- 0 Posts
- 50 Comments
Not in the way that Windows does, at that point your best bet is SysRq+REISUB or SSH in and kill kwin and possibly issue a manual reset in /sys. But even if successful, half your apps will have died as Wayland compositor handover isn’t quite reliable yet.
I also believe if the GPU hangs the kernel already tries a reset, I would start with a manual reset via SSH to confirm it’s even worth pursuing and then you can figure out a hotkey situation. Even if the GUI is locked up, you can listen to evdev devices and catch an arbitrary keyboard shortcut and run a shell script that resets the system to your liking.
That’s a hell of a lot of massively unsubstantiated claims and paranoia.
It’s end to end encrypted, that it’s hosted on AWS or who funded the project doesn’t matter. The encryption is open-source and auditable (and has been audited as well). It doesn’t even know who talks to who. For notifications, it’s decrypted locally on the device by Signal, and can be turned off. It’s also encrypted in transit on top of the E2E so only Signal servers can decrypt the little metadata there is, not everyone on the network.
And none of this is confidence inspiring about their own service. It’s 2024, how the fuck isn’t rebuilding their compromised server not a single command away, and why are they even attempting to fix it in the first place? Why do they even have access to the server at all?
Absolutely zero credibility. None.
ActivityPub makes this impossible. Everything on the fediverse is completely public, including votes, subscriptions and usernames. Even if Lemmy did offer the option, other servers wouldn’t necessarily.
And honestly this is a system that would be mainly used for spam and hate speech anyway. Just make a throwaway like everywhere else.
I route through my server or my home router when using public WiFi and stuff. I don’t care too much about the privacy aspect, my real identity is attached to my server and domain anyway. I even have rDNS configured, there’s no hiding who the IP belongs to.
That said, server providers are much less likely to analyze your traffic because that’d be a big no-no for a lot of companies using those servers. And of course any given request may actually be from any of Lemmy, Mastodon, IRC bots or Matrix, so pings to weird sites can result entirely from someone posting that link somewhere.
And it does have the advantage that if you try to DDoS that IP you’ll be very unsuccessful.
on a closed-source software stack
Android is open-source. My phone runs an open-source build of it.
At this point it’s barely any worse than a web browser. I know it’s sandboxed, it can’t access anything I don’t want to. All it lacks is isolation with the kernel since web browsers run JavaScript and Android runs native code.
Worst comes to worst you just run the app in Waydroid.
If your bank really spies on you through its app, I would change bank. Neither of my bank apps even run in the background or even request sensitive permissions. I will happily change my mind if you can show any proof that this is happening.
It’s purely security. On Windows and largely on Linux desktop as well, any app can easily look at other app’s data, that’s why there’s so many browser credential stealers. Maybe you’ll never be a victim of this sort of attack, but if it does happen your bank account is gone.
Android and iOS have complete data isolation between apps. Unless you have root on it, even if you install malware and give it the maximum amount of permissions Android can possibly give, it can’t access your auth cookies from the bank app. The bank app can’t even access them either until you input a pin or biometric data to get it from the TEE.
Thus it’s safe for banks to actually let people stay logged in with reduced identification. Browsers can’t do that, not without the web integrity.
We’re an absolutely minuscule minority that cares, and could use a stay logged in feature safely in a browser environment.
Dealing with fraud cases is expensive for the banks, they have good reasons to ensure you can only access your bank account under safe conditions. The average person doesn’t even know what a web browser is, they know they click the Google and enter what site they want to go to into Google and search for it. They’re the people that get scammed on the phone. They’re the people that have their entire life savings wired overseas.
Just let your password manager fill up the login everytime, it’s not hard.
That’s a safety thing. Phones are usually owned by one person or possibly shared in the family, but the security is such that app data is per-user anyway.
Websites though, people still sign in from all sorts of devices and often wildly insecure ones such as public/work computers, one malware away from hackers having access to your bank account.
Inconvenient for advanced users like us, but it would literally make all of those refund scams so much easier to pull off because they wouldn’t even have to trick the victims into logging into their bank: blank the screen, transfer the money, tell them their computer is all fixed, bye.
Yeah similar setup except I use NextCloud.
KeepassDX is great, can use it with just about anything too. I used it over sftp for a bit. It’ll happily do Google Drive, OneDrive, DropBox and just about anything that implements the right content providers.
Going through the provider is nice, it gives NextCloud an opportunity to sync it before it hands it over to KeepassXC, and knows when it gets saved too so it can sync it immediately. I don’t think I’ve had merge conflicts since, and I still have my offline copy just in case.
The annoying part is when you’ve added a password on one side and cleaned up a bunch of passwords on the other side. When they get merged, it doesn’t merge what changed it merges the databases together so your cleanup is gone. It’s safe at least, and exceedingly rare.
Backup codes. You’re supposed to print them out and put it in a fire safe or something. They’re longer and not time based and valid until you rotate them. With those you can lose everything and still access your accounts.
My KeePass database is also synchronized locally on most of my devices, so even if my server is dead I’m not really locked out, I just have annoying merge conflicts to resolve.
Also, Yubikeys. They’re nice. If whatever blackout destroys your Yubikey, you have much worse problems to worry about than checking your email.
I used to work for PIA. The best users are the occasional user, and there’s a lot of them. They cost little bandwidth, they pop on every now and then and off fairly quickly. Andrew also got pretty lucky, riding both the Bitcoin and Snowden waves. It probably did ultimately run at a loss at some point, but all the big ones could ride on their crypto payments rapidly increasing in value, and the hardcore privacy people were very happy to pay in crypto.
You can easily cram ~1000-5000 active users on a 10 Gbps server because you can assume that most people are far from reaching gigabit on their own (OpenVPN limitations helped a lot there). Even at just a dollar a year per users you’ve still got 5 grands which more than pays for the server which really only needs a good NIC and a bunch of IPs. But remember, most of those are idle or not connected at all, so you can have many more users than there is bandwidth available. And at that scale you get bulk discounts on the servers as you fill up a good rack or two.
I have to imagine at this point the market is incredibly saturated though, I left a bit over 6 years ago.
It’s always felt just a tiny bit better for me, but also never benchmarked it. Maybe on particularly heavy workloads or less powerful devices like the Steam Deck. Could also be that Gamescope doesn’t cope too well with it.
I do have 2 GPUs, one for my displays and desktop another dedicated to compute/VMs/gaming. So I wouldn’t know if it causes the compositor to slow down or starve for GPU access, as the game has a whole GPU just for itself.
That is both Google’s official version and what it looks like poking at it.
I haven’t dug in the code, so I don’t know if this is theoretically possible for a shady carrier to enable after the fact. But it very much looks like a dormant feature nobody uses.
I guess I could see that making sense in poorer countries where carriers might have issues of people signing up for phone plans and never paying. A carrier locked flip phone was pretty useless, but nowadays cutting your phone/data off is more of an inconvenience than a dealbreaker, you’ve still got WiFi and a nice phone.
I was able to start some of its private activities with ActivityLauncher as root. Most of them just crash immediately, but the help page is available. And yikes, they got them covered against a possible bypass, no developer tools or sideloading.
Still disappointed this is shipped in LineageOS, but I suspect not for much longer with that publicity.
At least it’s open-source: https://android.googlesource.com/platform/packages/modules/DeviceLock/+/refs/heads/main/DeviceLockController/
And that’d be why custom roms have it. It’s part of the base Android system.
but man I can’t imagine anyone new be like “so there’s a centralized documentation/communication channel for all of this, right?” 😆
I’ve contemplated making a blog series on it, but that involves finding time to actually make it work reliably and not hacked together, and also I guess setting up a blog for it. Ultimately I would be building a micro-DM of sorts that’s a one-shot command line where you give it a user and a session name, and it spawns the session correctly, with the goal to be able to run this alongside another DM like SDDM or GDM.
But yeah the documentation on this is pretty sparse, it’s very developer oriented and mostly used by people already in the deep ends of systemd and Wayland, ie. Gnome/KDE/wlroots developers. Also technically the Python script I shared is sort of v1, I have another version in Rust that goes through PAM and simulates a more accurate session startup. If you read the DBus API docs for login1, the function I’m calling is technically reserved for PAM. But PAM is like, a whole other thing. It fixed some issues and introduced a bunch more.
It’s a good step in the right direction but there’s still not really a good concept of headless seats, right now a seat will only be marked as graphical if it’s got a GPU attached to it, and you can only attach a GPU to a single seat at a time (at least via loginctl).
The problem there is really getting a compositor to run. By the time you have something to set WAYLAND_DISPLAY to, you already have solved the problem because you have a headless compositor running.
I did a little bit more research, and it seems at least wlroots compositors (Sway, Hyprland, Gamescope) do support headless with WLR_BACKENDS=headless (from this Reddit thread). Kwin apparently has a --virtual flag. Now I’m not sure that will result in a compositor with graphical acceleration, maybe it will if there’s a GPU available?
The main issue remains those are usually used for testing or remote desktop situations, like running GUI apps in CI and testing them. So they’re not very well documented nor all that well tested and supported.
Happy to help, I spent days on this so I’m glad to share the information! Feel free to ask more questions.
How… do you find all these pieces to glue together? Who or what is putting these out there “hey I want to initiate an desktop env”
Painful reading of the manuals. You really need to know what you’re looking for, what keywords to search. I also played around a good bit with SDDM’s source code to piece it together/see a working example.
Some docs
- https://docs.voidlinux.org/config/session-management.html
- https://www.freedesktop.org/wiki/Software/systemd/multiseat/
- https://www.freedesktop.org/wiki/Software/systemd/writing-display-managers/
- https://www.freedesktop.org/wiki/Software/systemd/logind/
I’m still bummed and a bit confused on the one shared GPU business I thought it wouldn’t matter if you ran multiple graphical applications regardless or is this imposed by Wayland at the moment? If not wayland would X11 do the same?
It’s mostly that on Linux, GPUs are a bit all or nothing at the moment. You can have two sessions running, but only one of them can be active at a time. You can’t have one on one monitor and one or another. Well technically you can, but people basically run Sway with a full screen nested compositor on each monitor.
Technically there’s nothing preventing the creation of a headless compositor with GPU acceleration. It’s just such a niche use case I don’t know of any compositor that lets you do that. They use nested compositors for development, but those still need a window on the parent compositor.
X11 won’t save you there, people use specialized headless servers for that like xvnc (not to confuse with x11vnc which runs as a X11 client) or xephyr because Xorg can’t do headless on its own that I know of.
My use case was barely slightly less niche than yours: I wanted Steam big picture on my TV at all times, independently from my main session so I can just pick up a controller and play. That’s possible, I got it to launch, but in the end there was too much mixing in with my daily system I figured I kinda want a clean install with just the necessary packages, so I ended up back with VFIO.
How many GPUs do you have? If only one, not possible, at least not easily.
But, to answer the question, yes I know. It’s kind of a mess because the API is very much designed around display managers. Basically you need to call some DBus functions after authenticating the user but before dropping privileges to register the user with logind. The result of that is some permissions are modified to your user so the compositor has access to keyboard, GPU, mouse, etc. That makes running two sessions of the same user really hard because that lets the compositor try to grab the same resources as the other session.
Here’s the script I had made, but I ended up just using a VM for a while since I wanted to also isolate installed packages and whatnot so it’s barely enough to start gamescope.
#!/usr/bin/env python3
import os
import dbus
sysbus = dbus.SystemBus()
login = sysbus.get_object(
"org.freedesktop.login1",
"/org/freedesktop/login1"
)
manager = dbus.Interface(login, dbus_interface="org.freedesktop.login1.Manager")
manager.CreateSession(
1001, # u uid
os.getpid(), # u pid
"tv", # s service
"wayland", # s type
"user", # s class
"gamescope", # s desktop
"seat1", # s seat_id
0, # u vtnr
"", # s tty
"HDMI-A-1", # s display
False, # b remote
"tv", # s remote_user
"localhost", # s remote_host
[]
)
os.execve("/usr/bin/fish", ["--login"], { "XDG_SEAT": "seat1" })
Run it with
sudo systemd-run --system --scope
This will make systemd create a fully detached session from your user, so you can su to a different user, run PAM modules, start the XDG session.
Correct. Nouveau is the kernel driver, like amdgpu for AMD, and mesa is the userspace driver that provides OpenGL and Vulkan, where NVK is the Vulkan driver for NVIDIA cards. Technically you can have multiple drivers installed at once, for example on AMD we have AMDVLK in addition to RADV, both open source, one managed by AMD the other by mesa. Old game needs a patched driver to work? Yep, you can wrap that in a Flatpak and make it work.
The kernel driver doesn’t do anything with Vulkan, it just provides all the stuff to configure the hardware like enabling monitors, setting their resolution, setting up memory, sending commands. It mediates access to the GPU. What commands get sent to the GPU is generated by the userspace drivers, like NVK, specific for the GPU. The GPU doesn’t really speak Vulkan by itself, that’s why we have to compile shaders for example: except instead of compiling for x86 or arm, you compile for whatever instruction set your GPU supports.
It might be possible to make it work with the proprietary kernel driver or the new open-source one from NVIDIA. And NVIDIA could in theory also make their proprietary OpenGL and Vulkan drivers compatible with nouveau, but I doubt that will ever happen.
Google’s phones have always supported the full spec. OnePlus used to also do that, but quietly removed support for it. OnePlus 8T on Android 11 (last OxygenOS version) you could, but when they switched it to Oppo’s ColorOS that got removed, that’d be 2021-2022 ish so that fits your experience.
For Samsungs, I don’t know. They let you relock the bootloader with a custom ROM on it, not just after flashing back a stock image? And it does the whole verified boot dance, TPM works and everything?
The key feature here is relocking with your own keys and retain all the security features as if it was a manufacturer’s build. Rollback protection and everything.
Google phones are pretty much the only ones that lets you relock the bootloader with your own signing keys. OnePlus used to, but not anymore. That means anyone can just flash anything to your phone and there’s no way to prevent it, except on Google’s phones. So, 30 seconds while you’re not looking and there’s a potentially a keylogger running as root on your phone.
With that in mind I can see why the authors aren’t interested in other devices. To release builds for a device you really need to own that device so you can test it on, maybe several of them. Each phone needs its own custom build and hacks and quirks. That’s expensive and time consuming. So you need someone with your particular model to be interested and volunteer in porting, maintaining and releasing builds of GrapheneOS for that phone. And the GrapheneOS guys are unlikely to buy those phones in the first place because it doesn’t have the features they want for their OS.
There’s probably builds floating around on XDA for GrapheneOS, for people like you that don’t need the security but just the privacy features. LineageOS’ list of official devices is pretty small but there’s unofficial builds for damn near anything on XDA, so it wouldn’t surprise me to see some unofficial GrapheneOS builds as well. Once you do have a device and a build setup, working on multiple ROMs at the same time is fairly easy, so I’ve seen the same developer releasing builds of whatever they can get to build.
then I tried signing-up to lemm.ee but was greeted with a couldflare of non ending page reload after solving captcha.
That particular instance was very recently the source of a lot of CSAM and spam, so that’d be why. A lot of instances recently upped their security to combat that.
There’s nothing forcing anyone to use those services, but the reality is that instances that aren’t quick to respond to those kinds of incidents will get defederated.
Cloudflare is a lazy but very effective and economical solution to this. The alternative is staff to monitor everything that goes through 24/7 which for most instances isn’t easy or possible. Many can barely afford the infrastructure costs.
The fact that very big instances hold the majority of the communities and discussions on lemmy and the fediverse in general is concerning.
It’s concerning regardless of the whole proxy banning debacle. A healthy fediverse is a well spread out fediverse.
But I doubt all instances will ever be that way. You don’t need a lemmy.world account to use lemmy.world’s communities, any instance would do.
My instance for example doesn’t use Cloudflare or any CDN, although it is invite only because I really don’t have time to deal with moderation. But I can access it over Tor if I want, and you can access it over Tor and browse it (read-only) just fine.
Reddit on the other hand wants to keep the data for themselves. Their VPN, Tor and proxy block isn’t just for posting, it’s for reading too and that is a much worse problem. They want to hoard the data so they can train their own Reddit AI on it. On lemmy you’ll always have at least read access to the platform through Tor and VPNs through random instances.
At least on Lemmy, a fully featured Tor hidden service instance is entirely possible, if someone is willing to vet the account getting registered and potentially malicious uploads. And anyone can make it happen.
The ads come from an ad network where there is very little visibility into what’s going to be displayed in your app. And bad people also keep managing to get their ads published even though the ad network doesn’t allow them
And it all ties into the whole targeted advertising, where they also make sure very few people get the bad ad, and tries to target people they think may be more susceptible to these kinds of tactics. Depending on the amount of interactivity allowed, the ad can even display two different things if it deems you too savvy to fall for it.
It’s basically unescapable unless you only use apps without ads, or pay for the ad-free versions.
The whole advertising industry is sketchy, more news at 10.
This sent me into the rabbit hole of checking all of their public repos and I’m impressed at how much of their tooling is public. The kernel comes with the PKGBUILD! I didn’t know the Steam runtimes were all available as OCI images for Docker/Podman, I thought they were inherently tied to Steam’s CDN and all.
Valve is doing so much good stuff for Linux and open-source in general. Valve respect renewed. They could have locked it all down to force you to use Steam, but they didn’t. It’s all available openly to their competitors and they would look bad if they forked it closed-source, effectively ensuring an open gaming platform.
Yes but only if you use their Gapps packages unmodified or don’t use their services at all. They don’t look as kindly when it comes to microG and Aurora, or even ReVanced, and they still fight to make sure Google Pay doesn’t work through SafetyNet and Play Integrity, and you’ll only know at checkout too.
People have been banned for using Aurora. You can mess with the OS but they don’t want you to mess with their apps and especially not if it affects how much money they make off you.
Ultimately this is what it’s running in the background: https://github.com/ValveSoftware/Fossilize
The idea is to make sure your graphics card shader cache is full with everything the game may use at some point, enabling smoother play and less hitching.
I think on NVIDIA, the cache ain’t that big by default so it may be recompiling everything from scratch, whereas it’s less noticeable on AMD systems because it’s already compiled it so only compiles what’s changed/new.
This issue suggests it’s currently pretty broken on NVIDIA right now: https://github.com/ValveSoftware/steam-for-linux/issues/9803
Voip call quality is terrible, it is near unusable over mobile data IME, it adds latency etc.
Oh boy, welcome to the whacky world of phone telecom.
It's not an inherent VoIP issue, you can select any audio codec you want, including lossless CD quality if you want. The issue is you need to make sure your call will end up using the best supported in common from your VoIP provider and the carrier you're calling to. Some carriers try to make people believe other carriers are crap by restricting the good codecs to themselves and their customers, so everytime you call someone on the other carriers, it sounds like crap, and makes the users feel like clearly the other carrier has to be crap because it's fine when it's with the same carrier.
My VoIP calls show up as HD calls and sound identical to other VoLTE HD calls just fine though. I'm using Linphone for Android and voip.ms as the provider, no issues other than navigating all the settings on their website is… a bit of a mess. But hey, they let you configure near everything so.
The only real alternative is to get a cheap VPS so you can VPN between the VPS and your home and keep using the tunnel and not expose your home IP but only your VPS IP. Or variations of that: you can also just use NGINX to forward 80/443 to 8080/8443 at home without even needing a VPN or to decode the encrypted traffic. Oracle has a free tier for those, but there's lots of reports of people's instances being shut down and left without their data.
There's no free and readily available solution like Cloudflare tunnels that can be more private, because whoever is proxying your traffic pretty much has to be able to see it. At the bare minimum, to be able to route it, they'd have to either give you your own public IP and blanket forward port 443, or they have to inspect the SNI header of the TLS session. It's technically possible to do that, I've implemented such a proxy with zero knowledge of the data inside. Cloudflare does have such a product in the enterprise tier, but it doesn't make sense for them to offer as a free product.
The only reason they have a free tier is to collect telemetry and run experiments to improve their enterprise offerings, and also free advertising by luring small companies into using them and then upgrading when they grow, or from people like us that will never need their paid features but will likely use them in an enterprise setting out of habit and comfort rather than do a true evaluation of all the CDN options available. Or people moving from free companies on the free tier to a bigger company that then will use them and upgrade to paid.
Electron isn't all that bad honestly. The bad part is people slap the same pile of massive and bloated node modules and framework in it that's the same cause as to why the modern web is so horrible.
A well written web app in Electron can feel quite good and snappy. It's just that the companies that own most of those apps don't care and won't give the developers time to build an optimized app, because that doesn't bring in money, but new features do.
Especially if you share the system electron runtime between apps, even the memory overhead isn't all that bad even compared to modern toolkits like GTK4 and Qt5/6.
But then you load like 5MB of poorly written CSS and a 10MB JS bundle plus all the assets and full screen background image and yeah, it'll chew through resources fast.
Sometimes when I have to debug a modern website, I'm amazed at the amount of crap it's there. Just checking the inspector in the browser, half the elements have hundreds of overriden CSS rules and hacks to make it display correctly instead of writing the CSS proper. Boatload of unnecessary divs and whatnot everywhere. That strains any layout engine.
The profiler in the browser console? Yeah nobody uses it, or even knows it exists and how to use it. I wow'd a lot of people just making a quick flamegraph and speeding up the code 10x like it's nothing.
We have the tools, but not the will to optimize.
Data breaches and just in general, what every company seemingly knows about me even if I never used their products, and how much reach those companies have on you that’s just plain inescapable like health insurance and banks?
Do I really care that Banana Co knows I like bananas? No. Do I care that my health insurance could deny a claim based on what I purchase at the grocery store? Absolutely. Companies use that data to serve their interests first. Especially when it comes to endangered rights like LGBTQ+, people of color and abortion rights, it makes it easy to feed all that data in an opaque AI black box and discriminate against you, with no way to prove it and no legal recourse.
Especially true with for example, Jews during Nazi germany, or right now anti-war russians in Russia. Lack of privacy can be plain dangerous.
I would trust them more than Microsoft because at least they would actually store it encrypted safely and not just basic ACLs that are easy to bypass.
Even with a root shell on macOS you can’t bypass certain things like access to the camera for example. You’d have to work way harder to access recall data, not in a way that malware can trivially access.
I still wouldn’t use it though, because I think the whole thing is dumb and I don’t need my computer to spy on me so I can remember what I did yesterday. I have browser/shell history for that.