The only strong holdout is glibc (musl is no match, and doesn’t pretend to be anyway).

Chimera Linux patches musl to use mimalloc and that allegedly mostly closes the performance gap. With notable glibc stronghold systemd supporting musl in recent versions I wouldn’t be too surprised if it catches on eventually, like clang arguably already has.

I appreciate the work ahead of time, and the law is the law. @svartkanin raised this PR internally within staff channels, and the feedback is that we’ll wait until there’s an overall stance from Arch Linux on this before merging this, and preferably involve legal representatives on this matter on what the best way forward is for us.

But from a personal reflection it’s clear that there’s a disconnect between law makers intent and how things like this will be implemented in reality, and once a law is in place - we might have to implement inconvenient things…

So I’ll leave this open for now, but I’ll also lock the conversation because experience from the mailing lists on this topic has told us this thread will get out of hand quickly.

@dylanmtaylor: this stance does not mean that we won’t merge this. And despite locking this thread, I think you, me and other contributors and maintainers can still comment (which is fine, and good).

Sounds reasonable to me

You also see Common Lisp on occasion, like in the browser Nyxt or the editor Lem.

Discover itself doesn’t guarantee anything. Flathub (the Flatpak repository you are presumably using) requires a human review for new applications but not updates (and the human review doesn’t include a full audit of the app). I’m not aware of malware being distributed via Flathub in the past, but that doesn’t mean it can’t happen.

I wouldn’t call using Limo straightforward, and the project hasn’t had a commit in eleven months (it’s still on Qt5…).

Honestly I would rather manage my mods with a bunch of shell scripts that are just repeated lines of ln -sfn. Those can’t do bulk downloads from Nexusmods, but I couldn’t get Limo to do that either…

Auf der einen Seite stehe das staatliche Interesse an effektiver Strafverfolgung, auf der anderen das Eigentumsrecht des Betroffenen – einschließlich des fortschreitenden Wertverlusts der Geräte. Entscheidend war, dass es über 2,5 Jahre keine ernsthafte Auswertung gegeben hatte. Und das, obwohl es sich überschaubare 56 GB handelte, es keine Verschlüsselung gab, die PINs bekannt waren und die Daten bereits gesichert.

Was für ein Saftladen. Erinnert mich an XKCD 538, nur umgekehrt.

In the xdg-desktop-portal PR there is a very interesting discussion about how OS level parental controls probably should work:

The other way to approach this would be to turn it on its head, and instead of having a portal which tells apps what age the user is, instead have a portal which apps can query to tell them whether content which has a certain rating should be shown to the user.

gnome-software, AppStream and malcontent use the OARS ratings system for tagging content with what might be age-restricted about it. This has a mapping to a CSM age (which is international), and that has mappings to most countries’ national ratings systems, and is designed for web content as well as games and films.

Presumably an app would send a list of specific OARS tags (which exist for precisely this purpose) to the OS via xdg-desktop-portal, and the OS would respond by classifying each tag as acceptable or unacceptable. The app then is only responsible for not displaying the unacceptable content, and tweaks to the filters based on jurisdiction and new laws/amendments happens in a clearly defined place which is the portal implementation (which could be in an optional package, e.g. xdg-desktop-portal-content-controls).

Of course that system wouldn’t comply with any of these new laws because they’re just bad. Even ignoring all technical considerations, most of them have a ridiculously broad scope (or large uncertainties). They’re very poor legislative work.

Using Guix SD instead.

Real answer, NixOS is very tied to Systemd (the init part anyways). Removing it would amount to rewriting half of <nixpkgs/nixos>, and writing a bunch of extra service definitions for packages that are only supported on systemd. Also you’ll have to reimplement UserDB (which is what this PR is for) to get GNOME (maybe also KDE?) to work.

Basically this means you as a user dont have to do anything but switch away from projects that depend on SystemD’s UserDB (like Gnome), not SystemD as a whole

You can also just… not put your PII into UserDB. It can store clear names, mail addresses, postal addresses and now birthdates… but it can also just serve as an interface to /etc/passwd. Which conveniently also works with LDAP accounts (unlike your hand written /etc/passwd parser) if you’re an organisation that uses LDAP.

This is the entirety of what UserDB knows about me:

userdbctl user --output=json $(whoami)
{
        "userName" : "sky",
        "uid" : 1000,
        "gid" : 100,
        "homeDirectory" : "/users/sky/home"
        "shell" : "/run/current-system/sw/bin/fish"
}

I don’t expect that to change with this PR.

The other user data is already stored in the userdb versions that nearly everyone who uses a systemd distro already has. You can check what data is being stored with userdbctl. On my system that looks like this:

userdbctl user --output=json $(whoami)
{
        "userName" : "sky",
        "uid" : 1000,
        "gid" : 100,
        "homeDirectory" : "/users/sky/home"
        "shell" : "/run/current-system/sw/bin/fish"
}

Honestly this PR is a bit of a nothingburger. I’m not aware of any distro really using userdb to store data beyond what you’d store in /etc/passwd (maybe Ubuntu does?). The main value of userdb seems to be as a frontend so other programs don’t need dedicated code to handle /etc/passwd, LDAP, etc. Notably GNOME recently eliminated their dedicated code in favor of just using userdb.

And Userdb doesn’t really handle data validation at all. It enforces that you input a valid date after 1900, but that’s kinda it. I guess you need root/sudo privileges to change the birthdate but that’s not much of a hurdle for most Linux users.

Really this entire PR boils down to:

ALTER TABLE users ADD birthdate date;

The infix syntax is not great, but you can at least write frac(n (n + 1), 2) and it renders the way you would expect.

Edit:

This is not even an option in typst, which uses the space as an escape character.

Technically LaTeX does this too with omitted curly braces:

\sum_{n=1}^9   % works
\sum_{n=1}^10  % doesn't work

Everyone just quickly learns to not do that.

I can only speak for myself but I like Typst a lot more than LaTeX. Typst compiles instantly and the markup language is very reasonable. LaTeX by comparison is slow and arcane, with a macro language that is unlike anything else in common use today. It also has pretty awful defaults to be honest, especially if you’re writing in a language that isn’t English. There are a few things that Typst can’t quite do, but that gap is shrinking as well.

Edit: This blog post has some examples and showcases a lot of the core functionality, including the scripting. Typst has a playground which you can use to get a feel for the basics (though installing it locally isn’t a massive pain either, unlike LaTeX). Overleaf allows trying LaTeX in the browser for free as well, although only with an account (partly because LaTeX tooling is a pain and expensive in CPU resources).

I’m not so sure about that. Vim has syntax highlighting, programming language support (assisted via ctags), two terminal emulators, a window manager, two (arguably three) programming languages, transparent remote file editing…

So anyway, I use an editor that doesn’t waste my time: Ed, man! !man ed.

This is made by an AI company (Kagi) so that checks out (although Kagi’s own logo defies the trend).

Of course, legislators are getting more and more technically knowledgeable so trying to rebel against OS age verification by simply cosmetically making a computer different from your typical desktop like systems might not suffice…

I’m admittedly not especially familiar with how law is practiced in the US but in my opinion trying to skirt the letter of the law while blatantly violating its intention is usually a bad idea. The more you piss off prosecutors and judges the more effort they will put into finding something to prosecute you over, and it also makes them more likely to push for the harshest fines/convictions that are legally possible.

Of course unfortunately a lot of the time the law is just bullshit, and this particular bill appears to have at least a few issues, but still…

Nevertheless, I did not know about Cage! At least now I know how the hacks make those IoT control panels with their SBCs! Perhaps I’ll set up something cool in my living room like… A weather forecast screen? The stock market? Live GPU prices?

For completeness sake, Cage isn’t the only way to do this. Gamescope is another popular “kiosk compositor”, notably used by the Steam Deck (in the “Deck mode”). And of course the same thing is possible with X window managers as well, Openbox seems to be a popular choice for X11 kiosks.

Oh no I wasn’t talking about your tone at all, sorry about my poor phrasing there. I meant the tone of Timothy Roscoe which rubbed me the wrong way.

I might be a bit overly sensitive since it reminded me of how science cranks like to talk about their “discoveries” - You know, how people like Avi Loeb or Eric Weinstein will go on Joe Rogan and complain how nobody in academia is taking them seriously. Obviously that’s not at all what Roscoe is doing but it sounded a tiny bit like that to my ears, at least before the Q&A section (which I hadn’t watched before writing my comment).

I was mostly just trying to convince myself this morning I wasn’t insane. I had thought it was the standard terminology.

No you are actually correct, “bare metal” does in fact mean “without an OS”. It just got co-opted to mean… other things additionally, and in the case of servers specifically the new usage ended up crowding out the original one. Hence the original misunderstanding.

There was a really interesting talk at USENIX a few years ago (Usenix 21 keynote with Timothy Roscoe, I just looked it up) that was basically saying that a modern OS like linux, isn’t even accessing hardware and is just an OS in a system of OSs on a computer.

This was indeed a very interesting talk. Not sure if the accusatory tone (Edit: Of the speaker!) was warranted but I’m not really the target audience so who am I to judge.

One aspect that he only mentioned in passing is that hardware manufacturers seem to be very happy to entertain Linux’s (and Windows’) assumptions about memory, just like they seem to be very happy to entertain assumptions about execution order. Nobody wants to make hardware that requires a weird bespoke operating system because of its bespoke microarchitecture (except perhaps for Apple, though I’m not confident they’re really innovating in this regard). Maybe I lack perspective but I don’t really see a nice way out of this either, since nobody wants to buy hardware that requires weird bespoke operating systems either (except once again Apple). And I don’t see how an operating system could be widely supported across many different SoC designs without accumulating a similar complexity to modern Linux.

We should definitely be feeling mildly uncomfortable about this entire thing though.

Yeah I understand that’s what you meant, but it’s not what people think when they hear “bare-metal server” (anymore… not saying you’re wrong!) or what the commenter I was responding to was talking about.

I’m not sure anyone is really deploying servers without an OS, even though I’m sure the concept has a lot of merit. Unfortunately there’s a strong trend of putting the absolute minimum possible effort into deployment at the expense of basically everything (which is how you end up with really stupid ideas like “serverless computing”).

Most TVs are probably already compliant because using them requires creating a Google or Apple account, which already want your age information (and the California bill explicitly allows using existing data like this IIRC). That’s good for avoiding disruption, but not so good from a privacy perspective.

The other advantage of a bare metal server is that the computing resources are guaranteed to actually be there when you need them. VM Providers are known to overbook their actual hardware, so if other customers happen to use more compute than anticipated then your VMs mysteriously won’t have the performance you paid for.

There’s also a computational cost to virtualization itself, so you can add slightly more performance to a single server before you have to use a distributed system, but I doubt that’s significant for more than a handful of businesses.