<abathur> I wonder, if we restyled it, like
<abathur> nixOS
<abathur> if apple would give us a damn firmlink :]
<evelyn> hmm, wasn't synthetic.conf them chucking us scraps
<abathur> presumably, but the whole story still seems to suck wrt to full-disk encryption
<abathur> perhaps we can play a tiny violin about how much we admire their implementation and promotion of best-practice user security standards
<evelyn> hmm with encryption login hook worked OK for me
<abathur> and that it's really freaking annoying to have to leave our nix partitions unencrypted or use a deprecated solution if we need something like, using ☐ some feedback mechanisms or scheduling mechanisms that help me avoid going 3 months without taking a backup at home just because it never prompted me at the right time
<abathur> maybe jsut touch a file for the choice each time and report time since touch somehow? (maybe easier to inform me than to come up with the perfect scheduling regime)
<abathur> ffs
<abathur> sorry, I clicked paste rather than copy, that may be a mess
<abathur> yep, definitely a mess
<evelyn> login hook is deprecate?
<abathur> IIRC, the login hook sounded like a good solution, but is also deprecated?
<evelyn> at least https://support.apple.com/de-at/HT2420 does not say it is deprecated
<evelyn> ok
<evelyn> it says we should create a launch agent instead but I'm not sure that's better
<abathur> yeah, I haven't found a canonical reference on deprecation while searching just now
<abathur> but I've seen it so many places I assume it isn't just a myth
<evelyn> more generally I really want to know how to make volumes that are like the data volume and mount wwhen the system restarts
<evelyn> there's something truly magical about it
<abathur> yeah, this has been frustrating to watch unfold
<abathur> as soon as they convinced me to buy into the value of fde
<abathur> despite not using fde on nixos
<abathur> but, I'm at least up and running on a new catalina system, so I won't gripe as much as I would if it was a complete blocker
<abathur> and I was definitely holding my breath on that point for a bit
* evelyn notes the 10.15.1 drop does not include the Chess source code
hmpffff_ has joined #nix-darwin
hmpffff has quit [Ping timeout: 272 seconds]
W1lkins has quit [Ping timeout: 256 seconds]
abathur has quit [Ping timeout: 256 seconds]
abathur has joined #nix-darwin
abathur has quit [Ping timeout: 256 seconds]
hmpffff_ has quit [Quit: nchrrrr…]
kaychaks_riot has left #nix-darwin ["User left"]
hmpffff has joined #nix-darwin
abathur has joined #nix-darwin
abathur has quit [Ping timeout: 240 seconds]
__monty__ has joined #nix-darwin
hmpffff_ has joined #nix-darwin
hmpffff has quit [Ping timeout: 256 seconds]
hmpffff has joined #nix-darwin
hmpffff_ has quit [Ping timeout: 260 seconds]
abathur has joined #nix-darwin
abathur has quit [Ping timeout: 260 seconds]
hmpffff has quit [Read error: Connection reset by peer]
hmpffff has joined #nix-darwin
abathur has joined #nix-darwin
abathur has quit [Ping timeout: 256 seconds]
hmpffff has quit [Quit: nchrrrr…]
<eraserhd> Wait I just redid my /nix as a partition and used filevault... it won't remount?
<LnL> not automatically if that's what you mean
<evelyn> oh! so adding a volume to it that isn't formatted as encrypted still means the entire drive is encrypted by the T2 (on computers that have it)?
<LnL> yep
<LnL> that has some caveats but assuming the bios isn't opened up there's to real concern for most people
<LnL> no*
<LnL> machines without a T2 is probably different, didn't really verify that
<evelyn> hmm disk utility claims that the volumes that aren't /nix and /run are APFS encrypted, and also there is still an option in disk utility for enabling filevault even though the documenatiton suggests t2 macs encrypt automatically
<evelyn> it's all quite confusing
<LnL> yeah, encrypted vs encryption at rest
<__monty__> Would be quite annoying if you suddenly couldn't access filevaulted backups because your now mac has a T2 though.
<evelyn> I don't think it affects external volumes
<__monty__> I assumed you were expecting for the option not to be there at all.
abathur has joined #nix-darwin
<LnL> the former requires a key to make the T2 unlock the data while the later only needs the T2 and it's up to the recovery boot from apple to not just give access to the data
abathur has quit [Ping timeout: 240 seconds]
abathur has joined #nix-darwin
philr_ has quit [Ping timeout: 256 seconds]
kalbasit has quit [Ping timeout: 256 seconds]
kalbasit has joined #nix-darwin
rizary has quit [Ping timeout: 272 seconds]
manveru has quit [Ping timeout: 252 seconds]
elvishjerricco has quit [Ping timeout: 265 seconds]
wildsebastian has quit [Ping timeout: 272 seconds]
pasukon has quit [Ping timeout: 256 seconds]
manveru has joined #nix-darwin
wildsebastian has joined #nix-darwin
elvishjerricco has joined #nix-darwin
pasukon has joined #nix-darwin
wildsebastian has quit [Max SendQ exceeded]
rizary has joined #nix-darwin
wildsebastian has joined #nix-darwin
hmpffff has joined #nix-darwin
hmpffff has quit [Quit: nchrrrr…]
hmpffff has joined #nix-darwin
eraserhd has quit [Quit: WeeChat 2.8]
eraserhd has joined #nix-darwin
hmpffff has quit [Quit: nchrrrr…]
__monty__ has quit [Quit: leaving]
Nikita has joined #nix-darwin
Nikita is now known as Guest51374
nikivi has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net]
Guest51374 is now known as nikivi
philr_ has joined #nix-darwin
mbrgm_ has joined #nix-darwin
mbrgm_ is now known as mbrgm