<infinisil>
elvishjerricco: I now wonder whether it's *exact* file sizes, or just how many blocks
<elvishjerricco>
infinisil: I'd love to know what exactly is in that dedup table which is leaked
<infinisil>
elvishjerricco: I'd think it's just that attackers know which blocks on disk are referenced how many times due to dedup.
<elvishjerricco>
I thought the dedup table contained hashes. I'd hope their salted but I dunno
<elvishjerricco>
Also, could the table be tampered with maliciously?
lassulus_ has joined #nixos-chat
lassulus has quit [Ping timeout: 245 seconds]
lassulus_ is now known as lassulus
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-chat
pie_ has quit [Ping timeout: 240 seconds]
pie_ has joined #nixos-chat
funkmybios has joined #nixos-chat
<andi->
so that also means it leaks how many blocks are used? So an attacker can figure out if the disk is empty or has data on it? Sounds terrible.
<sphalerite>
you can always continue using luks :)
<sphalerite>
and afaik "attacker can figure out if the disk is empty or has data on it" is a very common tradeoff made with SSDs nowadays (enabling discard)
Guanin_ has joined #nixos-chat
__monty__ has joined #nixos-chat
<infinisil>
andi-: why does that sound so terrible?
<andi->
Well wasn't one of the principles of encryption that you shall not be able to tell anything about the content without decryption?
<andi->
I'd like to advertise a disk as empty/full of randomness vs. having N blocks of data.
<sphalerite>
andi-: that depends on your threat model
<andi->
Everything does :)
<sphalerite>
it's a feature I'd sacrifice for better performance on SSDs (discard) anyway, so I might as well use zfs encryption myself
polyzen is now known as dmc
dmc has quit [Quit: WeeChat 2.2]
jtojnar has quit [Read error: Connection reset by peer]
jtojnar has joined #nixos-chat
lopsided98 has quit [Quit: Disconnected]
lopsided98 has joined #nixos-chat
funkmybios has quit [Ping timeout: 252 seconds]
dmc has joined #nixos-chat
<infinisil>
I'm currently trying to split my nix-instantiate based nix repl my nixbot uses into a separate package
<infinisil>
Now, I can't name this either nix-repl or nixrepl, because that would be way too confusing
<infinisil>
So I'm currently thinking of a name for it :P
<samueldr>
find a clever name for your whole ecosystem of nix tools and name it [that_name]-repl
<infinisil>
Heh, I mean it's haskell based, so hnix, but hnix already exists, so maybe "hanix" instead -> hanix-repl :P
<infinisil>
Tbh, I'm kinda sick of names with "nix" in them, so I'm trying to get away from that
<infinisil>
There's already so many nix-* and *-nix tools
<samueldr>
infinix-repl
<infinisil>
Heh nice
<samueldr>
infinixil
<infinisil>
Holy
<infinisil>
That should be my actual nick
<samueldr>
it's a bit late for that :)
<infinisil>
A tad
<infinisil>
Would prefer not associating my nick with a tool though, it might switch owners eventually or get more main contributors
<infinisil>
Tbh, I like inx the most, it's short, it's *almost* nix, it contains a bit of "instantiate", and there doesn't seem to be any software with that name
<infinisil>
xin..?
<sphalerite>
infinisil: terrible for web search though.
<infinisil>
How so?
<infinisil>
Hmm yeah, there are other things named inx
<sphalerite>
I still think nix-instantiate-repl is good
<infinisil>
Way too long for my tastes, nix-instantiate is too long already
<infinisil>
Hmm okay but there's an argument for keeping a nix-* prefix, it's just more discoverable and uniform
<infinisil>
(we all know getting a good name is the most important part of any project!)
<sphalerite>
is it even a repl though, really?
<infinisil>
Well, the haskell library shall be usable for evaluating a stateful nix session, and the executable shall be a repl
<infinisil>
In usability, very similar to nix-repl/nix repl, but with some major differences
<infinisil>
nix-session
<sphalerite>
+1 on that one
<infinisil>
Yeah, nix-session fits the bill very nicely actually, I think I'll use that
<joepie91>
infinisil: nix-do?
<infinisil>
Oh!
<infinisil>
That's also good, especially because of Haskell and do notation and state..
<infinisil>
I think nix-session is still better though, in the end this repl should allow resuming state from a file, which fits to "session"
<sphalerite>
yeah, less generic as well
<sphalerite>
how well will it restore state like what <nixpkgs> is and stuff?
<sphalerite>
I'm guessing it'll only store the bindings entered by the user symbolically?
<infinisil>
Yeah that's the idea, but it could very well be extended to store NIX_PATH as well
<infinisil>
Maybe even sprinkle some --pure-eval on there
<sphalerite>
how will `a=5; b=a+2; a=2; b` behave?
<infinisil>
According to my plans, you'll end up with a = 2 and b = 7
<infinisil>
To be able to redefine stuff, you'd have to use `a = 5; b = self.a + 2; a = 2;` -> b = 4
<sphalerite>
> let a = 5; in let b = a+2; in let a = 2; in b # ah so it's like this
<{^_^}>
7
<infinisil>
This enables you to also do things like `a = {}; a = a // { x = 10; }; a = a // { y = 20; };` and not end up with infinite recursion
<infinisil>
Well for that example, this ^^ won't work with let's
<sphalerite>
right
<simpson>
What are people using for Prometheus visualization? Are there any good read-only dashboards? I know Grafana and I'm hoping that there's something newer and lighter.
<joepie91>
I've not seen any _good_ monitoring dashboards [that are not proprietary]
<disasm>
I don't know of anything other than grafana for visualization
<simpson>
I want to do stuff like public/infranet read-only status/SLA dashboards.
<disasm>
are you looking just for uptime?
<simpson>
I want to read out arbitrary queries to an internal Prometheus.
<joepie91>
simpson: let me know if you find an OSS option :)
<simpson>
joepie91: Grafana is acceptable.
<simpson>
It is both too much, in the sense that I don't want to offer accounts/login/customization, and too little, in that it requires a lot of extra effort to look nice.
<simpson>
Nah, their upstream is uninterested; my existing patches have stopped moving, and I don't want to maintain this when I could hack on Promqueen instead.
<disasm>
yeah, grafana is your best option that I can think of if you don't want to write your own tool :)
<disasm>
why not just curl the image in a crontab and only display the static image on your website?
<simpson>
I was hoping for fewer moving parts.
pie__ has joined #nixos-chat
pie_ has quit [Ping timeout: 252 seconds]
zimbatm has joined #nixos-chat
<andi->
I also felt like that many times :/ Grafana as an "Editor" might be fine but an export to a static website that polls just the data source (via a proxy?) would be nice :-)