This is a text post, so the OP wrote text corresponding to the title. You should be able to see it at the top of the post. (Spoiler, OP is basically asking the community why NixOS is better, because they don't quite understand the advantages of using NixOS.)
POP!_OS apparently uses systemd-boot (not to be confused with systemd). It apparently adds a Windows entry automatically if Windows is installed on the same disk. When Windows is installed on a different disk, it looks like booting the windows boot manager EFI program is still possible with systemd-boot. The instructions given in that link are a bit vague, though.
This page has a different, simpler approach and more specific steps. Apparently you can just copy the Microsoft EFI folder to a specific directory in your Linux drive's ESP partition. I'd be a little bit concerned about Windows not being able to update its EFI bootloader, but I also don't know if Windows ever updates that. The page also has instructions on how to interact with the systemd-boot menu during boot.
You could also install grub yourself, but I can't guarantee that'll be easy. Mashing F2 might be the sanest solution, unless you plan on booting into Windows every day.
I got interested, so I spent some time looking into what's going on here. I'm not intimately familiar with X11 or Wayland, but I figured out some stuff.
Why sudo ip netns exec protected sudo -u user -i
doesn't work for X11 apps
Short answer: file permissions and abstract unix sockets (which I didn't know were a thing before now).
File permissions: when I start an X11 login session, the DISPLAY
is :0
and /tmp/.X11-unix/
has only 1 file X0
. This file has 777 access. When I start my wayland session with Xwayland, the DISPLAY
is :1
and /tmp/.X11-unix/
has 2 files X0
(777) and X1
(755). I can't figure out how to connect to display :0
, so I guess I'm stuck with :1
. When you change to a different (non-root) user, the user no longer has access to /tmp/.X11-unix/X1
.
Abstract unix sockets: When I start my wayland/xwayland session, it creates abstract unix sockets with ids @/tmp/.X11-unix/X0
and @/tmp/.X11-unix/X1
. See ss -lnp | grep Xwayland
. The network namespace also sandboxes these abstract unix sockets. Compare socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN
and sudo ip netns exec private socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN
.
When you do sudo ip netns exec protected su - user
, you loose access to both the filesystem unix socket /tmp/.X11-unix/X1
and the abstract unix socket @/tmp/.X11-unix/X1
. You need access to one or the other for X11 applications to work.
I tried using socat to forward X1 such that it works in the network namespace... and it kinda works. sudo ip netns exec protected socat ABSTRACT-LISTEN:/tmp/.X11-unix/X1,fork UNIX-CONNECT:/tmp/.X11-unix/X1
. It appears having ABSTRACT-LISTEN before UNIX-CONNECT is important, I guess it would be worth it to properly learn socat. With this sudo ip netns exec protected su - testuser -c 'env DISPLAY=:1 xmessage hi'
works, but sudo ip netns exec protected su - testuser -c 'env DISPLAY=:1 QT_QPA_PLATFORM=xcb kcalc'
does not work. 😞
Changing the file permissions on /tmp/.X11-unix/X1
to give the user access seems to work better.
Wayland waypipe
Waypipe works as advertised. But it's still a little bit tricky because you need to have two separate processes for the waypipe client and server, wait for the waypipe socket to be created, adjust file permissions for the waypipe socket file, and set (and probably mkdir) XDG_RUNTIME_DIR
.
waypipe -s /tmp/mywaypipe client &
sleep 0.1
chgrp shared-display /tmp/mywaypipe
chmod g+w /tmp/mywaypipe
sudo ip netns exec protected su - testuser -c 'mkdir -p -m 0700 /tmp/runtime-testuser && env XDG_RUNTIME_DIR=/tmp/runtime-testuser waypipe -s /tmp/mywaypipe server -- env QT_QPA_PLATFORM=wayland kcalc'
kill -SIGINT %1
Combined
into this script https://github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash
thanks, I'll try out the libx264 encoder next time
Oh wow, I didn't know (free) Davinci didn't support using H.264 as source media, that feels rather limited.
Completely tangential tip, but in the very-limited video editing I've done recently: I've used Davinci Resolve, rendered as .mov
, and then used ffmpeg to render to my actual desired format. e.g. h264 w/ aac audio so I can upload to Youtube:
ffmpeg -i input.mov -c:v libopenh264 -profile:v high -c:a aac -pix_fmt yuv420p output.mp4
I do think that finding the right flags to pass to ffmpeg is a cursed art. Do I need to specify the video profile and the pix_fmt? I don't know; I thought I did when I adventured to collect these flags. Though maybe it's just a reflection of the video-codec horrors lurking within all video rendering pipelines.
edit: there may also be nvidia-accelerated encoders, like h264_nvenc, see ffmpeg -codecs 2>/dev/null | grep -i 'h\.264'
. I'm not sure if the profile:v
and pix_fmt
options apply to other encoders or just libopenh264.
Flipping through my watched list, here are some romance anime I liked, varying levels of drama and comedy:
- Clannad and Clannad: After Story
- Skip and Loafer
- The Dangers in My Heart
- Toradora!
- My Love Story with Yamada-kun at Lv999
- Lovely Complex
- Taisho Otome Fairy Tale
- Tsuki ga Kirei
- Kimi ni Todoke: From Me to You
- Blue Spring Ride
- Sing "Yesterday" for Me
And maybe some that might not quite be what you were expecting:
- ReLIFE
- A Lull in the Sea
- One Week Friends
- The World God Only Knows
- Amagami SS
- Anohana: The Flower We Saw That Day
- Call of the Night
Edit: also looking forward to A Sign of Affection, which is airing this season
Shows for Winter 2024 on my radar, that I am interested in watching:
- Classroom of the Elite: first two seasons were fun, looking forward to season 3
- Bottom-tier Character Tomozaki: first season was OK, I'm interested in where the story will go
- Mato Seihei no Slave: I vaguely recall someone saying there was something good about the source material
- MASHLE: first season was OK, I'm not very interested in S2, I might binge it when the season is complete
- Blue Exorcist: oh, another season. It's been a while. I remember liking the first season and being confused at the start of the second season (it's about 6 years between each season, so maybe I just forgot some important details. From a S2 MAL review: "the season does not follow the end of season 1. Episodes 18-25 were not canon and accordingly, they do not exist in season 2", I didn't know this, so maybe that was my problem)
- The Dangers in My Heart: first season was fantastic, excited for the second season
- A Sign of Affection: the source material is rated highly on MAL, I'll give it a shot
- Banished from the Hero's Party: First season was OK
- TSUKIMICHI: I liked the first season, looking forward to the second season
- The Foolish Angel Dances with the Devil: I saw the PV, I'll give it a shot
- Cherry Magic!: The source material is rated well on MAL, I'll give it a shot
- The Witch and the Beast: The source material is rated well on MAL, I'll give a shot
- The Weakest Tamer Began a Journey to Pick Up Trash: WILDCARD, I dunno, it sounds like absolute trash from the title, but I think I'll give it a shot anyways
Boushoku no Berserk was fairly enjoyable! It is kinda trash, but it's good trash: there's an actual plot, the main characters are fairly likeable and fairly believable (even if the villians are like "hahaha, watch me be evil!") and have a touch of depth. The struggles that the MC has to deal with are actually interesting. The animation and sound design is of acceptable quality throughout. The voice acting was pretty good!
7/10: guilty pleasure for those of us who like these kinds of shows. I generally know what I'm getting into when I see the promotional art and description for these kinds of shows; Boushoku no Berserk meets or exceeds those expections.
Also Eris: "whoops, I guess I shouldn't have gone along with Envy's scheme." A change of heart... but why? Because Fate won? lol. I guess just leave it up to the viewers imagination because the actual explanation would probably not be worth watching.
/home is not deprecated, it's optional but common. Here is the section from FHS: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s08.html
It is annoying that you can't necessarily connect to all instances from your favorite instance, but this is also what makes the fediverse great compared to more centralized social media. Even though dessalines decided to delist ani.social, ani.social still exists and is still connected to instances other than lemmy.ml.
Although seemingly distorted views of reality coming from the main lemmy dev team do concern me.
I haven't made a bridge to a VM before today, or made a bridge with Network Manager. That being said, I was able to persuade Network Manger to get a bridge working, and there are a few things I can note:
When you setup the bridge, the host network interface should become a slave to the bridge. This means that the physical network interface should not have an IP Address, and your bridge should now be where you configure the host's IP address.
ip link | grep 'master br0'
on the host, and it should display 2 interfaces which are slaves to br0. One for the physical ethernet interface, one for the VM (vnet). And it should only list your ethernet interface when the VM is off.The RedHat tutorial does not show the bridge and the host having different IP addresses, the RedHat tutorial shows the bridge and the guest having different IP addresses. Actually, no, the RedHat tutorial shows the libvirt NAT bridge, not even the bridge that the tutorial describes creating... If you set the IP address of virbr0, I don't know what happens.
If your VM's network adapter is connected to the host's bridge, then you should be able to log into your VM and set a static IP address.
I had a lot of problems getting Network Manager to actually use my ethernet interface as a slave for the bridge. Here's what worked for me, though:
After that, I can go into "Virtual Machine Manger", set my VM's NIC's Network Source to "Bridge device...", Device name to"br0", boot my VM, login to my VM, configure my VM's ip address. And then I can connect to the VM's IP address from the physical ethernet network.