Nix in single user mode can apparently work with SELinux in enforcing mode, although AFAIK binaries installed via Nix can not have SELinux metadata which could be an issue for some programs.

Determinate Nix claims to have seamless integration with SELinux (unlike upstream Nix and Lix, but it’s not a fork, alright whatever you say Eelco). Using that and removing the proprietary garbage their installer also adds might be easier than making regular Nix play nice with it.

My understanding is that most of this is down to ARM’s (relative) lack of standardization. Consumer ARM SoCs don’t even have ACPI, so you aren’t even guaranteed to be able to do things like powering off the system. Qualcomm pretty much has to add some minimum support for their SoCs to the kernel because most of their consumers will want to get Android working on them, but that doesn’t mean they’ll do more than they have to for that.

There’s a reason you can install Linux on any x86 PC and it will mostly work, but you can’t install an ARM Linux on a phone. Even Android forks like Lineage don’t support all Android phones, even though they’re shipping basically the same thing the manufacturers are.

If your privileged user doesn’t have a password, in some cases this could lead to any program being able to elevate their privilege quietly, unlike UAC.

I think this is the most important part. There really isn’t any protection against random processes trying to do some version of exec sudo $0 except for the fact that it requires a password.

The FSF says this is the case but the actual legal situation is less clear, especially in the EU. Linking does not necessarily constitute a derivative work. Even decompilation of a (proprietary) library in order to link to it might be acceptable depending on the circumstance.

This isn’t something that can be fixed with a license, it’s a direct result of EU copyright law. Historically companies have tended to err on the side of the FSF interpretation, but it is on somewhat shaky grounds.

Sure it’s a problem when that happens. It’s not the only problem, and honestly in the case of coreutils it’s not really the most relevant one.

Do you think it’s likely that corporations will take over UNIX-likes with proprietary coreutils extensions forked from uutils? Because that’s the one thing that is legal to do with an MIT/BSD licensed coreutils but not with GPL licensed ones.

GPL has been battle tested in court

Well… parts of it have been. Others have not. Notably the FSFs view on whether or not linking to a GPL-licensed library constitutes a derivative work (and triggers the GPLs virality) is not universally shared by legal scholars. In the EU in particular linking does not necessarily create derivative works, despite what the FSF says. This has not been tested in court.

Some other parts like the v3 anti-tivoization hasn’t gone to court either, but that has lesser ramifications (assuming you’re not TiVo).

THAT’S how we have corporations profiting from GPL. Not because GPL allows anyone to use it.

What distinction are you trying to draw here exactly? They can do it precisely because the GPL (v2) allows it. The GPLv3 has some extra restrictions but doesn’t do anything about closed source drivers (beyond the linking thing) or the Google Play Services type of proprietary extensions.

Funny you say that because OS X shipped (and probably still ships) plenty of copyleft licensed software such as Bash. The Linux kernel is used in Android and ChromeOS.

If you want to stop corporations from profiting off your work, putting a GPL on it isn’t gonna do it. In fact no free software license will do it, because by definition they allow anyone to use and ship your software.

All of the 5 people who use (non-ESR) Firefox on their 2002 Pentium 4s will certainly be very unhappy about this.

I have this in my config:

function lastcmd
    echo $history[1]
end

abbr --add "!!" --position anywhere --function lastcmd

I believe I originally got this implementation from the GitHub issues. The key is that abbreviations can also call functions, which can in turn index into the history list. We also need to specify that we want the expansion even if we’re in an argument to another command, such as in sudo !!.

This is by no means complete, but the features that I value would be:

• <Tab> cycles though completions as it should instead of duplicating the prompt.
• Completions also show help text (if there’s a provider for one). For example on git <Tab> it shows a short message describing what the command does. JJ goes further: jj diff -r <Tab> shows part of the commit message for the offered commits.
• There are just more completions than in any other shell I know. Aside from JJ the new Nix CLI also has great Fish completions and can dynamically complete flake outputs like package names.
• Entire commands can be history completed with <C-E> or <Right>. This completion is also directory-aware and can usually avoid suggesting commands with paths to files that don’t exist. In practice I find that it’s really good at suggesting the command I actually want to run, to the point that I rarely invoke FZF anymore.
• Abbreviations are in most cases better aliases since they do the same thing but don’t obscure what you’re actually running.
• No word splitting when expanding variables, because it’s never what you intended.
• Globs that fail to match anything are errors instead of silently doing the wrong thing.
• Control structures are a bit nicer (but that is subjective).

You can get most of these with liberal use of shell options, installing blesh, or alternatively installing zsh with a bunch of plugins, but Fish just has all of them out of the box. You don’t even need bash-completions.

how hard is it to transition?

It has a reputation of being very difficult from the past when it didn’t have &&/|| but I think today plenty of Linux users would not even notice. The most notable remaining differences are setting variables (requires the set builtin unless used to modify the environment for a single command), control structures (irrelevant in interactive use) and lack of !! (but you can make an abbreviation to bring it back).

I hear a lot of people talk about the CachyOS kernel, but from this benchmark it seems like the optimizations used for the packages is as relevant (or even more so). It’s also interesting that while distro-wide -O3 is basically useless, x86_64-v3 actually makes a significant difference. Unless openSUSE is doing other things that Phoronix doesn’t highlight?

The term used is “Solução final”, and it’s a pretty literal translation. It’s absolutely possible to make the connection between the terms, but it does require bot ha somewhat in-depth education on the Holocaust and some linguistic sense. Now it’s entirely possible that LGFaé’s history teachers really dropped the ball on the first part, but it’s not clear to me that this is what must’ve happened here.

Speaking for myself I would be embarrassed but not especially surprised if some phrase that I use frequently has a similarly unfortunate meaning, especially regarding an African or Asian genocide. As bad as all genocides are, you just can’t be well educated on all of them, especially with just a regular K-12/A-level/equivalent history education which also has to do things like teaching people how to read (something most of the world is currently failing at).

Not sure how you’re arriving at that low of a difference unless the US pricing is wildly better than in the EU.

If I follow the most obvious user flow on the Framework website (except for removing components that aren’t required) then I end up with a preorder for a Framework 16 with a Ryzen AI 7 350, 8 GB of RAM and no storage for 1,724 €. I can get the same CPU in a Gigabyte Aero X16 with the same CPU and 32GB RAM and storage and an RTX 5060 on top for 1,129 €. If I try to configure the Framework to be actually competitive with that model I end up at 2,384 €. It’s not just the Ryzen AI model that’s like this either, I did the same comparison with an older Ryzen CPU and it was in the same ballpark.

I’m sure the Framework is nicer in many aspects that don’t show up on data sheets like chassis finish and build quality (and of course Linux support) but that’s a lot of money.

I think Matugen is the closest (maintained) thing to what you’re asking for.

If you use a standalone Wayland compositor you might also be interested in the newest generation of “shells” (or more accurately, Quickshell dotfiles) like DMS or Noctalia. These usually also use Matugen under the hood to make their theme settings work.

I don’t have deep knowledge on the topic but you might want to look into EDID, which is how your system knows what resolutions the monitor supports. Incorrect detection of maximum resolutions and refresh rates is a semi-common problem on Linux and the fix for that is a custom modeline; setting one will be compositor dependent on Wayland (on X11 xrandr will do).

However it’s also possible that all the cables you have are bad and/or don’t support 8K.

Hardware development is just extremely difficult. The smallest company that I’m aware of that has their own laptop design is Framework, but their laptops are also about twice as expensive as equivalent models from other brands.

In addition, since basically all modern computer manufacturing has to go through Taiwan due to TSMC’s near-monopoly on competitive semiconductors, it makes sense to outsource design to Taiwan too. They already have the industry for it, and there’s no reason to have a random American company add their own profit margin to the price for no reason.

They do develop Linux drivers for the laptops they sell, so they’re not adding literally zero value. Though they also tried to prevent upstreaming with an incompatible (illegal) license so there’s that…

They are rebranded (and expensive) Clevos, but they are manufactured (or configured, or integrated - those all amount to the same thing) in Germany.

To be fair to them this applies to many, many other Laptop brands. Including pretty big ones like MSI.

In defense of the author and their education… They’re Brazilian so English probably isn’t their native language, and their history education was almost certainly in Portuguese. I don’t think it’s necessarily an indictment of their education that they weren’t taught about the English translation of a German phrase, and I don’t think it’s reasonable to apply the same standards of subtext awareness to native and non-native speakers either.

But that still leaves the question: How to install Nix in the first place? Without just running the script.

You can download tarballs with the precompiled Nix, though you’ll still need to run an install script (but you can at least read it to convince yourself it’s not malicious), see the relevant documentation for that.

Something that slipped my mind is that since OpenSUSE uses SELinux now, that means the recommended multi-user mode won’t work. Single-user mode should be fine afaik, but it’s a bit less convenient.

This command just runs the software once without actually installing it right?

The nix-env -iA does actually install the software locally, not completely unlike how a zypper in would. For running a program without installing you would use something like nix-shell -p yazi --command yazi. Of course that still downloads and “installs” the program, it just won’t add it to your PATH or create a GC root, which means the next time Nix does “garbage collection” it will be removed again.

And yeah I would recommend just trying OpenSUSE out and then if you realize you actually really do need stuff from third party package managers, then you can worry about whether getting into Nix is a good idea or not. Or fall back to the Arch/AUR in distrobox idea which is probably simpler to do overall, especially since from what I understand that’s what you’re supposed to do on the immutable spins like Aeon.

Late edit: I’ll also note that there are several OpenSUSE specific third party repos too. Packman has some proprietary codecs that OpenSUSE doesn’t want to ship (in case you really don’t want your browser to be a Flatpak), and the Open Build Service (OBS) which is basically the AUR for OpenSUSE. They’re not as useful because they’re nowhere near the size of the AUR, but if you just need one specific package (perhaps one with questionable legality like yt-dlp or something) they might just have it. And of course you can also build stuff from source and put it in your ~/.local/bin, which has been common practice since before Linux was able to run on real hardware.