Zotero is a citation manager, with a firefox extension to save an article (but really, a tab) with one click.

It also has fulltext search. You can search snapshots of everything you save.

“But I can’t save all my tabs at once”

(There are some solutions, but nothIng official)

Save as you go. Computers simply don’t have enough ram for 2000 tabs.

Anyway, it also seems to be able to run javascript plugins, and I saw you have some experience with that.

It also has support for folders, so you can organize it a bit better than tabs work for that.

Yeah, I read that manual but it didn’t answer my question.

The big problem is that the arch wiki describes a setup with nested subvolumes first (in a subvolume below @ or whatever your root subvolume is), but then suggests in a tip to use a subvolume directly below the top level subvolume. The limitations mentioned in that manual don’t seem to apply to either setup, as they would prevent swap from working, which is not the case. I have tested both setups and they work fine — or so it seems. I’m worried there is some hidden gotcha I’m missing.

in addition to that, some of those limitations simply don’t apply to my setup, as I only have a single device.

Ventoy. I love it so much, being able to have more than one bootable iso and storage on a usb.

Although, it is slower to boot the more folders you have, since it scans all folders, but this is configurable

I use nix-shell to get the ventoy cli for when I need to install it to a usb stick.

The python3 package should contain the entire python standard library

You are free to use a distro which does not split packages, favorite distro, Arch Linux (btw).

Or, you can install the recommended dependencies of python3. Testing in a container, the python3 package pulls:

root@a72bd55a3c1a:/# apt install python3
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3
  libkeyutils1 libkrb5-3 libkrb5support0 libncursesw6 libnsl2
  libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
  libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl
  python3-minimal python3.11 python3.11-minimal readline-common
Suggested packages:
  gpm krb5-doc krb5-user python3-doc python3-tk python3-venv python3.11-venv
  python3.11-doc binutils binfmt-support readline-doc
The following NEW packages will be installed:
  ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3
  libkeyutils1 libkrb5-3 libkrb5support0 libncursesw6 libnsl2
  libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
  libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl python3
  python3-minimal python3.11 python3.11-minimal readline-common
0 upgraded, 26 newly installed, 0 to remove and 18 not upgraded.

python3-venv python3.11-venv

I find it odd, because debian does this by default, actually. They account for usecases like yours, and instead you have to edit a config file or use a command line flag to get it to not install recommended dependencies.

I guess someone is super happy they saved a few hundreds kilobytes of disk space though.

Yes. All the people basing docker images off if debian, and trying to get them as small as possible. The splitting up of packages, allows people to only pull in what they need.

What was it? I’m planning to do a nextcloud deployment via helm soon.

That only applies to unstable distros. Stable distros, like debian, maintain their own versions of packages.

Debian in particular, only includes security patches and changes in their packages - no new features at all.* This means risk of breakage and incompatibilitu is very low, basically nil.

*exceot for certain packages which aren’t viable to maintain, like Firefox or other browsers.

https://forgejo.org/compare-to-gitea/

I dunno, some of these are a pretty big deal, in particular:

Gitea repeatedly makes choices that leave Gitea admins exposed to known vulnerabilities during extended periods of time. For instance Gitea spent resources to undergo a SOC2 security audit for its SaaS offering while critical vulnerabilities demanded a new release. Advance notice of security releases is for customers only.

Gitea is developed on github, whereas forgejo is developed on and by codeberg, who use it as their main forge (also mentioned on that page). Someone dogfooding gives me more confidence in the software.

Related: https://getindie.wiki/

The comparison isn’t quite right because you can use git with any provider (Github, gitlab, etc), including multiple at once.

On the other hand, snap is hardcoded to only be able to use one store at a time, the snap store. To modify this behaviour, you would have to make changes to the snap client source code.

It’s a crucial difference.

What? Github is not open source.

And plenty of people have issues with Github: https://sfconservancy.org/GiveUpGitHub/

their entire hosting site is, itself, proprietary and/or trade-secret software

sn1per is not open source, according to the OSI’s definition

The license for sn1per can be found here: https://github.com/1N3/Sn1per/blob/master/LICENSE.md

It’s more a EULA than an actual license. It prohibits a lot of stuff, and is basically source-available.

You agree not to create any product or service from any par of the Code from this Project, paid or free

There is also:

Sn1perSecurity LLC reserves the right to change the licensing terms at any time, without advance notice. Sn1perSecurity LLC reserves the right to terminate your license at any time.

So yeah. I decided to test it out anyways… but what I see… is not promising.

FROM docker.io/blackarchlinux/blackarch:latest

# Upgrade system
RUN pacman -Syu --noconfirm

# Install sn1per from official repository
RUN pacman -Sy sn1per --noconfirm

CMD ["sn1per"]

The two pacman commands are redundant. You only need to run pacman -Syu sn1per --noconfirm once. This also goes against docker best practice, as it creates two layers where only one would be necessary. In addition to that, best practice also includes deleting cache files, which isn’t done here. The final docker image is probably significantly larger than it needs to be.

Their kali image has similar issues:

RUN set -x \
        && apt -yqq update \
        && apt -yqq full-upgrade \
        && apt clean
RUN apt install --yes metasploit-framework

https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

It’s still building right now. I might edit this post with more info if it’s worth it. I really just want a command-line vulnerability scanner, and sn1per seems to offer that with greenbone/openvas as a backend.

I could modify the dockerfiles with something better, but I don’t know if I’m legally allowed to do so outside of their repo, and I don’t feel comfortable contributing to a repo that’s not FOSS.

There is a reason for this: https://yast.opensuse.org/

https://en.opensuse.org/Portal:YaST

Yast is opensuse’s configuration/setup tool, and it’s used in the installer.

You can also use it from the installed distro itself, even configuring things like grub.

If you’re not trying to create complex virtual networks, or have hardware accelerated graphics, VirtualBox can be a bit unintuitive, but has all of the features that VMWare makes you pay for, available for free.

I use this too, and it should be noted that this does not require wireguard or any VPN solution. Rathole can be served publicly, allowing a machine behind a NAT or firewall to connect.

LXD/Incus. It’s truly free/open

Please stop saying this about lxd. You know it isn’t true, ever since they started requiring a CLA.

LXD is literally less free than proxmox, looking at those terms, since Canonical isn’t required to open source any custom lxd versions they host.

Also, I’ve literally brought this up to you before, and you acknowledged it. But you continue to spread this despite the fact that you should know better.

Anyway, Incus currently isn’t packaged in debian bookworm, only trixie.

The version of lxd debian packages is before the license change so that’s still free. But for people on other distros, it’s better to clarify that incus is the truly FOSS option.

Also switched here. OBS on wayland has some new features, that I’m excited to take advantage of, but I still cannot find a way to share some windows, but not an entire monitor.

OBS has another feature: “virtual monitor”. It does what it sounds like, and creates a virtual monitor, which you can then treat like a real monitor, like extending to, or unifying outputs, etc.

It also has a feature to share the entire workspace, but it doesn’t work like I expect, and instead uses all monitors (not workspaces) as a single input source. I suspect that’s a bug tbh, because this behavior is useless considering you can just add monitors as a source side by side.

Edge WebView2

I’m like 90% sure this requires edge to be installed, even though the EU mandated that they make edge uninstallable. So that might be their game here.

I remember this being brought up with an acquaintance, but basically there’s a bug where the newest fedora kernel isn’t compatible with VMWare.

So yeah. Either wait for a kernel patch, or wait for VMWare to fix their stuff. But they might not, other users have mentioned that they’ve gone downhill after being bought by Broadcom.

If you want 3d acceleration on virtualized Linux guests, other than vmware, you have two options:

• GPU passthrough
• Virtual gpu (virgl/virtualgl/egl-headless)

The latter is basically only going to work on a Linux host, virtualizing Linux guests (although it is possible on windows, with caveats).

The other downside is that no matter which option you pick, it’s all going to end up being a bit more tinkering (either a little — assign a vm a gpu, or a lot, install unsigned windows drivers), compared to VMWare’s “just works”/one click 3d acceleration setup.

Dockers manipulation of nftables is pretty well defined in their documentation

Documentation people don’t read. People expect, that, like most other services, docker binds to ports/addresses behind the firewall. Literally no other container runtime/engine does this, including, notably, podman.

As to the usage of the docker socket that is widely advised against unless you really know what you’re doing.

Too bad people don’t read that advice. They just deploy the webtop docker compose, without understanding what any of it is. I like (hate?) linuxserver’s webtop, because it’s an example of the two of the worst footguns in docker in one

To include the rest of my comment that I linked to:

Do any of those poor saps on zoomeye expect that I can pwn them by literally opening a webpage?

No. They expect their firewall to protect them by not allowing remote traffic to those ports. You can argue semantics all you want, but not informing people of this gives them another footgun to shoot themselves with. Hence, docker “bypasses” the firewall.

On the other hand, podman respects your firewall rules. Yes, you have to edit the rules yourself. But that’s better than a footgun. The literal point of a firewall is to ensure that any services you accidentally have running aren’t exposed to the internet, and docker throws that out the window.

You originally stated:

I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.

And I’m trying to say that even if that was true, it would still be better than a footgun where people expose stuff that’s not supposed to be exposed.

But that isn’t the case for podman. A quick look through the github issues for podman, and I don’t see it inundated with newbies asking “how to expose services?” because they assume the firewall port needs to be opened, probably. Instead, there are bug reports in the opposite direction, like this one, where services are being exposed despite the firewall being up.

(I don’t have anything against you, I just really hate the way docker does things.)