Well, Twitter/X gets this wrong too. Pretty often jumps away from what you're viewing, especially on the nav-in to a thread or nav-out from a thread actions.
aiui "distrobox" is built to support these setups and experimentation, even more readily, including defaults to support:
> The created container will be tightly integrated with the host, allowing sharing of the HOME directory of the user, external storage, external USB devices and graphical apps (X11/Wayland), and audio.
> Why
* Provide a mutable environment on an immutable OS, like ChromeOS, Fedora Silverblue, OpenSUSE Aeon/Kalpa, or SteamOS3 ...
* Provide a locally privileged environment for sudoless setups (eg. company-provided laptops, security reasons, etc…)
* To mix and match a stable base system (eg. Debian Stable, Ubuntu LTS, RedHat) with a bleeding-edge environment for development or gaming (eg. Arch, OpenSUSE Tumbleweed, or Fedora with the latest Mesa)
* Leverage a high abundance of curated distro images for docker/podman to manage multiple environments.
> Aims
This project aims to bring any distro userland to any other distro supporting podman, docker, or lilipod. It has been written in POSIX shell to be as portable as possible and it does not have problems with dependencies and glibc version’s compatibility.
> It also aims to enter the container as fast as possible, every millisecond adds up if you use the container as your default environment for your terminal:
> Security implications
Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain docker/podman container or a Flatpak.
distrobox create -n test
> Create a new distrobox with Systemd (acts similar to an LXC):
distrobox create --name test --init --image debian:latest --additional-packages "systemd libpam-systemd pipewire-audio-client-libraries"
distrobox enter test
Unfortunately it looks like sandbox mode [0] is not a goal, so it doesn't solve the main problem I have - running semi-trusted apps (e.g. Android Studio) and minimising their impact. Currently I just share X11 socket and run it in Docker.
Yeah, I'm bouncing for now on the localhost requirement. Or, on a related issue of not parsing my .ssh/config, a Match directive, and not wanting it to parse it yet. I grep'ed for an env var to override, but only USER and SSH_AUTH_SOCK are pulled in.
I did go get install ...nerdlog/cmd/nerdlog-tui@latest just fine.
Thanks for hacking in the open, and releasing early.
Hey mcint, fyi both of these issues are addressed: the localhost one is addressed for real, and a Match issue is worked around: while it's still not properly implemented, at least it doesn't prevent Nerdlog from starting now. Just in case you wanted to give it another try.
I would say that their thanks is sincere, and that they're applauding you for releasing a new tool to a public/critical audience while also taking feedback in very constructive manner.
Excellent descriptive analysis. Wrong, misleading title, perhaps "technically correct," but at best with a "backdoored" meaning.
It points out the need and use for build-manager tools that go a step beyond union file system layers, but track then enforce that e.g. tests cannot pollute build artifacts. Take a causal trace graph of files affecting files, in the build process, make that trace graph explicit, and then build a way to enforce that graph, or report on deviations from previous trace graphs.
In defense of the author: nobody reads your article if the name is boring (that is my experience at least), which it would've been if they titled it more accurately. That gives incentive to authors to use click-bait titles.
In defense of the bank robber: no clerk simply gives you money if you aren't threatening them (that is my experience at least), which it would have been if they acted like a respectable citizen. This gives people the incentive to become bank robbers.
Can we update the title with the project name, adminer?
I've gently relied on this tool, it's basically delightful to use. Simple to deploy, doesn't fight the protocol and software stack it can be deployed alongside for securing, using. A shining, straightforward FOSS success.
I did not migrate anything, these two posts were from someone else's blog and they were up less than a week ago! Web link decay strikes again, I'll check if I can find where this person blog again, thanks for noticing.
You should include your name, and link to channel in the form's self description. I accidentally followed the link blindly, and had no context.
Anyone following the link directly without viewing comments or knowing your hn username will be confused. I suspect your intended audience is larger than: people who already know you and your content well.
Thanks for the comment and I'm sorry for the late response. HackerNews is bad in that you get no notifications. I agree and I updated the form, although I suspect no one will see it now :-)
