Max-P @ Max_P @lemmy.max-p.me

Just some Internet guy

---

Read more

Posts

2

Comments

1,636

Joined

2 yr. ago

Less and less about OpenAI is actually... open at all.

You can also nest rootful Xwayland in there too!

From the user's shell,

    
WAYLAND_DISPLAY=/run/user/1000/wayland-0 Xwayland :1 &
export DISPLAY=:1 WAYLAND_DISPLAY=
i3 &
xterm &
konsole &


  

Of course you that means you can also run Plasma X11 that way for example:

Make sure to use machinectl and not sudo or anything else. That's about the symptoms I'd expect from an incomplete session setup. The use of machinectl there was very deliberate, as it goes through all the PAM, logind, systemd and D-Bus stuff as any normal login. It gets you a clean and properly registered session, and also gets rid of anything tied to your regular user:

    
max-p@desktop ~> loginctl list-sessions
SESSION  UID USER  SEAT  LEADER CLASS   TTY   IDLE SINCE
      2 1000 max-p seat0 3088   user    tty2  no   -    
      3 1000 max-p -     3112   manager -     no   -    
      8 1001 tv    -     589069 user    pts/4 no   -    
      9 1001 tv    -     589073 manager -     no   -    

  

It basically gets you to a state of having properly logged into the system, as if you logged in from SDDM or in a virtual console. From there, if you actually had just logged in a tty as that user, you could run startplasma-wayland and end up in just as if you had logged in with SDDM, that's what SDDM eventually launches after logging you in, as per the session file:

    
max-p@desktop ~> cat /usr/share/wayland-sessions/plasma.desktop 
[Desktop Entry]
Exec=/usr/lib/plasma-dbus-run-session-if-needed /usr/bin/startplasma-wayland
TryExec=/usr/bin/startplasma-wayland
DesktopNames=KDE
Name=Plasma (Wayland)
# ... and translations in every languages


  

From there we need one last trick, it's to get KWin to start nested. That's what the additional WAYLAND_DISPLAY=/run/user/1000/wayland-0 before is supposed to do. Make sure that this one is ran within the machinectl shell, as that shell and only that shell is the session leader.

The possible gotcha I see with this, is if startplasma-wayland doesn't replace that WAYLAND_DISPLAY environment variable with KWin's, so all the applications from that session ends up using the main user. You can confirm this particular edge case by logging in with the secondary user on a tty, and running the same command including the WAYLAND_DISPLAY part of it. If it starts and all the windows pop up on your primary user's session, that's the problem. If it doesn't, then you have incorrect session setup and stuff from your primary user bled in.

Like, that part is really important, by using machinectl the process tree for the secondary user starts from PID 1:

    
max-p@desktop ~> pstree
systemd─┬─auditd───{auditd}
        ├─bash─┬─(sd-pam)                 # <--- This is the process machinectl spawned
        │      └─fish───zsh───fish───zsh  # <-- Here I launched a bunch of shells to verify it's my machinectl shell
        ├─systemd─┬─(sd-pam) # <-- And that's my regular user
        │         ├─Discord─┬─Discord───Discord───46*[{Discord}]
        │         ├─DiscoverNotifie───9*[{DiscoverNotifie}]
        │         ├─cool-retro-term─┬─fish───btop───{btop}
        │         ├─dbus-broker-lau───dbus-broker
        │         ├─dconf-service───3*[{dconf-service}]
        │         ├─easyeffects───11*[{easyeffects}]
        │         ├─firefox─┬─3*[Isolated Web Co───30*[{Isolated Web Co}]]

  

Super weird stuff happens otherwise that I can't explain other than some systemd PAM voodoo happens. There's a lot of things that happens when you log in, for example giving your user access to keyboard, mouse and GPU, and the type of session depends on the point of entry. Obviously if you log in over SSH you don't get the keyboard assigned to you. When you switch TTY, systemd-logind also moves access to peripherals such that user A can't keylog user B while A's session is in the background. Make sure the machinectl session is also the only session opened for the secondary user, as it being assigned to a TTY session could also potentially interfere.

what distro/plasma version are you running? (here it's opensuse slowroll w/ plasma 6.1.4)

Arch, Plasma 6.1.5.

what happens if you just run startplasma-wayland from a terminal as your user? (I see the plasma splash screen and then I'm back to my old session)

You mean a tty or a terminal emulator like Konsole?

• In a tty
  • if I'm already logged in it should switch to the current session as multi-instance is not supported
  • if it's my only graphical session, it should start Plasma normally with the only exception being KWallet not unlocking automatically.
• In a terminal within my graphical session: nothing at all.

It's a lot easier with Wayland and hardware acceleration works, see my solution. It does a proper login session and starts the whole DE exactly the same way as if you logged in from a tty too so everything just works as expected there. Wayland devs use that a lot for testing and development so it's quite well supported overall.

Totally possible. It'll work best with Wayland thanks to nested compositor support, whereas on Xorg you'd need to use Xephyr which doesn't do hardware acceleration.

    
# Give the other user access to your Wayland socket
setfacl -m u:otheruser:rx $XDG_RUNTIME_DIR
setfacl -m u:otheruser:rwx $XDG_RUNTIME_DIR/wayland-0

# Open a session as the other user (note the trailing @, it's there to login in to the local machine)
sudo machinectl login otheruser@

# Start your DE!
WAYLAND_DISPLAY=/run/user/$(id -u yourmainuser)/wayland-0 startplasma-wayland

  

And tada!

If you can find where the antenna is, you can cover it with some metal tape to kill the signal. Or wrap the whole thing on a metal cage or foil, basically put the thing in a faraday cage.

I have a feeling they'd put the antenna in the front panel though, so that solution may not be super aesthethic if that's the case.

If you're careful and just disconnect the antenna properly such that you can plug it back in it should be okay.

Does the morning coffee count? I'll skip it if I'm being late but I do like my morning coffee.

I would use maybe a Raspberry Pi or old laptop with two drives (preferably different brands/age, HDD or SSD doesn't really matter) in it using a checksumming filesystem like btrfs or ZFS so that you can do regular scrubs to verify data integrity.

Then, from that device, pull the data from your main system as needed (that way, the main system has no way of breaking into the backup device so won't be affected by ransomware), and once it's done, shut it off or even unplug it completely and store it securely, preferably in a metal box to avoid any magnetic fields from interfering with the drives. Plug it in and boot it up every now and then to perform a scrub to validate that the data is all still intact and repair the data as necessary and resilver a drive if one of them fails.

The unfortunate reality is most storage mediums will eventually fade out, so the best way to deal with that is an active system that can check data integrity and correct the files, and rewrite all the data once in a while to make sure the data is fresh and strong.

If you're really serious about that data, I would opt for both an HDD and an SSD, and have two of those systems at different locations. That way, if something shakes up the HDD and damages the platter, the SSD is probably fine, and if it's forgotten for a while maybe the SSD's memory cells will have faded but not the HDD. The strength is in the diversity of the mediums. Maybe burn a Blu-Ray as well just in case, it'll fade too but hopefully differently than an SSD or an HDD. The more copies, even partial copies, the more likely you can recover the entirety of the data, and you have the checksums to validate which blocks from which medium is correct. (Fun fact, people have been archiving LaserDiscs and repairing them by ripping the same movie from multiple identical discs, as they're unlikely to fade at exactly the same spots at the same time, so you can merge them all together and cross-reference them and usually get a near perfect rip of it).

I don't understand what's up with the US and this will to always hand out the harshest punishment in every situation. Locking someone up for 20 years in prison does nothing to reform them, the whole system is designed for them to fail and get locked up again too. Can't get jobs because you're forever tagged as a felon, and the conditions are so harsh nobody can employ them anyway because they can barely do a normal 9-5 because they put probation appointments in the middle of the day so you always have to ask for time off, can't do overtime because you have to be home outside of 9-5. All those institutions are biased towards locking them up again because that's how they make money, it's in their financial interest and duty to shareholders to keep a market of criminals to lock up.

The only option left for those people upon release is to go right back to crime because that's the only thing that doesn't discriminate against them forever and allows them to make sufficient money, or jobs that are basically slavery with extra steps.

And in this case it's pretty clear they got the biggest possible sentence because they weren't white.

Upon Ms. Polk’s release, she earned a doctorate in public policy and administration and is an advocate for the elderly

That seems like a perfect example of someone that has been reformed and is no longer deserving of punishment. Only someone made out of pure anger would have a problem with that.

The real victim here is the poor souls that have to use Oracle products

We've been using vector rendering for decades, this isn't new at all. This just makes it better because supposedly now it can be offloaded to the GPU.

From the OS's perspective it doesn't care: it hands a rectangle to the application to render into along with some metadata like what scaling to render as. Then the application does what it needs to do to get the pixels in there.

This would be handled entirely in Qt, in this case, but any competing toolkit can also implement something similar and all.

I have both. I find that YouTube Music has a much better algorithm, but the app really does sucks, although at least it doesn't crash for me. Spotify's app is a lot more polished (although lately it too has started to enshittify), but the music discovery is a bit lacking. Audio quality is better on Spotify, YTM just sounds compressed to be as loud as possible.

Air Canada has everything it needs to end the strike, no need for government intervention: all they have to do is give pilots their raise.

Last thing I want is be on a plane with a pilot that has to do a side job and more likely to be tired and make mistakes.

No but it does show how much capitalism relies on the absolute exploitation of the labor market and the double-standards from the US in that regard. Free market good but only when US companies are the ones fucking everyone over.

• US companies buying cheap stuff from China and marking it up 500%: good, American values
• China cuts the middleman and sells the same product for the same price they would sell it to the reseller: noooooo we can't compete with that, China bad, it's so unfair! Waaaaaaa

At least the EU doesn't constantly brag about muh freedom and how the free market is the best thing ever and you're a commie if you don't agree that capitalism is the best.

I believe you, but I also very much believe that there are security vendors out there demonizing LE and free stuff in general. The more expensive equals better more serious thinking is unfortunately still quite present, especially in big corps. Big corps also seem to like the concept of having to prove yourself with a high price of entry, they just can't believe a tiny company could possibly have a better product.

That doesn't make it any less ridiculous, but I believe it. I've definitely heard my share of "we must use $sketchyVendor because $dubiousReason". I've had to install ClamAV on readonly diskless VMs at work because otherwise customers refuse to sign because "we have no security systems". Everything has to be TLS encrypted, even if it goes to localhost. Box checkers vs common sense.

IMO that's more of a problem with the industry not really caring to support lower specs, or generally not seeing the deck as a real console or platform to target. People still make Switch games and the damn thing was already outdated at launch and they even underclocked it for good measures.

At 800p you've got to start thinking, is most of the detail those games compute even actually visible the on screen? How many PCs does that make obsolete? If the deck can't run it at 800p, even at 1080p you're gonna need what, an RTX 2060 for the lowest settings on a PC?

Some of the example titles don't even sound like they're the kind of titles that are made to showcase what your 4090 can do, which logically you'd want as many people as possible to be able to play it.

LetsEncrypt certs are DV certs. That a put a TXT record for LetsEncrypt vs a TXT record for a paid DigiCert makes no difference whatsoever.

I just checked and Shopify uses a LetsEncrypt cert, so that's a big one that uses the plebian certs.

Neither does Google Trust Services or DigiCert. They're all HTTP validation on Cloudflare and we have Fortune 100 companies served with LetsEncrypt certs.

I haven't seen an EV cert in years, browsers stopped caring ages ago. It's all been domain validated.

LetsEncrypt publicly logs which IP requested a certificate, that's a lot more than what regular CAs do.

I guess one more to the pile of why everyone hates Zscaler.

Because it's too flexible, and assumes everyone has source code to glue it all together. There's endless choices you can make to have a functional system.

• Before you even compile the kernel, you have to provide a C compiler. That can be GCC or LLVM/clang.
• Before you even build the kernel, you have to pick a CPU architecture and subsystems to enable.
• Before you can even boot the kernel in any useful manner, you need to select a partition table format, one or more filesystems to put on the drive, all with varying amounts of features, but are at least mostly all POSIX compliant. Or a ramdisk.
• Even just starting at the very core of userspace, the C standard library, you have glibc, musl, uClibc. That can only be dealt with at compile time.
• Then on top of that, for the core utilities, you have the GNU coreutils, uutils, busybox, toybox, the BSD coreutils.
• Great, we can start booting now. Wait, now there's the choice of init system: systemd, sysvinit, OpenRC, runit, upstart, dinit, and a lot more. Good, we're booted.
• Now we need a login prompt, which can be agetty, greetd, mingetty, GDM, SDDM, LightDM. You've entered your password: that may or may not trigger a PAM session, which can verify your password from just about anywhere (locally, Kerberos, LDAP), start a D-Bus session, register a session with logind, that can trigger decryption and mounting of a drive, which itself could be local or remote or removable.
• We're logged in! Now we need a shell. There's bash, dash, zsh, ash with their own small differences, and that's just the POSIX compatible ones. There's also fish, nu, ksh, csh and more.
• We have a prompt! Now we should probably install some software. Is it gonna be apt, yum/dnf, zipper, pacman, apk, xbps, emerge, port? What's the package names? Depends on the distro!
• We have a way to install software, now we need network to get it. How's the network configured? ifupdown, systemd-networkd, NetworkManager, Connman, dhclient, dhcpcd, netplan, netctl. If you have WiFi, there's iwd and wpa_supplicant.
• Lets get a graphical session. Xorg or Wayland based? ALSA, PulseAudio or PipeWire? Window manager or desktop environment?
• You want to mount a drive. systemd can do that, udev can do that, fstab can do that.

That's just the basics to make it to a desktop. Now there's some stuff to help that a lot, like Flatpak which aims to provide a known base system for apps to target. The portals help get access to resources with varying backends. PipeWire supports pretty much every audio protocol in existence so that's alright. Flatpak is a pretty good standard/ABI to target. For server software we have similar things in the form of Docker and Podman. But all of these solutions are basically "lets just ship the distro with the software".

The only really standard interface is the Linux kernel's public interface. If you're writing a driver, you better be ready to maintain it because stuff moves around a lot internally, the kernel doesn't care not to break out of tree modules. Go makes use of the stable kernel API and skips the libc entirely, so Go binaries are usually fairly portable as long as the kernel is somewhat sane.

The only real standard you can target is POSIX, which is fine if you're writing CLI or server software, but if you want to write GUIs, you just have to make choices. Most Linux stuff runs fine on FreeBSD too, they have Wayland, PipeWire and Mesa there too, so technically at this point you're not even targetting Linux per-se, more like generally POSIX-y systems with software that's just very commonly used and target that.

On Windows and Mac, you have what Microsoft/Apple provides and if you want anything else you bring it yourself. However, technically you can install PulseAudio on those, install an X server (Xming, Xquartz), run most DEs in there, run browsers and quite a bit of Linux-y stuff, natively on Windows and Mac in their respective binary formats.

The thing with FOSS is there isn't a single standard it targets, we just port everything to everything as needed. The closest thing we have to a standard is targeting specific versions of specific distros, usually Debian/Ubuntu or RHEL and derivatives because that's what the enterprise customers that pays for the development tends to run. That's why Davinci Resolve is a pain to run on anything other than Rocky Linux. Thankfully, it's also just software and dependencies, so if you just give it everything it uses from Rocky, it'll work just fine on other distros. And that's why source code is important: you can make everything work with everything with enough time and patience. That's what powers the ecosystem.