I set my kid up with Silverblue recently. After seeing it in use for a bit, as a power user I think it's got some obnoxious compromises, and NixOS is a much better way to get the same benefits, and encourages safe experimentation at every level of the system. But for a beginner-friendly system that is very stable I think ostree distros like Silverblue make sense. Mostly stuff works fine, but you want to break out rpm-ostree occasionally to get a native package.
I have another kid on Fedora as a control. So far things are fine. Previously I had both kids on Manjaro, but they weren't able to keep up with upgrades long-term (over the course of a few years) without some intervention from me.
Like I said in Silverblue stuff mostly works nicely:
- Bottles running from Flatpak is running games in Battle.net without problems
- Minecraft is running from the launcher installed from Flatpak
- Roblox is running using Sober from Flatpak
I think we may have installed steam natively using rpm-ostree. I think we ran into some sort of issue running Overwatch, and I quickly opted for the native steam package to get things working instead of trying to fix the issue using Flatseal. But I don't remember what that issue was so I can't say the Flatpack steam won't just work for you. Maybe it was very slow Vulkan shader processing?
My kid likes Minecraft mods so he needed java
in his path to run installer jars. AFAICT in immutable distros the options for setting up CLI programs are either to run a different distro with native packages in a container (distrobox), or drop to rpm-ostree. I opted for the latter.
On the hardware side I think one of the biggest factors in building a snappy system is choice of SSD. Like you said, spinning metal is out. But the idea that SSDs are all equal is a common misconception. The thing to do nowadays is to use an M.2 form factor which is where you get a little board that goes into a slot directly on the motherboard, sort of like a small, sideways RAM stick. That plugs directly into the PCIe bus which gives it tremendous bandwidth. Drives that support newer PCIe versions can be faster due to having access to more bandwidth, but the design of the drive itself is also a constraint.
Roblox on Linux has gone through some phases of working and not working. Currently it does work using Sober https://sober.vinegarhq.org/
I haven't tried Fortnite, but from what I've read I think that is a no-go.
You can run Roblox on Linux with Sober. My son is a big fan! https://sober.vinegarhq.org/
Docker Compose runs services, manages dependencies between services, isolates each service in a container, manages a private network. Out-of-the-box flakes don't do any of that - except arguably running one service at a time. What flakes do is build software, which is the thing that Docker Compose doesn't really do. (Or doesn't do well.)
I'd compare flakes to Makefiles with waaay more expressiveness and reproducibility. Or maybe a comparison could be to a Dockerfile, minus containerization, with waaay more expressiveness and reproducibility.
There are tools you can add on to get Nix to do what Docker Compose does:
Arion is a Nix frontend for Docker Compose. You're still using Docker Compose, but it layers on the extra expressiveness and reproducibility of Nix flakes, or other kinds of Nix expressions.
process compose flake is similar, but instead of Docker Compose it is a frontend for Process Compose. You get a similar result, but without containerization. That can potentially avoid the need to run in a VM on non-Linux systems that don't natively support containers.
I had that symptom, and I found that my laptop was using S2 idle (suspend to idle). I fixed it by switching to S3 sleep (suspend to RAM). I suggest following the instructions in section 3 in this page: https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate
Like many Arch Wiki guides, most of the information on that page is applicable to most Linux distros, not just Arch.
Question, changing the OS on the deck, do you still get all the updates to steam and everything?
Yes, I think so. I haven't used SteamOS, but it seems like it gives you Steam, and exactly the right drivers for the Steam Deck? Steam is packaged for basically every distro, and you get the same experience everywhere, including "big picture mode" if you opt into that. Bazzite is designed with the Steam Deck in mind so it should have the right drivers.
Distrobox uses either podman or docker to manage containers - you can find details on where data is stored by looking into those directly.
The distrobox docs have info on how to move containers from one system to another. It's not the same as sharing between two installs, but it might help. https://github.com/89luca89/distrobox/blob/main/docs/useful_tips.md#container-save-and-restore
I really liked the options to cycle through previous prompts in history, and to view output of the last command with at option to search in that output. But then I realized that lots of terminal emulators can do that, and I just needed to learn the hotkeys.
I'm wondering if Wayland support in Wine will encourage Valve to support Wayland in the Steam app too.
On my desktop I run a Wayland window manager that doesn't implement XWayland so I can't run Steam directly. So I've been running it in Gamescope in big picture mode - which is actually exactly what the Steam Deck does.
Impressive! I struggle to get as far as a phylum or even kingdom identification in the moment something smacks my safety glasses. But looking at a picture of a palo verde beetle I can see how that would be unambiguous.
Weirdly synthehol is much harder on the liver compared to alcohol.
I assume because the writers thought it was hilarious
I was reading this thread thinking, "this isn't the time to recommend NixOS that's not what OP asked about." But if you're using Ansible this way NixOS might be a good fit for you. It's got the advantages of the other immutable distros with the added feature of managing everything through a declarative configuration.
Not necessarily - real gene therapies that are in use now are carefully designed so that modifications are not inherited. For example, Casgevy which targets blood stem cells to treat sickle cell anemia. Because the treatment is limited to specific types of cells modifications don't get into the germ line.
This is a good thread to have today. This is some encouraging news!
4k for me since my primary use case is programming, and I want to be able to get a lot of sharply-rendered text on the screen at once. I managed to get a 2160 ultrawide that does 72 Hz at least. But I do miss 120 Hz.
From the paper,
Launching a dart via an atlatl ânormallyâ requires that force is applied by hand to the short arm of a lever, moving the dart at the long arm of the lever [...] a downward launch of an atlatl dart may partially hinder or entirely deactivate the biomechanics required for the atlatl to work optimally. [...] [Additionally] the atlatl dartâs light weight may result in it more easily rotating in mid-air such that it is no longer perpendicular to the ground.
My guess is that the dart falls out of the launcher fast enough to miss some of the push from the launcher.
No one is saying mountains aren't real - that's an example to show the absurdity of denying facts. The person referenced is a "creationist", and probably doesn't reference one specific person. The biggest thing with creationists is denying evolution.
For TNG I'd suggest Identity Crisis. That one freaked me out more than any Trek I can recall.
Better killall with systemd scopes
Some app launchers these days run each app in a new systemd scope, which puts the app process and any child processes into their own cgroup. For example I use rofi which does this, and I noticed that fuzzel does also. That is handy for tracking and cleaning up child processes!
You can see how processes are organized by running,
bash $ systemctl --user status
I think that's a quite useful way to see processes organized. Looking at it I noticed a couple of scopes that shouldn't still be running.
Just for fun I wanted to use this to try to script a better killall
. For example if I run $ killscope slack
I want the script to:
- find processes with the name "slack"
- find the names of the systemd scopes that own those processes (for example,
app-niri-rofi-2594858.scope
) - kill processes in each scope with a command like,
systemctl --user stop app-niri-rofi-2594858.scope
Step 2 turned out to be harder than I liked. Does anyone know of an easy way to do this? Ideally I'd like a list of all scopes with information for all child processes in JSON or another machine-readable format.
systemctl --user status
gives me all of the information I want, listing each scope with the command for each process under it. But it is not structured in an easily machine-readable format. Adding --output json
does nothing.
systemd-cgls
shows the same cgroup information that is shown in systemctl --user status
. But again, I don't see an option for machine-readable output.
systemd-cgtop
is interesting, bot not relevant.
Anyway, I got something working by falling back on the classic commands. ps
can show the cgroup for each process:
bash $ ps x --format comm=,cgroup= | grep '^slack\b' slack 0::/user.slice/user-1000.slice/[email protected]/app.slice/app-niri-rofi-2594858.scope slack 0::/user.slice/user-1000.slice/[email protected]/app.slice/app-niri-rofi-2594858.scope slack 0::/user.slice/user-1000.slice/[email protected]/app.slice/app-niri-rofi-2594858.scope ...
The last path element of the cgroup happens to be the scope name. That can be extracted with awk -F/ '{print $NF}'
Then unique scope names can be fed to xargs
. Here is a shell function that puts everything together:
bash function killscope() { local name="$1" ps x --format comm=,cgroup= \ | grep "^$name\b" \ | awk -F/ '{print $NF}' \ | sort | uniq \ | xargs -r systemctl --user stop }
It could be better, and it might be a little dangerous. But it works!
Remon is a responsible library developer. She cares about stability, flexibility and correctness, using whichever tools are presently accessible to achieve those goals. Her authored libraries feature automated testing and extensive documentation; she allots design decisions rationale; she knows her ...
A short post on how variable names can leak out of macros if there is a name collision with a constant. I thought this was a delightful read!
Anyone using difftastic with fugitive.vim?
Difftastic is a diff tool that uses treesitter parsing to compare code AST nodes instead of comparing lines. After following the instructions for use with git I'm seeing some very nice diffs when I run git diff
or run git show --ext-diff
. I thought it would be nice to get the same output for hunk diffs in the fugitive status window, and in fugitive buffers in general (which use the git
filetype). But I haven't seen any easy way to do it. Has anyone got a setup like this?
I can run a command in neovim like :Git show --ext-diff
to get difftastic output in a buffer. I'm thinking maybe I can set up fugitive to use the --ext-diff
flag by default, or set up some aliases. But there is no syntax highlighting for the difftastic outputs since the ANSI color codes that difftastic uses in interactive terminal output don't work in neovim, and the syntax highlighting for the git
filetype assumes standard diff output which is not compatible with difftastic output. For me losing colors is not a worthwhile trade for the otherwise more readable diff output.
My best idea right now is to set up a new filetype called difftastic
, and write a new treesitter grammar or syntax plugin for it. Then set up some kind of neovim configuration to feed output from difftastic into buffers with the new filetype.
There is an open neovim issue discussing adding syntax-aware diffs directly to neovim, but that doesn't seem to have gone anywhere.
Blank red videos in game running in Wine?
I installed StarCraft: Mass Recall which is an impressive project that recreates the original StarCraft and Brood War campaigns in StarCraft 2. Everything works except that the cinematics and some of the game assets are flat, blank red. For example some of the video portraits in the briefing rooms display correctly, but Mengsk is a solid red square. In the first mission Raynor's vulture is flat red while everything else looks correct. Sound works correctly including in cinematics.
The game assets aren't a huge deal, but the cinematics are a big part of the reason for playing these campaigns IMO.
I've tried everything I can think of. I tried some different Wine runners. I tried disabling DXVK. I installed a number of dependencies that look like they provide video codecs:
- amstream
- devenum
- quartz
- xvid
- ffdshow
Does anyone have ideas about what else I might try?
What I did figure out is a working command to run the mod, which took me a while. I used Bottles, installed Battle.net through the Bottles program installer, installed StarCraft 2 via Battle.net, and finally installed Mass Recall by unzipping and copying its files to the StarCraft Maps/
and Mods/
directories. Then I was able to run Mass Recall with this command:
sh $ bottles-cli shell -b "<bottle name>" -i '"C:\Program Files (x86)\StarCraft II\Support64\SC2Switcher_x64.exe" "C:\Program Files (x86)\StarCraft II\Maps\Starcraft Mass Recall\SCMR Campaign Launcher.SC2Map"'
Using passkeys on Linux & Android
Passkeys seem like a great idea, and we are at a point where, although things are still very much in flux, software passkeys managed by password managers are starting to be usable. I thought I'd share the workflow that's working for me on Linux with some sites, and ask the community for more tips & tricks.
A passkey is a client certificate - which is an old idea, but now there are some new standards in place*. When you log into a website, instead of sending a password you send a message signed using the private key on your hardware security device, or stored in your password manager. If you use a password manager the flow is about the same as with passwords: your password manager pops up and asks if you want to log in to the given website. But instead of sending a password to the browser, message signing takes place in the password manager. Unlike passwords those signed messages can't be replayed. Arguably you can skip sending MFA codes and get about the same (or maybe better) security with passkeys than you were getting with passwords + MFA.
Complications come up because support for passkey APIs is still patchy. On Linux I think there is system-level support for hardware keys, but not for passkey managers (password managers that can do passkey signing). But you can close that gap using browser extensions! I'm using Enpass with it's Firefox extension. Signing into websites in Firefox using passkeys works quite well in some of the sites I've tried. (I've also tested with Bitwarden's browser extension, and it works just as well.**) Although creating passkeys doesn't work on all of those sites.
- I was able to create a passkey on Github, and sign in with it.
- I was able to create a passkey for the demo at https://www.passkeys.io/, and sign in with it.
- I couldn't create passkeys for Google, but I could log in with passkeys created on another device, and synced by Enpass to my Linux machine.
- I can use a passkey for MFA on Discord, but they don't seem to be using them for logins yet.
- I'm not getting options to use my passkeys on Amazon or Paypal, but I was able to create passkeys for these sites on Android.
Without using a browser extension Chrome on Linux does have a feature to sign in with passkeys on mobile devices. I don't think this works with third-party passskey managers. On some sites Chrome gave me the option to log in using the automatically-generated, Google-managed passkey on my phone. It didn't actually worked for me - my phone showed a message saying "connecting to device" but never actually connected.
That brings me to the Android side. Since some sites will let me log in with passkeys but not create them it's helpful to have another option for creating passkeys. Android is further along in implementing system level passkey support (only in Android 14 or later). But it's not perfect yet. Firefox for Android is not working with passkey managers yet, but there is a ticket to track this. Third-party passkey managers work in Chrome for Android, but only if you enable an experimental flag:
- open
chrome://flags/
- find the setting "Android Credential Management for passkeys"
- set the value to "Enabled for Google Password Manager and 3rd party passkeys"
---
\* "Passkey" seems to be an umbrella term for WebAuthn or FIDO U2F. It looks like WebAuthn is a part of FIDO2.
** From a cursory look at the two I feel more comfortable with Enpass' browser extension than with Bitwarden's. I'm not positive, but it looks like Bitwarden loads credentials in the extension itself which puts all of your secrets in the browser process. OTOH the Enpass extension uses IPC to send requests to the Enpass desktop app. But as many will point out, Bitwarden's clients are open-source and audited while Enpass' software is closed-source.
gnome-keyring as ssh agent in lightweight window manager
cross-posted from: https://leminal.space/post/4750886
> It took me some time to work out how to get my ssh agent set up in Niri so I though I would share what I did. I'm using NixOS and Home Manager. I put this in my Home Manager config:
>
> nix > services.gnome-keyring = { > enable = true; > components = [ "pkcs11" "secrets" "ssh" ]; > }; > home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh"; >
>
> I'm using GDM according to NixOS' default configuration which I think runs gnome-keyring (I thought I saw it in the process list before I set up the user unit), and I think that configuration is automatically unlocking gnome-keyring when I log in via PAM integration. But apparently I need to run gnome-keyring again in my window manager session. Home Manager's services.gnome-keyring
adds a systemd user unit that does that.
gnome-keyring as ssh agent in lightweight window manager
It took me some time to work out how to get my ssh agent set up in Niri so I though I would share what I did. I'm using NixOS and Home Manager. I put this in my Home Manager config:
nix services.gnome-keyring = { enable = true; components = [ "pkcs11" "secrets" "ssh" ]; }; home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh";
I'm using GDM according to NixOS' default configuration which I think runs gnome-keyring (I thought I saw it in the process list before I set up the user unit), and I think that configuration is automatically unlocking gnome-keyring when I log in via PAM integration. But apparently I need to run gnome-keyring again in my window manager session. Home Manager's services.gnome-keyring
adds a systemd user unit that does that.
I have a project, git-format-staged , that I build with Nix. It includes NPM dependencies, and it is convenient to have Dependabot keepâŠ
I have a project, git-format-staged , that I build with Nix. It includes NPM dependencies, and it is convenient to have Dependabot keepâŠ
Treesitter query to match adjacent Rust nodes?
I'd like a treesitter query that matches a Rust struct together with all of its attributes. For example,
rust #[derive(Debug)] #[serde(rename_all = "camel_case")] pub struct MyType { pub foo: i32, }
The lines beginning with #
are attributes that are logically connected to the struct declaration. But the treesitter grammar for Rust parses attributes as adjacent nodes, not as children of the struct declaration:
scm (attribute_item ; [27, 0] - [27, 16] (attribute ; [27, 2] - [27, 15] (identifier) ; [27, 2] - [27, 8] arguments: (token_tree ; [27, 8] - [27, 15] (identifier)))) ; [27, 9] - [27, 14] (attribute_item ; [28, 0] - [28, 35] (attribute ; [28, 2] - [28, 34] (identifier) ; [28, 2] - [28, 7] arguments: (token_tree ; [28, 7] - [28, 34] (identifier) ; [28, 8] - [28, 18] (string_literal)))) ; [28, 21] - [28, 33] (struct_item ; [29, 0] - [31, 1] (visibility_modifier) ; [29, 0] - [29, 3] name: (type_identifier) ; [29, 11] - [29, 17] body: (field_declaration_list ; [29, 18] - [31, 1] (field_declaration ; [30, 4] - [30, 16] (visibility_modifier) ; [30, 4] - [30, 7] name: (field_identifier) ; [30, 8] - [30, 11] type: (primitive_type)))) ; [30, 13] - [30, 16]
How can I get produce a query that I can use in mini.ai that matches the struct, and all attributes?
I've tried this query using Neovim's new built-in :EditQuery
command:
scm ((attribute_item)* . (struct_item)) @custom_capture.outer
It looks like it does what I want. But when I try using @custom_capture.outer
in mini.ai it matches the struct declaration, but not the attributes.
I tried using #make-range!
like this,
scm ((attribute_item)* @_start . (struct_item) @_end (#make-range! "custom_capture.outer" @_start @_end))
That matches the struct and the second attribute, but does not get the first attribute. I'm guessing that's because the .
specifies that nodes must be adjacent, and the second attribute is the only one that is adjacent to a struct_item. Following that thinking I tried this,
scm ((attribute_item)? @_start . (attribute_item)* . (struct_item) @_end (#make-range! "custom_capture.outer" @_start @_end))
That gets the struct and all the attributes, but only if my cursor is on the first attribute line when I use the textobject. If my cursor is on any subsequent line then I get the second attribute and the struct, but the first attribute is missed.
One problem is I'm not clear whether ((attribute_item) . (struct_item))
matches an attribute_item and a struct_item that are adjacent, or matches an attribute_item that precedes a struct_item, but does not also match the struct_item. I tried experimenting with the second interpretation and used this query,
scm (((attribute_item) . [(attribute_item) (struct_item)])* @_start (struct_item) @_end (#make-range! "custom_capture.outer" @_start @_end))
That captures what I want, but in some cases if I have two struct declarations and I try to match only the second one the query selects both structs instead.
Is that the way to do a lookahead? Or is there another way?
I've kinda hit a wall looking at documentation, other examples, and running my own experiments. Does anyone have any pointers to help understand these queries on a deeper level?
Edit: It looks like this stuff is in flux, so I should mention that I'm using the latest nightly as of March 2 2024, and I made sure that all of my plugins are up-to-date.