peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<dhess> LnL: /Library is writable. ref. https://twitter.com/EBADTWEET/status/1136052020450717697
<LnL> yeah and more importantly they are planning to provide a way to create a global symlinks or mountpoints
<LnL> looks like they think there are (enough) valid usecases for global paths
cmacrae has joined #nix-darwin
philr has quit [Ping timeout: 248 seconds]
peacememories has joined #nix-darwin
veske has joined #nix-darwin
peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<matthewbauer> that's good to hear!
<matthewbauer> fink uses /sw as well, but it looks like the catalina beta sets up that automatically
<matthewbauer> ! which is kind of funny because I suspect there are many many more nix on macos users than fink users
<matthewbauer> but I guess apple didn't want to put a /nix directory on everyone's computer
<matthewbauer> too bad though
<gchristensen> wat?
<gchristensen> well we should open a ticket and say "well you did it for Fink!"
<matthewbauer> it sounds like at least damien is aware of the problem
<gchristensen> damien?
<matthewbauer> apple engineer in the tweet
<matthewbauer> the good news is that we have enough users that I don't think Apple can completely ignore us. even two or three years ago that might not have been the case!
<gchristensen> oh cool
<LnL> ship /nix in the base image and we won't complain :D
<gchristensen> +1
<gchristensen> (plus like 32 nixbld users plz)
<LnL> hehe
<LnL> matthewbauer: no other issues like missing dylibs/symbols for now?
veske has quit [Quit: This computer has gone to sleep]
<matthewbauer> nope
<matthewbauer> i'll try to do a stdenv rebuild to be sure though
<gchristensen> along these lines, the macos builders are a bit out of date. is there any concern around updating to the latest release of whatever is stable now?
<LnL> in theory there could be impurities that get detected which are not backwards compatible
<LnL> I wouldn't expect any problems, but what's the motivation for upgrading?
peacememories has joined #nix-darwin
peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
peacememories has joined #nix-darwin
peacememories has quit [Client Quit]
peacememories has joined #nix-darwin
<matthewbauer> maybe to avoid being forced to upgrade to 10.15+?
<gchristensen> LnL: I figured I'd do some standard software updates , and if I was going to do that might as well go "all the way" but I don't have to
<matthewbauer> if apple is so concerned about security, you would think they would take a look at brew making /usr/local/bin world writable!
<matthewbauer> the fact that most macOS with brew are set up so any user can just do ```echo "malicious-thing" > /usr/local/bin/ls``` is soo crazy! and root will end up executing it if they ever run ls
<matthewbauer> why is this not a higher priority than making / read-only!
<gchristensen> +1
<LnL> isn't it only the admin user?
<LnL> gchristensen: not saying don't, just not sure it's worth the time
<matthewbauer> of course we do this too with single-user, but at least there is a workable alternative in nix-daemon
<matthewbauer> macports does it the right way it looks like
<matthewbauer> it's bizarre security people don't point this out more: https://news.ycombinator.com/item?id=1096488
<matthewbauer> most macOS users must be resigned to this now?
<LnL> nix is the only package manager I know of that separates user/system permissions
<LnL> and I think a lot of macos developers consider homebrew > macports because of the permissions
<matthewbauer> well probably guix too
<matthewbauer> most package managers just put everything in root
<LnL> same principle, but guix even requires the daemon IIRC
philr has joined #nix-darwin
philr has quit [Quit: WeeChat 2.4]
peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
cmacrae has quit [Ping timeout: 272 seconds]
jtojnar has joined #nix-darwin
jtojnar has quit [Remote host closed the connection]
clever has quit [Ping timeout: 272 seconds]