chameleon

I don’t have Obsidian around, but this has been happening elsewhere lately too, almost certainly because of this underlying Electron issue: https://github.com/electron/electron/issues/43819

Unfortunately there’s not much you can do about it. Electron decided to depend on functionality not yet in a released version, and that very interesting choice flows down to everything that updates their Electron on the regular.

Sorry, I’ve had a (self-imposed) busy week, but I have to admit, that also has me rather stumped. As far as I can tell, your second entry should work. If the device is visible in /dev/mapper under a name, it should be able to mount under that name.

The only thing I can think of is that some important module like the ext4 module might be missing somehow? You can get pretty confusing errors when that happens. Dracut is supposed to parse /etc/fstab for everything needed to boot, and maybe that’s not recognizing your root for some reason. dmesg might have some useful info at the end after you try to mount it. If that’s what’s happening, you could try to add add_drivers+=" ext4 " in your dracut.conf and regenerate it (the spaces are important!). But if that’s not it, then I’m probably out of ideas now.

I think you should check your root= line and add a rd.luks.uuid= to make it open it. Dracut will by default open the root FS as /dev/mapper/luks-abcdef... based on the LUKS container UUID. You can get that with cryptsetup luksUUID. /dev/mapper/root is just never going to show up unless you’ve assigned a custom name to that with the barely documented rd.luks.name, and I don’t see that in your setup. The cryptroot and cryptdm parameters aren’t used by Dracut either.

With all of that missing it’s just gonna wait for that /dev/mapper/root to magically show up out of nowhere, without ever trying to open it.

A correct cmdline will probably look something along the lines of root=/dev/mapper/luks-<uuid> modules=sd-mod,usb-storage,ext4 rootfstype=ext4 rootflags=rw,relatime rd.luks.uuid=<uuid> and once opening with passphrase works, you can start to mess with rd.luks.key=/awesome.key (and readd quiet when done debugging, if you want it that way).

ldconfig errors and the missing modules should be fine. musl’s ldconfig is just a bit different but also isn’t required in quite the same way. I don’t think you should need to mess with modules manually. I don’t think you’re using LVM’s userland for your setup, just all the device-mapper kernel modules. Dracut will pull all the necessary bits in for you if you’re setting it up for LUKS.

Dracut may have this functionality already built in via rd.luks.key, so a custom module would really only make sense if you’re trying to do more than that. You can probably get away with just using that if you just want it to work, but if you want to customize stuff:

I suspect your module is running well after the device is already supposed to be cryptsetup opened. The way the default crypt module handles it is by setting up udev configuration in a very early phase, and then having udev request the password a little bit later when it finds the device it’s trying to open, until all devices are ready. It’s a complex mechanism compared to Alpine’s straightforward script, but it’s much more flexible when it comes to ordering of things like RAID/network devices/LUKS/etc.

The result of that is that your code would have to run much earlier. There’s some documentation on how hooks work, and the builtin rd.luks.key / keydev handler runs at cmdline 10. That’s well before your pre-mount, and probably where you’d want to run your code. Based on a cursory inspection of the other code, you could either cryptsetup open it yourself if you use the name it expects (rd.luks.name= cmdline parameter or luks-$luks_container_uuid), or you could use that /tmp/luks.keys mechanism (it’s a dracut-internal thing so you won’t find much documentation, but it lives in crypt-lib.sh, cryptroot-ask.sh and probe-keydev.sh).

As for debugging, the cmdline manpage has a few decent enough options. rd.break=cmdline or similar can force a shell before Dracut goes through a specific phase of hooks. You should be able to manually test doing things similar to your script at that point.

You’d be looking for /usr/share/mkinitfs/initramfs-init . I’ve never customized that myself, but it looks like there’s already some support for a keyfile if you look for KOPT_cryptroot and check that block of code. That looks like it’s mostly set up for a keyfile embedded into the initramfs, but I guess it should be possible to replace that code with something that grabs the keyfile off an USB drive.

I suppose you’d make a copy of it, put it somewhere in /etc or whatever and change the mkinitfs.conf to point to it. init="/etc/whatever/myinitramfs-init" should do the trick since the config file just gets sourced in. That said you’re definitively heading into unknown territory here. It might be easier to just use Dracut or the like instead.

mkinitfs doesn’t support running custom shell hooks. mkinitfs is very, very, very bare-bones custom code and the whole features concept exists only to pull extra files and kernel modules into the initramfs, not for extra logic.

You’d either have to customize the init script itself (not impossible, it’s 1000 lines) and pass -i/set init= in the .conf, or install Dracut/Booster instead (which should “just work” if you apk add them, but I’ve had no need to do so).

That already happens constantly and I’d consider this the consequence of it, rather than the cause. You can only issue so many vetoes before people no longer want to deal with you and would rather move on.

The recent week of Wayland news (including the proposal from a few hours ago to restate NACK policies) is starting to feel like the final attempt to right things before a hard fork of Wayland. I’ve been following wayland-protocols/devel/etc from the outside for a year or two and the vibes have been trending that way for a while.

Digging into the GitLab & related discussions, the main takeaway I got is that FFmpeg’s API supposedly meshes better with what Wine needs to provide to Windows code, simplifying things overall. GST is pretty heavy on asynchronous/background processing, which is normally something I’d consider good for media, but if the API you’re expected to implement is synchronous then I guess it only adds complexity.

Moderation is handled by each instance’s version of that community separately.

Reddit/Lemmy/etc communities differ from something like Tumblr/Cohost by also having per-community rules, and nobody has the time to moderate hundreds of communities according to their per-community rules.

It’s relatively easy to keep an instance free of spam/overly blatant hate/etc, since that is a fairly common set of rules. But it’s much harder to keep a “world news” style community being overran with US-centric posts, or a discussion community on a specific subject from being filled to the brim with memes, or posts that are only very vaguely adjacent. Without centralized per-community moderators, it would fall on general instance moderation to make decisions about whether a post about an Undertale hack fits in the Undertale community. That’s probably going to go wrong more often than not.

You can have a website that is only moderated according to global rules with tags being a free-for-all, but you fundamentally end up building something along the lines of Tumblr or Cohost, which attracts a different audience, including those that know how to rules lawyer their way in such an environment; tagging 20 mediocre photos a day with #photography instead of just a good one, for example. With the end of Cohost approaching, I wouldn’t be surprised if some tried to build that kinda thing, but it’d likely end up having a very different vibe.

I don’t know if the Atari Lynx counts as non-major. Anything from Atari should probably count as major, the thing supposedly sold 2 million units, but I can’t remember the last time I’ve seen anyone mention it and that’s still less than 2% of the Game Boy’s 110m+.

I got the original model as a hand-me-down towards the end of the 90s and I wasn’t super fond of it. The thing looks and feels like a brick and ate batteries for breakfast, the internet says 5 hour battery life but I remember getting like 2. The “left-hand mode” is a cool concept but putting two pairs of A/B buttons on the device feels like something they could’ve done better. It had color, a couple of arcade ports were really great games and there was Chip’s Challenge, but younger me got exhausted just using the damn thing.

Crimzon Clover, any version’s good but World EXplosion is the most recent. It’s a fairly difficult and chaotic bullet hell, but the novice mode should be reasonably approachable as long as you’re willing to learn, and the design is superb.

Similarly, the whole CAVE backlog. Not all of them have novice modes or the like, and there’s quite a few games not really available outside of MAME. The original DoDonPachi is/was considered the best starter bullet hell for a long, long time and still holds up pretty well, but is more difficult than a lot of modern games on their respective novice modes.

On the indie side of things: Star of Providence (formerly Monolith) is an indie roguelite bullet hell twin-stick-ish shmup with a pretty good amount of depth. ZeroRanger is a much more story-based game that I really enjoyed.

NieR Automata, for basically the same reasons. Hard mode is filled with instakills everywhere and is really just a damage multiplier, so you have to be the right kind of person for that. If you’re not, Normal is probably already fairly easy because of all the auto-heals, but the pacing can be a bit slow for something where most enemies aren’t dangerous. Might as well play Easy and play for the story.

Most paid certs aren’t worth much anyway. Payment and delivery info for DV certs isn’t validated by anyone, it’s literally the same concept as Let’s Encrypt. OV and EV are the only ones that theoretically have any value, but nobody is using those ever since they got rid of the URL bar labeling; even Amazon is on DV nowadays.

Or 800€…

This whole thing is shaping up to be the PS3’s “five hundred and ninety nine us dollars” version 2.

It depends on if you can feasibly implement compatibility layers for large parts of the “required” but very work-intensive drivers. FreeBSD has the same driver struggles and ended up with LinuxKPI to support AMD/Intel GPUs. I know there’s a whole bunch of toy kernels that implemented compatibility layers for parts of Linux in some fashion too.

It’s a ton of work overall but there’s room to lift enough already existing stuff from Linux to get the ball rolling.

In my experience, most hangs with a message about amdgpu loading on screen are caused by an amdgpu issue of some kind. I’d check to see if amdgpu ends up being loaded correctly via lsmod | grep amdgpu and just a general journalctl -b 0 | grep amdgpu to see if there’s any obvious failures there. Chances are that even if it’s not amdgpu, the real failure is in the journal somewhere.

Could be a wrong setting of hardware.enableRedistributableFirmware (should be true) or the new-ish hardware.amdgpu.initrd.enable (can be either really but either true or false might be more or less reliable on your system).

The main reason many sub-communities are stuck on Telegram (and Discord) are the public group chat/broadcast channel related features. Signal still has a 1000 member group size limit, which is more than enough for a “group DM” but mostly useless for groups with publicly posted invite links. Those same groups would also much rather have functional scrollback/search on join instead of encryption.

Gonna add a dissenting “maybe but not really”. YT is really aggressive on this kinda stuff lately and the situation is changing month by month. YT has multiple ways of flagging your IP as potentially problematic and as soon as you get flagged you’re going to end up having to run quite an annoying mess of scripts that may or may not last in the long term. There’s some instructions in a stickied issue on the Invidious repo.

You can’t pretend an open port is closed, because an open port is really just a service that’s listening. You can’t pretend-close it and still have that service work. The only thing you can do is firewalling off the entire service, but presumably, any competent distro will firewall off all services by default and any service listening publicly is doing so for a good reason.

I guess it comes down to whether they feel like it’s worth obfuscating port scan data. If you deploy that across all of your network then you make things just a little bit more annoying for attackers. It’s a tiny bit of obfuscation that doesn’t really matter, but I guess plenty of security teams need every win they can get, as management is always demanding that you do more even after you’ve done everything that’s actually useful.

Did a physical-to-virtual-to-physical conversion to upgrade and unbreak a webserver that had been messed up by simultaneously installing packages from Debian and Ubuntu.