Exactly this. The people who designed secure boot and TPMs were not idiots. You can’t trick a properly set up TPM configured with secure boot in any realistic setup.

It won’t refuse to boot. It’s just that any automatic metric based decryption won’t work.

If you are using a TPM to automatically unlock luks and also manually removed the password backup before hand you could lose your data forever. That is true.

But if you kept the password based decryption stuff you could still manually unlock stuff. Just like secure boot was never there.

The difference would be that there could be no secure attestation that the kernel count trust/use without secure boot.

Like secure boot is really cool on Linux if you learn about it. Like sbctl alone is great for verifying backups and stuff.

I recommend reading through the arch wiki if you want to learn more. It covers a lot of stuff. https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

It won’t brick your system forever??? You just turn it off in your bios. Then you have no secure boot. Just like it was never there.

If you don’t care about boot chain attacks it isn’t bad at all.

If you do care about boot chain attacks it’s bad because it allows someone to replace things like the efi binaries, grub, or your kernel with backdoor-ed versions and there would be no way to detect this from the running system.

Secure boot checks for this stuff. You can read more here:

https://access.redhat.com/articles/5254641

You can but then you don’t have secure boot.

You can if you want to. But I don’t think that is best practice. The idea of quadlets is the bring Linux norms to containers. You contain and manage all permissions for that container in that user.

I personally have completely separated users and selinux mls contexts for each container group (formerly docker compose file) and I manage them thusly. It’s more annoying but it substantially more secure.

This being said I think you can do it as root. I think this might work but I am not certain sudo systemctl --user -M theuser@ status myunit.service

Are you placing your service files in ~/.config/containers/systemd of the home dir of the user you want them to run as?

Here is a link: https://linuxconfig.org/how-to-run-podman-containers-under-systemd-with-quadlet

Not true. I run them rootless on my server as we speak. :)

I mean it could be Mutex, or Rwlock or anything atomic. It’s just when I have to put stuff into an Arc<> to pass around I know trouble is coming.

You’ll be fine. You will learn the lifetime stuff and all will work out. It’s not that bad to be honest.

I mean yah. That’s what it takes. But like when I try to write code around Arc<_> the performance just tanks in highly concurrent work. Maybe it’s an OOP rust skill issue on my end. Lol.

Avoiding this leads, for me at least, to happiness and fearless, performant, concurrent work.

I’m not a huge fan of go-lang but I think they got it right with the don’t communicate by sharing memory thing.

Skill Issue.

For reals though adopting a functional style of programming makes rust extremely pleasant . It’s only when people program in object oriented styles that this gets annoying.

No loops, and no state change make rust devs happy devs.

They probably won’t get specific.

But I will say that the comment here is a quintessential example of an anti Wayland/SystemD complaint.

Nothing specific ever. Just “it’s a mess and buggy and slow”.

This being said by me making this comment the original poster might come up with the some specifics just because they feel called out.

It makes sense to stick with something that’s good. I think the small gain going from Colemak to Colemak-DH wouldn’t be worth the struggle.

I use Engram and don’t plan on changing even though I suspect better layouts do exist. The effort is too high for a 1% gain. Lol.

It’s slow to install but I strongly recommend the services of keybr.com They have modes that install those specific layouts.

The DH mod addresses the d and h issues that Colemak has. Long story short, if you type primarily in English the DH mod means you will need to stretch your fingers to hit those keys way less often. More information is here.

https://colemakmods.github.io/mod-dh/#colemak-problems

As for other layouts, the advice that has treated me well is to focus on post covid layouts. Due to a sudden availability of free time a lot of research was done during COVID on keyboard layouts. Resultantly, post Covid layouts tend to be substantially better than pre COVID. I am a fan of Engram, Graphire, and The Hands Down Family personally.

This all being said these are harder to learn because they completely separate themselves from qwerty/qwertz.

Out of curiosity, why did you go with Colemak over colemak-dh or other layouts?

I totally see people not choosing the lessor used layouts just for convenience sake, but DH is quite common, well supported, and fixes some fundamental issues.

This is incorrect. Functional code bases exist in many production environments. Twitter (pre musk) migrated their bloated code base TO Scala because functional code bases are easier to maintain and understand.

If you think about it, it makes sense, side effect free code will be easier to maintain just due to the lack of side effects.

I can’t speak for general use. But use it to:

1. Build Rust artifacts
2. Rebuild static sites, upload them to a bucket, then clear the CDN cache.

It works perfectly for me and I have not run into issues. But it might be bad for other people. I just know it works well for me.

I use forjero with forgero runners.

Basicly 100% compatible with GitHub actions and all locally run via podman.

Strong recommend. It’s all designed to work together and everything just works.

https://forgejo.org/docs/latest/admin/runner-installation/