emacs org-mode meets all of these criteria

M-% NixOS RET Guix RET !

But yes 80% of my comment applies to Nix as well, as of course Nix is older and Guix is (conceptually) based on Nix. Though I personally use/prefer Guix.

Yes GNU Guix is a linux distro.

The package manager for Guix (also called guix) is also a portable package manager which works on any linux distro, similar to flatpak, nix, homebrew, etc.

Guix’s claim to fame is that it is a functional distro/package manager, meaning that all changes are atomic, so installing/upgrading/deleting packages never leaves your system in a broken state.

Not only that, but if you make some change to your system and it breaks for normal reasons (e.g. newest software version has a bug), you can roll back to your previous system state with all your previous packages and their versions, and this roll-back operation is also atomic.

Guix the distro not only let’s you do package management this way, but also let’s you do declarative system configuration. This means rather than manually rummaging around /etc changing files and hoping nothing breaks, there’s simply a single config file which declares all of your system configuration. From your kernel to users, partitions, system services, and just about anything else, all the configuration is declaratively done in one place with one language (Guile Scheme). Any changes you make to your system this way are also of course atomic and can be rolled back.

It even comes with a built in system called guix home which lets you bring that same level of declarative, atomic configuration to your user’s home environment, letting you manage user level packages, dotfiles, env variables, and more with a single home configuration file.

There are other goodies too, such as the ability to spawn one-off shell environments with the guix shell command, dropping you in a shell with all the packages and env variables you declare, keeping your regular user environment clean (very nice for development).

There’s even more, but at this point if you’re still interested just head over to the site and the docs.

codeberg

it’s like github but non-corporate free software

it’s very polished and featurful

it’s built upon/by the same devs as forgejo, which is open tech to self host your own git server (with federation potentially coming), so supporting one supports the other

If I understand you correctly, this is trivial in emacs:

(defun insert-text ()
  (interactive)
  (insert "your text here"))

(global-set-key your-keybind-here #'insert-text)

You could make it a format string if it relies on data specific to some file or parameter. You could also make the keybind local to certain modes/files rather than a global keybind if you don’t want to pollute your keybind space.

emacs org-mode

guix home reconfigure home-config.scm

Thanks!

Do you happen to know what certs would be most “applicable” in this case? Something like OSWE?

Any advice on requirements to have a shot at appsec jobs?

I have my sec+ and my job is devops. We do everything in AWS (no on prem at all). However I have no actual cyber experience. Our team is pretty small, so I do as much dev as anyone else and as much ops as anyone else (deploying/managing cloud infrastructure), including standard security stuff like IAM and network configuration. It’s also a small unknown company.

Is this enough to try and directly break into appsec, or do I need to start with another “cyber” role like SOC analyst or security engineer or something like that? I also plan on getting my OSCP at some point soon if that’s relevant.

Metroidvanias of knowledge a la Outer Wilds

You can mount any directory you want as the “home” directory of a given container with distrobox, it just defaults to using your home directory.

firmware/drivers

Thanks for the response! Flathub is a fantastic project so glad to hear about your contributions. Your videos have been helpful for me as introductions to Silvelblue ideas and statuses.

I don’t have much to say about the term “cloud native” personally, it doesn’t seem too important. I think myself and others react against it because cloud tech is mostly used by businesses and “server people” to deliver products (sometimes at the cost of user freedom), and so has either a non or negative connotation in the FOSS linux desktop space. But names are names, and accuracy matters most. I don’t think etiher “cloud native” or “immutable” are really all that helpful as technical terms though, maybe something else should be used (image based, atomic, container centric, ?).

I’m not sure I understand “distros already have htop.” Distros already have everything packaged for flatpak, yet they were packaged for flatpak. The real question is why do flatpaks exist at all if you can just run programs in containers, OR why do containers exist at all if you can just run programs as flatpaks (assuming everything we wanted were available as a flatpak). That is: what are the technical / UX reasons to choose flatpak over containers and vice versa?

Podmansh looks very cool! That’s definitely the direction I’d like to see these sorts of projects moving in. The #1 issue I have at the moment with this OS model is customization/tinkering/hackability. I want to have the niceties of atomic updates and reproducible builds, and containers on their own are great. But not if it takes away my ability to make my system fit my needs. I have no interest in using a macbook.

The future of these technologies looks bright, and they are clearly functional today, but I’m not sure any of them meet my needs yet as someone who likes to have a great deal of control and understanding of my system.

Yeah rollbacks are probably the best part of immutable OS’s, but of almost equal importance is reproducible system configuration, which imo only Nix and Guix do well. Neither snapshots nor Silverblue really manage that yet.

edit: I do feel norawibb’s point, the slippery mutability of Void is something I am a lot less comfortable with than I used to be. Apparently Guix has spoiled me.

I don’t think it’s a coincidence that cloud tech, container tech, Go, and Plan 9 tend to overlap conceptually and demographically.

I don’t know too much about Vanilla OS, is it not possible to install your own DE or WM?

I’m less interested in Vanilla OS since it’s based on Ubuntu and I’d rather not support / rely upon anything Canonical if I can help it.

Silverblue (+ spins) seems like the best option since it is the most mature, most popular, and is a community run distro. Of course Redhat pours a lot of resources into the Fedora project since it’s upstream RHEL, and so does SUSE for MicroOS. But honestly if Redhat/SUSE were to disappear tomorrow, I think Fedora and OpenSUSE would be fine, whereas I can’t say the same for Canonical+Ubuntu (and thus their descendants).

edit: After looking more into Vanilla OS, it looks very nice! Funnily apx addresses excatly the issues with distrobox pointed out in this thread by @mogoh@lemmy.ml. They also plan on moving from being Ubuntu based to Debian Sid based, which would be even better than Fedora as Debian is a true, 100% community backed and time tested distro (though still of course much corporate support).

I agree “cloud native” is not great, I won’t be using that term.

Why are cli tools generally not available as flatpaks? There’s nothing about how flatpak works afaik which distinguishes gui and cli. I get that the original motivation for flatpak was guis, but considering how long it’s been touted as a “universal” package manager for linux, I don’t understand how there could be so few clis.

I’ve heard people say the name for packages from flathub is awkward (which it is), and aliasing everything you install would be annoying (which it would), but that sounds like such a simple problem to solve.

I’ve also heard people say that flatpak clis would be useless because clis tend to be systadmin tools, and thus need to be not sandboxed. But this strikes me as a non sequitur. Gui tools can be used for sysadmin, and there are tons of cli tools which have nothing to do with sysadmin, they’re just userspace programs.

What does your workflow look like with toolbox/distrobox?

There are two different immutable OS models hot on the table in the linux space I see: The Nix^[1] way and the Silverblue^[2] way.

Both have immutable filesystems which deviate from the FHS, provide atomic updates, and support the creation of more-or-less isolated environments at the user level. But the way the two models implement these features is very different.

The Nix way takes inspiration from the world of functional programming, while the Silverblue way takes inspiration from the containerized, cloud native technologies which are used so widely in the industry.

I believe the idea that these two approaches share is the future of linux on both the server and the desktop, and it is only a matter of time before some (if not all) of these advantages become mainstream. However, I am uncertain of which approach is superior.

I have personal experience with Guix and enjoyed it greatly and even recommend others try it or Nix out for themselves, but there are some complexity issues. It is not clear to me whether these issues are growing pains, or symptoms of a fundamentally overcomplicated system to solve a seemingly simpler problem.

The Silverblue way I have no experience with, but seems like a more grounded approach to tackling the specific problems laid out. The big area where Silverblue seems to lack in comparison to Nix/Guix is declarative, reproducible system configuration. With Nix/Guix you can just throw your system config file up in a repo, and anybody else can pull it down and install that system bit-for-bit, including future you! With home manager this extends to a large extent to user configuration as well. Of course with Silverblue you can create images, but that is less straightforward and powerful (at least for now).

What are ya’ll’s thoughts on immutable OS’s?

nice