This is a quality shitpost.

Hm… I struggle to picture what you’re trying to achieve…

If you are “making an app” as in coding one, you can just have it say ask for a pin in a window as part of starting up.

You suggest various encryption related solutions… what is your threat model? Do you want to make the identity of the app unknown to others? Normally, autkenticating users is the responsibility of the os/desktop environment, and it would be non-ideomatic for an application to bundle its own auth, except for apps such as a password manager.

If you want to make an existing system app privileged/secret in some way then that sounds awkward indeed. Normally you’d definitely be using user management facilities (e.g. dedicated users and sudo config) to achieve such a thing.

If you really do want to make the app “secret” in some sense you could achieve the same thing as with your mac using a combination of loopback block devices (see man losetup) with an encrypted luks volume inside… but depending on the app you might end up in dependency hell if it’s not statically linked.

ymmv 🙂

This is a good shitpost 💯

❤️

This is profound life advice much more than a shitpost.

If you’re the one making the tea and cleaning up afterwards then any feeling that you can’t have it is internalised oppression.

… Men ville det ikke bare være så meget sejere hvis vi allesammen bare var flydende på 8 sprog?

Right to repair often comes up as a remedy against software monopoly (think appstore/play/android/ios) because it implies being able to override the bootloader and OS.

The one major obstacle to a thriving OSS mobile market is a lack of compatible devices, because iphones and androids are locked down.

If you were actually free to do it you could easily (in a world where this market was allowed to develop) extend the life of an iphone 7 by 5-10 more years, even though apple has decided no longer to support it with software updates.

Wanna know what will save the children? Mandating that every OS grants its users the same levels of freedom and control that a FOSS one does.

That level of user enablement should be argued as constituting a higher standard of parental control than anything else on the market.

Why, sure.

… I’ll see myself out.

Rødgrød med fløde of course!

que?

Switched from Windows in 2002, did FreeBSD -> Gentoo -> Ubuntu -> Arch. Finally switched to NixOS in 2012 and never looked back.

The builtin isolation meant I never actually got properly acquainted with Docker until I switched jobs and had to use it.

Selfhoster on NixOS here too.

Nix (and operating services on a NixOS machine) is a learning curve, and even though tho project is over 10 years old now the semantic differences between the conventional approach to distro design/software development/ops is still a source of friction. But the project has come a long way and lots of popular software is packaged and hostable and just works (when you are aware of said semantic differences)

But when it works, and it often it does, it’s phenomenal and a very well integrated experience.

The problem in my exparience with using LLMs to assist is that the declarative nature of Nix makes them prone to hallucination: “Certainly, just go services.fooService.enable = true; in your configuraton.nix and you’re off to the races”. OTOH, because nix builds are hermetic and functional they’re pretty safe to include as a verification tool that something like Claude code can use to iterate on a solution.

There are some pretty good examples of selfhosting system configurations one can use as inspiration. I just discovered github.com/firecat53/nixos that is an excellent example of a modular system configuration that manages multiple machines, secrets, and self hosted services.

I pay for BitWarden, not so much because of any feature in their premium offering as that they are critical infrastructure for me and have acted consistently ethically. Also the annual Wikipedia and for a while Mozilla monthly. Way less than what I feel is deserving.

However, I have been working on building a social foss funding site where you set a total recurring donation amount which is then distributed by the Method of Equal Shares accordrding to weights you specify, ether manually or sourced from your os package manager.

Main benefits of that approach is that your budget is fixed, you can spread it over an arbitrary number of recipients, and priority is given to those that are more unique to you.

Would love to hear thoughts if anyone is interested. I hope to maybe test out an alpha version some time in 2026 if time permits.

Thanks for this, solid recommendation!