TLDR: OpenFGA supports recursive nesting - you can find many examples (e.g. GDrive) of that in the sample stores repo [1] and the documentation.
For your case:
> "User C manages User B, who owns Object A."
In the model, that is represented by:
```
model
schema 1.1
type user
relations
define manager: [user]
type folder
relations
define owner: [user]
```
So:
- Object A is owned by User B.
- User B is managed by User C.
- User C is managed by User D.
These can all be expressed as tuples:
```
- user: user:D, relation: manager, object: user:C
- user: user:C, relation: manager, object: user:B
- user: user:B, relation: owner, object: folder:A
```
> "User D should be able to view Object A, because User D manages User C, who manages User B, who owns Object A."
The model would become
```
model
schema 1.1
type user
relations
define manager: [user]
define managed_by: manager or managed_by from manager
type folder
relations
define owner: [user]
define can_view: owner or managed_by from owner
```
Notice how on the folder, you cannot say `manager from manager from owner`, but you can model your way around it by adding the `managed_by` relation on the user.
You can play with this sample on the FGA Playground here [2] (give it any name to continue, note that this is publicly viewable/editable). Your use-case is similar to the expenses sample [3]
Another option the docs is warning you of is that in order to use a relation as the base of a `from`, it MUST be just a directly assigned type, for example the below is not allowed as owner has redirects (or manager from owner), so cannot be used as the base of a recursive from
```
type folder
relations
define owner: [user] or manager from owner
define can_view: owner or manager from owner
```
but as you saw above, you can work around it with modeling slightly differently to reach the desired solution
In case it is easier for you, feel free to ask on our Discussions page or CNCF channel [4] as they render markdown a bit better than here on hn.
As for other AuthZ frameworks that support recursion, most of the Zanzibar[5][6] inspired ones (like what OpenFGA is) do, in fact it's one of the strong suits of a Zanzibar inspired approach to AuthZ.
For audiobooks, instead of pirating I would recommend https://libro.fm - you can buy them DRM free and they donate part of the proceeds to your library of choice.
Firefox has been doing that for a long while too. It recommends going to the already open tab but you can ignore that and open a nee tab anyway if you wish.
> it uses a CRTC vblank deadline based approach to postpone posting KMS updates until as late as possible, and uses this method to achieve lower latency cursor movements, as well avoiding potential cursor stutter when the main thread is too busy to manage completing a frame in time.
Mouse movements no longer happen on main thread.
And the RT KMS thread delays posting the update until just before a deadline, to make sure the mouse is samples at the last possible moment! What a neat & straightforward & simple hack, sampling late. I'm sure this kind of stuff is what Good game devs have been doing for decades but still amazes me to read this.
Yep in gamedev it's called frame pacing. If you have a 16 ms frame budget and you know rendering will take about 4 ms, you can sleep for 10 ms, sample the latest possible inputs, and kick off rendering just in time to make the deadline.
If you estimate wrong, you start missing frames. If you don't do any frame pacing, the game always has a little bit of preventable input lag.
I only learned about this a couple years ago, but I think I felt it years ago - One of my games just seemed to feel better with a 10 millisecond sleep right after I submitted each OpenGL frame. In a world where you can't control hardware and OS lag, that 10 ms of free lag reduction is wondrous.
Non-Americans should not, and usually do not believe either. It's funny when Republicans/Democrats treat either as reputable.
They're politicking 101 made into 24/7 news media panic.
They're both charlatans and peddlers of lies and cheap tricks; they engage in propaganda and employ journalists who seem to believe that they're anything other than foot soldiers to stir up the masses against XYZ.
Everyone knows Fox News is trash, it's laughable when some continue to argue that CNN isn't.
Where XYZ can be anything, depending on which way the wind is blowing, sometimes it's each other, sometimes it's internal to the US, sometimes it's external
I mean, to follow that analogy, yeah people absolutely should abandon their families if the families are out there actively murdering innocents.
The person saying that they're only staying to murder with their families because they care about them is not a redeeming quality, and they should definitely be held accountable and not excused for their crimes.
For the record, I consider any armed person outside their home country should be considered as a terrorist and a militia and treated as such. There is no reason someone from country A should be carrying a weapon in country B and attacking people there. This is 100 times even more valid when country B has not authorized this.
I agree, but the world just isn't this simple. It's not about murdering with you family- it's about protecting your family. Kids I knew that went to Iraq were the protective types, not murderous. People can enlist in the military with the intention of protecting their country only to be ordered overseas caught up in some bullshit war. Historically, drafts were the main reason. And no man is an island, so whatever situation pulls one person in, is bound to ripple through other people's lives and pull others in as well.
> I consider any armed person outside their home country should be considered as a terrorist and a militia
I mean, there are situations like hostage crises where foreign countries send in soldiers that I think are completely justified. But, I agree, in general. Our foreign policy has been fucked since the CIA started after WWII. I'm just grateful I never had to fight a war- chances are I would've being born in the last couple hundred years
Or the US semiconductor industry
> Most of the money is going into industry and supporting industry investments. Of the $52.7 billion in subsidies, the bulk of that will end up going to private companies. (https://www.scientificamerican.com/article/nearly-53-billion...)
Of course there's more examples for almost any country.
I'm not debating your conclusion. I think it is spot on. I am calling out the tone though as if this was not the norm for all the mega corps/mega industries.
I can't believe I'm on the side of Facebook on this one.
The problem is "nations" don't represent the people in those nations, and those in power are just as capable as big tech in to relying on scare tactics and duplicitous messaging and misleading the populace in order to push forward their own agendas.
Fighting encryption has nothing to do with "saving the children", no more than all the misguided disastrous crusades against one thing or another over the past 50 years have been about saving the children.
I come from a place where in the 2000s the religious institutions through a hissy fit about certain music and subcultures and how they must be suppressed in order to "save the children". Fighting encryption may not be religious in nature but is born out of the same need for power and control.
> The problem is "nations" don't represent the people in those nations
The hell they don't! And who are bigtech companies to decide who the legitimate leader or a nation is? Whatever government is recognized by your government as legitimate gets to call the shots over those people. Democracy is not a human right, and even if it was it is democratic nations that are demanding this to the most part. You don't get to claim you are really fighting for the people when you have no legitimate reason to make that claim. Even if the people wanted privacy at the cost of more harm to their fellow man, the people need to use the law to enforce that, either you have the rule of law, the rule of man or the rule of criminals.
I'd be much more interested in the Linux situation on this laptop. Most of the UI applications I use casually or CLI apps are available on ARM (I have them running fine on a Pinephone, so the experience on a laptop will only be better).
But not sure how the dev workflow would be: Podman, IntelliJ, Sublime Text, etc.. And some casual stuff like Calibre, Thunderbird, Joplin.
Oh and how much would the battery life improvement be. I already get 4~5+ hours on my 5 year old Thinkpad, so an improvement to 6 hours is not really worth it.
How is the BIOS and openness on these systems? I always heard the arm laptops are way more locked down than the x86 ones.
When I last checked, the mainline kernel support for the 8cx was EXTREMELY limited. Having messed around with lots of ARM based devices on Linux in the past, I would not bother with this one. Especially given that rather unimpressive battery life.
I'd love a modern ARM based Linux laptop, but I also know that unless it's got mainline kernel support or a dedicated Linux friendly vendor (like Pine) behind it, it's lifetime and updates are going to be extremely limited. And that doesn't even consider graphics API support, which will have an impact on rather basic things, such as YouTube video playback.
Honestly, the only viable ARM laptop with good battery life and modern day performance is an Apple MacBook Air or Pro, which has a very impressive community project behind it. But even that is still incomplete and might peter out if some key figures burn out or become uninterested or preoccupied with for-pay work or whatever.
> When I last checked, the mainline kernel support for the 8cx was EXTREMELY limited.
Is that the case? I would've thought the devices present in 8cx are similar to the other Snapdragon 8 series which would probably be well supported upstream? Or do they linger in a GKI tree before landing upstream?
Maybe the exclusivity between QCOM/MS is mutual and they'll be able to partner with vendors like Canonical in the future.
Personally - I would love an XPS13 ARM linux laptop, hopefully Dell decides to jump on the bandwagon. I have owned i5/i7 XPS13s for several years now and am looking forward to ARM if they can make one that performs well.
Some 8xx series are well supported, but mostly 835 and 845. QC does release better quality sources for mainlining AFAIK, but I haven't seen any efforts related to newer chips land.
Same where wondering if it performs the same/better under Linux. I imagine the battery life could be better under Linux based on my experience with Windows 11 on my own laptop, I mean, the fans don't even spin up that often under Linux unlike the near constant fan chorus Windows gives me.
Also, a computer without a single fan so I can comfortably use it on my bed? With possibility to replace it's SSD? It sounded a lot like my next laptop.
I have had both experiences. The base system for Linux will be great for battery life (has been ruthlessly optimized for power savings by the biggest companies in the world), but some of the desktop software on top will brutalize your battery.
I've experimented a lot (mainly on Fedora) and the biggest offenders are browsers, but also sometimes Gnome gets in a bad state and eats up a lot of CPU. It's often gjs eating CPU so it may be an app I'm leaving open or even an extension. I've tried to narrow it down but haven't fully figured it out yet.
But, if you keep only a small number of tabs open and close everything you aren't using, battery life on Linux can be really great.
> has been ruthlessly optimized for power savings by the biggest companies in the world
It has been ruthlessly optimized to save power for servers with greatly documented hardware structures.
It has not been optimized for Desktop OS, for Bluetooth, Sleep, WiFi, graphics card power saving etc.
I am a tab zero guy, for the record. I've been using computers since Windows 3, so I'm very sensitive towards intensive processes.
My wife can watch netflix on her (5 year old) Macbook for hours. I lose 13% battery life on one episode. I leave my laptop on sleep off the charger, and it is dead sleeping after a few hours. Linux users may hack their way to lower battery usage, but they still do not have it like Mac does.
You must simply leave it on the charger and turn it off when you are done. They are portable desktops.
A big difference in battery life comes down to hardware acceleration in your browser which depending on hardware,browser, and version may not be enabled.
i've clocked ~8 hours of media time with a T420s with an ultrabay battery and tlp/powertop reporting an average of 6-8w during the process. Regular battery + the extra ultrabay battery put the capacity up to about 7.7Ah; about the same range of battery capacity as a newish macbook pro.
a t420s is a very old core machine at this point. I would suspect the same conditions with a similar amount of battery with a modern processor could do a lot better; but i'm getting too old to sit in front of a screen for 8+ hours of media time, honestly -- and lately with USB-PD and power banks I have been skewing towards buying ultrabook style laptops and accessorizing via USB3 rather than with proprietary expansion slots.
I don't know what the media time on something like a laptop with an N100/linux + a powerbank, but I suspect it'd be quite a long time.
What does your `top` say? What does your browser's performance tool (e.g. `about:performance`) say?
I went from a constantly-overheated Linux laptop to a completely calm Linux laptop, on the same hardware, distro, and DE. Checking for unnecessary processes that eat CPU, spurious ACPI events, overly-heavyweight browser tabs goes a long way. Making sure the browser uses hardware support to play YouTube is another heavyweight.
It takes some time, but much less time than I had expected.
So the Mac has battery saving built in to the OS. You are doing a lot of reverse engineering to achieve something other software/hardware does automatically.
And to be specific, I suffer from bad hardware/software communication. On a linux laptop, no less (System76, which I would never recommend). Linux S3 sleep is not hardware sleep, I lose a lot of battery there. WiFi and Bluetooth connectivity either has to be battery draining or have poor performance.
The battery my laptop has itself is also too small, and could only get moderately good life if it had an optimized OS anyway. Again, a Linux-first laptop.
I am sure if I switched to a Lenovo with a big battery that I would be better off than I am now, so I'm also complaining a bit about my hardware. But the problem is still there.
With Apple M2 paired with an OS designed for it, with high end batteries and screens, I don't see any pairing of (laptop) hardware and software competing, on a fundamental level. Every other system is second class.
Edit: ACPI events is the key word here, and it is not worth anyone's time to wade through that garbage to get sane laptop performance. The ACPI stuff isn't even designed for end users to alter, and it is hacked together due to all the hardware variations out there. It is simply doing the best job it can, on average.
There's kind of an implicit lie when people say linux works on laptops at all. It works on MOST laptop configurations in MOST functions. But it BARELY works in others. You find this once you dig sufficiently deep enough.
I run the OS of my choice on hardware of my choice in a way of my choice (that is, not Debian, Ubuntu, or Fedora). The small amount of tweaking I have to do to get the experience tailored for me personally is completely worth it, besides other, less tangible benefits like "free as in freedom".
If I were fine with someone else making all these decisions for me, because making them myself is more painful than accepting someone else's not entirely comfortable decision, I'd go for an Apple device, no doubt.
Tweaking the OS to play nicely with particular hardware is key. Apple are very good at it. I suppose e.g. System 76 also tweak Pop OS to run especially smoothly on their hardware. Linux is very much ready for that: when I worked at Google (2011-15), I had a Linux laptop with a Google's internal variety of Ubuntu, adapted to a relatively few hardware models they used as desktops and laptops. It worked basically flawlessly, and my T420 had like 6 hours of battery runtime browsing and coding. All I had to customize was the GTK theme and such.
Maybe something like "tweak packs" that adapt Linux to some very specific widespread hardware could be a hit.
Based on my experience, I can tell you the grass is not greener on the other side.
Forced to use Mac for work, the previous Macbook Pro would lose charge _while plugged in_! The battery goes empty, it shuts off and I wait for it to recharge while off.
They recently changed mine to an M1. Battery is much better than the previous generation and could be good, so long as you're not using it for anything. As soon as the IDE/Zoom/Docker/what have you spins up, it loses charge. It is slower at loses charge while plugged in, but so long as you are not using it except for note taking, I would not trust away from a power source.
If I don't have a power source nearby, I turn everything off and switch my dev workflow to Sublime to prolong the battery.
I don't have to suffer any of these shenanigans under Linux. Granted, I have a Thinkpad, which has great Linux support, so that definitely helps.
Sounds like defective devices. Haven't had a single issue like that on any of our fleets. (mixed T2, M1, M2 devices, around 210 per fleet, around 7 fleets in 3 different countries)
Usage (varies over time...): software development (JetBrains, NetBeans, VSCode, Sublime, vim), google meet, slack, rancher desktop, docker desktop (being phased out), capture one, creative cloud, OBS, virtual desktops for local testing.
We have had self-discharge on HP ProBooks and EliteBooks but that was due to a bad USB-C implementation and was fixed with third-party chargers. Some older Dells had it too, but that was with dual power input (USB-C and classic barrel) and switching over to the legacy chargers didn't have that issue. Those run a mix of Windows and Linux.
...yeah, I was wondering that too. This seems like a job for a Gentoo system, compiled from the ground up with "-march=native". Would love to know how that would turn out performance-wise, in comparison to Windows.
There's also KISS Linux, which I find quite approachable compared to Gentoo. I know, sounds totally backwards, but I think it's really cool how simple it is to manage your repositories and make your own packages. And yes, you recompile the whole system with `-march=native` during the install process :)
I use a pinebook pro (same company as the pinephone). Sublime works a treat. So does thunderbird, calibre.
Intellij doesn't have aarch64 Linux distributions, you can kind of hack it together it's completely unsupported. Not sure about Joplin but I expect it would be ok (I think it's electron based? VS code works ok too).
Re locked-down: pbp can run many different Linux variants, and boots with tow-boot bootloader. Hopefully that would support ThinkPad to, but I don't know.
I think some of the aarch64 laptop have landed in the Linux kernel source tree.
I am currently using a C630 laptop wich could be considered a predecessor to the discussed model ( with an anemic 4GB of RAM), and following up some botched Windows update (Windows recovery put the system in a worst place). I decided to take the plunge and install Linux.
Hardware support is rough, and depends a lot on firmware file you would need to salvage from the windows partition.
So far without these files, among the most necessary stuff I would like to have.
- Wifi, I a coping with a wifi dongle, wich mean I am out of one of the 2 usb-c ports
- Sound ( usual linux problem, worked around the issue, with another dongle, or Bluetooth audio)
- External display support (worked on windows)
Otherwise, linux experience is leagues ahead of Windows, in terms of boot time and responsiveness.
Battery life is great for my use ( mainly write python and C code ). And far as battery life improvement, your mileage can vary, I haven't timed mine yet but can try and will report in a week about it (maybe you ca give me aome pointer to simulate the usual load your would put it through).
- podman work great
- sublime text run as smooth as it is on x86-64
- bios is an UEFI and I dont think it required a signed bootloader, although updating the setting to boot grub was not as straightforward.
- I am mainly using Wayland, with most of the caveats associated to it (Firefox does flicker a lot, so I am mainly using chromium)
On the most annoying side, I don't know if there is a way to configure the lid action, as it put the laptop on standby.
I would recommend, if only for the gain in thinness and if you are traveling a lot with your laptop.
Thanks for that! Probably in a couple of years, as my laptop is still serving me well enough for now. It's also pretty light and still has good battery, so not a ton of benefit there.
If the battery life was doubled (~8+ hours), that definitely would be more intriguing.
But ouch, hadn't had WiFi or sound issues on Linux since the 2009~2010 era, will not be fun to get back to that, though hopefully in a few years as the drivers mature, this would become less of an issue.
> On the most annoying side, I don't know if there is a way to configure the lid action, as it put the laptop on standby.
Even when an external display is connected? That's got to be annoying!
* Battery Life. ~6/7 hours max as it currently (linux-x13s 6.4). There is a lot of room for improvement, which will happen as more people tune/tweak.
* Performance. Honestly, the only noticeable issue is lzma2 compression. It's ass slow, even when using 8 threads. Other then that- Gnome (Wayland), CLion, Firefox, and Rust have no issues. I can't think of any performance issues when comparing it to my HP 14t-ea000, which is a 11th gen i7.
* Stability. Firefox occasionally crashes and I've not done enough digging to file a ticket on it yet. The WiFi Drivers crash on suspend (https://bugzilla.kernel.org/show_bug.cgi?id=217239) but it's being worked on. The GPU crashes on startup but recovers. Going to file a kernel report on this one when I get around to it. I'd put it at 95% of what I'd expect on my x86-64 laptop.
Camera doesn't work (yet), as well as some of the other GPU features. BIOS is limited, and boils down to full access to the security options as well as the to-be-expected Lenovo keyboard options. There's a "beta" Linux boot option, but I didn't need that when I first installed linux. Actually, I'm not sure what I'd want exposed in the BIOS that's not already there. Memory Overclocking?
It runs cooler than my HP, which runs on the hotter side. Port selection is limiting, but having a 5G Modem is cool. Arch has almost all of their packages cross compiled to arm64, and I've not run into an issue where there was a package I needed that wasn't there.
TL;DR. A Very functional laptop. I've started using it as my primary laptop, but still carry my HP with me if I'm traveling somewhere. Give it a few months for the kernel issues to be ironed out and it'll be a very nice laptop.
I have largely the same feelings on this. If you haven't used WSL on Windows, the workflow is actually very nice. You can install and run GUI apps in the Linux environment. I usually use VS Code with remoting for WSL though. My current job and personal setup aren't in windows, but have used it in the past and it's very usable, if not ideal.
For now, sticking with my macbook m1 air for personal use. Though I really don't like the differences in the kb layout and hotkeys from nix or windows.
Feed Link: https://feed.podbean.com/palestinedeepdive/feed.xml