While I do get your sentiment, we currently see in Ukraine what happens if you don’t have a defense industry: You’re reliant on other countries to supply you in case a hostile nation notices that you’re lacking it.

All that follows is my personal opinion, but for ease of writing, I’m gonna present it as facts.

Once you have grasped the advantage that Nix offers, all the fundamentally different solutions just seem s o inferior. When I first tried NixOS on a decommissioned notebook, the concept immediately made sense. Granted, I didn’t understand the language features very well – I mostly used it for static configuration with most stuff just written verbatim in configuration.nix, though I did use flakes very early on because of Lanzaboote. But just the fact that you had a central configuration in a single language that was able to cross-reference itself across different parts of the system absolutely blew me out of the water. I was a very happy and content Arch user, even proficient enough to run my own online repository that built from a clean chroot for AUR packages (if you use Arch with AUR packages on multiple systems, check out the awesome aurutils!), but after seeing the power of NixOS in action, I switched over all my machines as soon as I could - desktop, virtual servers (thanks nixos-anywhere!), main notebook and NAS.

People often praise the BSDs for their integrated approach – NixOS manages to bring that approach to Linux. Apart from GUIX System that I never tried because Secure Boot was a requirement when I last looked at other distributions, none of them have tackled the problem that NixOS solves, and it’s not even certain if they actually understand it. Conceptually, it plays on a whole different level. No more unrecoverable systems, even with broken kernels – just boot the previous configuration. Want to try changes without any commitment? nixos-rebuild test got you. Need an app quick? nix shell nixpkgs#app it is.

Plus the ecosystem is just fantastic. The aforementioned nixos-anywhere really helps with remote provisioning, using disko to declaratively setup filesystems and mounts, you have devenv which is a really good solution for development environments, both regarding reproducibility and features, and many more that I can’t mention here. There is nothing comparable, and the possibilities are unlike in any other ecosystem.

It’s not perfect for sure though, and documentation is sparse. The language concepts which allow one to “unlock” the most powerful features are different from what most people know.

I was lucky enough to have some downtime at work to get into the system a bit deeper (this was still for work though, just not my core skillset) by implementing a “framework” for our needs which forced me to not just copy and paste stuff, though I definitely did get inspired from other solutions, but to actually better understand the module system (I think?), thinking in attribute sets, writing your own actual modules, function library and so on. But in the end, it was definitely worth it, and I’m unaware of any other system that would allow what Nix and NixOS allowed me to build.

NixOS […] some packages are kinda old

Fair

that server will be going back to debian next summer.

I don’t think that will solve the “some packages are kinda old” issue.

I’d guess this is less about MINIX vs. Linux and more about ultimately having 0 control over or insight into it.

The joke being that he didn’t actually say it, same as Microsoft never stating 10 being the last version of Windows ever

What would be the utility for someone, who cares about privacy and currently uses Signal and email for communication?

Your organization can’t host a federated Signal server, and email isn’t private.

Is Matrix anything good already, or is it something with potential that’s still fully in development?

My previous organization has used it for over 4 years without issues, however mostly limited to text.

How tech savvy does one need to be to use Matrix?

Simply using? Not very much, basically like Lemmy.

Believe it or not, even the thugs beating down protests enjoy western luxuries… Or not having 20% inflation.

Plus, enforcing your government’s policies becomes a whole lot less attractive if all your neighbors dislike your employer. It all trickles down eventually.

And I don’t know if you noticed or not, unfortunately, the sanctions aren’t working that well… Maybe the answer is more sanctions? idk

I’m in favor of more of them, but I don’t think the current ones aren’t working. It was clear from the beginning that they’d be escalating so that Russia has a way out. They’re not using it so sanctions get worse.

Sure… Their anger will be directed at Putin, not at who actually imposed those sanctions.

I am worried that these sanctions will make them band together and support Putin even more.

And then what? They’ll go to war even harder? And if Putin is such a good leader, why doesn’t he just have Russia produce alternatives to the goods and services under sanctions?

The old status quo without sanctions got the world into the current situation. Why would keeping it the same fix it?

One could also make the opposite case for your logic: I am worried that without sanctions, people will see Putin as a strong leader, and as such hand together and support him even more.

We are entering the era of cyber-warfare, nation-state counter hacking, software and hardware sabotage, underground black and grey markets for both hardware and software.

We have entered that territory at least 10 years ago.

The rest I agree with. But I also think this is in fact the right move: you need to create pressure that hurts both the leadership and the people.

Qualcomm paying as much as other licensees should be preferable to Qualcomm than bankruptcy.

Not saying this is wrong, but where do you get it from? The article just states that ARM considers Qualcomm’s acquisition of Nuvia a breach of license. Both companies held ARM licenses before. What’s the issue with such a purchase?

What that monopoly got us: The C programming language, UNIX, UTF-8, among others

What the current tech monopolies yielded: yachts for the upper management

I have full IPv6, none of my ports that I haven’t explicitly whitelisted in the firewall can be accessed from the Internet. I can open a host completely, but it’s not default. This is on the most common brand of consumer routers here.

Just because it’s not NATted doesn’t mean there’s no firewall in place.

At this point, Prime doesn’t make sense if you want to save on shipping. It made sense because it included a lot of good stuff (video before ads, some music, shipping, games) but just for shipping, there were better options.

I basically overpaid but didn’t care out of convenience - partner sometimes watched prime, I ordered occasionally, played some included games. But the changes to video were so shady that I cancelled it.

My router will still block all ports not explicitly allowed for the hosts regardless of protocol, it’s a firewall after all and not just NAT. Just because the host addressable doesn’t mean its ports are reachable.

Salt the hash with something unique to that specific user so identical passwords have different hashes

Isn’t that… the very definition of a Salt? A user-specific known string? Though my understanding is that the salt gets appended to the user-provided password, hashed and then checked against the record, so I wouldn’t say that the hash is salted, but rather the password.

Also using a pepper is good practice in addition to a salt, though the latter is more important.

Testing is actually mandatory, what’s not mandatory though is to do it before deploying.

what’s feurking

An optional step in the développement process

Emacs? When there’s ed? Talk about bloat…

Personally I’d love to see more wider usage of S/MIME and/or PGP.

I’d rather see less. https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue and they have a shorter follow-up post about why encrypting mail in general is bad at https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/

What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.

By definition, that key can no longer be considered “private”.