Codeberg has been having outages recently.

https://status.codeberg.org/status/codeberg

According to this page, it's only been up 50% of the time.

Openbsd is definitely more secure than secureblue. There is only so much you can do to handle the massive monolithic architecture of the Linux kernel. Further down the stack, many parts of Linux, like sudo, dbus, or systemd are regularly hit by zero days. The SELinux domain architecture that Secureblue is interesting, but SELinux is extremely complex and difficult to get right, compared to the much more simpler pledge and unveil sandboxing that openbsd offers.

In addition to that, there are further issues like the problematic way that user namespaces interact with browsers. (And user namespaces are frustrating in general, secureblue actually has a short article on their problems). For maximum security, you want to sandbox tabs from eachother using user namespaces (only works on chromium btw, firefox can't do this so it doesn't matter) — BUT, if you run your browser in a sanbox created by user namespaces, then you can't nest them, disallowing you from using that powerful tool to isolate tabs. So you are forced to make a choice: You can either sandbox the browser itself, in exchange for weakening the isolation between tabs, or you can strengthen the isolation between tabs, in exchange for weaking the sandbox around the browser itself. Giving the browser access to user namespaces is questionable though, because see above, user namespaces have led to a lot of vulnerabilities.

OpenBSD's pledge + unveil (but only on chromium again), does not really make such tradeoffs. It can sandbox tabs from eachother, while also sandboxing the browser itself. In addition to that, pledge + unveil do not present a massive kernel attack surface that people have had to restrict for having too many 0days. And this is just one of the many, many examples, where OpenBSD presents a better security posture than Linux.

Qubes is technically Xen, a different kernel than Linux. The Xen kernel virtualizes Linux distros, from which you can manage Qubes/Xen, or do normal Linux app stuff. But nothing stops you from using a BSD virtualized by Xen for management or usage. Qubes talks about why they use Xen here — but the short version is that they did not consider the Linux kernel's kvm secure enough for their usecase.

Damn. This is cool af. I've seen so ,any interesting things with epbf, like bpfilter, facebook's ebpf firewall which they discussed being more performant.

I wonder if an epbf alternative to selinux is possible?

I've had similar experiences with this FPS game called krunker.io

Krunker.io is a browser based game, and it had a pretty bad cheating problem, and since it was a browser based gamr, the devs could never implement an anticheat that worked for long.

They implemented a deputization system, where certain respected members of the community would become "krunker police", and then you could call them from a lobby. They would then invisibly spectate, and record and ban cheaters. The system worked really well, actually. Cheaters were banned quickly, and the requirement collection of video evidence held those involved accountable.

But krunker players had another interesting way of handling cheaters. You see, krunker has really bad netcode, bad enough that you would have to lead hitscan weapons a variable amount depending on how much ping you had. Krunker was also a movement shooter, where you could slidehop and go really, really fasy. The combination meant that you could dodge the shots of cheaters. As I got better, I just stopped calling krunker police, and started beating them. One of my fondest memories was this one lobby full of good players, and when a cheater joined we stomped them below all of us on the ranking, taunting them all the way down. At the end, they tried to sell their cheats and we all laughed. "Why would I buy these cheats? I'm better than them". Eventually they ragequit. Good times.

But nooooo, nowadays modern game publishers need control over every part of the game. They demand control over the servers, refusing to let anybody host their own communities. They demand absolute control over the community, but refuse to actually moderate it and handle toxicity. And now, they're demanding control over the clients, forcing you to install rootkits on your computers so they can control those too.

FreeBSD, OpenBSD and NetBSD are behind Linux.

Look, I dislike permissive licenses too, but you need a source to back this claim up.

Right now, each BSD does something special, that Linux (distro's) can't trivially replace, even if the usecase is more niche. NetBSD Dev's make efforts to get it running on many devices as they can. OpenBSD (and it's subprojects) are highly secure, moreso than Linux. Who do you think makes our beloved OpenSSH? OpenSSH noted for having very few vulnerabilities over it's two decade long existence, and OpenBSD itself is similar, which is insane because there are products with multiple bad vulnerabilities every year (Linux being one of them...). This is due to a highly security minded architecture - one that Linux lacks.

FreeBSD is like Linux before systemd. I like systemd, but systemd is really trying to be kubernetes on a single node. I like systemd because I like kubernetes, but I understand why someone wouldn't like it, and I question if "single node k8s" is the best architecture for a single server or personal desktop. The ports system results in freebsd packaging many server services that aren't packaged on Linux. Being able to manage those through the system package manager, and the conviniences that provides, is nice.

Different, and not popular don't mean bad.

Have you used ovirt? It's currently being maintained by Oracle after Red Hat gave it up.

I've been meaning to try it, but the documentation is dense and hard to get through, and I unironically find the openstack install instructions more approachable in some ways...

My recommendation is to use an abstraction layer that runs qemu-kvm under the hood and automate that. Some people have mentioned libvirt, but Incus is another good option.

Owncast is the self hosted stream thing. It has some rudimentary federation capibilities, but nowhere near the ease discovery of twitch.

I know some streamers that have an owncast, expired_popsicle uses debian Linux and has one. (It's tech/linux streamers because of course).

Docker compose's don't really need to be maintained though. As long as the app doesn't need new components old docker composes should work.

EDIT: Oops, it does look like spacebarchat's docker images have last been updated over 2 years ago:

https://hub.docker.com/r/spacebarchat/server

EDIT2: Although this is outdated, I think their github repo has an action to autobuild docker images on pushes. Still investigating.

EDIT3: Okay, they don't seem to be actually ran.

But using nix to build a docker image is pretty cool.

EDIT4: Oh shit, the docker image build workflows were added just 2 hours ago. Of course they haven't been ran!

Docker support soon, probably.

EDIT5: the workflow ran, but it looks like it's private for now.

https://www.youtube.com/watch?v=46MQ1ZMZ-l4

This is a trailer for NBA 2k20, that shows more gambling content than actual gameplay.

The top comment is:

Hey 2k, theres a basketball minigame in your gambling simulator, can you fix it please?…

Termux recently got moved off of the play store (kinda), and is now only available on f-droid/github, because Google was further locking down what they allowed on their store.

And in addition to that, they recently added a restriction in later versions of Android: "Child process limit". Although this limit used to not there, when enabled, it prevents users from truly running arbitrary linux programs, like via termux.

Although the child process limit can still be disabled in developer options, it doesn't bode well for how flexible base android in the future will be, since many times corpos like Google move stuff into the "secret" options before eventually removing that dial all together.

TLDR: Termux has been, and is a thing... for now.

Also, I want to shout out winlator. It uses a linux proot, similator to termux, and has box64 and wine inside that proot that people can use to play games. I tested with Gungeon, and it even has controller support and performance, which is really impressive.

where does diagonal fall?