Threads for meribold

  1. 2

    Off topic, but I just want to say that it’s neat how the side notes turn into toggleable inline notes when the viewport width is small, and clever how toggling notes works without JavaScript.

    1. 4

      Thank you! This is a feature of the Tufte CSS theme, which I’m using in lightly-edited form. The ability to have side notes with a sensible behavior on mobile and narrow viewports was the top reason I picked it.

    1. 3

      Some details regarding the times things did break that I mentioned in the article:

      • In September 2014, X broke, and I created an /etc/X11/Xwrapper.config file with the lines “allowed_users = anybody” and “needs_root_rights = yes” to get it to work again. I don’t remember and don’t have notes on why that helped. It sure does sound like a pretty terrible hack. I don’t have that Xwrapper.config file anymore, and I also don’t know when I deleted it.
      • In June 2017, audio stopped working, but all I had to do was add my user to the audio group.
      • In May 2018, X broke a second time. This time I downgraded the xorg-server-common and xorg-server packages. A few weeks later, I ran another system upgrade, and this one went fine.
      1. 1

        how did you handle the binaries change to /usr/bin and filesystem layout updates?

        1. 1

          Whenever something broke, I generally took a note about what I did to fix it. I don’t have anything about the /usr/bin change from June 2013, so all I can tell you is that I followed the instructions and (probably) didn’t encounter any problems doing so. My pacman.log shows that I dragged my feet until August before performing this system upgrade:

          [2013-08-10 00:50] [PACMAN] Running 'pacman -Syu --ignore filesystem,bash'
          
      1. 3

        I ran Arch on a server once. It actually worked pretty well and I had a better administrative experience because I knew that box in and out, having configured it from scratch myself. I moved away from this setup because I couldn’t set security updates on a cronjob - I would have to manually apply updates every day or two, and worse, sometimes I simply did not have time to apply these updates. Apache 2.4 came out during this time and broke everything, and what I thought was going to be a quick upgrade immediately became an hour-long project to read about the changes and resolve the config diff. I couldn’t delay because I needed the security updates, and partial upgrades are not supported.

        Maybe I’m being a downer (in fact I’m sure I am and I’m sorry about that) but what I read when I read this article is that the author only applies security updates once a month, and once went 9 months without patching security problems. I really hope you get your web browser from Flatpak and not pacman.

        1. 5

          I’d argue that Arch is the wrong base for a server. It makes a lot of sense to have something ‘breaky’ like a desktop where you are constantly tweaking and fixing stuff. On a server you definitely want the most stable and boring base ever.

          1. 2

            I mean, yeah. That’s why I don’t use it anymore.

          2. 1

            Funny that you mention it, the web browser is one of a few packages I explicitly pin to an older version, because upgrading Firefox often unexpectedly breaks my userChrome. I’ll deal with that when I feel like it, not when they make me.

            I’ve been running Arch on my no-SLA server for several years without any issues. Basically zero maintenance, other than the occasional reboot to a newer kernel.

            If I wanted top security, I’d go back to OpenBSD, which runs slow as molasses, and may have issues with hardware compatibility or availability of ports, but is even simpler to work with than Arch. I just don’t think I have enough of an attack surface to care.

            1. 1

              Your web browser has a massive attack surface that’s exposed to untrusted input all the time. Maybe you don’t need OpenBSD’s level of security but there’s a big difference between that and at least making sure that you’re not running software with known, public vulnerabilities. Do you not feel uncomfortable knowing that every website you visit could be exploiting some vulnerability that’s already been fixed in a Firefox version you haven’t installed yet?

              1. 2

                I feel orders of magnitude more uncomfortable with a broken web browser.

                If I examine the risk: running Firefox with an adblock on Linux alone significantly reduces the odds of being a good target. Then, an attacker is the most likely to either install a miner, or a botnet client (I’d notice), or double-encrypt my data (I have backups). I’m a no one, and offer no promise of providing access to secrets, so targeted attacks are unlikely. What’s there to be anxious about again?

                I think you give in to a false sense of security. The amount of random shit I more or less blindly install from AUR, or even distribution repositories, worries me much more.

            2. 1

              the author only applies security updates once a month

              This is accurate and includes my web browser. I could be wrong, but I never considered this update frequency a major security risk. I definitely aim not to go without a system upgrade for nine months again, though.

              Your point about Arch Linux on servers is great. My first choice for a server OS these days is also something that allows getting security updates (and only security updates) for as long as possible.

            1. 9

              I don’t get what’s so odd about this.

              I have multiple 10+ year Arch installs. No issue.

              1. 3

                There isn’t anything too odd about this, which is also roughly what I’m saying in my article. Things break less than many people expect.

                1. 1

                  I was thinking exactly this!

                1. 3

                  I’d love to see some more insights here.

                  You’re making the argument that the common wisdom of Arch being unstable is incorrect and you’re positing that running the same install over a couple of machines over the course of a decade proves that.

                  The thing is, there are people who can say the same thing with virtually any operating system, including the much maligned Windows! :) (There are definitely people out there who’ve been upgrading the same install since god knows when).

                  What makes your experience with Arch’s stability unique? How does Arch in particular lend itself to this kind of longevity and stability?

                  1. 9

                    I really just meant to say that Arch Linux doesn’t break unusually much compared to other desktop operating systems I’ve used. At least that’s been my experience. The other operating systems I’ve used are mainly Ubuntu, Fedora, and Windows.

                    1. 1

                      Try using arch without updating it for a year or two, then update it all at once. And then try this with Windows, Fedora, Ubuntu again. That’s honestly arch’s primary issue, that you can’t easily update after you’ve missed a few months of updates.

                      1. 2

                        I don’t quite see how that is a primary issue when this is the nature of rolling release distros though. Comparing to point release Fedora and Ubuntu doesn’t fit well, and I’d somewhat expect the same to happen on the rolling/testing portion of Debian and Ubuntu, along with Fedora Rawhide or OpenSUSE Tumbleweed? Am I wrong here? Do they break less often if you don’t update for a year+?

                        Personally I keep around Arch installs from several years ago and I’ll happily update them without a lot of issues when I realize they exist. Usually everything just works with the cursed command invocation of pacman -Sy archlinux-keyring && pacman --overwrite=* -Su

                        1. 3

                          I don’t quite see how that is a primary issue when this is the nature of rolling release distros though

                          It’s not necessarily – a rolling release distro could also do something like releasing a manifest of all current package versions per day, which is guaranteed to work together, and the package manager could then incrementially run through these snapshots to upgrade to any given point in time.

                          This would also easily allow rolling back to any point in time.

                          It’s actually a similar idea to how coreos used to do (and maybe still does?) it.

                          1. 4

                            That would limit a package release to once a day? Else you need a pr hour/minute manifest. This doesn’t scale when we are talking about not updating for years though as we can’t have mirrors storing that many packages. I also think this glosses over the challenge of making any guarantee that packages work together. This is hard and few (if any?) distros are that rigorous today even.

                            It is interesting to note that storing transactions was an intended feature of pacman. But the current developer thinks this belongs in an ostree or btrfs snapshot functionality.

                            1. 4

                              I’m confused by this thread. Maybe I’m missing something?

                              It seems like it should be really simple to keep a database with a table containing a (updated_at, package_name, new_package_version) triple with an index on (updated_at, package_name) and allow arbitrary point in time queries to get a package manifest from that point in time.

                              No need to materialize manifests every hour/minute/ever except when they’re queried. No need to make any new guarantees, the packages for any given point in time query should work together iff they worked together in that actual point of time in real life. No need to make the package manger transactional (that would be useful for rolling back to bespoke sets of packages someone installed on their system, but not for installing a set of packages that were in the repo at a given time).

                              Actually storing the contents of the packages would take up quite a bit of disk space, but it sounds like there is an archive already doing that? Other than making that store it sounds like just a bit of grunt work to make the db and make the package manger capable of using it?

                    2. 5

                      I didn’t read it as some grandiose statement of how awesome Arch is, just one user’s experience.

                      My equally unscientific experience is that I can usually upgrade Ubuntu once, but after a second upgrade it’s usually easier and quicker to just start fresh because of all the cruft that has accumulated. I fully acknowledge that one could combat that more easily, but I also typically get new hardware after X years, for X lower than 10.

                      I do have an x230 from 2013 with a continually updated Debian install on it, so 10 more months and I also managed to get to 10 years.

                      1. 1

                        Really though? While it’s true that you can upgrade Windows I have yet to see someone who managed to pull that off with their primary system and things like drivers, etc. accumulating and biting you. This is especially true if you update too early and later realize incompatibility with drivers or software which really sucks if that’s your main system.

                        Upgrading usually works when everything because there’s upgrade paths but having a usable system sadly is a less common theme.

                        And Linux distributons that aren’t rolling release tend to be way worse than Windows. And while I don’t know MacOS at every company I’ve been so far a bigger update of MacOS always means that everyone is expected to not have a functional system for at least a day, which always is a bit shocking in an IT company. But I have to say I have really no clue what is going on during that time. So not sure what’s really happening. I know from my limited exposure that updates rent to simply be big in download and long installation processes.

                        I probably only stuck with arch all that time compared precisely because it didn’t give me a time to consider switching so it’s really just laziness.

                        When I think about other OSs and distributions I’ve used scary updates of OS and software are a big junk of why I don’t use them in one way or another. I used to be a fan of source based distributions because they gave you something similar. Back when I could spend the time. I should check whether Gentoo has something like FreeBSD’s poudriere to pre-build stuff. Does anyone happen to know?

                        1. 3

                          I would have agreed with you from ca. 1995-2017, but I saw several Win 7 -> Win 10 -> Win 10 migrations that have at least been flawlessly running for 5+ years, if you accept upgrades between different Win 10 versions as valid.

                          I’ve had many qualms and bad things to say about Windows in my life, but I only had a single installation self-destruct since Win 7 launched, so I guess it’s now on par with Linux here for this criterion.

                          Changing the hardware and reusing the Windows installation was still hit or miss whenever I tried, with the same motherboard chipset I’ve never seen a problem, and otherwise.. not sure.. I guess I only remember reinstalls.

                          1. 1

                            I was doing tech support for a local business around the time the forced Windows 10 roll out happened. I had to reinstall quite a few machines because they just had funky issues. Things were working before then suddenly they weren’t. I couldn’t tell you what the issues were at the time but I just remember it being an utter pain in the ass.

                            1. 2

                              Yeah I’m not claiming authority on it being flawless, but it has changed to “I would bet on this windows installation breaking down in X months” to “hey, it seems to work”, based on my few machines.

                          2. 2

                            (Long-time Gentoo user here.) I’m not sure if this answers your question, but I often use Gentoo’s feature to use more powerful machines to compile stuff, then install the built binaries on weaker systems. You just have to generally match the architecture (Intel with Intel, AMD with AMD).

                            1. 2

                              I will need to look into this. I mostly wrote that sort of to keep it at the back of my head. I heard it was possible but there was some reason that I didn’t up trying that out . Maybe I should do it at my next vacation or something.

                          3. 1

                            It isn’t stable in the sense that ‘things don’t change too much’, but it is stable (in my experience) in that ‘things generally work’. I recall maybe 10 years ago I would need to frequently check the website homepage in case of breaking upgrades requiring manual intervention, but it hasn’t been like that for a long time. In fact I can’t remember the last time I checked the homepage. Upgrades just work now, and if an upgrade doesn’t go through in the future, I know where to look. Past experience tells me it will likely just be a couple of manual commands.

                            On the other hand, what has given me far more grief lately is Ubuntu LTS (server). I was probably far too eager to upgrade to 22.04, and too trusting, but I never thought they’d upgrade to OpenSSL 3 with absolutely no fallback for software still reliant on OpenSSL 1.x… in an LTS release (isn’t this kind of major change what non-LTS releases are for?). So far, for me this has broken OpenSMTPD, Ruby 2.7, and MongoDB (a mistake from a very old project – never again). For now I’ve had to reinstall 20.04. I’ll be more cautious in future, but I’m still surprised by how this was handled.

                            Even Arch Linux plans to handle OpenSSL3 with more grace (with an openssl-1.1 package).