• 90 Posts
  • 610 Comments
Joined 2 years ago
cake
Cake day: July 25th, 2023

help-circle
  • A project ending as abandonware is always a possibility. One reason projects get abandoned is losing funding, which can be secured by using dual licensing and selling some features to businesses.

    They use AGPL so even if they broke their promise and restricted features, it could still be developed further (even if no new features got added). NGINX also uses a dual license.





  • After a quick read over some parts of the article, and looking into the Bottles flatpak manifest, I don’t think the sandbox escapes listed apply to Bottles - as long as you are exclusively using Wayland-compatible apps besides your games.

    • Bottles does not have access to $HOME, only through interactive xdg-portals
    • As long as you are using Wayland, an attacker can only access apps running through XWayland.

    Sadly electron is still a pita, so closing Discord and VSCode while gaming would be necessary (or restrict their host access, which would break sharing files in Discord and many more things in VSCode).

    So yes, I sadly have to agree, don’t rely on a sandbox, unless your not running X11.

    Luckily wine will soon support Wayland, so removing X11 access from Bottles would break this specific sandbox escape. Otherwise I do think flatpak/bubblewrap sandboxing is pretty solid.

















  • Chewy@discuss.tchncs.detoLinux@lemmy.mlImmutable Distro Opinions
    link
    fedilink
    arrow-up
    12
    arrow-down
    2
    ·
    edit-2
    1 month ago

    NixOS is immutable and atomic, but it isn’t image-based.

    Immutable simply refers to how the running system configuration can’t be changed by simply putting a file somewhere (e.g. copy a binary to /bin, which is a bad idea).

    For example, Fedora Atomic and derivatives are image based, although they are more flexible than the A/B types like SteamOS.

    OpenSUSE MicroOS uses btrfs snapshots to apply updates atomically, and is more flexible than most image based immutable distros.

    Edit: But I don’t think those terms have a single definition, so how would you differentiate these terms?