Conversation
Notices
-
Embed this notice
LisPi (lispi314@udongein.xyz)'s status on Thursday, 20-Nov-2025 11:14:55 JST 
LisPi
The use of a tmpfiles.d config with a tmpfs is reasonable.
Defaulting, on desktop distributions, to /tmp being a tmpfs however isn't.
Programs and users frequently mess with things that won't fit in memory in /tmp-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Nov-2025 11:14:53 JST 
Rich Felker
@lispi314 I haven't hit that in a long time. Things don't generally make gigantic temp files in /tmp anymore.
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 20-Nov-2025 11:15:54 JST 
Haelwenn /элвэн/ :triskell:
@dalias @lispi314 Plus swap is a thing, so even with tmpfs it can still go to the disk. -
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Nov-2025 11:36:46 JST
Rich Felker
@lispi314 @lanodan Yeah, having large amounts of swap is a rather bad idea on modern systems. Really you just don't want large temp files, and thankfully not much tries to make them anymore.
-
Embed this notice
LisPi (lispi314@udongein.xyz)'s status on Thursday, 20-Nov-2025 11:36:48 JST
LisPi
@lanodan @dalias That fails on two accounts though.
It assumes either sufficient swap (no such thing is guaranteed) and also that the tmpfs wasn't mounted with an insufficiently large limit. The distros typically mount it with a limit of <1GB. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 20-Nov-2025 11:42:11 JST
Haelwenn /элвэн/ :triskell:
@dalias @lispi314 Yeah, I think only few that might still do is like Firefox when it downloads a file and passes it to another program, those files can be pretty big (specially if tmpfs is limited to 1GiB).
That said I feel like they really shouldn't be using /tmp for this anyway and more like XDG_CACHE_HOME (defaults to ~/.cache). -
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Nov-2025 11:45:59 JST
Rich Felker
@lanodan @lispi314 I haven't enabled that functionality for a long time. I deem automatically invoking other programs with something downloaded from the web to be a serious security issue, and on top of that, if the file is large, you end up re-downloading multiple times because the temp file gets deleted, or you accidentally edit the temp file then it gets deleted. Just always download and open separately and intentionally and this is a non-issue.
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 20-Nov-2025 11:47:33 JST
Haelwenn /элвэн/ :triskell:
@lispi314 @dalias Well ~/.cache goes to tmpfs here but as it's hierarchical it allows to have specific programs not in the tmpfs.
(Although mostly to workaround completely broken ones that are using cache to store things like tokens)
-
Embed this notice
LisPi (lispi314@udongein.xyz)'s status on Thursday, 20-Nov-2025 11:47:35 JST
LisPi
@lanodan @dalias *Starts timer until distros start mounting that as a tmpfs* -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 20-Nov-2025 11:48:33 JST
Haelwenn /элвэн/ :triskell:
@dalias @lispi314 Yeah, same there but that's not how most browsers works by default. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 20-Nov-2025 11:51:33 JST
Haelwenn /элвэн/ :triskell:
@lispi314 @dalias For example with ~/.cache/${appname}/ being a symlink.
And an application which would drop into ~/.cache directly ought to be seen as a policy violation, meanwhile /tmp is by definition a dumpster.
-
Embed this notice
LisPi (lispi314@udongein.xyz)'s status on Thursday, 20-Nov-2025 11:51:35 JST
LisPi
@lanodan @dalias > hierarchical it allows to have specific programs not in the tmpfs
Eh? What do you mean? -
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Nov-2025 11:57:15 JST
Rich Felker
@lanodan @lispi314 If that happens by default I think it must be something sketchy desktop environments are setting up, because I haven't seen it. IME, clicking on a link to anything that Firefox itself can't display opens up a prompt to save it or starts a download if you have it set to automatic downloads without a save-as dialog.
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 21-Nov-2025 10:52:39 JST
Haelwenn /элвэн/ :triskell:
@lispi314 @condret QubeOS is more the issue that Linux containers aren't really isolated enough, while I'm pretty sure it would literally just be containers on illumos. -
Embed this notice
LisPi (lispi314@udongein.xyz)'s status on Friday, 21-Nov-2025 10:52:40 JST
LisPi
@condret @lanodan Even without the losses from inefficiency due to QubesOS' architecture (full Linux-based VMs suffers from questionable decisions in UNIX's entire existence as a paradigm), I actually do legitimately use that much on a frequent basis.
I'm ignoring the gaming for the sake of "frequently using" counting because if they did the optimization work probably it would likely require much less than that and it's proprietary software on a dedicated machine. -
Embed this notice
Hildegunst von Mythenmetz of programming (condret@shitposter.world)'s status on Friday, 21-Nov-2025 10:52:41 JST 
Hildegunst von Mythenmetz of programming
@lispi314 @lanodan most people won't use that memory, so just make it tmpfs. 16GB is an excessive amount of ram -
Embed this notice
Hildegunst von Mythenmetz of programming (condret@shitposter.world)'s status on Friday, 21-Nov-2025 10:52:42 JST
Hildegunst von Mythenmetz of programming
@lispi314 @lanodan most people nowadays have 16+GB of ram, 2GB for tmpfs isn't too much to ask for imo -
Embed this notice
LisPi (lispi314@udongein.xyz)'s status on Friday, 21-Nov-2025 10:52:42 JST
LisPi
@condret @lanodan That's memory that could be used for better/more interesting things.
Especially when one happens to have cheap HDD-backed scratch-space to mount /tmp onto.
When one is using SSDs, the spurious increase in write wear can make it preferable to use a tmpfs indeed. -
Embed this notice
LisPi (lispi314@udongein.xyz)'s status on Friday, 21-Nov-2025 10:52:43 JST
LisPi
@condret @lanodan I provide no swap to my VMs besides zram (same for my physical machines, I'd rather not waste write cycles or IO throughput), which I set frequently below 1GB.
Little more RAM than that, too (roughly no more than they need).
Meanwhile they have considerably more persistent storage. -
Embed this notice
Hildegunst von Mythenmetz of programming (condret@shitposter.world)'s status on Friday, 21-Nov-2025 10:52:44 JST
Hildegunst von Mythenmetz of programming
@lispi314 @lanodan that limit feels antiquated -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 21-Nov-2025 11:08:32 JST
Haelwenn /элвэн/ :triskell:
@lispi314 @condret microkernels are 100% irrelevant to this, it's not a problem of where the drivers and related are present.
In fact I'd put it as the *worse* case scenario for microkernels because for a desktop target like QubeOS you'd need even more IPC than usual.
Also there's a ton of Unixes with a microkernel, although they tend to just be for embedded / handheld instead of desktop, like I don't think anyone uses QNX on a desktop, specially since it got acquired by Blackberry. -
Embed this notice
LisPi (lispi314@udongein.xyz)'s status on Friday, 21-Nov-2025 11:08:33 JST
LisPi
@lanodan @condret Well, the thing is that if instead the architecture was say... microkernels, then secure formally verified implementations of relevant servers could be kept in dom0 or just in their own address space, and *exclusively* what the isolated module actually uses would be using up memory. None of the rampant duplication I've got going right now.
(Ballooning is not to be trusted for a number of reasons related to memory safety and arbitrary access, so I don't use it, which also means a larger memory footprint for VMs since I have to ensure they have enough memory to do the job.)
Add a different program model based on capabilities and language-based security (memory safety & no raw memory access means that static allocation is no longer necessary, shrinking memory requirements as low as they can go) and you can *safely* deduplicate further still.
But all of that is very labor-intensive and would imply writing an entirely new OS/system from scratch, which QubesOS doesn't do.
-
Embed this notice
All GNU social JP content and data are available under the