Valhiem

• Most “Open source” LLMs are really just open weights, which is useless without the training data. This dilutes the definition of OSS. There is no way to train the model as a normal person (aka not Google or Meta, etc)
• LLM producers don’t credit the OSS they trained on, no attribution. Most models violate the licenses of all their training data (eg. GPL).
• LLM scraper bots put high stress on server infrastructure, creating a DDOS attack.

Alma is an LTS enterprise distro so gets pretty out of date after some time, and I don’t think it is significantly more bloated than Fedora because AlmaLinux is downstream of Fedora. Just uninstall the apps you don’t want on install. Even better is openSUSE Tumbleweed because the YaST installer allows for you to pick and choose every package (or group of packages) that makes it onto your final system.

What I usually do is sudo chown $USER -R /media/drive1

They specifically asked for a desktop operating system, so I recommended systems with a GUI. Proxmox comes with its own bloat, Arch would be far more minimal without the need for a bunch of dependencies.

If all you want is KVM, than any Linux distro + virt-manager will work perfect. My general recommendations for Linux distros are Fedora and openSUSE, because they are usually pretty up-to-date. Arch is also a good option, though not as stable. Choose KDE Plasma or GNOME when using GPU passthrough (because most guides will be made for either of these DEs).

I can’t tell if you are saying you literally mounted the drive at /media or that you mounted it at a subfolder, example: /media/drive1. The 2nd is the proper way of doing it.

Either way, glad I could help!

/run/media is for ephemeral mount points (like a removable USB drive). /mnt is for more permanent mount points. Idr what /media is for but I have seen some Linux distros also use it for removable media.

For managing drives and mount points I usually use gnome-disk-utility because it makes everything easier and it uses mount options like nofail by default. You can choose whether a drive requires password to mount in there too.

You can change that setting in your App Store (eg. Discover for Plasma)

Privacy, freedom to choose whatever I want, focus on FOSS (I hate/dont trust proprietary software), and security features for hardening Linux (Landlock, SELinux, Bubblewrap, sysctl, hardened_malloc).

Thanks for the info! Didn’t realize it was dash.

Rust (Golang or any mem-safe lang) is/are useful for designing secure applications, but not the reason Syd is so great. It is impressive because it is unprivileged, simple yet very granular, has tons of exploit mitigations and hardening options, defaults to hardened_malloc (on arm64 and x64), it’s multilayered sandbox (using landlock, seccomp, namespaces, and more), but of course being written in a memory safe language is an important plus (as memory corruption vulnerabilities are a very large class of common vuln). It abstracts the complexity of working with low-level sandboxing API (such as landlock) while allowing you still construct complicated sandboxes). The dev is also very open to add new ideas.

I thought about it (and I might still) but the project is still in beta and implementing sysctl and MAC would slow everything down development-wise. Switching to Fish would be easy and cool though.

I am excited to see Chimera Linux mature because iy seems like a distro which prioritizes a simple but modern software stack.

Features of Chimera that I like include:

• Not run by fascists
• Not SystemD (dinit)
• Not GNU coreutils (BSD utils)
• Not glibc (musl)
• Not jemalloc (mimalloc)
• Proper build system, not just Bash scripts in a trenchcoat

What I would like:

• MAC (SELinux)
• Switch to Fish over Bash (because it is a much lighter codebase)
• Switch from mimalloc to hardened_malloc (or mimalloc built with secure flag). Sadly hardened_malloc is only x64 or aarch64
• Hardened sysctl kernel policy

What I want out of a secure Linux (or BSD) system is full (top-to-bottom) sandboxing of all components to enforce least privilege. I am want to learn how to make my own distro (most likely for personal use) which uses strong SELinux policies, in conjunction with syd-3 sandboxing, which seems like the most robust and feature rich, unprivileged sandbox in both the Linux/BSD worlds (also it’s totally in safe Rust from what i can tell).

Another thing that I would love to make is a drop-in replacement for Flatpak that is backwards compatible but uses syd-3 instead. It has much better exploit protections than Bubblewrap, and is actually an OOTB secure sandbox. I dont know much about the internals of Flatpak, or how to use xdg-desktop-portal, but I am going to start more simple with a Bubblejail alternative. One major advantage of syd is that you can modify an already running sandbox, so theoretical you could show a popup that says something like “App1 is requesting microphone access.”, where you could toggle on without needing to restart the app.

Need to get better at coding tho lol

If I had to guess, they probably don’t use the APIs, inside using scrapping of some sort.

Maybe a setup FIDO2 LUKS unlocking, but that requires a security key: https://www.privacyguides.org/en/security-keys/

You could setup LUKS TPM unlocking.

Yes, which is why i very much like what GrapheneOS does with Storage and Contacts Scopes.