gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
<infinisil> elvishjerricco: I now wonder whether it's *exact* file sizes, or just how many blocks
<elvishjerricco> infinisil: I'd love to know what exactly is in that dedup table which is leaked
<infinisil> elvishjerricco: I'd think it's just that attackers know which blocks on disk are referenced how many times due to dedup.
<elvishjerricco> I thought the dedup table contained hashes. I'd hope their salted but I dunno
<elvishjerricco> Also, could the table be tampered with maliciously?
lassulus_ has joined #nixos-chat
lassulus has quit [Ping timeout: 245 seconds]
lassulus_ is now known as lassulus
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-chat
pie_ has quit [Ping timeout: 240 seconds]
pie_ has joined #nixos-chat
funkmybios has joined #nixos-chat
<andi-> so that also means it leaks how many blocks are used? So an attacker can figure out if the disk is empty or has data on it? Sounds terrible.
<sphalerite> you can always continue using luks :)
<sphalerite> and afaik "attacker can figure out if the disk is empty or has data on it" is a very common tradeoff made with SSDs nowadays (enabling discard)
Guanin_ has joined #nixos-chat
__monty__ has joined #nixos-chat
<infinisil> andi-: why does that sound so terrible?
<andi-> Well wasn't one of the principles of encryption that you shall not be able to tell anything about the content without decryption?
<andi-> I'd like to advertise a disk as empty/full of randomness vs. having N blocks of data.
<sphalerite> andi-: that depends on your threat model
<andi-> Everything does :)
<sphalerite> it's a feature I'd sacrifice for better performance on SSDs (discard) anyway, so I might as well use zfs encryption myself
polyzen is now known as dmc
dmc has quit [Quit: WeeChat 2.2]
jtojnar has quit [Read error: Connection reset by peer]
jtojnar has joined #nixos-chat
lopsided98 has quit [Quit: Disconnected]
lopsided98 has joined #nixos-chat
funkmybios has quit [Ping timeout: 252 seconds]
dmc has joined #nixos-chat
<infinisil> I'm currently trying to split my nix-instantiate based nix repl my nixbot uses into a separate package
<infinisil> Now, I can't name this either nix-repl or nixrepl, because that would be way too confusing
<infinisil> So I'm currently thinking of a name for it :P
<infinisil> My ideas: instarepl (instantiate + repl), inx (INstantiate niX), insternix (instantiate + interactive + nix)
<sphalerite> nix-instantiate-repl :D
<infinisil> too long!
<infinisil> Maybe instix
<samueldr> find a clever name for your whole ecosystem of nix tools and name it [that_name]-repl
<infinisil> Heh, I mean it's haskell based, so hnix, but hnix already exists, so maybe "hanix" instead -> hanix-repl :P
<infinisil> Tbh, I'm kinda sick of names with "nix" in them, so I'm trying to get away from that
<infinisil> There's already so many nix-* and *-nix tools
<samueldr> infinix-repl
<infinisil> Heh nice
<samueldr> infinixil
<infinisil> Holy
<infinisil> That should be my actual nick
<samueldr> it's a bit late for that :)
<infinisil> A tad
<infinisil> Would prefer not associating my nick with a tool though, it might switch owners eventually or get more main contributors
<infinisil> Tbh, I like inx the most, it's short, it's *almost* nix, it contains a bit of "instantiate", and there doesn't seem to be any software with that name
<infinisil> xin..?
<sphalerite> infinisil: terrible for web search though.
<infinisil> How so?
<infinisil> Hmm yeah, there are other things named inx
<sphalerite> I still think nix-instantiate-repl is good
<infinisil> Way too long for my tastes, nix-instantiate is too long already
<infinisil> Hmm okay but there's an argument for keeping a nix-* prefix, it's just more discoverable and uniform
<infinisil> nix-instrepl, nix-loop, nix-calc, nix-c, nix-eval, nix-show
<infinisil> I like nix-lopp
<infinisil> nix-loop
<infinisil> nix-state-eval, nix-runstate, nix-runs, nixer
<infinisil> nixer is catchy :O
<infinisil> (we all know getting a good name is the most important part of any project!)
<sphalerite> is it even a repl though, really?
<infinisil> Well, the haskell library shall be usable for evaluating a stateful nix session, and the executable shall be a repl
<infinisil> In usability, very similar to nix-repl/nix repl, but with some major differences
<infinisil> nix-session
<sphalerite> +1 on that one
<infinisil> Yeah, nix-session fits the bill very nicely actually, I think I'll use that
<joepie91> infinisil: nix-do?
<infinisil> Oh!
<infinisil> That's also good, especially because of Haskell and do notation and state..
<infinisil> I think nix-session is still better though, in the end this repl should allow resuming state from a file, which fits to "session"
<sphalerite> yeah, less generic as well
<sphalerite> how well will it restore state like what <nixpkgs> is and stuff?
<sphalerite> I'm guessing it'll only store the bindings entered by the user symbolically?
<infinisil> Yeah that's the idea, but it could very well be extended to store NIX_PATH as well
<infinisil> Maybe even sprinkle some --pure-eval on there
<sphalerite> how will `a=5; b=a+2; a=2; b` behave?
<infinisil> According to my plans, you'll end up with a = 2 and b = 7
<infinisil> To be able to redefine stuff, you'd have to use `a = 5; b = self.a + 2; a = 2;` -> b = 4
<sphalerite> > let a = 5; in let b = a+2; in let a = 2; in b # ah so it's like this
<{^_^}> 7
<infinisil> This enables you to also do things like `a = {}; a = a // { x = 10; }; a = a // { y = 20; };` and not end up with infinite recursion
<infinisil> Well for that example, this ^^ won't work with let's
<sphalerite> right
<simpson> What are people using for Prometheus visualization? Are there any good read-only dashboards? I know Grafana and I'm hoping that there's something newer and lighter.
<joepie91> I've not seen any _good_ monitoring dashboards [that are not proprietary]
<disasm> I don't know of anything other than grafana for visualization
<simpson> I want to do stuff like public/infranet read-only status/SLA dashboards.
<disasm> are you looking just for uptime?
<simpson> I want to read out arbitrary queries to an internal Prometheus.
<joepie91> simpson: let me know if you find an OSS option :)
<simpson> joepie91: Grafana is acceptable.
<simpson> It is both too much, in the sense that I don't want to offer accounts/login/customization, and too little, in that it requires a lot of extra effort to look nice.
<simpson> I kind of want something like Leonardo, but for Prometheus: https://github.com/PrFalken/leonardo
<disasm> you could you might be able to fork that and just alter https://github.com/PrFalken/leonardo/blob/master/leonardo/graph.py to query prometheus instead of graphite.
<simpson> Nah, their upstream is uninterested; my existing patches have stopped moving, and I don't want to maintain this when I could hack on Promqueen instead.
<disasm> yeah, grafana is your best option that I can think of if you don't want to write your own tool :)
<disasm> you could build your graphs in grafana, then embed them as an iframe in a public website: http://docs.grafana.org/reference/sharing/#embed-panel
<disasm> this is one of the prometheus dashboards I use for node metrics, works pretty good: https://grafana.com/dashboards/405
<simpson> Scary. You don't have alarm bells going off as you read that page?
* simpson paranoid~
<disasm> alarm bells going off?
<simpson> Well, it's just that they've already decided for you which parameters are safe/secure to be user-controllable.
<disasm> it's read only parameters. What's unsafe about it?
<simpson> Suppose, for example, that I don't want folks to be able to choose their time periods.
<disasm> oh, I thought you were talking about the dashboard, not the iframe, yeah I can see that
<disasm> why not just curl the image in a crontab and only display the static image on your website?
<simpson> I was hoping for fewer moving parts.
pie__ has joined #nixos-chat
pie_ has quit [Ping timeout: 252 seconds]
zimbatm has joined #nixos-chat
<andi-> I also felt like that many times :/ Grafana as an "Editor" might be fine but an export to a static website that polls just the data source (via a proxy?) would be nice :-)
dmc has quit [Ping timeout: 240 seconds]
<pie__> i need to build something on windows
<pie__> give me back nixpkgs
<andi-> joepie91: nice, just watched it
<andi-> pie__: wasn't there some windows support in nixpkgs? ;-)
<pie__> ive heard of things but i know nothing
<joepie91> deny everything!
dmc has joined #nixos-chat
<sphalerite> pie__: nix build nixpkgs.pkgsCross.mingwW64.hello
<sphalerite> pie__: of course most of nixpkgs doesn't actually cross-build successfully for mingwW64. But at least the command is easy :D
<sphalerite> but hello does indeed build and run successfully
<sphalerite> andi-: ^
<pie__> sphalerite, this is in WSL?
<sphalerite> pie__: no, cross-compiling from x86_64-linux
<sphalerite> well I suppose you could run it on WSL too? If you can get nix running in WSL, I don't know what the state of tha s
<sphalerite> that is*
rain1 has joined #nixos-chat
<pie__> i think there was a reddit post on it or something
<sphalerite> but that's a different thing entirely anyway
sir_guy_carleton has joined #nixos-chat
jtojnar has quit [Read error: Connection reset by peer]
jtojnar has joined #nixos-chat
jtojnar has quit [Client Quit]
<rain1> hello
jtojnar has joined #nixos-chat
jtojnar has quit [Client Quit]
jtojnar_ has joined #nixos-chat
Guanin_ has quit [Ping timeout: 246 seconds]
__monty__ has quit [Quit: leaving]