Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)M

moonpiedumplings

@ moonpiedumplings @programming.dev

Posts
31
Comments
701
Joined
2 yr. ago

  • Hard to achieve memory efficiency in Kubernetes clusters?

    Jump

  • https://home.robusta.dev/blog/stop-using-cpu-limits

    Okay, it's actually more complex than that. Because on self managed nodes, kubernetes is not the only thing that's running, so it can make sense to set limits for other non kubernetes workloads hosted on those nodes. And memory is a bit different from CPU. You will have to do some testing and YMMV but just keep the difference between requests and limits in mind.

    But my suggestion would be to try to see if you can get away with only setting requests, or with setting high very high limits. See: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/#if-you-do-not-specify-a-memory-limit

    In order for them not to be OOM Killed, you have to set the memory requests for them above their highest spike, which means most of the time they’re only using like 25% or so of their memory allocation.

    Are you sure? Only limits should limit the total memory usage of a pod? Requests should happily let pods use more memory than the request size.

    One thing I am curious about is if your pods actually need that much memory. I have heard (horror) stories, where people had an application in Kubernetes with a memory leak, so what they did instead of fixing the memory leak, was to just regularly kill pods and restart new ones that weren't leaking yet. :/

    To answer your actual question about memory optimization, no. Even google still "wastes" memory by having requests and limits higher than what pods usually use. It is very difficult to prune and be ultra efficient. If an outage due to OOM costs more than paying for more resources would, then people just resort to the latter.

  • Video Download Plugin

    Jump

  • Xtreme download manager + it's browser extension.

  • Flatpak Exploring GPU Virtualization To Ease Driver Challenges

    Jump

  • This is the same technology that lets people play windows games on android with good performance. Because there is not direct access to the GPU, they have to use GPU virtualization in order to get it access to a Linux proot that runs wine inside.

    I'm excited to see it being used and developed in other areas.

  • What principles you wish to see social networks (or the fediverse) adopt in their design?

    Jump

  • design around ease of self-hosting. A non technical user must be able to self host easily and at a very low cost.

    This may be a controversial opinion, but I actually like the way that hosting a lemmy instance is somewhat difficult to spin up. I like the way that it is requires a time investment and spammers can't simply spin up across different domain names. I like the way that problematic instances get defederated and spammers or other problematic individuals can't simply move domain names due to the way activitypub is tied to those.

    In theory, you could set up something like digitalocean's droplets, where a user does one click to deploy an app like nextcloud or whatever. But I'm not really eager to see something like that.

    Transferable user identity (between instances)

    I dislike this for a similar reason, tbh. If someone gets banned, they should have to start over. Not get to instantly recreate and refederate all their content from a different instance.

    Of course, ban evasion is always a thing. But what I like is that spammers or problematic individuals who had their content nuked are forced to start from scratch and spend time recreating it before they get banned again.

    As for what I would really like to see, I would really love features that make lemmy work as a more powerful help forum. Like, on discourse if you make a post, it automatically searches for similar posts and shows them to you in order to avoid duplicate posts. Lemmy does something similar, but it appears to only be the title. It would also be cool to automatically show relevant wiki pages, or FAQ content, since one of the problems on reddit was that people wouldn't read the wiki or FAQ of help forums.

    I would also like the ability to mark a comment on a post as an "answer", or something similar. I think stackoverflows model definitely had lots of issues with mods incorrectly marking things as duplicate, but I think it was a noble goal to try to ensure that questions were only asked once, and for them to accumulate into a repository of knowledge. For the all the complaints about it, stackoverflow is undeniably the one of the biggest and most useful repositories of knowledge.

  • Should there be something that installs Linux to disk directly from Windows?

    Jump

  • There does exist a tool that does it. The creator posted about it on the fediverse. It only supported ubuntu at the time but looked extremely promising.

    I cannot remember it's name. :/

    Maybe it's linixify? But I remember seeing a post on lemmy with a youtube demo?

  • How do you download a video from a browser using F12?

    Jump

  • yt-dlp video_url if the site is supported by yt-dlp.

    If the site is not supported, F12 only works sometimes. Many sites use some form of encryption or obfuscation to try to prevent you from downloading.

    I've had good luck with Xtreme download manager. It's FOSS, and has a browser extension that automatically detects videos and gives you the option to download them.

  • "how do i install this on Linux?" "thats the neat part. you dont."

    Jump

  • [Help request] They say "don't break Debian" but apparently I managed to do it.

    Jump

  • unless the SSD stopped working but then it is reasonable to expect it would no accept partitioning

    This happened to me. It still showed up in kde's partition manager (when I plugged the ssd into another computer), with the drive named as an error code.

  • SnekStudio - Free, Open-source VTuber Softare in Godot!

    Jump

  • The creator of this software streams on twitch, using the "linux" tag which I follow around. I think she uses debian stable or unstable last time I was on the stream. She also has an owncast, which is like an open source self hosted twitch.

    https://expiredpopsicle.com/about.html

    I really enjoy when people dogfood software.

  • Tor Browser for Android - 2 trackers detected by Exodus, WTF!

    Jump

  • What about the f droid version?

  • Starting a LUG?

    Jump

  • My recommendation is meetup and a website for advertising purposes. Meetup is frustrating, yes, but at the same time it's where I have found almost all the linux and tech groups near me.

  • Starting a LUG?

    Jump

  • This may sound kind of weird, but do you really need a communication platform for a LUG?

    Our local LUG uses meetup and a website for advertising and telling people when we meet (once every two weeks at the same spot). (Okay I guess the one time our spot was closed and we had to track down people's phone numbers to inform them of the new spot wasn't that fun).

    Anyway, we have a mailing list, an irc, and a matrix chat bridged to the irc, but they are effectively dead and no one uses them. The lack of activity on them makes me wonder if you really need to have a chatroom to run a LUG. We seem to get by just fine, for the most part.

  • Winux Tries to Mimic Windows While Staying Fully Linux

    Jump

  • Familiarity instead of compatibility.

    This piece of documentation from forgejo, about how their actions are mostly github actions compatible is how I feel about this or similar endeavors.

    I really like KDE, because it's familiar enough to Windows users that they can just kinda use it. Many of the shortcuts are the same. But I've had a bad experience with things that try to emulate Windows more completely, because people begin to expect some windows idiosyncracy or some other thing to be there. And then they get frustrated when it's not the same.

    KDE manages to be "close enough", which results in a better experience.

  • We Mass-Deployed 15-Year-Old Screen Sharing Technology and It's Actually Better

    Jump

  • Yes. My high school used to do this. UDP blocked except for DNS to some specific servers, and probably some other needed things.

  • We Mass-Deployed 15-Year-Old Screen Sharing Technology and It's Actually Better

    Jump

  • Why not switch to 10 fps instead of the weird keyframe thing they did?

    I was once watching a programming streamer on twitch who was working from a laptop in a hotel instead of their usual powerful home setup with fast internet. They decided to switch the stream to 10 fps and then it worked fine.

  • got tired of dwm lmao

    Jump

  • Gnome used to much worse when it comes to ram usage, so the inertia of those sentiments still carry.

    Kde used to be much worse, using what gnome uses now, but now kde has similar ram usage to xfce last time I tested. CPU wise it's still much worse though.

  • Distrohop Recommendation Wanted: Fedora or Secureblue?

    Jump

  • I’ve heard of thumbnails being used to deliver malware.

    You've heard of critical vulnerabilities in media processing applications that mean that thumbnails can theoretically be used to be spread malware. That is not the same as "this issue was being actively exploited in the wild and used to spread malware before it was found and patched".

    These vulnerabilities, (again, cost money), and are fixed rapidly when found. Yes, disabling thumbnails is more secure. But I am of the belief that average users should not worry about any form of costly zero day in their threat model, because they don't have sensitive information on their computers that makes them a target.

  • Distrohop Recommendation Wanted: Fedora or Secureblue?

    Jump

  • less distro-dependent like a privilege escalation attack

    These also are valuable. Less valuable than browser escapes IMO though.

    A keylogger is more likely, and it's just as possible with sudo as it is with run0. They would replace sudo, run0, doas, etc with a fake command (since that only require access to the user), that either keylogs, or inserts a backdoor while it does the other sudo things.

    I’ve heard a fair few times about thumbnailer attacks, but no real detail from KDE about what if any mitigations they have in place.

    Please ignore the entire cybersecurity hype news cycle about images being used to spread malware. They often like to intentionally muddy the waters, and not clearly explain the difference between a malformed file being used as a vulnerability to exploit a code execution exploit, and an image file being used as a container for a payload (steganography). The former is a big deal, the latter is a non issue because the image is not the issue, whatever means the malware actually used to get onto the systems is.

    Here's a recent example of me calling this BS out. The clickbait title implies that users got pwned by viewing a malicious image, when in actually it was a malicious extension that did the bad things.

    Unless you are using windows media player, the microsoft office suite, or adobe acrobat, code execution from loading a media file is a really big deal and fixed extremely quickly. Just stay updated to dodge these kind of issues.

    As for zero days, unknown and unpatched vulnerabilities, again, that's a different threat model because those exploits cost money to execute. Using an existing known (but fixed in updated versions of apps) is free.

  • Distrohop Recommendation Wanted: Fedora or Secureblue?

    Jump

  • If I uninstall sudo and switch to run0 (

    Sudo and run0 are both problematic. Sudo is a setuid binary, which is problematic, but run0 is not much better. It works by making calls to systemd/polkit/dbus, services that constantly run as root, and they themselves expose a massive attack surface. Many privilege escalation CVE's similar to sudo have been released that exploit that attack surface.

    When it comes to actually being secure, systemd somewhat screws you over, due to having a massive attack surface, a way to run things as root, and the interesting decision to have polkit parse and run javascript in order to handle authorization logic (parsing is a nightmare to do securely).

    The other thing, is that the browser sandbox is much, much stronger than the separation of privileges between users in Linux. Browser sandbox escapes (because they work the same on windows or Linux) are worth immense amounts of cash, and are the kinds of exploits that are used in targeted manners against people who have information on their computer worth that much. If you don't have information worth millions of dollars on your computer, you shouldn't worry about browser sandbox escape exploits.

    The reality is that any attacker who is willing and able to pierce through a browser sandbox, will probably also have a Linux privilege escalation vulnerability on hand. In my opinion, trying to add more layers to security is pointless unless you are adding stronger layers. If your attacker has a stronger "spear", it doesn't matter how many weak "shields" you try to put in front to stop it.

    If the million dollar industry of browser escapes is in your threat model, I recommend checking out the way that Openbsd's sandboxing interacts with chromium. Or check out google's gvisor sandbox and see if you can run a browser in there.

  • Wikipedia @lemmy.world
    moonpiedumplings @programming.dev

    Core War - Wikipedia

    en.wikipedia.org /wiki/Core_War
  • Emulation - Retro Gaming In Style @lemmy.world
    moonpiedumplings @programming.dev

    My perspective on Duckstation

  • NixOS @infosec.pub
    moonpiedumplings @programming.dev

    home-manager now has a built in option to wrap packages with NixGL, for non-nixos systems

    home-manager.dev /manual/unstable/index.xhtml
  • nixos @lemmy.ml
    moonpiedumplings @programming.dev

    home-manager now has a built in option to wrap packages with NixGL, for non-nixos systems

    home-manager.dev /manual/unstable/index.xhtml
  • Nix / NixOS @programming.dev
    moonpiedumplings @programming.dev

    home-manager now has a built in option to wrap packages with NixGL, for non-nixos systems

    home-manager.dev /manual/unstable/index.xhtml
  • Linux @lemmy.world
    moonpiedumplings @programming.dev
    Solved but only for mpv

    Is there any way on KDE, I can "click through" a partially transparent window to interact with the window behind it instead?

  • Linux @lemmy.ml
    moonpiedumplings @programming.dev
    Solved but only for mpv

    Is there any way on KDE, I can "click through" a partially transparent window to interact with the window behind it instead?

  • Linux @programming.dev
    moonpiedumplings @programming.dev
    Solved but only for mpv

    Is there any way on KDE, I can "click through" a partially transparent window to interact with the window behind it instead?

  • The Eternal Playlist @crazypeople.online
    moonpiedumplings @programming.dev

    JT Music — Tiny Toilet Man

  • Kubernetes @programming.dev
    moonpiedumplings @programming.dev

    KubeVirt user interface options | KubeVirt.io

    kubevirt.io /2019/KubeVirt_UI_options.html
  • Open Source @lemmy.ml
    moonpiedumplings @programming.dev

    GitHub - element-hq/ess-helm: Element Server Suite Community Edition

    github.com /element-hq/ess-helm/
  • Opensource @programming.dev
    moonpiedumplings @programming.dev

    GitHub - element-hq/ess-helm: Element Server Suite Community Edition

    github.com /element-hq/ess-helm/
  • Ask Lemmy @lemmy.world
    moonpiedumplings @programming.dev

    Give me some of your hardest riddles? (with solutions in spoilers)

  • Asklemmy @lemmy.ml
    moonpiedumplings @programming.dev

    Give me some of your hardest riddles? (with solutions in spoilers)

  • Linux @lemmy.world
    moonpiedumplings @programming.dev

    There doesn't appear to be a limit to the maximum size the KDE cursor can get when you shake it.

  • Linux @lemmy.ml
    moonpiedumplings @programming.dev

    There doesn't appear to be a limit to the maximum size the KDE cursor can get when you shake it.

  • Linux @programming.dev
    moonpiedumplings @programming.dev

    There doesn't appear to be a limit to the maximum size the KDE cursor can get when you shake it.

  • Programmer Humor @lemmy.ml
    moonpiedumplings @programming.dev

    shell-mommy is a program that encourages users while using command line applications.

    github.com /sudofox/shell-mommy
  • Programmer Humor @programming.dev
    moonpiedumplings @programming.dev

    shell-mommy is a program that encourages users while using command line applications.

    github.com /sudofox/shell-mommy
  • Linux @programming.dev
    moonpiedumplings @programming.dev

    Introducing Incus 6.7