ChanServ changed the topic of #aarch64-laptops to: Linux support for AArch64 Laptops (Asus NovaGo TP370QL - HP Envy x2 - Lenovo Mixx 630 - Lenovo Yoga C630)
<clover[m]>
You don't like flatpak?
<clover[m]>
I think everything I need is a flatpak with aarch64
<clover[m]>
Vs code, dbeaver, brave browser, geary
<steev>
i don't know why i'd run those and not their pre-built packages
<steev>
but then, i use a distro that makes sense :P
<clover[m]>
Touche
agl7-Galaxy has quit [Remote host closed the connection]
agl7-Galaxy has joined #aarch64-laptops
stirl has joined #aarch64-laptops
agl7-Galaxy has quit [Quit: Leaving]
agl7-Galaxy has joined #aarch64-laptops
agl7-Galaxy has quit [Quit: Leaving]
agl7-Galaxy has joined #aarch64-laptops
<robclark>
steev: tbf more sandboxing is never a bad thing.. the flatpak approach seems solid but I wish we'd progress faster towards all flatpaks being fully sandboxed
<steev>
but then i can't have as much fun :(
<robclark>
there isn't a shortage of fun.. I was a bit tempted to try silverblue (but then again at this stage getting things working at all is an accomplishment and we don't have secure boot working)
<robclark>
but in big picture, from reducing attack surface, flatpak is the the sorta direction we should be looking
<robclark>
ie. keep core os small and immutable, and keep apps sandboxed
stirl has quit [Ping timeout: 480 seconds]
<clover[m]>
Can you do terminal work in silverblue?
<HdkR>
Is flatpak the one that thinks it is a good idea to ship video drivers inside the application binary?
<clover[m]>
So you can't have it without secure boot?
hexdump0815 has joined #aarch64-laptops
<robclark>
clover[m]: toybox
<robclark>
HdkR: that isn't quite the right way to do it.. but otoh apps are already shipping drivers
<HdkR>
Think that was the one where I tried running an application and the driver it shipped couldn't support my 6900XT. So I had to unpack it regardless
<HdkR>
ew
<HdkR>
I hate this future
hexdump01 has quit [Ping timeout: 480 seconds]
<robclark>
I mean, you could just solve all problems by unplugging your computer from the interwebs
<robclark>
but putting head in sand doesn't make things better
<HdkR>
Viable strategy if I was more security paranoid :D
<HdkR>
My concern is these containers thinking shipping the drivers are a good idea, and then initialization time
<HdkR>
Snap is notoriously bad at initialization time, and if Flatpak thinks shipping some decrepit mesa package is the solution then that's just a nightmare
<robclark>
containers are for sure a good thing.. but there is room for discussion about how to implement
<robclark>
tbh I'm toying with ideas about mesa completely isolated from kernel (yeah).. since webgpu is a thing that terrifies me
<robclark>
(who thought it was a good idea to expose interwebs to gpu gl/vk drivers?)
<HdkR>
I feel like browsers need to have these things default disabled just like the old flash blockers
<HdkR>
Maybe with a canvas overlay which allows you to quickly enable that canvas to run your shadertoy canvas or HTML game
<HdkR>
At that point it just becomes a paradigm for good experiences rather than bombarded with garbage trying to hack your machine
<robclark>
maybe.. but I kinda doubt that is enough
<robclark>
turns out bad guys are creative
<HdkR>
It's very true
<HdkR>
and human potatoes are very bad at determining nefarious plots
<robclark>
I'm kinda thinking about virtgpu native ctx approach without vm.. where you just split access to kernel to a trusted proxy (possibly rust, but at least small/auditable/fuzzable).. ie. just plan on UMD getting owned and make it so that doesn't matter
<robclark>
obv not the thing to use for trusted things.. but for browser context it makes tons of sense because you'd be crazy to trust the interwebs
<HdkR>
I think that sounds reasonable for security reasons
agl7-Galaxy has quit [Quit: Leaving]
<robclark>
the only alternative I see is teaching my parents to use lynx.. and that seems harder ;-)
<HdkR>
Might be a bit hard for them to navigate facebook