Never heard of that, I hope accessibility on Wayland improves.
Neal Gompa mentioned that Flatpaks dont have the permission holes to allow screen readers? Thats crazy and may be possible to fix with a global override.
The idea of booting my entire operating system from a container created on Github's infrastructure is just...it scares me.
Same here. I think it would be nice to create 2 or so base images on an individual host like Codeberg, but I am completely new to all that container stuff.
I wonder if Sourcehut does container registries...I know people praise their CI.
There are so many alternatives. I even have access to a selfhosted Gitea instance which may also be fine.
I know Tor uses Gitlab.
At the surface, yes. But I wonder about the stuff in the background, like decentralized encrypted backups, maybe not traceable or something.
Interesting, will add that blog to my Feeds :D
I'm thinking about Fedora including the build in their own repositories.
For sure it needs to, to be a usable product.
I only see it as a platform which needs to be tweaked to be usable. Currently doing a bit of work, upstreaming some secureblue things (btw the admin blocked be because they... dont like annoying questions?).
Matrix is also horrible for Dev work. People dont use threads so they just spam stuff in a single chat and it just bad...
Also, these change processes are damn slow, but hey, thats fine I guess?
it's a crucial part of my workflow because I convert so much media.
I want to start doing some videos, no idea why OBS just has h264 hardware? I mean it doesnt matter but why no VP9? AV1 will come in 30.1 you know when that is stable?
I would just invoke the ffmpeg from some Flatpak, freedesktop.org runtime may have it. Maybe with some flatpak-spawn it could even have access everywhere?
Do you know what flatpaks (that are not VLC) have ffmpeg as a binary included?
But Nautilus works really well as a Flatpak. It even seems faster than non-Flatpak Nautilus
Interesting, I need to try full-Flatpak Kinoite in a VM. I think Flatpak Firefox is also faster, but I need to benchmark that again.
I did quite a big benchmark including Brave, Firefox Tarball (firefox and firefox-bin), Fedora Firefox, Librewolf, Torbrowser, MullvadBrowser.
Need to do that again. I also compiled FF myself for some time to use it on secureblue with hardened malloc. Funny enough, Fedora FF allows to replace the memory allocator now that I opened an issue, but it is very questionable if hardened_malloc is more secure, and if LD_PRELOAD is a secure way to do that.
Toolbox is the right way to solve the problem. It's using a real programming language (Go) instead of bash, it supports a small set of important container images, and those container images are only provided from quay.io, Red Hat's own infrastructure, instead of Docker Hub.
I agree on these points. Is it considerably faster? Because bash is slow as hell, I need to start learning some real language as my bash scripts start getting a pain. (Especially the Arkenfox (FF and TB) scripts need to get a big overhaul and I am still bery unhappy with them).
I use Toolbox for Signal and Steam because I don't want to use Unverified Flatpaks.
Well I hope you use an Ubuntu container because I bet these packages are also not "verified" on Arch ;)
I use 90% verified and just have the verified subset repo around to check if an app is. If it is, I get 2 installation repos.
But these both apps are also Electron apps and supposedly containers dont restrict user namespace creation, so they are the best way to run these apps. According to uBlue devs, Firefox too.
Or Debian containers.
You could use Debian Testing which is rolling afaik.
Fedora rawhide is too unstable, OpenSUSE has some strange package issues (I use QGis and RStudio).
RStudio uses the system package manager to add dependencies, nice concept but annoying on atomic. There is this guy that just builds the entire R libraries as RPMs on COPR, he had to reduce the repos priorities because it prevented all the other projects from building their stuff.
Does Arch have Rstudio stuff? I really think they should just abandon that concept and build the libraries themselves, and install them to the app directory...
Same for QGis but that needs pip.
It really makes me feel at home on Fedora.
Ironic. But I really wonder what to use. Basically its
Debian Testing
OpenSUSE Tumbleweed
Arch
... ?
These damn package names. Or maybe dnf5 could solve this? I really like Fedora packages, they are often very good.
Also when it comes to deduplicating libraries, I dont need a separate distro in a container, I need a clone of my current system and just a few packages and their specific dependencies on top. Not sure how this could work, especially in RAM, there is a thread somewhere on Discuss.
Never heard of that, I hope accessibility on Wayland improves.
Neal Gompa mentioned that Flatpaks dont have the permission holes to allow screen readers? Thats crazy and may be possible to fix with a global override.
I think GNOME is working on a portal for that. After the Newton stack is in a good state.
Same here. I think it would be nice to create 2 or so base images on an individual host like Codeberg, but I am completely new to all that container stuff.
Codeberg is probably a good host for that.
Currently doing a bit of work, upstreaming some secureblue things (btw the admin blocked be because they… dont like annoying questions?).
Lol. How strange.
Matrix is also horrible for Dev work. People dont use threads so they just spam stuff in a single chat and it just bad…
I don't much like Discord either. Issue tracker is the right place for this sort of discussion in my opinion. Or Sourcehut's mailing lists are fine too.
Also, these change processes are damn slow, but hey, thats fine I guess?
I guess that's kind of the point :)
I want to start doing some videos, no idea why OBS just has h264 hardware? I mean it doesnt matter but why no VP9? AV1 will come in 30.1 you know when that is stable?
I'm usually converting other people's media, so I don't have much experience with OBS. But as for VP9, the industry was gun-shy about it because MPEG-LA threatened to sue Google over patent infringement for it. Essentially the same sort of deal with Sisvel and AV1, except MPEG-LA never followed through on it. Hardware encoding for VP9 has apparently never taken off, but hardware decoding is all around.
Do you know what flatpaks (that are not VLC) have ffmpeg as a binary included?
This has an empty ffmpeg folder but no binary. Same with bottles, guiscrcpy, celluloid, newsflash, interstellar, digikam, haruna, krdc, obs studio,
But searching for "ffmpeg" I found io.github.aandrew_me.ytdn
It has the ffmpeg binary included.
Many projects use libffmpeg.so dont know if that could be used too.
I got a bunch of weird bugs with Distrobox in the beginning
Honestly never had issues. I now use an Arch distrobox too, but I dont really need Distrobox anyways. The Arch repos are too small.
There is a COPR for RStudio-copr-manager and the entire CRAN module list as RPMs. Otherwise you have a hard time getting the R plugins you may need to your distro.
QGis needs some python integration which seems to be missing on Arch too.
With the COPR I know who to trust, unlike the AUR, even though I now also setup yay.
Everything nearly separated from my OS using the different distrobox homedirs which work flawlessly.
Also distrobox upgrade --all works awesome its just a wrapper but really valuable.
I make an exception for Anki and MakeMKV.
I have no idea because I install everything from unverified. Should learn how to swap remotes, then I could swap all the verified apps and when removing the unverified can check what I still use.
But unverified Flatpaks may be way better than distro packages. At least it is very transparent on Github (yeah, sucks) unlike strange distro build systems.
I kind of hate Debian and Ubuntu's userpsace :)
What, GNU utils? What makes it special, apart from apt? They have nala so that is dealt with.
DNF5 will definitely shake things up. Because rpm-ostree is going away to be replaced by dnf again.
Yeah this will be crazy. dnf has a lot more commands for querying etc, that will be useful.
It also sounded like they would reinvent the wheel a bit? Dont know
This has an empty ffmpeg folder but no binary
That's strange. I downloaded it just now and converted a video. It's not in /app/bin but in /usr/bin instead. I know for a fact it relies on the ffmpeg binary inside the code. You can even access it using flatpak run --command=ffmpeg org.gnome.gitlab.YaLTeR.VideoTrimmer.
The Arch repos are too small.
Eh, I've never felt that way. Even on my Arch system, I only have 15 packages from the AUR and 2134 packages installed from the repositories. But it's probably smaller than you're used to if you're coming from Debian or Fedora.
Many projects use libffmpeg.so dont know if that could be used too.
That library is designed for development as far as I'm aware. I noped out very quickly when looking at the documentation for using ffmpeg libraries :) I think that's why VideoTrimmer relies on the binary instead of the library too.
With the COPR I know who to trust, unlike the AUR, even though I now also setup yay.
I take a different view: I don't trust anybody, but I read the PKGBUILDs and understand them. They're often not complicated. I don't particularly like the AUR much anymore though for this reason.
Everything nearly separated from my OS using the different distrobox homedirs which work flawlessly.
I did try this for a while but I couldn't get used to it. And programs can bypass it anyway with /home/$USER if they're feeling vindictive, though I haven't run into any yet. It'd definitely be nice to have more complete isolation one day.
Also distrobox upgrade --all works awesome its just a wrapper but really valuable.
100% yes. Be nice to have that in Toolbox one day.
But unverified Flatpaks may be way better than distro packages. At least it is very transparent on Github (yeah, sucks) unlike strange distro build systems.
I'm with you there. I can understand PKGBUILDs but everything else is just far too complex for me. Or unfamiliar. The docs for packaging Fedora RPMs is scary as hell.
What, GNU utils? What makes it special, apart from apt? They have nala so that is dealt with.
To be honest, it's mostly apt. I really hate apt. I am also not very familiar with how the system is configured. It's very different from Arch, anyway. I can just never feel at home on an Ubuntu system even in a container, but I do run it on servers.
I've downgraded my "hate" to "it's fiiine".
Yeah this will be crazy. dnf has a lot more commands for querying etc, that will be useful.
It also sounded like they would reinvent the wheel a bit? Dont know
I really have no idea what to expect. But if I never need to use rpm for querying or whatever again I'll be happy.
That's strange
Seems you can use all the libraries too as if they were binaries. Updated my Fedora post.
Currently testing how to run the freedesktop.org runtime with home permission, this would allow to not give any app permanent home permission.
But wait, you can run apps with different permissions temporarily, right?
Like flatpak run --filesystem=home org.app.name
but I read the PKGBUILDs and understand them.
That is the best way but not scalable for most users. You need access control and trust. On COPR I add the repo of an individual and only get packages from them.
And programs can bypass it anyway with /home/$USER if they're feeling vindictive, though I haven't run into any yet. It'd definitely be nice to have more complete isolation one day.
This is not about isolation, even though this should totally be done. Its just about preventing dotfile mess.
Scalable, you know. A system should stay vanilla in 20 years, in 40 years.
In the end it would be
core minimal system
/etc has some settings pinned or none at all, the rest is always flushed from /usr/etc (issue)
the immutable rest is always upstream
the bootloader is updated with bootupd
flatpaks have their configs isolated, when they are uninstalled, their data is removed
distroboxes are ephemeral, they are used for tasks, managed through a GUI app with a set of commands (like "add this repo" and packages to install, or even building blocks or checkboxes), they are recreated with OS releases
the distroboxes have their own dotfiles which never overlap
the desktop has figured out a way to cleanup old dotfiles
I mean we are not there yet, but close.
I really hate apt.
Apt is an ugly mess and nala might be python bloat but it looks fancy and automates things. Now that it runs on Debian 12 I installed it everywhere.
I really have no idea what to expect. But if I never need to use rpm for querying or whatever again I'll be happy.
Yeah or add curl instructions to projects like librewolf, to avoid needing "oh and on atomic distros you dont use 'dnf blabla' but download it directly".
Never heard of that, I hope accessibility on Wayland improves.
Neal Gompa mentioned that Flatpaks dont have the permission holes to allow screen readers? Thats crazy and may be possible to fix with a global override.
Same here. I think it would be nice to create 2 or so base images on an individual host like Codeberg, but I am completely new to all that container stuff.
There are so many alternatives. I even have access to a selfhosted Gitea instance which may also be fine.
At the surface, yes. But I wonder about the stuff in the background, like decentralized encrypted backups, maybe not traceable or something.
Interesting, will add that blog to my Feeds :D
For sure it needs to, to be a usable product.
I only see it as a platform which needs to be tweaked to be usable. Currently doing a bit of work, upstreaming some secureblue things (btw the admin blocked be because they... dont like annoying questions?).
Matrix is also horrible for Dev work. People dont use threads so they just spam stuff in a single chat and it just bad...
Also, these change processes are damn slow, but hey, thats fine I guess?
I want to start doing some videos, no idea why OBS just has h264 hardware? I mean it doesnt matter but why no VP9? AV1 will come in 30.1 you know when that is stable?
I would just invoke the ffmpeg from some Flatpak, freedesktop.org runtime may have it. Maybe with some flatpak-spawn it could even have access everywhere?
Do you know what flatpaks (that are not VLC) have ffmpeg as a binary included?
I need to add a better app to this guide since I dont use VLC anymore.
Interesting, I need to try full-Flatpak Kinoite in a VM. I think Flatpak Firefox is also faster, but I need to benchmark that again.
I did quite a big benchmark including Brave, Firefox Tarball (
firefox
andfirefox-bin
), Fedora Firefox, Librewolf, Torbrowser, MullvadBrowser.Need to do that again. I also compiled FF myself for some time to use it on secureblue with hardened malloc. Funny enough, Fedora FF allows to replace the memory allocator now that I opened an issue, but it is very questionable if hardened_malloc is more secure, and if LD_PRELOAD is a secure way to do that.
I agree on these points. Is it considerably faster? Because bash is slow as hell, I need to start learning some real language as my bash scripts start getting a pain. (Especially the Arkenfox (FF and TB) scripts need to get a big overhaul and I am still bery unhappy with them).
Well I hope you use an Ubuntu container because I bet these packages are also not "verified" on Arch ;)
I use 90% verified and just have the verified subset repo around to check if an app is. If it is, I get 2 installation repos.
But these both apps are also Electron apps and supposedly containers dont restrict user namespace creation, so they are the best way to run these apps. According to uBlue devs, Firefox too.
You could use Debian Testing which is rolling afaik.
Fedora rawhide is too unstable, OpenSUSE has some strange package issues (I use QGis and RStudio).
RStudio uses the system package manager to add dependencies, nice concept but annoying on atomic. There is this guy that just builds the entire R libraries as RPMs on COPR, he had to reduce the repos priorities because it prevented all the other projects from building their stuff.
Does Arch have Rstudio stuff? I really think they should just abandon that concept and build the libraries themselves, and install them to the app directory...
Same for QGis but that needs pip.
Ironic. But I really wonder what to use. Basically its
These damn package names. Or maybe dnf5 could solve this? I really like Fedora packages, they are often very good.
Also when it comes to deduplicating libraries, I dont need a separate distro in a container, I need a clone of my current system and just a few packages and their specific dependencies on top. Not sure how this could work, especially in RAM, there is a thread somewhere on Discuss.
Here's a recent article: https://blogs.gnome.org/a11y/2024/06/18/update-on-newton-the-wayland-native-accessibility-project/
So do I.
I think GNOME is working on a portal for that. After the Newton stack is in a good state.
Codeberg is probably a good host for that.
Lol. How strange.
I don't much like Discord either. Issue tracker is the right place for this sort of discussion in my opinion. Or Sourcehut's mailing lists are fine too.
I guess that's kind of the point :)
I'm usually converting other people's media, so I don't have much experience with OBS. But as for VP9, the industry was gun-shy about it because MPEG-LA threatened to sue Google over patent infringement for it. Essentially the same sort of deal with Sisvel and AV1, except MPEG-LA never followed through on it. Hardware encoding for VP9 has apparently never taken off, but hardware decoding is all around.
There's: https://flathub.org/apps/org.gnome.gitlab.YaLTeR.VideoTrimmer
Honestly, as long as I don't notice it, it doesn't bother me. I only noticed Flatpak Nautilus' launch time because it was instant.
I think so. It at least seems more reliable. I got a bunch of weird bugs with Distrobox in the beginning but I guess I was pushing it pretty far.
I kind of hate Python but it's at least more pleasant than Bash. I've no experience with Go, but it's probably nice to write.
Ah, well, I use Arch for all my other computers so I feel like I'm already trusting Arch's devs for all my packages. What's one more?
I make an exception for Anki and MakeMKV.
I kind of hate Debian and Ubuntu's userpsace :) It's okay on servers.
It has it in the AUR, but not as an official package. In most cases the AUR is just as good anyway.
DNF5 will definitely shake things up. Because
rpm-ostree
is going away to be replaced bydnf
again.This has an empty ffmpeg folder but no binary. Same with bottles, guiscrcpy, celluloid, newsflash, interstellar, digikam, haruna, krdc, obs studio,
But searching for "ffmpeg" I found io.github.aandrew_me.ytdn
It has the ffmpeg binary included.
Many projects use libffmpeg.so dont know if that could be used too.
Honestly never had issues. I now use an Arch distrobox too, but I dont really need Distrobox anyways. The Arch repos are too small.
There is a COPR for RStudio-copr-manager and the entire CRAN module list as RPMs. Otherwise you have a hard time getting the R plugins you may need to your distro.
QGis needs some python integration which seems to be missing on Arch too.
With the COPR I know who to trust, unlike the AUR, even though I now also setup yay.
Everything nearly separated from my OS using the different distrobox homedirs which work flawlessly.
Also
distrobox upgrade --all
works awesome its just a wrapper but really valuable.I have no idea because I install everything from unverified. Should learn how to swap remotes, then I could swap all the verified apps and when removing the unverified can check what I still use.
But unverified Flatpaks may be way better than distro packages. At least it is very transparent on Github (yeah, sucks) unlike strange distro build systems.
What, GNU utils? What makes it special, apart from apt? They have nala so that is dealt with.
Yeah this will be crazy. dnf has a lot more commands for querying etc, that will be useful.
It also sounded like they would reinvent the wheel a bit? Dont know
That's strange. I downloaded it just now and converted a video. It's not in
/app/bin
but in/usr/bin
instead. I know for a fact it relies on the ffmpeg binary inside the code. You can even access it usingflatpak run --command=ffmpeg org.gnome.gitlab.YaLTeR.VideoTrimmer
.Eh, I've never felt that way. Even on my Arch system, I only have 15 packages from the AUR and 2134 packages installed from the repositories. But it's probably smaller than you're used to if you're coming from Debian or Fedora.
That library is designed for development as far as I'm aware. I noped out very quickly when looking at the documentation for using ffmpeg libraries :) I think that's why VideoTrimmer relies on the binary instead of the library too.
I take a different view: I don't trust anybody, but I read the PKGBUILDs and understand them. They're often not complicated. I don't particularly like the AUR much anymore though for this reason.
I did try this for a while but I couldn't get used to it. And programs can bypass it anyway with
/home/$USER
if they're feeling vindictive, though I haven't run into any yet. It'd definitely be nice to have more complete isolation one day.100% yes. Be nice to have that in Toolbox one day.
I'm with you there. I can understand PKGBUILDs but everything else is just far too complex for me. Or unfamiliar. The docs for packaging Fedora RPMs is scary as hell.
To be honest, it's mostly
apt
. I really hateapt
. I am also not very familiar with how the system is configured. It's very different from Arch, anyway. I can just never feel at home on an Ubuntu system even in a container, but I do run it on servers.I've downgraded my "hate" to "it's fiiine".
I really have no idea what to expect. But if I never need to use
rpm
for querying or whatever again I'll be happy.Seems you can use all the libraries too as if they were binaries. Updated my Fedora post.
Currently testing how to run the freedesktop.org runtime with home permission, this would allow to not give any app permanent home permission.
But wait, you can run apps with different permissions temporarily, right?
Like
flatpak run --filesystem=home org.app.name
That is the best way but not scalable for most users. You need access control and trust. On COPR I add the repo of an individual and only get packages from them.
This is not about isolation, even though this should totally be done. Its just about preventing dotfile mess.
Scalable, you know. A system should stay vanilla in 20 years, in 40 years.
In the end it would be
I mean we are not there yet, but close.
Apt is an ugly mess and nala might be python bloat but it looks fancy and automates things. Now that it runs on Debian 12 I installed it everywhere.
Yeah or add curl instructions to projects like librewolf, to avoid needing "oh and on atomic distros you dont use 'dnf blabla' but download it directly".
Even though I like my COPR command...