Jarkko Sakkinen
Posts
3561Following
214Followers
361
Jarkko Sakkinen
jarkko
Edited 1 month ago
Can OpenPGP signing key used also as Machine Owner Key (MOK) for signing kernel and modules by some means? That would be the most practical way as I have that always available in my Yubikey.
I can use my OpenPGP keyring to:
1. Sign tags for Linus.
2. Sign commits at work.
3. Authenticate to all SSH servers I have access to.
4. Authenticate to all Git repositories I have access to.
5. Right and manage my "root of trust" with pass: https://www.passwordstore.org/
I'm sure it must be applicable in a way or another also as MOK.
#linux #security #yubikey
I can use my OpenPGP keyring to:
1. Sign tags for Linus.
2. Sign commits at work.
3. Authenticate to all SSH servers I have access to.
4. Authenticate to all Git repositories I have access to.
5. Right and manage my "root of trust" with pass: https://www.passwordstore.org/
I'm sure it must be applicable in a way or another also as MOK.
#linux #security #yubikey
1
3
3
Jarkko Sakkinen
jarkko
The interface is a bit rough but Firefox actually has profiles just like Chrome. This from my work Thinkpad.
Have been converting once again to Firefox from Chrome only because I want to use at least the same browser in every platform and aarch64 has only Firefox (i.e. my Mac mini).
This is how I usually switch between Chrome and Firefox: a dead-end comes and I switch to the other.
Last time I switched to Chrome was because of broken WebMIDI support in Firefox, which now fully works with Novation hardware so the browser table tennis continues.
#firefox #chrome #ping #pong
Have been converting once again to Firefox from Chrome only because I want to use at least the same browser in every platform and aarch64 has only Firefox (i.e. my Mac mini).
This is how I usually switch between Chrome and Firefox: a dead-end comes and I switch to the other.
Last time I switched to Chrome was because of broken WebMIDI support in Firefox, which now fully works with Novation hardware so the browser table tennis continues.
#firefox #chrome #ping #pong
2
0
2
Jarkko Sakkinen
jarkko
Only issue I've had with Fedora 41 has been Signal but then I recalled this:
https://github.com/BarbossHack/Signal-Desktop-Fedora
Building RPM packages and installing them fixed all the issues.
#fedora #signal
https://github.com/BarbossHack/Signal-Desktop-Fedora
Building RPM packages and installing them fixed all the issues.
#fedora #signal
1
1
2
Jarkko Sakkinen
jarkko
"libLISA is a library for automatically discovering and analyzing CPU instructions. It relies on minimal human input: only a definition of CPU state and a CPU observer are required to be implemented."
https://github.com/liblisa/liblisa
https://github.com/liblisa/liblisa
2
0
0
Jarkko Sakkinen
jarkko
Fedora 41 upgrade ongoing. More worried when I do the same for Asahi Linux (because never upgraded it before).
0
0
0
Jarkko Sakkinen
jarkko
Took few hours to realize today that ZSH figures out from EDITOR with '*vi*' that you "want" different keybindings. So I unset that.
If I did ssh or tmux, CTRL+R stopped working. Looking at bindkey output, it was different in a nested zsh (find this out while running zsh inside zsh).
I think I also had to delete a file called '.zcomdump' or something (don't what it is actually and to be totally honest) and I still don't get why it had "unsmarted" key bindings when there was just one instance of zsh.
How do you disable ZSH AI features?
#zsh #ai #shell
If I did ssh or tmux, CTRL+R stopped working. Looking at bindkey output, it was different in a nested zsh (find this out while running zsh inside zsh).
I think I also had to delete a file called '.zcomdump' or something (don't what it is actually and to be totally honest) and I still don't get why it had "unsmarted" key bindings when there was just one instance of zsh.
How do you disable ZSH AI features?
#zsh #ai #shell
1
0
0
Jarkko Sakkinen
jarkko
What is the difference between clevis and systemd-cryptenroll, and why do they both need to exist?
Example: https://fedoramagazine.org/automatically-decrypt-your-disk-using-tpm2/
Uses both. Why? Also: how does dracut interact with these shenanigans?
#fedora #linux #systemd
Example: https://fedoramagazine.org/automatically-decrypt-your-disk-using-tpm2/
Uses both. Why? Also: how does dracut interact with these shenanigans?
#fedora #linux #systemd
0
1
1
Jarkko Sakkinen
jarkko
First time ever I've seen WebMIDI work in Firefox (for uploading firmware with SYSEX). Has been literally a lock-in to Chrome for me.
1
0
0
Jarkko Sakkinen
jarkko
I'm going to order this: https://www.ifixit.com/en-eu/products/iphone-se-2022-battery
In a repair shop it is 100% more expensive.
In a repair shop it is 100% more expensive.
1
1
2
Jarkko Sakkinen
repeated
repeated
Vegard Nossum 🥑
vegard@mastodon.socialWe don't have enough kernel memes on here, just doing my part
2
13
4
Jarkko Sakkinen
jarkko
Edited 1 month ago
What is this:
https://opensource.org/ai
"Open Source" is "Open Source AI"
OK, cool.
This must be then an AI:
```
int main(void) {}
```
For me this has an appearance of a scam, and it also reflects a recent outbursts such as e.g. this one from Microsoft:
https://www.techspot.com/news/103609-microsoft-ai-ceo-content-open-web-freeware-ai.html
Not pointing out to Microsoft here in particular. It was just so arrogant, obnoxious and ignorant take from Mustafa Suleyman that it carved to my brain forever.
IT giants have put way way way too huge stakes on top of the AI game board. There's also a strong motivation to compound "Open Source" and "AI" as interchangeable concepts to justify evil corporate tactics. Right from the get go OpenAI picked up a name, which misleads by implying "openness" (with no anchor to anything actually open).
Standards share no resemblance to this eye roll trick. I read them a lot as part of my work (the most recent was DWARF4 spec few weeks ago), and I know what a standard should look like, if anything.
This is not an opinion about AI way or another but I recognize a fake standard 100% when I see one, and this is as fake as it can ever get. It could be at worst interpreted as an attack against open source and free software governance, and the values that we believe in.
RT @fsfe
https://opensource.org/ai
"Open Source" is "Open Source AI"
OK, cool.
This must be then an AI:
```
int main(void) {}
```
For me this has an appearance of a scam, and it also reflects a recent outbursts such as e.g. this one from Microsoft:
https://www.techspot.com/news/103609-microsoft-ai-ceo-content-open-web-freeware-ai.html
Not pointing out to Microsoft here in particular. It was just so arrogant, obnoxious and ignorant take from Mustafa Suleyman that it carved to my brain forever.
IT giants have put way way way too huge stakes on top of the AI game board. There's also a strong motivation to compound "Open Source" and "AI" as interchangeable concepts to justify evil corporate tactics. Right from the get go OpenAI picked up a name, which misleads by implying "openness" (with no anchor to anything actually open).
Standards share no resemblance to this eye roll trick. I read them a lot as part of my work (the most recent was DWARF4 spec few weeks ago), and I know what a standard should look like, if anything.
This is not an opinion about AI way or another but I recognize a fake standard 100% when I see one, and this is as fake as it can ever get. It could be at worst interpreted as an attack against open source and free software governance, and the values that we believe in.
RT @fsfe
2
1
2
Jarkko Sakkinen
jarkko
Cheap #3D #printing services in the #EU region? I just need to print one a spare part that is not complex and #ThingVerse is feasible for acquiring the model.
3
2
0
Jarkko Sakkinen
repeated
repeated
Stéphane Graber
stgraber@hachyderm.ioThe CFP for the Containers devroom at @fosdem 2025 is now open! https://discuss.linuxcontainers.org/t/fosdem-2025-containers-devroom-call-for-papers/21956
0
12
1
Jarkko Sakkinen
jarkko
Edited 1 month ago
After four weeks doing Rust it became clear to me that LSP is quite useful sometimes, when you have to deal with a language that was not designed to be written by humans.
[That said: even less so by Copilot, Bob or Clippy]
;-)
I've managed mostly with vim and rusty-tags so far but to help with code exploration I installed vscodium. Seems to do the job since it has a vim emulation plugin and works together with rust-analyzer. And LSP does not work too well in terminal anyhow...
PS. This is the most useful documentation that I found on topic: https://bootlin.com/pub/conferences/2020/elce/opdenacker-using-vs-code-for-embedded-development/opdenacker-using-vs-code-for-embedded-development.pdf
[That said: even less so by Copilot, Bob or Clippy]
;-)
I've managed mostly with vim and rusty-tags so far but to help with code exploration I installed vscodium. Seems to do the job since it has a vim emulation plugin and works together with rust-analyzer. And LSP does not work too well in terminal anyhow...
PS. This is the most useful documentation that I found on topic: https://bootlin.com/pub/conferences/2020/elce/opdenacker-using-vs-code-for-embedded-development/opdenacker-using-vs-code-for-embedded-development.pdf
0
0
2
Jarkko Sakkinen
jarkko
Edited 1 month ago
I installed Asahi Linux to a 128 GB rootfs (out of 1 TB of internal storage). It is connected to a dock with an external 1 TB M.2 drive. Fedora sees this drive as /dev/sda.
Migrating the subvolume of /home was just a matter of creating a single all encompassing BTRFS partition to /dev/sda and then:
sudo btrfs device add /dev/sda1 /home -f
sudo btrfs device remove /dev/nvme0n1p6 /home -f
Now there is an airtight separation / and /home physically, and also they pool space only within their own cages.
Apple firmware supports only booting macOS from external storage, thus the rootfs must always reside in the internal storage, but I think this is already quite sustainable way to deal with it.
This bottleneck/policy can be mitigated but it does not pay the price. It can be overcome by installing macOS to an external storage and consuming internal storage in its full extent for Asahi Linux. Just mentioning this last for completeness ;-)
Encryption can/could be done by following https://davidalger.com/posts/fedora-asahi-remix-on-apple-silicon-with-luks-encryption/ with “a twist’ (since different partition/drive topology).
1
2
3
Jarkko Sakkinen
jarkko
US Ambassador to Finland's immediate reaction of Trump's win in 2016 while still serving 😅 #Trump #diplomacy
0
0
0
Jarkko Sakkinen
jarkko
my friends have started to bully me as "jarkko.js" (those are my name letters). did not came to mind when picking username for my github account duh...
1
0
2