NekkoDroid

joined 1 year ago
[–] [email protected] 12 points 2 months ago* (last edited 2 months ago) (2 children)

IIRC Mono was mostly used for WASM as it was optimized for smaller builds than the full fat CoreCLR (talking about .NET non-Framework Mono)

[–] [email protected] 1 points 3 months ago (1 children)

It really wouldn't change anything in the long run. Any company that creates a browser is gonna need some form of income and people aren't willing to pay for a browser. What would be their incentive to continue to work on the browser when they aren't being paid?

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago)

The kernel modules usually are signed with a different key. That key is created at build time and its private key is discarded after the build (and after the modules have been signed) and the kernel uses the public key to validate the modules IIRC. That is how Archlinux enables can somewhat support Secure Boot without the user needing to sign every kernel module or firmware file (it is also the reason why all the kernel packages aren't reproducible).

[–] [email protected] 5 points 3 months ago (1 children)

And technically you can whitelist other certificates, too, but I have no idea how you might do that.

When you enter the UEFI somewhere there will be a Secure Boot section, there there is usually a way to either disable Secure Boot or to change it into "Setup Mode". This "Setup Mode" allows enrolling new keys, I don't know of any programs on Windows that can do it, but sbctl can do it and the systemd-boot bootloader both can enroll your own custom keys.

[–] [email protected] 2 points 3 months ago (1 children)

I did hear that one of their newer versions does use eBPF, but I haven't even remotely looked into it.

https://nondeterministic.computer/@mjg59/112816011370924959

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

I don't think any of the major distros do it currently (some are working twards it tho), but there are ways (primarily/only one I know is with systemd-boot). It invokes one of the boot binaries (usually "Unified Kernel Images") that are marked as "good" or one that still has "tries left" (whichever is newer). A binary that has "tries left" gets that count decremented when the boot is unsuccessful and when it reaches 0 it is marked as "bad" and if it boot successfully it gets marked as "good".

So this system is basically just requires restarting the system on an unsuccessful boot if it isn't done already automatically.

[–] [email protected] 1 points 4 months ago

I dunno, I don't have a camera feed into your life. But considering that is the first thing you respond to a clarification it most certainly wouldn't surprise me if you did.

[–] [email protected] 1 points 4 months ago (2 children)

I dont think home directory files should handled by something named tmpfiles.

The only reason its still called tmpfiles is because of backwards compatibility

[–] [email protected] 19 points 4 months ago* (last edited 4 months ago)

This is a proposal by people funded by companies that would provide the services for this (https://balkaninsight.com/2023/09/25/who-benefits-inside-the-eus-fight-over-scanning-for-child-sex-content ).

A lot of actual politicians oppose this https://tbbacherle.eu/2024/06/18/open-letter/

[–] [email protected] 57 points 5 months ago (1 children)

(I think that's their goal, either ads or no watch)

[–] [email protected] 10 points 5 months ago (3 children)
view more: next ›