NATO is an instrument of US hegemony. I can’t imagine they’d stop committing to it. They know there are too many who think Russia is a threat to them and will just do whatever to keep NATO alive. I don’t think US would want to let go of something so useful to them.

I don’t think this is true. Turkey has been playing both sides for a long time, and this is just another step in that direction. But NATO is still resilient unfortunately.

Bubblewrap seemed much less user friendly than nsjail, I assume because it is intended to be a lower level application used by libraries like flatpak. It is also more tailored to desktop applications and GUIs, whereas nsjail is focused on server apps (though I did see the author mentioning adding better support for GUIs years ago, but I did not check if that happened).

I’m not an expert, but I’ll try my best to compare it to docker:

You can think of nsjail as a lightweight frontend for kernel isolation features like namespaces, sys call filtering, and the like.

Docker is also a frontend for some of those kernel features, but its original goal was not security isolation, but rather isolation for the sake of reproducibility. This isn’t to say that docker isn’t secure, they did add those features eventually, but they are less intuitive to change and mess with, and you have some added complexities. Whereas nsjail stays as close to the system as possible. As far as I’m aware, there’s no concept of an image, and its not necessary for every app to have an entire OS user land with it (although you can if you want to).

If your goal is security, docker’s defaults are reasonably good, but also made to not get in the way of most applications. This might be good enough for many. However, docker’s security is more difficult to customize and less straightforward if you need to change it.

If your goal is security, and more so than docker’s defaults, nsjail gets you there muchhh more easily. Whether nsjail has more security features than docker, I don’t know.

No I would actually expect a candidate to talk about what they intend, and whatever excuse there’s not to sounds silly.

Republicans stated Israel should a celebrate all violence

While the Democrats do the implementation

Bombing the middle east is also not exclusive to Republicans. Obama broke a record there.

I’ve been curious about that. I use openRC, so I don’t have access to systemd. Not out of any systemd conspiracies, I just liked simplicity of openRC.

I’ve looked into this a lot actually. There see many options. I’ll highlight the pros and cons of each option.

Lua: extremely lightweight, but standard library is lacking, and doesn’t include stuff like map or fold. But that would be easy to fix.

Python: thicc standard library, but is not lightweight by any means. There are modifications made to be more shell like, such as xonsh

Rash: based on scheme, very much functional but if you’re not used to lisp style, might take a bit to get used to it. This is actually my favorite option. It has a cli interpreter, and really pleasant to use. Cons is… Well it’s not very common

You can honestly use any language. Even most compiled languages have a way to run immediately.

Since you like guile, I would recommend you checkout rash (search “rash shell language” on Google. Sorry too lazy to link it).

It is based on racket, but made to be shell-like, and is very nice. I believe guile used to have a similar project that isn’t maintained anymore.

Anyone has a tldr?

But I thought slackware installs the entire repo by default. Is that not very much bloat?

Is my summary here correct?

• slackware installs all software in its repos by default.
• there’s no package management or dependency resolution. If you want to delete something, or install something, you do that on your own

My setup was really weird. I was running it under a network namespace. Maybe that’s why? The app would run like normal, but it would not successfully create any connections. I replicated the same setup on glibc and it worked.

I agree, I organized the post wrong. Void should’ve been up, but it’s also a notable mention that I can’t write a lot about since I did not do too much with it.

Bunch of random small things gave me issues. Sdkman (kinda like a Java version manager) and transmission on arm64 on wireguard would not work either.

It has a lot more support than you think. As a gentoo user, I am jealous of nixos often seeing more support than gentoo, when gentoo is older and seemingly easier to support. But nix seems to have a bigger hype nowadays.

The thrilling thing about arch is you get to put together your own user land applications, especially things that could form your desktop environment, audio stuff, etc.

I agree it is not that complicated. If you want more thrill, here is what I recommend:

gentoo Linux

has the option to compile everything from source. This isn’t just for bragging rights. This resolves a whole class of software breakages that can happen on other distros (especially when using old or less common applications).

• It gives you the option (emphasis on optional) to use openRC, an alternative to systemd.
• patch any software super easily, working nicely with the system
• customize compile flags on a global level
• have package manager manage software that isn’t available in repos, or easily write a package script for it (technically AUR can do this, but gentoo more powerful)
• works like a charm with heavily customized setups, such as musl, or less common architectures like arm or risc-V

NixOS

Takes it a step beyond gentoo and uses a functional, lazy approach in package management. Every package is fully reproducible, has a kind of isolated environment. Your entire setup is reproducible and declared with a single file.

---- below this line is torture. Not recommended

slackware

Idk how it works exactly, but package management looks like a manual pain

Linux from scratch

A book where you create your Linux installation from scratch, compiling every single component until you reach a working system

Notable mentions

• Alpine Linux: uses musl and busybox by default. Extremely lightweight. Some things will not work, but you get the thrill of running a couple MB distro
• void Linux: ok I’m tired of writing so I will not explain that one

The best parts of Linux involve unpaid community labor, yes, but framework laptop is a for-profit product, so I wouldn’t think it applies here.

I don’t mean about relying on the protection from these providers. I am talking about the inherent increased security of hosting on a server that’s on a different network than your local network.

Is it just as secure doing this (with crowdsec) vs hosting on a rented server from a cloud provider?