<elvishjerricco>
Is it possible to sign a ZFS snapshot? It'd be nice to be able to verify that a snapshot hasn't been tampered with.
<sphalerite>
elvishjerricco: you could send it and sign the send stream. I'm not sure if send streams are deterministic though
<elvishjerricco>
sphalerite: Just tried that. Appears they are not
<sphalerite>
ah, bugger. What you get from receiving one should be practically deterministic though so signing a send stream still makes sense
<elvishjerricco>
But also, signing a snapshot shouldn't have to do more than sign whatever checksum is at the root of whatever tree structure they're using to determine integrity. i.e. it should be a very small O(1) to sign, not O(n).
<jasongrossman>
I guess you've thought of sending a checksum through a different channel?
<sphalerite>
oh yeah
<elvishjerricco>
Is there a way to get the checksum of the snapshot?
<jasongrossman>
md5 etc.
<jasongrossman>
Oh, I mean a send stream.
<elvishjerricco>
That wouldn't solve the problem that send streams appear to be nondeterministic
<jasongrossman>
Ah, right.
<elvishjerricco>
Yea so I think the best way would be to figure out how to get ZFS's checksum for the snapshot. Presumably that is deterministic
<sphalerite>
I'm not sure just signing the checksum is enough
<elvishjerricco>
If it's a cryptographically secure checksum, it should be, right?
<sphalerite>
especially since AFAIK the default fletcher4 or whatever it's called checksum isn't a cryptographically secure hash or something
<elvishjerricco>
Yep, fletcher4 appears to be the default.
<sphalerite>
"sign the send stream" seems like the least scary option
<elvishjerricco>
But my O(1) :P
<jasongrossman>
Apparently zstreamdump will tell you the checksum of a stream.
<jasongrossman>
FWIW.
<jasongrossman>
ix
<elvishjerricco>
Yea looks like the zstreamdump is deterministic. Not sure if that's by design or coincidence though
<jasongrossman>
elvishjerricco: I'd guess coincidence, but I don't imagine we'll ever find out.
<jasongrossman>
elvishjerricco: Or rather, I'd guess it's a side-effect of other good design decisions. What evolutionary theorists call an exaptation.
Lisanna has quit [Ping timeout: 252 seconds]
<jasongrossman>
Any happy exwm users here? I seem to be hitting major bugs even with a minimal installation.
Synthetica has quit [Quit: Connection closed for inactivity]
lassulus_ has joined #nixos-chat
lassulus has quit [Ping timeout: 252 seconds]
lassulus_ is now known as lassulus
<infinisil>
@youtube
<infinisil>
I'd appreciate it if you wouldn't put almost video-filling rectangles for other suggested videos over the still playing video 20 seconds before it ends
ottidmes has quit [Ping timeout: 252 seconds]
<samueldr>
those during the final part of the video are put by the creators
<infinisil>
jasongrossman: Does this support subscriptions?
<infinisil>
Because I really depend on those
<jasongrossman>
samueldr: That's an excellent rant! Thank you. Although it's a bit unintelligent for that person's conclusion to be "that's life" when he could have said "I wish I'd put my videos on a host that had some idea of what a commons is."
<infinisil>
Oh also, some years ago, youtube removed the ability to group subscriptions. I had all my nice "music" subscriptions, "blog" ones, etc. But now it's all just a big blob of mess..
<jasongrossman>
infinisil: No. Good point. There are lots of things hooktube doesn't do.
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
<elvishjerricco>
Wanting to build a small backup system for all my machines. Basically just want to put two 4TB HDDs in a mirroring vdev. No room for them inside my desktop. Anyone have recommendations for external enclosures?
<elvishjerricco>
Is it better to put them both in a 2 bay enclosure, or split them into individual enclosures in case of the enclosure itself failing?
<Ralith>
elvishjerricco: instead, have two completely independent backup systems, one of which is geographically remote
<elvishjerricco>
Ralith: Ideally yea. But for now I'm just trying to build something cheap in my home
<Ralith>
I'd focus on getting good equipment rather than redundant equipment, presuming you will do proper backups someday
<elvishjerricco>
Not really making any long term plans. Really just focusing on cheap and easy :P
<elvishjerricco>
I don't think I follow not wanting redundancy for backup drives though. The backup drive will contain history, not just the latest data; that's data which is not made redundant by the original systems. Seems like I'd want to mirror that drive to avoid losing history.
av4h has joined #nixos-chat
<Ralith>
I didn't say don't mirror the drive
<Ralith>
but there's always going to be one single point of failure or other until you have a geographically isolted backup
sir_guy_carleton has quit [Quit: WeeChat 2.2]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 252 seconds]
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 240 seconds]
Lisanna has joined #nixos-chat
mmercier has joined #nixos-chat
mmercier has quit [Ping timeout: 252 seconds]
__monty__ has joined #nixos-chat
{^_^} has quit [Remote host closed the connection]
{^_^} has joined #nixos-chat
ottidmes has joined #nixos-chat
rawtaz has joined #nixos-chat
<rawtaz>
hi
<rawtaz>
i am wondering who is the main project manager or similar for the Nix project(s)? i would like to get in touch
<gchristensen>
I'm not that person, but let's PM, rawtaz? (I'm about to run an errand, but will be back)
<rawtaz>
sure, thank you
<elvishjerricco>
Ralith: So what would you recommend for a geographically remote backup?
<rawtaz>
i guess im off in context but if you're talking general context i can recomment restic
<rawtaz>
(.net)
<elvishjerricco>
The local part of my backup will be based heavily on ZFS. It'd be very nice if the remote part were as well.
<__monty__>
Snapshots? Aren't those deduplicated?
<infinisil>
elvishjerricco: I've thought of making a small network with a couple friends where everybody hosts backups of 2 others
<infinisil>
Will be cheap and reasonable secure, assuming you trust your friends
<gchristensen>
this is like a canonical example of TahoeLAFS being great :)
<infinisil>
Only thing TahoeLafs can't do is use zfs stuff though probably, which would be a lot faster
<elvishjerricco>
infinisil: Don't even have to trust your friends much if you're willing to use ZFS native encryption. You can send them raw, encrypted streams
<infinisil>
Ah yeah
<infinisil>
Still need to trust them to not trash the data
<elvishjerricco>
True
<infinisil>
elvishjerricco: If you're interested, I'd be willing to build something like that with a couple Nix community members :)
<infinisil>
Also using ZFS myself
<elvishjerricco>
infinisil: That does sound nice, but I like autonomy :P
__monty__ has quit [Quit: leaving]
<rawtaz>
elvishjerricco: you know you can zfs send and receive ZFS snapshots (and pipe it through gzip as well)?
drakonis has quit [Ping timeout: 252 seconds]
drakonis has joined #nixos-chat
drakonis has quit [Ping timeout: 252 seconds]
<rawtaz>
infinisil: you can check out relicabackup.com, recently launched. based on restic, supports things like friends
<rawtaz>
i use restic and send the backups to a zfs storage to make sure it's kept solid (restic deals with the integrity up until the storage of course)
<infinisil>
rawtaz: Looks interesting
drakonis_ has joined #nixos-chat
<rawtaz>
yeah
<rawtaz>
ive used restic since it was young
<infinisil>
Only things I'm worried about: Doesn't seem to be open source, and this can't use ZFS operations
<rawtaz>
is #nix invite only for some specific reason, or am i banned?
<infinisil>
#nix is not used by the nix community
<rawtaz>
infinisil: restic is 100% open source, but relicabackup isnt, indeed. and no, it doesn't use ZFS operations like youre thinking, indeed.
<rawtaz>
ah ok
<rawtaz>
im not missing anything then :)
<samueldr>
in the REALLY olden times, #nix and #nixos were split, they were quickly joined together
<rawtaz>
i as looking for a NixOps channel, but the #nixops one is quite small, so i guess that stuff is mostly talked about in some other channel
<samueldr>
if you're not in #nixos and try to join #nix, IIRC it makes you join #nixos
<rawtaz>
ok cool
<infinisil>
#nixos is also for nixops
<rawtaz>
ok
drakonis has joined #nixos-chat
drakonis has quit [Quit: WeeChat 2.3]
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 240 seconds]
tilpner has quit [Remote host closed the connection]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 252 seconds]
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 250 seconds]
<Ralith>
elvishjerricco: a cheap server with a big spinning disk somewhere far away
<elvishjerricco>
Ralith: Yea. Just wondering if you had any particular implementation of that that you like
<Ralith>
ovh and online.net both have servers with 1TB+ for under $20/mo
<Ralith>
I like online.net better though it's got less storage
<Ralith>
ovh has datacenter(s) in france, I forget where online.net's are but they sure aren't next door to me
<gchristensen>
rawtaz: to clarify the channel mode, #nix is invite-only, and anyone not invited is forwarded to #nixos, and to close the loop: nobody is invited to #nix
<infinisil>
gchristensen: Has the gpg hate anything to do with #nix?
<infinisil>
Ah, prob not (20min time difference)
<gchristensen>
any time I need to renew a key or something it is just a whole process of terror
drakonis has joined #nixos-chat
<joepie91>
GPG is a UX trashfire
<joepie91>
it's bad enough that I flat-out refuse to use it, because I do not trust myself to not fuck it up at some point in a half-awake state of mind
<joepie91>
rather use OTR/OMEMO/etc.
disasm has joined #nixos-chat
<gchristensen>
I pretty much only use it for signing commits ,for which there is no real alternative
<clever>
i usually have git set to show signatures in `git log`
<clever>
but sometimes, gpg segfaults, which then kills the `git log`
<gchristensen>
haha so good
<rawtaz>
gchristensen: gotcha
<clever>
joepie91: i use kgpg as a gui to make it usable
<clever>
but i still havent bothered fixing the passphrase for my main key, and have to open up lastpass every time i reboot
mmercier has joined #nixos-chat
mmercier has quit [Client Quit]
<elvishjerricco>
Yea I dunno how it is that no one has made a somewhat compatible GPG alternative. It's just awful...
<andi->
There are a few alternatives in the making as gpg interfaces. That might at least fix parts of the UX.
<elvishjerricco>
such as?
<andi->
Yeah I am catching up on thigs... Wait a minute :-)
* andi-
hasn't been at the computer in some hours..
<andi->
https://neopg.io/ & Kleopatra? Not sure. I heard a few good things about that last one.. Still not sure it was Kleopatra
<joepie91>
related problem with GPG is no forward secrecy
<joepie91>
I see more future in hybrid protocols tbh, that can work online with forward secrecy and offline without it, depending on circumstances
<joepie91>
(which I think OMEMO and such already do?)
<joepie91>
PGP/GPG just haven't aged very well really :P
* gchristensen
doesn't care about gpg as a secret-commnication tool
<andi->
I still have some interest in using it but not for general usage.. I might sign most / all mails where it's not just crap talk but only because email is also broken.. (2x broken -> more brokenness ;-))
<gchristensen>
yes, offline-verification is what I care about
<andi->
What kind fo tiling window managers are people in here using? I have been using awesome for many years, since 4y I am using i3 but I continously see myself annoyed by the lack of tiling modes. I also do not want to go back to writing untyped Lua scripts that break once a year :/
<gchristensen>
sounds like xmonad is for you :P
<andi->
I have that setup right now..
<andi->
I am hating the situation with the statusbar.. i3bar was so easy :D
<gchristensen>
:) can you use i3bar with it?
<andi->
maybe..
<andi->
let me flip that bit in my nix config and use xmonad again now that I am home..
<andi->
it requires an i3 ipc socket..
<andi->
but maybe using i3status is enough an piping that to some of the other tools..
jasongrossman has joined #nixos-chat
<gchristensen>
I can't see JWT (JSON Web Tokens) without thinking James Webb Telescope
<andi->
I really need that battery thing to to become red otherwise I just run out of battery once a day -.-
<gchristensen>
ohh yeah
<andi->
I have this dbus notify thing that sends me a dunst notification every 5 Minutes or so but that doesn't work very well in terms of intercepting my work
<gchristensen>
have it start movingy our windows aroud
<ldlework>
darn, they went the classic route of baking in page metaphors and the like
<ldlework>
i came up with an idea of totally generic content types, which have any kind of transformation done to them in stages
<ldlework>
so you can have markdown inputs, that make their way to html
<ldlework>
or javascript inputs that make their way to a minified form
<ldlework>
or images to an optimized form
<ldlework>
and there is a context dictionary that gets carried through the pipelines so that asset processors can access the assets of other asset types
<yl[m]>
andi-: here's mine (cheating one though, I never have floating windows and I don't have a wallpaper either lol)
<andi->
yl[m]: I also only have the wallpaper for the login experience after a reboot / crash :D
<yl[m]>
I don't have a number workspaces, instead I use rofi with a custom script to add support for unlimited workspaces by their names formatted as profile@story (my shells have different vars/funcs and aliases per profile for example personal, work, opensource etc..)
<yl[m]>
andi-: lol
<ldlework>
wallpapers are for indicating that you're on an empty workspace and not one occupied by an mpv window paused on a black frame or something :)
<yl[m]>
andi-: yea that's why I don't use one, it's like couple of seconds a week :)
<yl[m]>
ldlework: nice!
<andi->
I have a collection of 100 wallpapers in a nix expression and I pick one at random.. just because I can..
<ldlework>
andi-: now all you need is pywal
<yl[m]>
I don't think I've ever played a movie or music on my laptop. I have an ipad for that
<ldlework>
that image makes me see the aztect-math swirls that come out on a strong psychedelic
<ldlework>
aztec
<andi->
If I hate one thing then it is some random colors picked for me... I always use the same very basic colors not some fancy solarized theme were you can hardly read text since it is grey on gray (US vs english grey :P)
<ldlework>
i think pywal does a really good job
<ldlework>
at night, i'll hit randomize a few times until i get one that fits my mood
<ldlework>
same in the morning
<jasongrossman>
yl[m]: I'm interested in how you use rofi.
<andi->
I have redshift for that
<ldlework>
irc, emacs, notifications, rofi, etc all get set
<ldlework>
even qutebrowser!
<yl[m]>
gchristensen: styx is awesome, never seen it before. I use hugo but considering a swap
<andi->
irc is remote so that wouldn't work very well. I guess I also need working xresouces for those colors?
<ldlework>
redshift is not an effect i like
<ldlework>
i mean i use weechat so my colors are based on my terminal theme
<samueldr>
either something wonky with the storage controller's modules, or something wonky with the filesystem code (ext4) though filesystem I would hazard a guess it shouldn't be the culprit
<yl[m]>
jasongrossman: I have a TODO to write about my workflow but I just can't seem to get to it. Maybe soon
<jasongrossman>
yl[m]: Yeah, documentation is hard.
<ldlework>
<yl[m]>
jasongrossman: if you have interest in knowing more, it might be an incentive for me to finalize swm and extract my profiles out and write a blog about it
<jasongrossman>
yl[m]: Personally, I'd be interested in an abstract discussion (i.e. not tied to particular software) of what you're doing. The problem with Linux, of course, is that where you use i3 someone else uses xmonad and where you use zsh someone else uses fish. But it sounds like there's a rationale to your stuff that's more general than the configuration of particular programs.
<yl[m]>
jasongrossman: I agree, I've created https://github.com/kalbasit/workflow months ago, but still haven't gotten to it. My intention was to write it as a white paper
<jasongrossman>
yl[m]: That would be awesome.
<yl[m]>
jasongrossman: cool, I'll work on putting my ideas there, I'll ping you when I'll have something to show
<jasongrossman>
yl[m]: Another thing you might consider is making a distro for newbies, who haven't yet settled on their choice of window manager etc.
<jasongrossman>
yl[m]: Thank you!
<yl[m]>
jasongrossman: actually that's exactly what I'm doing now with `shabka` project. I'm extracting all my custom work and turn it into a language-based distribution. Like give me a distro with Theme solarized and add feature to develop in Go, Java or whatever..
<yl[m]>
my main feature is that it's not a *linux* distro
<yl[m]>
but an OS agnostic so Mac as well
<jasongrossman>
yl[m]: Oh great!
<yl[m]>
I'd love some help of course if you have resources