RE: https://social.coop/@cwebber/116217717944115087
Systemd (popular component to many {most?} Linux distributions) getting enshittified by AI.
Read @cwebber 's thread quoted below for more.
Also, thanks a lot (thanks a bot?) daandemeyer.
More moaning about #linux. I'm trying to get a discourse server off the ground. Why the fuck do they insist on installing non-OS stuff in the middle of all the OS stuff.
/var/discourse is not a good default. And then fucking docker wants to be /var/lib/docker. Never mind how /var/lib doesn't make any goddamn sense.
Related to my earlier discussion of hard drive partitioning. What I would like to do is have a volume that is not the operating system, but is instead all the application data. The discourse data, database, assets people upload, etc. That way I can have this nice virtual disk that encapsulates it. I could theoretically build a new node, attach this drive to the new node, and migrate the site. I can snapshot that drive more frequently than, say, the OS drive. Lots of benefits to encapsulating it.
#viernesdeescritorio unas horas antes @CachyOS sigue en mi PC con Plasma, también un viejo equipo HP DV4 con un T5800 y @MaboxLinux que sirve para ver como aun se le puede dar vida a viejos equipos #linux #gnu
I was messing with the #debian installer and its disk partitioning. I don't understand this at all. This is plain stupid.
If the partitioning scheme includes swap, it should be the last partition on the disk. This installer frequently puts it in the absolute worst possible place: the middle.
That's dumb, especially in a virtual world where hard disks trivially change size.
See, what if I decide to make this disk bigger? What if I decide I need more swap? If swap is the last partition, it's trivial.
- Increase the virtual disk size
- Boot to single user mode
- Delete the swap partition
- Expand the penultimate partition to encompass the new space I created, minus the amount of swap I want.
- Grow the filesystem in the penultimate partition
- Create the swap partition in the final position again.
- Boot.
But when you stick swap in the middle of the fscking disk then it makes changes really non-trivial. You really can't change anything.
The only partitioning scheme that gets it right is the "All files in one partition" scheme. Since there's just the one root filesystem, it puts swap at the end.
Also, it appears that you cannot change the size of partitions in this view. Like, if I wasn't happy with 1.1G of swap, tough noogies. That surprises me. The entire POINT of an interactive installer like this is to allow me to specify high-level things like "Gimme 2G of swap" and have the installer recalculate all the start/stop partition values and such. I've done plenty of debian installs, but this is the first time I stopped to notice how bad this is.
Some of you may argue that the problems I cite aren't important. But I defy you to come up with a good reason why one should put the swap partition in the middle of the partition table. You can argue it doesn't hurt, but you cannot argue that it does something good.
Hey #Linux folks, I'm having trouble deciding between #OpenCloud and #Seafile for our #HomeServer. It's a pretty beefy system so the overhead of each shouldn't be too much of a determining factor. I have 2 10tb hard drives that are raid1 and I have docker installed. Oh, and I installed Ubuntu Server because I'm comfortable with Ubuntu already.
My main goal is to make it easy to share and distribute files and store backups and media. I plan on adding #JellyFin at a later date for streaming.
One of the differences I noticed is that each one uses a different dbms. Not a big deal I don't think.
Thanks for any input.
9to5Linux:EndeavourOS Titan Released with Linux Kernel 6.19 and KDE Plasma 6.6 https://9to5linux.com/endeavouros-titan-released-with-linux-kernel-6-19-and-kde-plasma-6-6
Fwupd 2.1.1 Linux Firmware Updater Released as a Massive Update https://9to5linux.com/fwupd-2-1-1-linux-firmware-updater-released-as-a-massive-update
From yesterday:
Linux App Summit 2026 Will Take Place on May 16-17 in Berlin, Germany https://9to5linux.com/linux-app-summit-2026-will-take-place-on-may-16-17-in-berlin-germany @9to5linux @mariusnestor #Linux
PH4NTXM Development Update
We are currently finalizing the integration of post-quantum cryptography into the PH4NTXM live operating system. The goal is simple but ambitious: a privacy-focused, stateless live OS that boots with quantum-resistant cryptographic capabilities built directly into the system.
Our build pipeline now compiles the post-quantum cryptographic stack during the live-build process and embeds it into the OS while keeping the final ISO minimal and free of build tooling.
Next steps are runtime verification and integration with networking components so that PH4NTXM can begin leveraging quantum-resistant algorithms for secure communications.
If everything proceeds as expected, PH4NTXM may become the first privacy-focused live Linux distribution shipping with built-in post-quantum cryptography.
More updates soon.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
#SailShark v1.1 is out! - a native Wireshark frontend for Sailfish OS.
Live packet capture · Protocol tree · Hex dump · Follow TCP Stream · Save .pcapng · Interface picker · BPF filters
Built on Wireshark 3.6.24 + Qt 5.6/Silica QML. Because your phone runs Linux and should act like it.
https://build.sailfishos.org/package/show/home:nielnielsen/Sailshark
🖥️ CLI11 — Command line parsing for C++ without the pain
Every server tool, every daemon, every diagnostic utility needs command line arguments. And every C++ developer has at some point wrestled with getopt, manually parsed argv, or pulled in Boost just for program_options.
There’s a better way. 🎯
📦 Header-only & C++11
Drop in a single header, done. No build system changes, no extra dependencies, works on any compiler supporting C++11 and up. Perfect for embedded Linux targets and minimal server builds where you control the toolchain.
⚙️ The basics are refreshingly clean:
app.add_option("-p,--port", port, "Port to listen on");
app.add_flag("-v,--verbose", verbose, "Enable verbose output");
CLI11_PARSE(app, argc, argv);
That’s it. Types, defaults, descriptions — all in one line per argument.
🌳 Subcommands — for tools that grow
When your binary does more than one thing, CLI11 handles it naturally:
auto start = app.add_subcommand("start", "Start the server");
auto stop = app.add_subcommand("stop", "Stop the server");
Same pattern as git, docker, systemctl. Your users already know how it works.
🛡️ And because it’s CLI11, you get automatic –help, type validation, and useful error messages for free — without writing a single line of parsing logic yourself.
🐧 Less boilerplate. More server.
Hmm if I run some kind of Linux distro (Debian actually) or some other *nix like FreeBSD do I need to worry about the coming "secure boot certificate rollover" apocalypse?
SailShark for #SailfishOS!
A native Silica frontend for tshark — because why should desktop users have all the fun?
✅ Live packet capture
✅ Protocol colour coding
✅ Choose your interface
✅ Capture filters
✅ Save to .pcapng
✅ Hex + ASCII dump per packet
Still rough around the edges but fully usable. Built with Qt/QML on top of Wireshark 3.6.24.
Source dropping soon. Feedback welcome! 🐾
#Wireshark #NetworkAnalysis #Linux #MobileLinux #OpenSource #Qt
🔍 Optimizing base64 decoding in jwt-cpp
jwt-cpp is a popular header-only C++ library for creating and verifying JSON Web Tokens. Clean, lightweight, no heavy dependencies — exactly the kind of lib you want in a Linux server stack.
While working with it I noticed a performance issue in the base64 decoding path. 🐛
⚙️ The old approach:
For every character in the input, the decoder called std::find_if to search linearly through a 64-char alphabet array.
→ O(n) per character lookup
→ Called for every single byte being decoded
→ A JWT with a large payload = a lot of unnecessary searching
🔧 The fix — a reverse lookup table:
Instead of searching, I precomputed a 256-entry lookup table. Each array index represents a byte value, each entry its base64 value — or -1 if invalid.
Decoding a character becomes a single array access:
auto index = rdata[static_cast<unsigned char>(symbol)];
→ O(1) per character lookup
→ No iteration, no comparisons
→ constexpr — lives in read-only memory, CPU cache friendly
📊 For JWT verification on a busy server this happens thousands of times per second. Small change, real impact.
👉 github.com/Thalhammer/jwt-cpp/commit/59cdb43
⚡ TCP_NODELAY — The one flag every game server and trading system sets
By default, TCP is trying to be clever. Too clever.
It uses an algorithm called Nagle’s Algorithm — introduced in 1984 — that buffers small packets and waits before sending them. The idea: bundle multiple small writes into one bigger packet to reduce network overhead.
Sounds smart. In the wrong context, it’s a latency killer. 💀
🎮 Why it hurts game servers
Your game sends a tiny position update — 20 bytes. Nagle says: “Wait, maybe more data is coming.” So it holds the packet for up to 200ms hoping to bundle it.
In a first-person shooter, 200ms feels like an eternity.
📈 Why it hurts trading systems
A market order hits your server. Nagle buffers it. Your competitor’s order lands 40ms earlier. You missed the trade.
In high-frequency trading, microseconds are money.
🔧 The fix is one line:
int flag = 1;
setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &flag, sizeof(flag));
Every packet ships immediately. No buffering, no waiting.
⚠️ One caveat: TCP_NODELAY increases network overhead for chatty protocols. For bulk file transfers or HTTP it’s usually wrong. For real-time systems it’s almost always right.
🐧 Sometimes the smartest thing your OS can do is get out of the way.
Reggie the Raccoon is back. One Raccoon. One pager. One chi-squared test.
38% of Sandra's expenses beginning with a number 5. Sandra has been referred to HR.
Also, samosa of uncertain origin, and Arch Linux mentioned. This is a cybersecurity article. Genuinely.
#cybersecurity #infosec #linux #technology #FraudDetection
New read at:
Reggie the Raccoon and the Curious Statistical Downfall of Sandra From Accounts
https://www.keystone-collective.org/reggie-the-raccoon-and-the-curious-statistical-downfall-of-sandra-from-accounts/
PH4NTXM just gained a small behavioral decoy layer.
Security-focused live systems can sometimes look *too quiet*. A perfectly idle machine produces a very clean behavioral signal.
So we added a lightweight background engine that occasionally generates plausible activity when the operator is idle:
• terminal commands
• DNS lookups
• tiny web requests
• temporary files in RAM
• subtle cursor movement when a GUI exists
Everything is ephemeral and runs after randomized idle periods.
Lone Wolf mode even generates occasional Tor activity to blend into the same rhythm as a cautious Tor user.
A small feature — but one that adds a bit of behavioral ambiguity.
Sometimes the system quietly pretends someone is there.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Al fin, es una característica que andaba esperando desde hace tiempo. Ahora toca que #Debian actualice el programa, pero me temo que no lo veremos hasta #Debian14
Cito textualmente de @muylinux
"KeePassXC estrena soporte para {TIMEOTP} como marcador de posición en Auto-Type, lo que permite introducir automáticamente códigos TOTP basados en tiempo durante el autocompletado."
Facilito el enlace por si a alguien más le interesa.
📺 https://peer.adalta.social/w/52D7K8ztTPGpjhqcomCQPR
🔗 [🇩🇪🇺🇸🇫🇷](https://p4u.xyz/ID_N2XWNYP4/1)
🔗 [ℹ️](https://codeberg.org/scip/mosscap")
A developer's unmet need for a simple, powerful shell automation tool has led to the creation of a new, flexible open-source project.
🛑 Graceful Shutdown in C++ — because kill -9 is not a deployment strategy
Your server handles thousands of connections. You deploy a new version. What happens to the clients mid-request when the process dies?
Without graceful shutdown — nothing good. 💀
🔌 Step 1 — Catch the signal
The OS sends SIGTERM before it sends SIGKILL. That’s your window.
signal(SIGTERM, on_shutdown);
Set a flag, don’t do heavy work inside the handler. Simple and safe.
🚫 Step 2 — Stop accepting new connections
Close or stop listening on your socket immediately. New clients will get a clean refusal instead of a sudden reset.
⏳ Step 3 — Drain existing connections
Let active requests finish. Give them a deadline — 5 or 10 seconds is usually enough. After that, you cut them loose. Your call.
📝 Step 4 — Flush your logs
Before the process exits, tell spdlog to flush:
—> spdlog::shutdown();
Because the last thing you want is missing log entries right before a crash or restart.
🔄 Combined with SO_REUSEPORT the full flow becomes elegant:
→ New process starts, binds the port
→ Old process catches SIGTERM
→ Drains connections, flushes logs
→ Exits cleanly
Zero downtime. Zero lost requests. Zero mystery gaps in your logs. 🐧
For nearly five decades, Ed Crisler has been a PC gamer. Since the early 1980's, he's been gaming on a Microsoft OS. But now he's switching to #Linux.
What makes our conversation fascinating is that he's also the PR rep and product evangelist for at AMD graphics partner Sapphire Technology.
He has some spicy opinions, but maybe we should pay attention?
https://www.youtube.com/watch?v=ZyzvAT-bsf4
"How to Create a systemd Service File in Linux"
"Create a systemd service file in Linux with step-by-step instructions for unit file structure, service types, restart policies, and service management with systemctl."
Subscribe to #linux entries via RSS feed