Actually that is how ChromeOS does the Linux environment. They run a container image in a small performant VM and passthrough the windows with some fancy Wayland tool.

A VM in a container actually

Docker AND KVM

Wtf

Root on exFAT when?

Hm, I only ran update-grub

Ran update-initramfs from the chroot trying to repair it

Found that there is a cleaner way in /etc/default/grub with grub commandline arguments. But that wants a source= variable which is weird to me as that hardcodes a drive in there that wasnt there first?

Tbh I will try this on a secondary laptop now, I reinstalled that thing like 5 times now and am a bit traumatized XD

Luckily we have more than enough

Interesting that might be the case. The install was Deb12, updated to 13. Might not have updated the grub.

But this happened AFTER the 13 upgrade, not before. So rather a newer grub version.

This makes no sense

Pretty accurate

But it is worth it for me

Also if people honestly try to help and share understandable configs, it is way easier. Some people escalate quite a bit and make a computer program from their configs XD

codeberg.org/boredsquirrel/NixOS-Config

You are looking for an outbound firewall

Like the others recommended

OpenSnitch has multiple detection ways, eBPF might require activation in the kernel, there are others too, 4 in total

For me on NixOS it worked in eBPF and proc mode. NixOS’ weird binary placement makes rules less secure I guess as it can only check commands (if it were nix-native it could use a function for that)

And I had tons of "unknown process"es which I needed to allow to not break things, which kinda makes the thing useless

NixOS is great, when it works

The user joined 2 days ago!

This could very likely be a virus

The rest gives me vibe coding vibes

Also the md being in a codeblock… very weird

It is clearly mentioned that

1. A huge amount of people use Windows 10 or older. Being a privacy elietist does not change that
2. This is for people needing windows software
3. The result is fine but still not private, simply a more reasonable OS

https://github.com/zed-industries/zed/issues/7054#issuecomment-1916315391

They auto download binaries, even proprietary ones, unsigned and without user interaction.

YEAH security!

There is literally not a single useful comment here.

You have packages from outside the official main repo, in the universe repo.

You are using a stable Distribution so packages are frozen and need backported security updates.

You dont get them for the optional universe repos, but if you give them a bit of money (or afaik Ubuntu pro is even free for a few devices) then they will also support these 3rd party packages.

It is an optional service, they warn you that you use outdated packages, and offer a solution.

I dont use Ubuntu and Snaps are crap, but this is totally fine.

• proprietary server (snap store), unlike flatpak
• snapd only allows one server (but it is foss so you could just patch it), unlike flatpak
• nonexistent security on snap store, multiple times malware, unlike flatpak
• no sandboxing without apparmor and specific profiles, so not cross platform, unlike flatpak
• the system apps are also requiring apparmor, so not cross platform
• they lack granular permission systems afaik
• they concur with flatpak, which is horrible as we need a universal packaging format, not 3
• seemingly no reproducible builds?
• no separation between all, opensource, verified repo, unlike flatpak
• they pollute the mount list with all the loop devices

And people complain abour resource usage etc, but that is just separating apps from the system. Flatpak does the same.