love to hear some examples of the issues you’ve seen

for years, i’ve always completely wiped the trusted CAs and enrolled my own SecureBoot keys, and only use Linux

there have been vulnerabilities in SecureBoot, sure, but only for folks that don’t wipe the “trust Microsoft” keys away first

tell me how user-enrolled keys cements Microsoft’s ownership over my device please :)

this new anti-systemd sentiment reminds me of anti-TPM and anti-SecureBoot sentiment

having TPMs and SecureBoot on Linux machines has only ever empowered device owners to ensure that the software on their devices has not been tampered with

there’s never been a case where these technologies were used against Linux device owners

likewise, I predict that Linux device owners may find the age field useful for certain opt-in parental controls, but we’ll otherwise look back on this and shrug at the extreme paranoia

this new anti-systemd sentiment reminds me of anti-TPM and anti-SecureBoot sentiment

having TPMs and SecureBoot on Linux machines has only ever empowered device owners to ensure that the software on their devices has not been tampered with

there’s never been a case where these technologies were used against Linux device owners

likewise, I predict that Linux device owners may find the age field useful for certain opt-in parental controls, but we’ll otherwise look back on this and shrug at the extreme paranoia

you don’t have to use or like Ubuntu, but they do have a certified hardware list that might be helpful

https://ubuntu.com/certified

meh, it was cryptocurrency and blockchain snake-oil before it was AI snake-oil

it might have been good before cryptocurrency, i sadly can’t remember

i’m guessing a few things somehow consume /etc/hosts mappings without going through nss /shrug

it modifies /etc/hostname for you, but doesn’t seem to touch /etc/hosts

i still prefer hostnamectl, but i’m now unsure of what benefit it offers over editing /etc/hostname directly

no, you might have misunderstood

/etc/hosts is not where the hostname is configured

/etc/hostname for the actual hostname, and a mapping in /etc/hosts pointing it at a 127.x.x.x address

seems like a pretty common practice across Linux distributions

/etc/hostname for the actual hostname, and a mapping in /etc/hosts pointing it at a 127.x.x.x address

yep, I used that command to modify the hostname, rather than edit /etc/hostname directly

I think it should be a punishable offence to share Python scripts that depend on third-party packages without any ready-to-go bundling/isolation :)

goes for any interpretted language where dependencies inevitably creep into the global namespace via distribution packagers that should know better :P

https://xkcd.com/1987/

i wonder if rootless podman would have the same permissions problem … something to try out

interesting, i wasn’t prompted or anything, from the documentation there’s the ollama/ollama:latest image and the ollama/ollama:rocm image but either way ollama will do its own detection and silently fallback to CPU if anything even smells wrong, haha

i’ve noticed a few people are not using the official ollama images 🤷

you think that’s bad? wait until you find out all the places where electron has been installed … :P

I couldn’t understand Microsoft’s motivation here at all, until this reminder (from the linked article):

This development doesn’t bode well for Microsoft’s CEO, Satya Nadella, who saw the company miss the platform shift to mobile devices and tablets and desperately wants to avoid chalking up another failure in yet another momentous platform shift.

it makes so much sense to me now

emphasis on “desperately” for sure

it’s a shame because there’s legitimately good technology for blocking advertising in Brave, there’s just so much else that is questionable/indefensible

https://www.spacebar.news/stop-using-brave-browser/ :)

it’s a good point about pessimism, I should try harder to not spread it

you’ve put together a pretty useful table there!

RE voting with our wallets, I was mostly referring to this: https://doctorow.medium.com/https-pluralistic-net-2025-09-13-consumption-choices-marginal-benefits-66edd5d9a82e

there’s the lockdown or similar feature at the phone level in Android and iOS

if you’re in a situation where you don’t want someone to access Bitwarden, then you probably also want to stop them from using your browser with all the cookies and logins it currently has

so temporarily block all biometric access on your phone in such cases, and merrily enjoy biometric access when you’re physically safe again

on Android, it’s Power + Volume-Up, then Lockdown