gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
tilpner has joined #nixos-chat
<jasongrossman> samueldr: Me.
<samueldr> jasongrossman: it's a bunch to ask (since it will download a bunch), but could you verify that `dbeaver` starts without segfaulting on unstable when running on an unstable-built system
<samueldr> I kinda assume it will
<samueldr> (that it will work)
<samueldr> I'm 90% confident I found another user with the same issue
<samueldr> ah
<samueldr> I should try it with gnucash, then
<samueldr> jasongrossman: or gnucash, but then I don't need confirmation, I have it from the bug report
<samueldr> thanks for your participation :)
<jasongrossman> samueldr: Downloading is not a problem.
<samueldr> even downloading... java? :)
<jasongrossman> samueldr: Installing dbeaver now.
<jasongrossman> samueldr: Yeah, I have infinite, reasonably fast downloads.
<samueldr> <3
<samueldr> I was thinking more about the fact that some yuck some software
<samueldr> though #54278 pretty much confirms my assumptions
<{^_^}> https://github.com/NixOS/nixpkgs/issues/54278 (by minijackson, 1 week ago, open): GnuCash segmentation fault
<jasongrossman> samueldr: And I'm not worried about borking my current system because I use NixOS. :-)
<jasongrossman> samueldr: Right, I don't totally love java.
<jasongrossman> samueldr: dbeaver seems to be running OK here.
<samueldr> yeah, thanks for confirming
<jasongrossman> I can try it with gnucash if you like.
<samueldr> no need to
<samueldr> after seeing the issue (and now a chat with another user) IT IS that issue, and a solution is known
<jasongrossman> samueldr: Oh, great.
<gchristensen> with my self-erasing / and secureboot, I've made nixos pretty annoying to install =)
<elvishjerricco> gchristensen: Make an installer for it, and call it GrahamOS :P
iqubic has left #nixos-chat ["ERC (IRC client for Emacs 26.1)"]
jasongrossman has quit [Remote host closed the connection]
drakonis has quit [Quit: WeeChat 2.3]
jasongrossman has joined #nixos-chat
<ottidmes> anyone here with Rust experience?
pie__ has quit [Ping timeout: 268 seconds]
lassulus_ has joined #nixos-chat
lassulus has quit [Ping timeout: 240 seconds]
lassulus_ is now known as lassulus
<Ralith> \o
<ottidmes> Ralith: is that an emoticon pointing their hand up? as in you do have experience with Rust? or unrelated to my question?
<Ralith> I do, yes
<ottidmes> ah good, I just started out with Rust today, its going better than expected, my program works, but I do have a inlined function definition, because I could not get it to work
<Ralith> things not working is the worst
<ottidmes> it is, I had something like this: https://gist.github.com/msteen/0ee1bb32e0f53a50f4da36259f63adca
<ottidmes> which gives me: this function's return type contains a borrowed value, but the signature does not say whether it is borrowed from `update_set_entries` or `node`
<ottidmes> so I tried adding lifetime parameters, but the error stays the same
<Ralith> tried adding them how?
<ottidmes> fn get_entry<'a>(...) and then anything possible with the arguments
<ottidmes> so I tried adding it to all parameters and return type and any variation I could think of
<ottidmes> I had another function that did just work like I expected with lifetimes the first time around: fn find_set_entry<'a>(name: String, mut node: &'a Node) -> Option<&'a Node> {
<ottidmes> but this one has me stumped, no clue
<ottidmes> Ralith: do you think you can help, and if so, should I make a simpler example that you can test as well, or if not, I will just have to live with the inlined for now
<Ralith> from what code you've shown, it looks like a slightly misleading error
<Ralith> I think you probably don't mean to be taking `update_set_entries` by value
<Ralith> since that means your function takes ownership of it, and disposes of it when done
<ottidmes> I thought that too, so I figured I maybe had to make it a reference type, but that did not help
<Ralith> how did you go about doing that?
<ottidmes> changing Vec<UpdateSetEntry> to &Vec<UpdateSetEntry> and variations with &'a Vec<UpdateSetEntry>
<Ralith> show the exact code you used, and the exact error
<Ralith> the code you've showed is certainly wrong in that regard, because you can't return a reference to something that will be destroyed when the function returns
<ottidmes> updated the gist
<Ralith> what's the definition of `UpdateSetEntry`?
<ottidmes> this was the first case I found the error terrible, I mean "missing lifetime specifier", no its not, its right there! :P the other unexpected behavior of Rust was that I could not do tuple assignment
<ottidmes> updated
<Ralith> the error is exactly right
<Ralith> you haven't supplied a lifetime specifier for any of the instances of `UpdateSetEntry` in that function signature
<ottidmes> I probably have to use different syntax to pass it the lifetime reference
<ottidmes> how do I do that? just <'a> for example?
<Ralith> "lifetime reference" is not standard terminology, so I'm not sure what you mean
<ottidmes> lifetime parameter
<Ralith> Foo<'a> is how you pass a lifetime specifier 'a to a lifetime-generic type Foo, yes
<Ralith> as with other generic types, the use mirrors the definition
<ottidmes> havent gotten to generic types yet, thank you for the help! I had yet to see this in an example (just started with Rust)
<Ralith> basically, the problem if you've specified the lifetime of your borrow of `UpdateSetEntry`, but you've left the lifetime of the borrow *inside* it unspecified, so the compiler tries to infer it but it's ambiguous
<Ralith> for future reference, it's also generally more flexible to use `&[T]` instead of `&Vec<T>`
<ottidmes> right, once you asked for the struct definition it dawned on me that it probably had to do with that, but would not have tried to pass it like that
<ottidmes> Ah ok, will do :)
<Ralith> and furthermore the entire function could be replaced with `update_set_entries.iter().find(|x| x.node == node)`
<ottidmes> I added my complete file, if you have more useful insights, I more than welcome it: https://gist.github.com/msteen/0ee1bb32e0f53a50f4da36259f63adca especially the FIXMEs
<ottidmes> since I just started it has been a lot of searches to find the right library calls, I did not know yet about find, so there is probably some more that could be done differently, but I am surprised that you can at least get productive very quickly in Rust, most things worked on first try :)
<Ralith> https://gist.github.com/msteen/0ee1bb32e0f53a50f4da36259f63adca#file-main-rs-L88 would be better written `pos1.file.cmp(&pos2.file).then_with(|| pos1.line.cmp(&pos2.line))`
<Ralith> or alternatively, `(pos1.file, pos1.line).cmp((pos2.file, pos2.line))`
<ottidmes> Ralith: ow, do you perhaps know how to go from an iterator to ensuring you got a single item, something like the [ x ] pattern in Haskell, or does that same pattern actually work considering your type suggestion of &[T]?
<Ralith> I'm not really sure what you're asking
<Ralith> if you want to extract the next item from an iterator, call `next()` on it
<ottidmes> interpol.children() I expect children to contain a single item, and I want that single item, any more would be a None
<Ralith> "any more would be a None"?
<ottidmes> so singleton iterator is Some(single_item), empty iterator or more than one iterator is None
<Ralith> are you asking for a function that has those semantics?
<ottidmes> yeah
<ottidmes> like findSingle in Nix actually
<Ralith> I don't know what that is
<Ralith> calling `next()` on an empty iterator returns `None`
<Ralith> if you want to call `next()` twice and return `None` from your function if the second call isn't `None`, you can do that
<ottidmes> yeah, that is my plan B, but I had hoped there would be some helper for it, I already needed it more than once in this code
<Ralith> seems like a pretty idiosyncratic thing ot want
<Ralith> you can write roughly the same thing that's written in that nix code, filter and all
<ottidmes> I find it a more than reasonable question to ask of a list, I guess I will just write a function for it myself
iqubic has joined #nixos-chat
<Ralith> you could do something cute like `if let (x@Some(_), None) = (iter.next(), iter.next()) { x } else { None }`
<ottidmes> very nice, thank you!
<ottidmes> Ralith++
<{^_^}> Ralith's karma got increased to 1
<ottidmes> its a pitty that `if let` is considered a statement, I had hoped it would just scope from left to the right of the expression, it means quite a few extra nestings in practice, but that might be me doing beginner mistakes
<iqubic> This looks a whole lot like Scala?
<iqubic> Is this Scala? Or perhaps Rust.
<iqubic> I'm just trying to guess from the `if let (x@Some(_), None) = ...` thing that Ralith gave.
<iqubic> That's the only code snippet I have seen, since I just joined.
<Ralith> ottidmes: the expression I gave is indeed an expression, not a statement
<iqubic> What language is this? Have I guessed it right yet?
<Ralith> I'm not sure what you mean about scope though
<Ralith> rust is very aggressively expression-oriented, even some loops are expressions
<iqubic> Oh. My second guess was the right guess. Nice.
<ottidmes> Ralith: I mean I cannot do: if let Some(x) = opt_x && let Some(y) = opt_y && ... something with x and y, instead I have to nest those two let Some(...)
<iqubic> I don't know Rust. Is it worth learning?
<ottidmes> it is
<ottidmes> I think :P
<ottidmes> so far it is
<iqubic> What sorts of things do you do with Rust?
<Ralith> non-lexical bindings like that would be extremely weird
pie_ has joined #nixos-chat
<iqubic> As in?!?
<iqubic> Care to give an example?
<ottidmes> Ralith: I personally was surprised at first it did not work
<ottidmes> iqubic: I just gave it above?
<iqubic> I didn't see it.
<ottidmes> iqubic: I am making an automatic Nix package updater in Nix, and rnix was the best fit, so I had to use Rust
<ottidmes> iqubic: "if let Some(x) = opt_x && let Some(y) = opt_y && ... something with x and y"
<iqubic> How are you able to use Let as an input to a &&?
<Ralith> I agree it would be kinda handy, but it's not at all clear to me that there's a consistent, sane semantics that would permit such a construction
<iqubic> Also, how are x and y in scope in the last section?
<Ralith> and at any rate there are other ways to avoid nesting
<Ralith> if you paste the specific example you're having trouble with I could give advice
<iqubic> ottidmes: Why not use something like bash or zsh or something to update your nix packages?
<ottidmes> iqubic: that would be very painful, I would have to hardcode every location for my package, since its a list of packages in a single file
<iqubic> I see.
<ottidmes> iqubic: this updater should work with almost any package, including those hard cases, since it uses a proper parser
<ottidmes> Ralith: these are snippets I have problems with, the last one gives an error: https://gist.github.com/msteen/2030bc5dc130f7464fc235355283d8d9
<Ralith> interestingly, the one language I've seen with anything like that is C++17, where you can do `if(auto x = foo; x == 42)`, but you can't chain them
<ottidmes> Ralith: I get the error, but not sure how to approach a fix with me just starting out using it
<Ralith> ottidmes: `Iterator<...>` is a trait, not a type; write `impl Iterator<...>` to make your function generic over all types that satisfy that trait
<Ralith> your first example of nesting can be flattened gracefully with the `?` operator
<Ralith> `fn foo() -> Option<Foo> { let x = opt_x?; let y = opt_y?; Some(x + y) }`
<Ralith> the second one can be improved with some combinator hijinks
<ottidmes> would that change semantics, using the ? operator, it does not work like unwrap does it?
<Ralith> `let foo = bar?;` for `bar: Option<T>` is equivalent to `let foo = if let Some(x) = bar { x } else { return None; }`
pie_ has quit [Ping timeout: 240 seconds]
<ottidmes> Ralith: cool, now this works: fn find_single<'a, T>(mut iter: impl Iterator<Item = &'a T>) -> Option<&'a T> { if let (x@Some(_), None) = (iter.next(), iter.next()) { x } else { None } }
<Ralith> (nonlinear control flow statements have bottom type, it's handy)
endformationage has quit [Ping timeout: 246 seconds]
<ottidmes> ah like async/await do in some languages
<Ralith> for the second case, try `for child in Interpol::cast(set_entry.value()).iter().flatten().filter_map(InterpolAst::cast).filter_map(|x| find_single(x.children()).filter(|x| x.kind() == NodeType::Token(Token::Ident))`
<Ralith> with a newline before each chained method call
<Ralith> (`cargo fmt` may be of assistance)
<Ralith> er, missed a ) after `find_single`
<Ralith> but hopefully you get the idea
<ottidmes> Ralith: BTW, I did not get the (pos1.file, pos1.line).cmp(&(pos2.file, pos2.line)) suggestion to work, it causes them to be moved
<Ralith> also s/`for child`/`for node`/ I guess
<Ralith> ottidmes: oh, I had no idea whether they were `Copy` or not
<Ralith> take references to them instead
<Ralith> `&T` has the same comparison semantics as `T`
<ottidmes> Ralith: ah good to know, and indeed (&pos1.file, &pos1.line).cmp(&(&pos2.file, &pos2.line)) works!
<ottidmes> ow, and return Err(format_err!("...")) correct, I mean it works, but I get Error: ErrorMessage { msg = ... while I expect just Error: <the actual error message>, could that be a difference between release and debug mode?
<Ralith> ottidmes: returning a `Result` from main is, unfortunately, not actually very useful
<Ralith> I recommend `fn main() { if let Err(e) = run() { eprintln!("error: {}", e); } }`
<Ralith> maybe throw in a `std::process::exit(1)`
<ottidmes> Ralith: that is indeed the behavior I expected, and now it does, thanks!
<Ralith> ^^
<ottidmes> I guess I should just read the manual about it, but I am using String a lot, causing me to do quite a bit of .clone() and "literal".to_string(), which feel like code smell to me, especially the literals
<Ralith> if you don't actually need to be mutating them you can generally get away with `&'static str`, yes
<Ralith> sometimes the type inference takes a little finagling
<ottidmes> yeah I noticed, but the errors are pretty good, in the case of the lifetime parameter I found it a bit too generic (same error as the other cases, hence it confused me), but other than that, I could make sense of them all
<ottidmes> Ralith: I have to go now, thanks for having taken the time to help me out with all my questions! :)
<Ralith> o/
Myrl-saki is now known as Meow-saki
ottidmes has quit [Ping timeout: 245 seconds]
jasongrossman has quit [Remote host closed the connection]
lopsided98 has quit [Ping timeout: 268 seconds]
lopsided98 has joined #nixos-chat
Synthetica has joined #nixos-chat
Meow-saki is now known as Myrl-saki
jasongrossman has joined #nixos-chat
Synthetica has quit [Quit: Connection closed for inactivity]
__monty__ has joined #nixos-chat
<infinisil> Great, Facebook is going to unify WhatsApp, Instagram and Facebook messages into one unified thing, such that you can send messages between them
<infinisil> What you'll end up is one giant proprietary messaging system instead of 3 proprietary messaging systems..
<infinisil> Not good, this makes it even harder for matrix and co. :(
<__monty__> I thought they used xmpp? So it's basically a jabber network?
<ar1a> whatsapp is signal, i know that much
Synthetica has joined #nixos-chat
obadz has quit [Quit: WeeChat 2.3]
<__monty__> What? No.
<__monty__> Just because they consulted the signal dev doesn't mean much.
<ar1a> im almost certain whatsapp uses libsignal
<gchristensen> as a person who is uncomfortable with facebook reading my messages, that doesn't help so much
<ar1a> get your friends to just use the signal app! move people away from facebooks control. i know in the eu whatsapp is used for like everything but atleast here in australia it used to be mainly facebook messenger, now its signal/third party apps like discord
<gchristensen> I got most of my contacts to use signal, wasn't so tricky
<ar1a> just use IRC with OTR :D
<gchristensen> yeah that is definitely the way to go :|
<emily> __monty__: whatsapp uses the signal protocol
<emily> it is e2e
<emily> the metadata properties are worse than signal though
<emily> moving from whatsapp to discord seems like a step back, they do no encryption at all and store your logs in indexed plaintext permanently
<emily> (well, they do TLS to the server...)
<infinisil> Signal might be easier to convince people for, but I'm hopeful for Matrix
<ar1a> oh yeah, i really hope matrix takes off. its kind of like irc 2.0!
<ar1a> i tried it 2-3 years ago and it was very slow and heavy though :(
<MichaelRaskin> For the record, right now my list of things that need being hopeful for includes Matrix succeeding with their sorely needed and planned _technical_ questions
<ar1a> emily: yeah but unfortunately its where literally all of my friends are. if i ever have sensitive data we talk over signal at least
<__monty__> ar1a: That page doesn't exist for me.
<ar1a> __monty__: ill reupload it for you
<__monty__> ar1a, emily: I was pretty sure they used the axolotl protocol but I was convinced they reimplemented it.
<ar1a> https://ptpb.pw/K3Pr.pdf __monty__
<__monty__> But "uses axolotl" /= "being signal with a different coat of paint."
<emily> it might be a reimplementation
<__monty__> And all the axolotl crap in the world means very little when the apps, like whatsapp, are mostly used for group messaging.
<emily> "basically a jabber network" is false though ^^;
<emily> hm, does whatsapp not do e2e group convos? signal does
<__monty__> I'm nearly 100% certain facebook messenger is XMPP.
<gchristensen> also it might be e2e, but you still have to trust the end software to not leak messages
<__monty__> So I figured they'd build on that.
<gchristensen> and given their business model, I can't imagine why you'd trust them to not intentionally leak the messages.
<infinisil> I wonder how Keybase' future will look too, how they'll fit in
obadz has joined #nixos-chat
<__monty__> emily: Turns out it does. It has the first member of the group generate a group key used for everyone. I don't know how they prevent simultaneous usage of that key though or what that implies about joining a group, can you only talk after *someone* in the group has been online to send you the key, or does the server know the key and all the encryption is basically pointless?
<__monty__> I wonder about Keybase too. Seems pretty incompatible with PGP's network of trust. Since all of the proof keybase relies on is considered easily faked in PGP-land.
<emily> luckily only about 6 people on the planet care about the PGP web of trust, so incompatibility with it hinders very little :V
<__monty__> Isn't the point of keybase you can easily find out other people's PGP keys? -.-
<emily> sure, but that has very little to do with existing keyservers and the web of trust/strong set/whatever based around glancing at your government papers for a second.
<emily> (...which was already a pretty weird thing for self-declared cypherpunks to be doing <_<)
<gchristensen> __monty__: how would someone be invited to a group message if no people are online to invite them
<gchristensen> I would expect the group invite message is encrypted to the user, and includes the key for the group
<__monty__> gchristensen: Right, yeah, I've *never* used whatsapp. So I had no idea whether it was limited to private groups.
<gchristensen> oh I thought we were talking about Signal :)
<__monty__> No, whatsapp. I trust signal a lot more, since I can throw OWS a lot farther than facebook.
<gchristensen> right
<gchristensen> also facebook isn't in the business of privacy
<ar1a> infinisil: do you think keybase won't have a future?
Synthetica has quit [Quit: Connection closed for inactivity]
endformationage has joined #nixos-chat
ottidmes has joined #nixos-chat
drakonis has joined #nixos-chat
<mdash> keybase violates the expectation that PGP is a set of social practices first and a piece of software second
<__monty__> How?
<infinisil> ar1a: I can't say, I'd love for it to have one. And even if it doesn't, its ideas can live on
<etu> The only thing I know keybase is "good" for is that people can harass each other and there's no way to block people on that platform. That's why I removed my account there.
<gchristensen> ...wat?
<gchristensen> really? wow
<__monty__> Keybase has messaging? Oh, right they offered encrypted messaging *if* you uploaded your PGP private key, right?
<gchristensen> O.o
<infinisil> Wat??
<infinisil> Pls don't let that be real
<__monty__> They're also implementing their own PGP apparently?
<ar1a> i have encrypted messaging, not sure i uploaded my key though
<ar1a> huh, guess i did
<__monty__> I guess, you don't have to. You can have them generate a key for you... https://keybase.io/encrypt
<ar1a> https://keybase.io/ar1a shame you can't prove irc aliases :P
<__monty__> I wish keybase was a great idea. No matter how many times I've looked at it though, every time there's something.
<etu> gchristensen: there's a long thread about this issue: https://github.com/keybase/keybase-issues/issues/1593
<{^_^}> keybase/keybase-issues#1593 (by pkirkovsky, 3 years ago, open): Implement user blocking
<etu> __monty__: The messaging doesn't use your private gpg key. I know because I've tried it and my key is on a smartcard and in a backup.
endformationage has quit [Ping timeout: 250 seconds]
<__monty__> Then how is it encrypted?
<__monty__> Also, how did you test?
<etu> That I don't know... Probably based on the paper key
<__monty__> Sending an encrypted message doesn't need your private key, just the recipient's public key.
<etu> I tested having a chat back and forth with my wife who haven't uploaded her key either
<__monty__> And you're sure it didn't generate a PGP key *for* you?
<__monty__> Like I mentioned they apparently also offer?
<etu> Yes, because I used the same key that I use on my smartcard and did sign a payload to keybase to prove that I have that key.
<__monty__> Uhm, that sounds like they have the private key. How could they possibly use *your* PGP key for decryption if they don't have your private key?
<etu> They are very weird with this paperkey thing because your gpg key can't be used to add a new device to keybase. You have to use an existing device that can "prove" that it's you or a paperkey. But your gpg key isn't trusted to add a new device.
<etu> But hey, they may have changed. It was over a year ago I abandoned that platform for good
<etu> __monty__: Well, I assume that they can't :p
<{^_^}> keybase/keybase-issues#160 (by englishm, 4 years ago, closed): Uploading private keys puts users at risk
<__monty__> This is what I was talking about. They definitely *had* the option to upload your private key at some point.
<etu> Because I generated my key on a laptop offline. Put a backup on >1 USB drive. And then moved my key to my smartcard. I know where my private key is.
<__monty__> Not sure why you're explaining this? Also, keybase isn't exactly aimed at people competent with PGP.
<etu> Because you questioned if I was sure that I didn't upload my key :)
<infinisil> Ah, doesn't it makes sense that they don't need your gpg key, because they have their own model not dependent on gpg?
<infinisil> And they trust their own security so much that they allow you to upload the encrypted gpg key
<infinisil> That would make sense to me
<__monty__> Encrypted with?
<__monty__> Doesn't the keybase model revolve around proving a key belongs to you?
<infinisil> Your private key for their crypto of sorts, not sure where it resides though. I don't have much of a clue haha, was just a guess
<__monty__> I guess they pivoted some time after I lost interest.
<__monty__> When I learned about it it seemed like a way you could prove a PGP key was yours in a more convenient way than meeting in person or calling or I-trust-who-my-friend-trust's stuff.
pie_ has joined #nixos-chat
<__monty__> From reading that blocking issue for keybase. They definitely started out as just making PGP more convenient through social media as proof of identity.
<__monty__> The dropbox and messenger functions came later.
<gchristensen> to a certain extent, the validation based on github and twitter are pretty good
<gchristensen> for example, you have basically no other reason to trust me
<MichaelRaskin> Worse: we have no better _notion_ of you than «the person controlling @grahamc»
<gchristensen> right
<elvishjerricco> I guess I have no reason to trust that the gchristensen on IRC is @grahamc on GitHub :P
<gchristensen> reasonable
<MichaelRaskin> I have some grounds to believe that @grahamc monitors communication to gchristensen pretty closely, though
<gchristensen> that is good! unless you know my nickserv account, and verify gchristensen is authed as that account, you can't be sure it is the same person
<MichaelRaskin> That's true
<ottidmes> MichaelRaskin: about your comment on MITM attacks when using TOFU and verifying TLS, did I understand it correctly that this planned, but not yet there?
<MichaelRaskin> I am not sure this can be considered «planned»
<MichaelRaskin> It is not yet there
endformationage has joined #nixos-chat
<ottidmes> Yeah OK, you hope it will be added one day
<MichaelRaskin> … and then not get reverted
<ottidmes> right
<ottidmes> I am not that familiar with the details, but it would mean requiring HTTPS, right? and then checking the certificates of that connection?
<MichaelRaskin> Well, we already discourage http; an http fallback would still be fine if the primary URL is https
<MichaelRaskin> But for https the certificates will get checked
<ottidmes> I am just thinking maybe I could already add something that could do the checking if possible, but I do not know exactly how it should be checked
<MichaelRaskin> And part of it is in Nix while other part in Nixpkgs…
<MichaelRaskin> And it is split among multiple fetchers, too
<ottidmes> but most fetchers that fetch sources list them in in a url/urls attribute
<MichaelRaskin> Yes
<ottidmes> so maybe I could check before nix-store --realize
<ottidmes> and give a warning for those I cannot determine?
<ottidmes> would be better than nothing, no?
<MichaelRaskin> Check what?
<ottidmes> certificate checking
<gchristensen> a good tsep would be removing -K from fetchurl's curl call
<MichaelRaskin> From _default_ call
<MichaelRaskin> And the equivalent in Nix
<MichaelRaskin> Then I guess there come fetchgit and fetchtarball
<ottidmes> MichaelRaskin: I understand the MITM bit, but I do not yet fully understand the issue at hand, is allowing HTTP requests rather than HTTPS the problem? Is it that curl calls ignore the validity of certificates?
<MichaelRaskin> We deliberately and explicitly ask curl/libcurl to ignore certificate validity
<ottidmes> ah, so would it then not be possible to workaround it by doing certificate validity checking before making the builtin calls? as a workaround for now?
<ottidmes> just the certificate validity checking
<gchristensen> depending on what you're going for, it might be easier to just tell nixpkgs' fetchurl to do the checking
<ottidmes> gchristensen: https://github.com/NixOS/nixpkgs/pull/53436#issuecomment-457110975 so making sure TOFU is safer
<ottidmes> gchristensen: guess I could pass it the right curlOpts attribute, right? for fetchurl and those fetchers that are built un top of fetchurl
<gchristensen> I reckon so
<gchristensen> there is at least one company verifying every source no a regular basis
<gchristensen> I wonder how exactly they do it...
<MichaelRaskin> You mean rebuilding all the fixed-output derivations?
<ottidmes> gchristensen: my nix-prefetch can do that, you can force it to verify the actual hash was the same as the expected hash by indeed just rebuilding it
<gchristensen> I'm not sure if they use Nix's machinery or not
<gchristensen> probably yes though
<MichaelRaskin> Rebuilding all the fixed-output derivations is relatively easy anyway
<MichaelRaskin> Maybe even my old nix-reduce-build script could do that
<gchristensen> what does reduce-build mean?
<ottidmes> its just a matter of setting it to a probably-wrong hash (e.g. zeroes) and then it will just report an error
<MichaelRaskin> gchristensen: well, back in the days before even nix-serve (which is still not perfect but good enough) I had this trivial problem of having two laptops in an offline place and willing to rebuild a system on one of them while using as much as possible from the other one
<ottidmes> gchristensen: Rust is way nicer than I had expected, I managed to make my universal Nix package updater in it with rnix without too much trouble. I will try and see how much of Nixpkgs it can actually automatically update before I publish it and make the claim :P
<gchristensen> nice :)
<gchristensen> MichaelRaskin: oh neat
<MichaelRaskin> Another scenario was «I will go offline soon, let's grab stuff from channels and source downloads»
<MichaelRaskin> If I remember correctly, I added this to Nix scripts (back in the day of the single repo commit access was not separated), then it got removed from auto-install list because Eelco Dolstra wanted to understand what the hell the script does (a reasonable request, to be sure), then I failed to convince enough people that these use cases actually matter
<gchristensen> hah, sounds about right
<MichaelRaskin> And people ask why I say that people multiple companies competing in the same space would not help with conflict of interest/one-sided capture in shepherd teams anyway
<gchristensen> when did that happen?
<MichaelRaskin> When Domen Kozar was asking if we want to break FCP and add conflict-of-interest clauses, among other things I mentioned that the clauses like the ones used in Python are not very helpful in our situation, and we should actually discuss which type of CoI we need to care about.
<gchristensen> ahh
<MichaelRaskin> Eventually everyone agreed about the local course of action (ship as is, discuss succession/CoI rules later), but I think I didn't succeed in getting the point across about employer diversity not giving much diversity of interest (in our specific case)
<gchristensen> ahh, yes, I see where you're coming from
<MichaelRaskin> (I sincerely do expect people from different parts of Intel to disagree more than people from LogicBlox and Packet)
<MichaelRaskin> (Again, when discussing Nixpkgs matters, of course)
<MichaelRaskin> (Opinions on how bad a mess up was Meltdown might be more correlated inside Intel and less correlated outside…)
<gchristensen> although, nobody here works for Packet :P
<MichaelRaskin> Well, they do support NixOS — both as a niche offering and with free services, so I wouldn't be surprised if someone working there decided to try NixOS just for fun
<gchristensen> that is true -- a handful of their team runs nixos
<MichaelRaskin> CoI discussions do not separate employees byt «part of job» bit anyway
<MichaelRaskin> Of course, that bit is not always easy to find out; for my current research I use some supporting tooling that I happen to write in Lisp with Nix for grabbing dependencies. Turned out that asking a PhD student «can you install Nix in Arch quickly?» is a good enough strategy to share that tool between us.
<MichaelRaskin> I am not really sure if it counts for me as using Nix as a part of the job; even better question if it counts for him (he just launches the script that happens to launch Lisp using Nix; he does edit some parts of Lisp code)
ivan has quit [Write error: Connection reset by peer]
harrow has quit [Quit: Leaving]
endformationage has quit [Ping timeout: 250 seconds]
ivan has joined #nixos-chat
harrow has joined #nixos-chat
<ivan> TIL don't put home in /etc/NIXOS_LUSTRATE because lustrate moves to /old-root and then starts copying
<gchristensen> what, uh, did you expect?
<etu> Maybe it's time to grow up and learn NixOps.
<etu> Like a grownup
<ivan> gchristensen: a mv, I guess
tilpner has quit [Ping timeout: 246 seconds]
tilpner has joined #nixos-chat
<drakonis> patch hoarding, the worst kind of hoarding
<etu> drakonis: In the long run also the most cumbersome kind of hoarding to maintain...
<drakonis> agreed
<drakonis> i'm not sure why he doesn't even interact with the community at large
<ottidmes> gchristensen: yeah I saw that line when I went checking for it, too bad it is not under a Nix config option
<MichaelRaskin> drakonis: given that a few changes are trying to fix weird choices in Nixpkgs that people argued against, I can perfectly understand the lack of interaction
<drakonis> full radio silence is weird though
<drakonis> not even a "hey take my stuff or whatever"
<MichaelRaskin> Well, given how parallel builds are still configured in Nixpkgs…
<infinisil> What's the problem with parallel builds in nixpkgs?
<MichaelRaskin> We use a boolean instead of a tristate, and in a bad wya
<MichaelRaskin> I said it then, I said it again a few times today, I will keep saying it
<drakonis> why is it unchanged?
<MichaelRaskin> Because Marc, William, me… we failed to convince people that «parallel building for everything except known-bad» should be a locally-triggerable option that shouldn't break Hydra path compatibility
<drakonis> ah i see.
<gchristensen> how would that be done?
<MichaelRaskin> Like now, only sanely?
<MichaelRaskin> I mean, right now we sometimes have enableParallelBuilding = true
<gchristensen> how would you mkae it locally triggerable without breaking path compatibility?
<MichaelRaskin> This _already_ allows _impure_ injection of the host's core count preference into the build
<gchristensen> right
<MichaelRaskin> (and this part probably still shares a bit of code with MarcWeber's original implementation)
<gchristensen> so my question is more along the lines of: add support to Nix?
<MichaelRaskin> The changes are purely to stdenv
<gchristensen> aye, but the host's core count is injected by Nix
<MichaelRaskin> Which is actually also optional
<gchristensen> right
<MichaelRaskin> Nix actually supports allowing impure vars
<MichaelRaskin> Anyway, on the Nix code level enableParallelBuild is a visible value that is passed to the builder
<MichaelRaskin> It could be a multistate just as well
<MichaelRaskin> And NIX_BUILD_CORES has to be normalised in the builder anyway
<MichaelRaskin> In the original implementation you had to opt-in to parallel builds globally, then the packages could still opt-out
<gchristensen> I think we have that now, no?
<gchristensen> oh, no, opt-in still
<MichaelRaskin> Yes, double opt-in with no choice
<gchristensen> so can you provide me a truth table of inputs and outputs?
<MichaelRaskin> Well, enableParallelBuild should be a tristate visible inside build as tristate, and NIX_BUILD_CORES should be split into (ideally) values for the known-good case, values for unknown case (default, obviously, 1) and ma-a-aybe values for the assumed-bad case (default, _very_ obviously 1).
<MichaelRaskin> The package's tristate opinion selects one of these three values (via stdenv shell code)
<MichaelRaskin> I am not sure if it is normal for a package to build fine with -j4 but not -j32; if it is, something more fancy has a non-zero chance of being useful.
<MichaelRaskin> But probably it is too rare to justify the craziness
<simpson> Stranger is when a package has different binary output under those circumstances.
<MichaelRaskin> Nothing really strange, given some build tools are better t extracting entropy from the environment than some PRNGs
<simpson> I can imagine the headlines of the future. "Sorting: The New Billion-Dollar Mistake?"
<MichaelRaskin> Or maybe _not_ sorting
<gchristensen> some packages do indeed not handle >4 cores well
<MichaelRaskin> In my ideal world, each package would specify the number of cores it can probably handle, and the user would, if desired, provide a calibration «curve»
<MichaelRaskin> I.e. if you say nothing I say 4, if you say 1 I agree, if you say 8 I say 6, if you say 16 I say 8
<gchristensen> I say 96, you say
<MichaelRaskin> If a package says 96, does it mean 0 as no limit?
<MichaelRaskin> Anyway, I never say more than 1.5× my real number of cores
<MichaelRaskin> (and the recommended default is just the curve min(package_cores, cpu_vcores) )
drakonis has quit [Ping timeout: 264 seconds]
ekleog has quit [Quit: WeeChat 2.2]
ekleog has joined #nixos-chat
<infinisil> Man, viewing diffs of diffs is really confusing
<MichaelRaskin> And GitHub allows suggesting changes!
<MichaelRaskin> Which presumably would create a diff of a diff of a diff for your viewing pleasure.
drakonis has joined #nixos-chat
lopsided98 has quit [Quit: Disconnected]
lopsided98 has joined #nixos-chat
__monty__ has quit [Quit: leaving]
lopsided98 has quit [Quit: Disconnected]
lopsided98 has joined #nixos-chat