I can explain the difference between X11 and Xorg with an analogy to the web and web browsers: X11 is like HTTP, Xorg is like the Chrome browser. X11 is the protocol, Xorg is software that implements that protocol.

X11 is old, it was designed back in the 1980s and includes messages for drawing lines and circles and fonts on the screen. Also, back then there were a lot of "thin clients", computers that were basically nothing but a browser, since graphics were computationally expensive and could not be done on the client computer, graphics rendering was done server side. There are lots of messages in the protocol for handling screen updates over a computer network.

Nowadays, all personal computers are powerful enough to render their own graphics, and no one needs the display server to draw individual lines or circles on screen. Vector graphics and fonts are done at the application level, not over the network. So these these messages specified in the X11 protocol are hardly ever used. Really, most of X11 (let's say 90% of it) is not used at all, only the parts where the keyboard and mouse are defined, and how you can allocate memory to buffer a graphic and copy that buffer to the display. But you still need to maintain the Xorg software to handle everything that X11 specifies, and this is just a waste of code, and a waste of time for the code maintainers.

So basically, they decided about 10-15 years ago that since no one uses most of X11, let's just define a new protocol (called Wayland) that only has the parts of X11 that everyone still uses, and get rid of the 90% of it that no one ever uses. Also, the protocol design takes into account the fact that most modern computers do all of their own rendering rather than calling out to a server to render for them. Also the Wayland protocol design takes into account that a lot of computers have graphics cards for accelerated graphics rendering.

Since the Wayland protocol is much simpler, it is easier for anyone to write their own software which implements the protocol, these software are called "compositors." Finally, 10 years after some of the first implementations of Wayland, the protocol and compositors are becoming mature enough that they can be used in ordinary consumer PCs.

No, it is because people in the Linux community are usually a bit more tech-savvy than average and are aware that OpenAI/Microsoft is very likely breaking the law in how they collect data for training their AI.

We have seen that companies like OpenAI completely disregard the rights of the people who created this data that they use in their for-profit LLMs (like what they did to Scarlett Johansson), their rights to control whether the code/documentation/artwork is used in for-profit ventures, especially when stealing Creative Commons "Share Alike" licensed documentation, or GPL licensed code which can only be used if the code that reuses it is made public, which OpenAI and Microsoft does not do.

So OpenAI has deliberately conflated LLM technology with general intelligence (AGI) in order to hype their products, and so now their possibly illegal actions are also being associated with all AI. The anger toward AI is not directed at the technology itself, it is directed at companies like OpenAI who have tried to make their shitty brand synonymous with the technology.

And I haven't even yet mentioned:

• how people are getting fired by companies who are replacing them with AI
• or how it has been used to target civilians in war zones
• or how deep fakes are being used to scam vulnerable people.

The technology could be used for good, especially in the Linux community, but lately there has been a surge of unethical (and sometimes outright criminal) uses of AI by some of the worlds wealthiest companies.

I don't understand this guy's argument at all. First of all, he isn't using any shell that I know about, he seems to have invented his own, and the command line arguments he uses are specific to his own shell. He doesn't explain how these command line arguments work in terms of POSIX system calls, so I can't follow along with what he is actually doing. As far as I can tell, these are security issues with his own software, not with Unix or Linux.

If you are worried about file mutability, you can use ZFS or BTrFS or BCacheFS. All of these filesystems have a snapshot function, so if any changes (e.g. file encryption by ransomware attackers) are made you can reboot and roll back the changes, unless the attackers figure out a way to get root access and delete your snapshots. But if an attacker has gained root access to your computer, that is a much more serious issue and not really in the scope of filesystem security or file mutability.

The snapshot and rollback feature also exists in NixOS and GuixOS, where your operating system kernel and all software installed is part of a snapshot that can be rolled back, if the system becomes unbootable, you can rollback from within the GRUB boot loader. Again, all software installation is managed by a service that runs for you at root level so you never need sudo to install software, and the software you install never effects any other user or the operating system. So the only way to hack this is to gain root access and alter the content of the Guix or Nix "store" database with malicious code, but again, root access is a much bigger issue than what we are talking about.

So yeah, the argument stated in this video makes no sense to me.

Yes, it is mostly appliances, but an (informal?) stated goal of NetBSD is too run on all computing hardware.

• FreeBSD = user-friendly free Unix (plus ZFS and jails 😀)
• OpenBSD = very secure free Unix (no ZFS 🙁 but has the VMM hypervisor 😀)
• OpenIndiana = user-friendly free Unix that runs old Solaris software (plus ZFS and zones 😀)
• NetBSD = runs on any computer chip ever built within the past 40 years (some ZFS support, but no zones, jails, or VMs 🙁)

Naturally, that makes NetBSD a good choice for appliances, especially ones that might only have limited memory.

(Here is a quick explainer on the difference between Jails, Zones, Containers, and VMs)

EDIT1: someone pointed out to me that ZFS is not supported on OpenBSD. Sorry about that everyone.

EDIT2: there is a ZFS driver for NetBSD

So usually people do install Linux software from trusted software repositories. Linux practically invented the idea of the app store a full ten years before the first iPhone came out and popularized the term "app."

The problem with the Mullvad VPN is that their app is not in the trusted software repositories of most Linux distributions. So you are required to go through a few extra steps to first trust the Mullvad software repositories, and then install their VPN app the usual way using apt install or from the software center.

You could just download the ".deb" file and double click on it, but you will have to download and install all software security updates by hand. By going through the extra steps to add Mullvad to your trusted software repository list, you will get software security updates automatically whenever you install all other software updates on your computer.

Most Linux distros don't bother to make it easy for you to add other trusted software repositories because it can be a major security risk if you trust the wrong people. So I suppose it is for the best that the easiest way to install third-party software is to follow the steps you saw on the website.

So I think Guix (and Nix) is the most technologically advanced package manager in existence, and I hope someday all package managers work like Guix.

One other very interesting feature about Guix ~~(which I don't think Nix is doing yet)~~ (which Nix also does) is that they have implemented a fully verifiable bootstrap, meaning every step of building the kernel, including the steps taken to build the C compiler toolchain, are produced by code that is simple enough for a group of humans to check for correctness and safety. Also, every step of the build process exists in the package repository, with no reliance on externally built binaries for anything, not even the C compiler toolchain. They accomplish this with a multi-phase bootstrap process, where a smaller, simpler C compiler is used to build GCC.

Do I use Guix? Well, no. Simply put, it is not quite to the point where it just works on a lot of the computer hardware that I own. With a bit more work, with a few more developers, and a bit more money invested, Guix could pretty soon become as reliable and useful as Debian or Fedora. But it is not quite there yet. And frankly, I have other more important things to do than worry about debugging problems with the operating system I am using.

Non-gentoo user: “Welp, Gentoo is now just another Arch fork LMAO!”

To be fair, you can still build packages and fine-tune the builds with the Emerge system flags, which is sort-of Gentoo's killer feature. It is just that they have recognized that most people will install probably 99% of all software without changing the default flags, and so why not give them those packages pre-built.

So I guess this make Gentoo more similar to Nix OS or Guix OS but without the high-tech package manager and dependency resolution.

It can even start the receiving daemon if it is not yet running.

We have a tool for that, it’s called an init system.

The init system is for trusted system services that can talk directly to hardware. Unless you are working on a single-user system with no security concerns of any kind, you might consider using init to launch persistent user land or GUI processes.

DBus is for establishing a standard publish/subscribe communication protocol between user applications, and in particular, GUI applications. And because it is standard, app developers using different GUI frameworks (Gtk, Qt, WxWidgets, FLTK, SDL2) can all publish/subscribe to each other using a common protocol.

It would be certainly be possible to establish a standard place in the /tmp directory and a standard naming scheme for sockets and temporary files so that applications can obtain a view of other running applications and request to receive message from other applications using ordinary filesystem APIs, but DBus does this without needing the /tmp directory. A few simple C APIs replace the need for naming and creating your temporary files and sockets.

5-E's maybe:

• Embrace
• Extend
• Exploit
• Extinguish
• Enshittification

I also wrote a blog post on it,

I wouldn't worry too much about the package manager, just worry about whether the distro has a good package repository. If it has all the software you want to use, then use it. In my opinion, most package managers (dnf, apt, pacman, xbmp) are basically the same, and you would only notice a big difference if you ever tried to make your own package for your own software.

That said, a few package managers are very different from all the rest:

• Crux OS "prt-get": simple and stupid: just downloads and installs tar archives.
• Gentoo "emerge": builds all software from source code when you install it. This provides some guarantees that the source code was not tampered with by the distro maintainers, this is great if you need to review all of the source code that is running on your system, but terrible for most people who don't want to spend so much computing power on compiling stuff every time you do a software update.
• Nix and Guix: creates its own blockchain-like database of isolated package dependency chains on your system, allowing you to instantly roll-back to the previous set of installed packages if you ever install something that breaks your system. It also guarantees that the software can be checked bit-for-bit (using SHA hash) traced back to the exact version and dependencies of the source code that built it. Nix and Guix packages also live peacefully side-by-side with any other package manager since all Nix/Guix apps are completely self-contained within its own database. In a way, it is sort of like one big AppImage or Docker container, but you can just keep adding or removing stuff to it as often as you want.
• Silverblue, SteamOS, VanillaOS, BlendOS, CarbonOS: distributes "immutable images," so it is impossible modify the operating system at all. Updates will ship an entirely new operating system with all packages built-in. However you are allowed to install software into your home directory, and you can install FlatPacks and AppImages. This provides a great deal of security in exchange for a tiny bit of inconvenience.

My personal preference: I use ordinary Debian or Ubuntu to install the critical software that needs to be stable and reliable, and I use Guix OS on the side to install the bleeding-edge things that might break a lot.

Applications without source code don't exist.

Oh, they meant, "you should have the source code to the applications you use." Well in that case, good call on them.

You mean, there are still websites that don't auto-detect what OS you're running and make you actually choose?