enumerator4829

#define yeet throw
#define let const auto
#define mut &
#define skibidi exit(1)

The future is now!

Re: HDD Fidget Toys

Apparently, some coatings on some platters may be somewhat not very good for humans. Carcinogens and such. Exercise caution and don’t lick the platters.

Source: Verbal warnings from my local hard drive aficionados, with like half a century of combined experience herding large flocks of hard drives. Don’t cite me, just don’t lick your platters. Remember to wash your hands after you’ve done the deed and finished screwing.

I’m assuming you use DisplayPort? Try using an HDMI output if possible.

I both agree with you, and kinda disagree.

If you venture into installing Flatpaks on such a system, just keep in mind that:

• Auto updates must be on
• The Maintainer of the Flatpak in question must be expected to provide security updates for the next five years or so. Personally, I’d only use it for packages provided directly by project maintainers (i.e. Dropbox from Dropbox Inc. as packaged by Dropbox Inc.).

Keep in mind, like 95% of normal people (we are not normal) don’t know what a package manager is and only use

• ”The internet”
• Webmail
• Google Docs
• Spotify

For that, we need the default desktop install and the Spotify app (probably a Flatpak). That’s about it. It’s a glorified web browser with batteries. Treat it that way and keep it that way, unless your SO has any specific needs and requirements.

The limited and dated package set is kind of a feature. Only packages that should work until the laptop breaks, and only packages that won’t change randomly when you update (mostly).

Two things I never want to work with and will just pay someone else to deal with whenever possible:

• Email
• Printers

And that’s about it, almost everything else I’m fine doing myself.

I’m gonna be the boring guy.

RedHat Enterprise Linux. (Or Rocky)

Most boring distro ever. Install it, turn on all the auto updates and be happy. Install something to take backups. Ignore any new major-releases, that laptop will die before the OS hits EOL.

Benefits:

• Boring. It’s their tool, not your plaything.
• Actually works
• Will be reasonably secure over time with minimal effort and manual intervention.
• If any commercial Linux software is required, it will most likely only be supported on RHEL or Ubuntu.
• Provides web browser and word-processing. And we don’t need anything else.

Drawbacks:

• Boring (for you)
• Not ideal for gaming

If you install anything else than RHEL-derivatives or possibly Ubuntu on a machine that someone else will use, you are both in for a world of pain. It has to ”just work” without intervention by you, and it needs to keep working that way for the next 5 years.

Source: Professionally deploying and supporting multiuser desktop Linux to a few thousand users other than myself.

Have you met out lord and saviour COBOL?

Sure, I’ll do another mini-rant.

I have no idea what real world threat model and threat actor the Wayland people are going for. A threat actor with code execution on a Linux desktop immediately has access to the filesystem and can do whatever anyway, in practice (see also: Steam deleting home directories). Privilege Escalation is a thing and namespaces in Linux are kinda meh. Run your untrusted code in an ephemeral VM.

My point is just that once you have a threat actor running code on your system, it’s game over regardless of whatever your desktop tries to do. (I’ll run with the Maginot Line comparison here, but Wayland is more like a locked door without walls.)

The security issues with X were the X-Forwarding-stuff being kinda bad, not the ”full access to everything”-stuff. I want my applications to access my things, otherwise I wouldn’t run the application.

If your threat model seriously needs sandboxing, you’ll wanna go the Qubes-route. Anyways, Arcan seems to have a more reasonable threat model than Wayland if you wanna go that route.

Thanks for reading my yearly mini rant on why Wayland’s security don’t matter and only gets in the way of the user and application developer.

So this is my big issue with Wayland - nothing is a ”Wayland problem”. Everything lands on the compositors. Features that existed for the past few decades in X and are deeply integrated into the ecosystem were relegated to second class citizens or just ignored. (Can we share our screens with Zoom yet?)

I won’t argue that X is flawless or should live forever. X should die. However, X actually solved problems instead of just providing a bunch of (IMHO) half baked ”protocols” so that someone else can solve the problem. From the perspective of a user or application developer, that’s just hot potatoes being passed around. And there have been plenty of hot potatoes the past decade.

Thank you for reading my yearly Wayland rant. I’ll now disappear into my XMonad-fueled bliss, fully software rendered.