<andi->
<3 NixOS. Redeployed the computers at the hackspace tonight... Was a breeze once I fixed all my shell script errors ^^ The new grub theme etc.. look really nice and it just feels so much smoother on the old T500's we have there :-) Feels good using it.
sir_guy_carleton has joined #nixos-chat
lassulus_ has joined #nixos-chat
lassulus has quit [Ping timeout: 272 seconds]
lassulus_ is now known as lassulus
<gchristensen>
yay :D
<gchristensen>
andi-: gotta savor those moments :D
<samueldr>
finally took the time to move around my data on my disks to 1. encrypt 2. use the bigger drive... it's been waiting to be done for quite a long time
<samueldr>
so now I won't be constantly collecting garbage to squeeze a few gigabytes *again*
Ericson2314 has joined #nixos-chat
Peetz0r has quit [Read error: Connection reset by peer]
Peetz0r has joined #nixos-chat
<sphalerit>
"If you havent heard yet... microsoft is rereleasing win10 1809."
<sphalerit>
They seem to be following our release schedule 🤔
<Ralith>
heh
sir_guy_carleton has quit [Quit: WeeChat 2.0]
jD91mZM2 has joined #nixos-chat
<sphalerite>
error: out of memory
<sphalerite>
nooooooooooo :(
jD91mZM2 has quit [Quit: WeeChat 2.2]
<sphalerite>
ok, quitting firefox made it work
jD91mZM2 has joined #nixos-chat
Ericson2314 has quit [Ping timeout: 252 seconds]
sphalerite has quit [Quit: WeeChat 2.0]
sphalerite has joined #nixos-chat
sphalerite has quit [Quit: WeeChat 2.0]
sphalerite has joined #nixos-chat
<sphalerite>
wheee my first zfs resilver
tertl3 has quit [Quit: Connection closed for inactivity]
<srhb>
sphalerite: I do one every week! :P
<sphalerite>
huh?
<sphalerite>
Why?
<srhb>
got a very bad disk. :P
<sphalerite>
scheduled HDD failure? :p
<srhb>
Almost!
<sphalerite>
nice
<sphalerite>
idea: replace it? :D
<srhb>
That sounds like one of those "costs money" things :-P
<srhb>
What's your ZFS setup then?
<sphalerite>
my resilver isn't even because of a failure, but because I'm adding a mirror to an existing VDEV
<sphalerite>
well I have a number of zfs setups
<srhb>
mmm mirrors
<srhb>
I was actually vaguely wondering whether adding a mirror post-hoc was possible (but was assuming so) since I'm (still) in the market for a new laptop, but probably won't buy two m.2s right away
<srhb>
So good to know there's no issue there
<sphalerite>
yep just use zpool attach
<srhb>
Righto :)
<sphalerite>
I've got the multi-purpose server, which has 2??3TB in a mirror and an SSD for logs and cache
<sphalerite>
The backup server, which (now) has 2??8TB in a mirror
<sphalerite>
um
<sphalerite>
weechat from 18.09 doesn't seem to like unicode anymore?
<sphalerite>
well back to good old substitutes
<srhb>
☭
<sphalerite>
ascii substitutes*
<srhb>
Works here.
<sphalerite>
the ?? was supposed to be a multiplication symbol
<srhb>
I figured :)
<sphalerite>
it works outside weechat :/
<srhb>
Works in Weechat 2.2 here
<srhb>
Hence the hammer and sickle above.
<sphalerite>
oooooh right I haven't upgraded my user env
<sphalerite>
it just shows as a ? for me
<srhb>
Eek
<sphalerite>
anyway, then there's the laptops ??? the chromebook doesn't have zfs at all because 4GB RAM
<sphalerite>
aaaargh my em-dash!
<sphalerite>
the big laptop has a simple pool that just uses a single partition on the SSD
<sphalerite>
and the (brand new, at least to me!) work laptop has the same
<srhb>
Neat. :)
<srhb>
What's the brand new work laptop?
<sphalerite>
I'm not actually the first user of it, but it's a thinkpad t460s
<sphalerite>
I got it on Friday, starting work tomorrow :D
<srhb>
Eh, used Thinkpads are usually pretty good.
<srhb>
Grats!
<sphalerite>
The screen is gorgeous, I'm not sure I can go back to my big laptop :x
<sphalerite>
it doesn't have as many pixels but I'm realising just how much glossy finish sucks???
<sphalerite>
aaaargh my ellipsis!
<srhb>
Oh really? I never had a *60 model, except for the actual T60, and I was underwhelmed by both the t450 and t470 screens
<sphalerite>
maybe it's just because I'm used to glossy screens? :D
<srhb>
But yeah, no glossy for me pls.
<srhb>
I'm still on the fence about getting a big-ass p52...
<sphalerite>
brb fixing weechat
sphalerite has quit [Quit: WeeChat 2.0]
sphalerite has joined #nixos-chat
<sphalerite>
— … ×
<sphalerite>
wheeeeeee
<andi->
succeess
<andi->
i hit every key twice there?
* andi-
goes back to bed
<srhb>
sphalerite: Do you use a compose key for those things?
<sphalerite>
yep
<srhb>
I should make one of those.
<srhb>
Instead I have xmonad remember which keyboard layout I use for each window. >_>
<srhb>
andi-: That's quite similar to my "programming" layout.
<andi->
srhb: I originally switched to the US layout like almost 20y ago because of writing code and I was sick of the default german layout and how you would have to type {}[]/ etc..
<srhb>
Yep, exactly the same here.
<andi->
A few years ago I switched to EU layout since the first layer is the same and it brings benefits like …
<srhb>
I think it's a bit too generic to me.. Like, I never need an icelandic thorn :P
<andi->
also typing umlauts is now possible again in a sane fashion. I had used the "AltGr" Key to swap to the german layout while pressed but that only lasted a few years and didn't always work reliably
<andi->
srhb: but you need that key to do what else instead? :-)
<srhb>
True true.
<andi->
Python supports unicode identifier... I should totally start trolling co-workers..
<srhb>
(I'd probably prefer greek letters...)
<srhb>
If I ever get back into science. :P
<andi->
the thing that keeps me from switching to Dvorak, Neo, ... is currently the pain it will become switching between them on the fly for password e.g pre-boot, during boot, while they are the same :/
<andi->
I am worried that I might lock myself out waaaaayy too often
<srhb>
Hmm, I can't find the motivation to try something non-qwerty
<srhb>
Seems like a pretty low payoff.
<sphalerite>
I use the UK layout
<sphalerite>
force of habit really. It's not very different from the US layout but the little differences that do exist make me hate the US layout xP
<sphalerite>
the worst bit is the shape of the return key
<andi->
I managed to adjust to many keyboard shapes this year.. It was painful at first but now I can swap between them again \o/
<sphalerite>
I like that the German layout has the same shape as the UK layout, so I can use the work laptop (which has the German layout) without pain
<sphalerite>
andi-: impressive!
<andi->
I was only able to type on my kineses with qwerty layout for a good 2 weeks, then I had to re-learn the office and notebook keyboards.. But the typing has improved
<jasongrossman>
andi-: I use Dvorak. For the passwords I type frequently outside X11 (and there are VERY few of those), I memorise them in both Dvorak and QWERTY.
<jasongrossman>
andi-: OTOH, I don't think there's much advantage to Dvorak. I learned it mainly as a displacement activity.
<andi->
It probably is personal preference. I like to do many different things and gain experience there so I might do it just because I can.
<sphalerite>
54.5G scanned out of 2.65T at 12.6M/s, 60h11m to go
<sphalerite>
oh boy
<jD91mZM2>
... and I thought my disk was slow
<sphalerite>
I think the one all the data is coming from is connected via USB
<sphalerite>
TIL "resilvering" comes from a process used to restore the shininess of mirrors
<jD91mZM2>
I should probably also scrub my disks
<jD91mZM2>
"105M scanned out of 70.7G at 726K/s, 28h20m to go"
<jD91mZM2>
Oh... I take my message back. Mine's slower :P
<sphalerite>
it's always extra slow at the start of scrubs
<srhb>
I autoscrub at midnight. But it is a tiny disc...
<sphalerite>
don't ask me why
<srhb>
sphalerite: I think there are several phases.
<jD91mZM2>
Ah
<sphalerite>
or maybe it goes down the tree, and the small metadata nodes that get verified at the beginning mean there's a lot of seeking going on?
<srhb>
ie. metadata scrubbing is essentially pure random reads, very expensive especially on rotating Fe
<srhb>
Once you get to actual data scrubbing, you can do mass sequential reads.
<sphalerite>
right
<sphalerite>
but I don't think it's phases as such?
<srhb>
Well, no. Only conceptually :)
<srhb>
The tree analogy is probably quite accurate.
<jD91mZM2>
So... resilvering means replacing a broken mirror disk? Am I reading this correctly?
<srhb>
jD91mZM2: It's a bit more general than that.
<srhb>
It applies to zraided disks too, for instance, not just mirrors
<srhb>
It also applies to just reactivating a faulted disk.
<srhb>
(In a mirror or zraid)
<jD91mZM2>
still does not get the point of raiding
<sphalerit>
And to adding a completely new device to a mirror
<srhb>
Ah right.
<srhb>
I also dislike zraid. That said, it's certainly useful if you want to do something fun with 3(n) disks where 3(n) is not divisible with 2. :P
<jD91mZM2>
Aren't both mirror and RAID essentially just syncing the content of one disk onto another to make sure nothing gets broken?
<sphalerit>
The point of zraid is to get a usable capacity closer to the capacity of the underlying disks without giving up resilience
<srhb>
jD91mZM2: No, you can get more data efficiency out of zraid than mirroring in the above case.
<sphalerit>
But typically at large performance costs
<srhb>
Depending on the workload.
<sphalerit>
Especially for rebuilding (it's not called resilvering when it's not a mirror right?l
<srhb>
eg. mirror is more expensive on writes in many cases, but.
<jD91mZM2>
I see
<srhb>
sphalerit: I think the disk is still resilvered, but the raid is rebuilding.
* srhb
shrugs
<srhb>
I think the terms are largely irrelevant :D
<sphalerit>
Mirror is more expensive on write? \:|
<sphalerit>
I don't think so..?
<jD91mZM2>
Now it's suddenly 16.0M/s
<srhb>
sphalerit: In some cases, sure.
<sphalerit>
How so?
<srhb>
sphalerit: Trivially if I mirror a disk three ways.
<sphalerit>
Yes but if you use 3 disks in a RAID-Z it will cost the same to write, no?
<srhb>
Nope.
<srhb>
Or actually, is that just raid7?
<srhb>
If so, then you're probably right.
<srhb>
I was operating under the assumption that it was data+parity
<srhb>
It's a bit hard to map zraid to standard raid levels :P
<srhb>
Anyway, without doing the actual work, for sufficiently large mirror pools, you'll eventually be writing more than you will on a zraid level that uses parity instead of complete duplication, but at a cost of the parity calculations.
<srhb>
(And also without gaining more space from striping)
<manveru>
spent pretty much all day yesterday trying to find a way to push those 90 layer containers from within docker to quay...
<srhb>
quay doesn't like many layers?
<manveru>
no, it's fine with many layers, but it doesn't like the schema
<manveru>
they're still working on upgrading to schema-2-2
<manveru>
after it's been out for over 2 years :P
<manveru>
so the only tool able to push to it is skopeo
<manveru>
but... skopeo doesn't check if a layer already exists in the registry, and pushes each layer sequential
<manveru>
so have a lot of them is actually hurting performance a lot
<manveru>
anw, if you don't have to deal with quay, check out crane, it's a really good alternative :)
<sphalerite>
srhb: but data+parity takes the same amount of writing doesn't it?
<sphalerite>
but yeah I forgot about striping
<manveru>
still have to check out kaniko... but i wonder if it's able to separate the build and push step
<srhb>
sphalerite: Right, you can't really forget about the striping or it doesn't make sense. In eg. whatever is like raid5, with three disks, you'd have two disks of data and one for parity, effectively. Whenever you have more than one disk of data, you're spreading write (but then there's the cost for parity)
<srhb>
Anyway, I doubt raidz is pure raid5 even in the 3-disk case...
<srhb>
Because eek. :P
* srhb
prefers stripes of mirrors anyway for less brainbendy...
* sphalerite
just uses plain mirrors, because A) confusing and B) not enough disks :D
<sphalerite>
why is the speed dropping D: 71.1G scanned out of 2.65T at 8.05M/s, 93h26m to go
<jD91mZM2>
What does one do with 2.65T of data
<sphalerite>
it's mostly not mine
<sphalerite>
it's mostly backups of my family's stuff
<sphalerite>
uuuugh I'm playing the "choose a terminal font" game again…
<sphalerite>
for low-resolution it's easy, Terminus. But for high-resolution screens…
<admiral0>
hello, nix newb here. there is a mention of a firewall in the manual. Is it using ufw, firewalld or directly iptables/ebtables?
* jasongrossman
shops around different terminal programs until he finds one that has a default font he likes.
__monty__ has joined #nixos-chat
<lassulus>
admiral0: iptables
<jD91mZM2>
sphalerite: I personally like the font "Hack"
<sphalerite>
wtf, using NotoMono makes green into yellow..?
<sphalerite>
hm. Maybe, just maybe. It doesn't really matter
<sphalerite>
:D
<jD91mZM2>
Fun fact btw: C prioritizes == over &. a & b == c is the same as a & (b == c). Completely unrelated. Just thought you all should know C sucks
<jasongrossman>
jD91mZM2: I get lots of schadenfreude from that.
<jD91mZM2>
I imagine that's exactly why they chose to make it like that
<andi->
Choices made 40y ago.. Hard to change :)
<sphalerite>
new dilemma: what font do I use for i3status D:
<__monty__>
I don't think it's a bad idea actually. That way you can do boolean operations to combine a couple comparisons.
<__monty__>
All without parens.
<__monty__>
Which imo is more common than comparing boolean formulas.
<sphalerite>
__monty__: & is bitwise and
<__monty__>
Oh.
<sphalerite>
for multiple comparisons you'd use && which is logical and, where that precedence makes sense
<manveru>
yeah... i think i'll stick with termite for now ^^;
<manveru>
i can always go back to my non-fancy prompt and urxvt if the input lag gets too high
<andi->
mhm, between yesterday and today vdirsyncer broke :/
<clever>
elvishjerricco: sure
<sphalerite>
clever: the gif in the article isn't actually based on an unmanipulated photo
<elvishjerricco>
clever: I wonder if amazon found the chips on the hardware they inspected and bloomberg just assumed it applied to everyone supermicro sells to. It's a safe assumption from a security perspective, but probably not from a journalism perspective
<sphalerite>
clever: it's just an artist's impression
<clever>
elvishjerricco: i also heard from another source, that some supermicro boards at the beijin branch of aws had similar chips, embeded between the layers of the fiberglass in the PCB
<elvishjerricco>
But also bloomberg just reported falsehoods w.r.t. Apple. They claimed Apple used like 7000 supermicro boards, but Apple claims it was 2000, and that bloomberg lied that these boards were used for Siri stuff
<clever>
sphalerite: yeah, obviously cg, the traces dont just vanish like that
<elvishjerricco>
Obviously you have to assume the worst for security, but it might be kinda bad journalism
<simpson>
elvishjerricco: What motivates you to believe Apple?
<elvishjerricco>
simpson: The categorical denial. It's just much stronger than any coverup PR would be, and bloomberg didn't really quote any strong sources on it
<clever>
its a a chunk of code you can put into the bios chip, that is capable of bringing up a serial port on almost any motherboard (thats the idea at least)
<clever>
and then over the serial port, you can load custom code to execute
<simpson>
elvishjerricco: What happens if we catch them lying, though? There's no penalty for strong denials, so there's no reason to go with a weak denial, right?
<clever>
and i was wondering, could it behave more like a bootloader, to allow you to run coreboot, or the stock bios, and have a serial port to reflash the bios as a backup?
<simpson>
Whereas the journalists will surely see a slip in reputation if they made mistakes.
<clever>
and back around to the supermicro stuff, if you just prefix the bios with a blob, that acts like a bootloader, what fun things can it do?
<elvishjerricco>
simpson: I mean the PR shitstorm for them would be worse than the original bloomberg article.
<elvishjerricco>
simpson: And bloomberg is in the same situation. There's not really any penalty if they're lying since there are no sources to prove either way
<simpson>
elvishjerricco: Apple has weathered `goto fail;`, PRISM, *both* runs of Steve Jobs, changing CPU vendors twice, outsourcing a serious amount of production to hazardous sweatshops, etc. Somehow I don't think that "we were a victim of international espionage" is going to be that bad.
<elvishjerricco>
FWIW, I don't think bloomberg is "lying." I think they're probably just drawing conclusions that they can't fully support
<simpson>
It's not like Aurora tanked Google's reputation.
<elvishjerricco>
Like I get the feeling they're just assuming these chips are in ALL supermicro customers
<clever>
elvishjerricco: you can also embed grub directly into coreboot
<clever>
elvishjerricco: then you can operate with zero plaintext executables on your hdd
<elvishjerricco>
clever: Never heard of coreboot. Guess I have some reading to do :P
<clever>
elvishjerricco: coreboot is an opensource replacement for your bios
<simpson>
elvishjerricco: I worry that you didn't read Bloomberg's writeup; they imply multiple times that only some boards are affected. e.g. "they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years."
<elvishjerricco>
simpson: Yea, but they never actually verified the destinations of those boards, did they?
<elvishjerricco>
of the infected boards, that is
<clever>
its possible that the main target was the military and the drone stuff they mentioned
<clever>
and aws was just caught in the crossfire
<elvishjerricco>
That's my thinking.
<simpson>
elvishjerricco: No. The original intel was not specific enough: "in the first half of 2014...intelligence officials went to the White House with something more concrete: China’s military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies."
<simpson>
"Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches."
<clever>
elvishjerricco: what id be interested in is finding out how it phones home, and then checking network logs to see if it has ever been activated on aws machines
<simpson>
"Although the investigators couldn’t be sure they’d found every victim, a person familiar with the U.S. probe says they ultimately concluded that the number was almost 30 companies."
<clever>
simpson: but, was it intending to hit all 30, or did 30 of them just get caught on the crossfire?
<simpson>
clever: Who knows? It's not like we can ask China why they do what they do.
<clever>
yeah
<clever>
but having evidence of what it doesn on the network would let you check past records to see where it has actually been active
<elvishjerricco>
Regardless, until you actually physically verify that Apple has infected boards, I think it's reckless reporting to say that they do. Like, from a security perspective it's good to assume they do, but not from a reporting perspective.
<simpson>
clever: Bloomberg claims AWS/Amazon knew: "[Amazon's] security team determined that it would be difficult to quietly remove the equipment and that, even if they could devise a way, doing so would alert the attackers that the chips had been found, according to a person familiar with the company’s probe. Instead, the team developed a method of monitoring the chips. In the ensuing months, they detected
<simpson>
brief check-in communications between the attackers and the sabotaged servers but didn’t see any attempts to remove data."
<simpson>
And AWS/Amazon are *known* to lie to customers about operational status.
<simpson>
elvishjerricco: Apple is a fashion company; they will *never* admit problems without other folks doing the work and providing the evidence for them.
<simpson>
Apple: "As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says. (Apple denies that any
<simpson>
servers were removed.)"
<simpson>
So, if we find internal documentation at Apple corroborating this "going to zero", that would be sufficient to both substantiate Bloomberg *and* discredit Apple.
<simpson>
Anyway, yeah, that's my read of the evidence: Bloomberg's mostly circumstantial, Apple and AWS are known liars, Supermicro can't even file enough paperwork with the SEC to keep business afloat, which is *incredibly* fishy; and China's a known human-rights abuser and has orchestrated massive coverups of many things.
<clever>
and my router is a supermicro board...
<elvishjerricco>
clever: Time for a new router :P
<clever>
2006 vintage
<clever>
it predates the discover of the exploit by 9 years :P
<__monty__>
What surprises me is how much such a little chip can do. Why don't we have access to networking chips that tiny?
<clever>
__monty__: i dont think the chip is able to do network or much cpu stuff, on its own
<clever>
its just modifying the bios code as its loaded
<clever>
then the host cpu and nic do all the work
<clever>
it might even be making use of the intel ME?
<__monty__>
Ah, so no scifi tech yet any time soon? : (
<clever>
__monty__: related, the dimm modules have an SPI flash chip on them, that describes the ram
<clever>
some motherboards put that on the same SPI bus as the IMPI
<clever>
and IPMI has its own network jack
<clever>
so a malicious stick of ram can potentially access the network directly, without having to mess with your os
<__monty__>
So you're telling me that every paranoid scenario my crypto prof ever told us about is probably true?
<clever>
could be!
<gchristensen>
of course they could be true, but hopefully the paranoia is bouyed by a relevant threat model
<gchristensen>
andi-: you have datacenter experience, yeah?
<andi->
gchristensen: I guess I can say that yes
* andi-
skims through backlog
<gchristensen>
do you know of anything like a networked KVM where I can access the screen/keyboard/mouse of a computer far away, independent of the OS itself? I'd like to hook that up for like 9 computers
<gchristensen>
_really_ I'd like the computer itself to be manageable but the computer really prefers itself be physically touched
<andi->
gchristensen: raritan and those kinds of
<clever>
gchristensen: IPMI is a motherboard level variant of that, also...
<andi->
OpenBMC would be my preffered option then some specific IPMI (iDrac, ilo, ...) and finally something like an IP KVM switch. They usually come as a single VGA + USB plug now. Most of them even allow USB drive simulation over IP
<sphalerite>
hetzner uses those
<andi->
I havent used one that wasn't painful..
<andi->
Supermicro's IPMI now does HTML5 for the KVM stuff so no more Java. Dell supposedly does that as well.
<clever>
andi-: ive used the iDrac stuff, and it needed activex, windows xp, and windows 7, just to work
<andi->
clever: yes, not a fan of it :-)
<clever>
win7 was only able to use the remote desktop level stuff
<clever>
windows xp was needed for the remote cdrom drive stuff
<gchristensen>
yes ipmi and idrac and LoM are all (not) great but thes emachines don't have anything like that
* andi-
owns an older HP bladecenter that requires a Centos5, Windows XP and bridged network access to work properly..
<gchristensen>
I used to carry an on-call laptop running winxp for idra
<clever>
gchristensen: you could also just use a reliable os at the base, and then normal VM's for all the internal stuff
<clever>
i had to install xp in virtualbox to get the idrac stuff working
<gchristensen>
some extenuating circumstances makes that pretty hard, but that is an interesting idea worth considering
<clever>
and i strongly suspect the activation servers are long dead, so it would self-destruct within a month
<gchristensen>
omg sphalerite the spider is like $500/ea :o
<gchristensen>
ok, going to eat a bit of food then look at options.
<andi->
there is also Belkin IP-KVMS.. great pleasure to work with.. especially when they translate keypressed to 0-3 of the same. Try logging in with a 13 character password..
<gchristensen>
I like the VM option a lot, even if it would be a bit tricky to do.
<clever>
andi-: even synergy has trouble with that
<clever>
and it looks like a regresion
<clever>
with older synergy, it would disable keyrepeat on the client whenever it gains synergy level focus
<clever>
which was initially anoying until i figured that out and moved the master mouse out of the laptop
<sphalerite>
gchristensen: raspi + video capture board + some random magic to connect to a USB port? :D
<clever>
but with todays version, it doesnt do that, and when the desktop hangs, it turns into thhhhhhhhhhhhhhhhhhhhhis
<andi->
clever: synergy works for me so far. Even with longer passwords
<andi->
I do most of my work hours trhough synergy when I am home...
<clever>
andi-: the problem is more that if the network lags any, the keypress turns into a keyhold
<clever>
and my wifi sucks
<andi->
mine doesn't ;-)
<clever>
andi-: put the focus on a client, then use the clients keyboard to hold a key, does it repeat or not?
<andi->
good question
<andi->
Can't check right now
* andi-
does the lazies and stays on the couch today
<clever>
:D
<clever>
i just finished doing that for 3 hours :P
<gchristensen>
sphalerite: Ithink I'd rather pay $5k than building 9 of those and then dealing with them haha
<andi->
there was also this years ago in a kickstarter like fashion (before there was kickstarter). It never really got much traction as far as I can tell: http://openkvm.sourceforge.net/
<sphalerit>
:D
<andi->
that being sourceforge the website has deintegrated over time
* gchristensen
clicks "find my pdu"
<sphalerit>
andi-: but that looks like just a switch rather than something that allows networked KVM access?
<andi->
I think it was IP based.. maybe I go the wrong link.. let me google a bit more
<andi->
most of the time means: We do have a product. It sucks and you can't pay for it.
<gchristensen>
+1
<gchristensen>
"more than you have"
<andi->
but you can check a box in your checklist once you bought us
* gchristensen
realizes it is Sunday
<sphalerit>
Meaning that..?
<gchristensen>
I'm not sure where every day since last Tuesday went
<sphalerit>
Oh dear
<andi->
gchristensen: don't forget to take some time off all the duties
<gchristensen>
I'm going home today and will take some time off
<gchristensen>
thank you
<gchristensen>
"Whether to enable Whether to enable the Xen guest utilities daemon.." hehe
<gchristensen>
the module systetm is so cool. I can just read through option definitions and have a pretty good feel for how stuff fits together.
<andi->
Arghs movies... Always the same. Someone wants / steals / obtains soruce code for something and it is a huge deal... This certainly doesn't help (F)OSS adoption :/
<srhb>
andi-: What are you watching? :P
<andi->
I just started the series "Salvation" but it was more a general observation.
<srhb>
Sure, was just curious what prompted that :P
<andi->
and it is like if that one server gets shut down once you can never rebuild it... exactly the opposite of the last years of infrastructure treatment
<manveru>
well, if they can hack it within seconds, i wouldn't expect the rest of the ops to be any better :P
<andi->
true true
sir_guy_carleton has joined #nixos-chat
<manveru>
man, that 0.19 elm update really seems like it broke every library out there
<manveru>
really don't like their development style :|
obadz has quit [Ping timeout: 252 seconds]
<andi->
I started learning elm the day they released 0.19.. All materials not compatible with 0.18 and libs not working. No documentation of the old tooling anymore..
<emily>
manveru: not to mention their community management style
<emily>
they seem to regularly delete the mildest criticism on any platform they control
<andi->
Their product seems inferior then :) nobody ever criticised nix ;)
<manveru>
lol
<manveru>
you saw the HN thread about our 18.09 release?
<manveru>
people were like "don't try this at home"
<andi->
O.O
<manveru>
" I recommend you keep holding back. I've been running NixOS on a personal vps and my laptop for close to two years now and it was a mistake."
* samueldr
has been running nixos on everything of only a year and a half
<samueldr>
maybe after two years I'll know why it's a mistake?
<manveru>
definitely
<samueldr>
for only*
<manveru>
it's a scam!
<emily>
hard to recommend nixos to someone who doesn't want to become intensely familiar with it, to be fair
<emily>
i can see how it'd be fairly opaque and "things randomly break spewing output I don't understand" if you had no familiarity with the underlying Nix concepts
<samueldr>
yeah, but I would also say that the common "just use ubuntu every problem is solved and you can copy and paste answers" isn't any more "becoming instensely familiar" :/
<emily>
sure
<samueldr>
(which I have seen touted around, not in response to nixos things, but just general distro things)
<manveru>
and every two years you can copy&paste the next set of answers...
<samueldr>
and "things randomly break spewing output I don't understand" -> windows!
<sphalerite>
isn't windows dumbed down nowadays to avoid that? So they say "just a minute…" "we're getting things set up" and stuff like that instead of describing what's going on
<sphalerite>
samueldr: I've reached my two years and haven't realised it's a mistake yet…
<sphalerite>
where's the HN post?
<samueldr>
18.09 release
<samueldr>
sphalerite: that's part of the issue, instead of being useful and saying "Installation services could not do X... error code Y" we get "OOPSIE WOOPSIE!! Uwu We made a fucky wucky!! A wittle fucko boingo; 0x00000Y"
<sphalerite>
yeah I mean do you have a link? :p I didn't find it on the first few pages of HN
<samueldr>
(last windows 10 issue I was asked to fix was an upgrade going a wittle fucko boingo)
<samueldr>
and otherwise, I even had my issues with the windows error log
<samueldr>
and how windows in the past just showed you error codes
<samueldr>
without context
<samueldr>
anyways, can't rant too much about that: don't want to, haven't used windows in years so I'm no expert
<andi->
well it is taste and personal investment that makes one consider what he sues..
<andi->
Some people like special pain and chose their path :-)
<samueldr>
lawyerian slip?
<sphalerite>
well they can't reveal too much of what's going on, lest their precious trade secrets be revealed :p
<manveru>
well, for me NixOS finally enabled me to configure my system... otherwise i was always keeping it as vanilla as possible to avoid issue :)
<andi->
manveru: same. I was never happy with the state of config management.. in ~2014 I though about creating a distribution that does it right but never actually did anything :D
<sphalerite>
yeah…
<samueldr>
I was about to, if nixos didn't fit the bill, I was going to make a huge mistake^W^W^W an attempt
<manveru>
given, learning nix isn't everyones favorite pastime, but i enjoy learning languages :)
<sphalerite>
I used etckeeper for a while before I disovered nixos
<samueldr>
nixos allows me to do dumb things
<sphalerite>
but that felt like a really crappy band-aid solution and I'm not sure I ever actually used the history
<samueldr>
I'm trying mergerfs (https://github.com/trapexit/mergerfs) anyone has experience good and bad? (I don't need help configuring it, it already is running here)
<elvishjerricco>
Before NixOS I didn't use Linux :P Had no automated configuration.
<samueldr>
that smells like a poor replacement for `nix-env` jD91mZM2 :)
<jD91mZM2>
samueldr: More like nix-shell. Was tired of temporarily installing programs and maybe some dependency, and then losing track of my package list getting all bloaty :P
<jD91mZM2>
Especially whole pacman groups; I'd have one or two KDE applications like Konsole, wanted to try out KDE so I installed the whole group. Whoops, can't uninstall
<samueldr>
I had a plan in mind, started working on it, where I would use overlayfs for /etc; packages would have their /etc in /usr/etc, /etc overlayfs on top of that would allow replacing any files without actually overwriting them
<samueldr>
(that was before nixos)
<sphalerite>
I was working with docker and thought "it would be so much nicer if each package could be a "layer" "
<sphalerite>
with sharing and stuff
<samueldr>
sphalerite: it now can!
<sphalerite>
yep
<sphalerite>
but just nixos without docker is even better ;)
lesh has quit [Quit: WeeChat 2.1]
<jD91mZM2>
The one thing that really showcased NixOS for me was actually installing redox: You need outdated autotools for the shitty newlib libc we're currently replacing, and Nix made that super easy to temporarily install! But then you get some issues with `gcc` because Nix has some default hardening flags on that you need to disable, since it needs to workaround the RPATH.
<jD91mZM2>
(The second thing I mentioned isn't positive, but it was helpful for me to discover as early on non-the-less)
<jD91mZM2>
Actually no, it's not because it needs to workaround the RPATH, it's for other reasons. sTILl!!111
<elvishjerricco>
Is it possible to take over an existing route53 domain with nixops? I'm currently using `deployment.route53` to do so, but I have to use this (https://github.com/NixOS/nixops/pull/901) patch, and have been advised to use the `resources.route53*` things, which sounds like a better plan