be a specific to me use case).

no push notifications

Oh. yeah. That's probably a deal breaker for most people too.

And to re-iterate. I can totally see this being a usable device. I own two. I've seen how it can perform. and I'm excited for the possibilities. It just feels a bit too jank for me still, and im pretty tolerant of jank. If other people are more tolerant than me, I applaud them.

bisby , 4 months ago

I'm sure it has. Pine64 has nothing to do with it, but it's their hardware, so they should. And the point of Drew's blog was that they did a nice job of disincentivizing the community. so the community is smaller than it could have been.

And "work" here being a shorthand for "work to satisfactory levels".

The camera works on my pinephone, and it takes pictures that remind me of the digital camera I had in 1999 that saved images to floppy disks.

Bitwarden would run, but it was running as a desktop app and was a pain to use (no lib handy here), and it obviously wasn't going to offer to auto fill across the entire OS.

Phone worked, but I don't receive enough calls to validate it, and pine's own wiki states that the there are modem issues. It may be perfectly fine for me, but not something i fully trust, and that's a factor in acceptance.

and signal I would assume I would have to waydroid. But I never got waydroid set up. Hopefully that's something that has gotten easier in the past 2 years. 2 years ago there was multiple hoops to jump through with installing kernel modules or something, and seeing a list of steps to take (and not just being able to install it from a repo in 1 go), when I was already dealing with performance issues, I just assumed it wasn't going to be worth it.

Who knows, maybe I'll give it a try again and come to a more favorable "it's fine i guess, but still not as good as my 2017 android phone in any capacity except 'not google'"

bisby , 4 months ago

Speedrun reply:

• "megapixels" aren't always the right metric either. a super high pixel count, but noisy camera isn't great either. I think in general, neither model has a camera that is going to generate great photos, even if the pro is much better
• I'm already invested enough in bitwarden, and not interested in migrating back to keepass. This is a prime example of "I could make it work, but also, they need to meet me where Im at, I'm not redoing my entire life for a phone"... Could probably also use waydroid for this
• I'm already not just using Android as is, and use LineageOS on my phone. Which isn't GrapheneOS (which isn't available for my phone) but at least allows me to not need to have gmail installed on my phone, etc.

In conclusion, I want to thank you for such a cordial and friendly conversation. I've borderline forgotten how decent people on the internet can be. I can't imagine a "debate" remaining this civil on reddit. (And if I was anything less than civil, I apologize! The broader internet has trained me for a fight or flight response for replies.)

bisby , 4 months ago

https://en.m.wikipedia.org/wiki/Fork_bomb

bisby , 4 months ago

The internet and cloud points are my favorite. Specifically the fact that those things are out of the picture.

No VLAN configuration necessary. The hub is "the VLAN". They literally can't phone home because they have no route to the internet, with no extra setup necessary. For WiFi devices, I have to make sure they're connecting to the right VLAN and controlled properly, and if I misconfigure something, they are phoning home or joining a botnet.

(This stops being as applicable if you have a sketchy hub you don't trust, but I trust deconz and ZHA fine enough in this context).

bisby , 4 months ago

https://grndcntrl.net/links/

They have links to all of the various social media sites for all the celebrities they track.

bisby , 4 months ago

https://packages.debian.org/source/stable/linux

6.1 is the current kernel that debian uses. so it's not like debian is brand new anyway.

bisby , 4 months ago

Debian's stability doesn't mean "rock solid, no crashes." It means "non-changing, you don't have to worry about configs suddenly being incompatible."

There have been plenty of situations where I've found that Debian won't update a package. They backport "security" fixes. But only on certain packages.
If a package that is not on the Debian maintenance radar, or the bug isn't "serious" enough to be "security" related, that bug will be in Debian for years. And the end result is needing to compile your own.

If for your workflow, it is a critical package, then Debian becomes more prone to crashes than other distros, and you could argue it's less stable.

I still use it for my server, which is just dockerized everything anyway (using the docker repos, because Debian's docker is excessively out of date), but neovim is on version 0.7.2 (even in sid, you have to go to experimental to get to 0.9.5, which is the current). If there are bugfixes between 0.7.2 and 0.9.5 beyond "security" ... you don't get them. And you won't even get them in the next version. Which means if you need any 0.8 features/bugfixes, you won't get them for years.

bisby , 5 months ago

Windows is only $price if your data and privacy are worth nothing.