<infinisil>
This finally clears my suspicion off firefox and my dark theme for messed up text fields
<samueldr>
(imho, another failing in the web)
<samueldr>
form controls should have been defined as "a thing" more than "whatever the OS does" in html5 imho
<infinisil>
Without being able to change colors of it?
<infinisil>
AS a web dev
<samueldr>
no, with the ability
<samueldr>
but the defaults should have been *defined* in the spec
<samueldr>
that's one of the issues, their default styles which will change; but another is how they act foreign in the flow of a page due to the fact that they're native system controls into a non-native environment
<infinisil>
Well the problem here is that these sites only override the text color, not the background color
<infinisil>
And you can always mess this up when you can override these colors as a web dev
<samueldr>
sure, but if the defaults were not system-dependent and instead specified, it wouldn't be an oversight
lassulus has quit [Ping timeout: 250 seconds]
<samueldr>
forms as they are, must be pretty horrible to maintain in a browser; if they would have been defined as *anything* in the spec, in their entirety, instead of relying on the system behaviour, I bet it would also have helped browser developers
<samueldr>
just imagine the mess of integrating GTK *somehow* into the rendering engine for your browser :/ (and the same mess for macOS' and windows' toolkit)
<infinisil>
samueldr: I wish there was a web-like protocol where devs can only specify colors via settings like main color, accent color, some special ones, and darker/lighter variants of those
<infinisil>
Then it should be rather easy to set the theme for any website
<infinisil>
Or *could, I haven't thought this through after all
<samueldr>
well
<samueldr>
there was "better"
<samueldr>
where the developers could use a palette the browser knew about
<samueldr>
and it'd be your desktop scheme
* samueldr
searches for docs
<infinisil>
samueldr: Wait, "better" is the actual name of it?
<samueldr>
no, those were sarcasm quotes
<samueldr>
but maybe doubly-so
<samueldr>
I'm not sure what the support was
<samueldr>
it wasn't part of CSS I'm willing to bet
<samueldr>
and might have been an IE only feature
<infinisil>
I suppose nobody wanted it, because now that everybody has CSS, nobody will want to go back to something more restricted
<samueldr>
ah, it was something you could use instead of a colour
<samueldr>
if there had been a proper support, it might have been useful
<infinisil>
Oh, I remember that, such colors were also in the XCode color selection list
<infinisil>
And I think iOS employs this throughout, somewhat
<samueldr>
I mean, apple is kinda going that way
<samueldr>
the fonts thing
<samueldr>
and now the "is system in dark mode"
<samueldr>
just in a more restricted way
<infinisil>
Like, IIRC, you could set a highlight color, and your whole app can change accent color with a simple change of it
<samueldr>
(what I just said was about web pages)
<infinisil>
Yeah
<infinisil>
Oh well, can't go back now that we have CSS..
<infinisil>
And Javascript..
<samueldr>
personal opinion, a feeling, and not based on fact: throwing out the W3 and forming the watwg and declaring the whole web a "living standard" might have been the worst decision made :/
<samueldr>
because (imo again) it only not means "whatever we feel like whenever"
<gchristensen>
(qc-centriq-1 and ampere-1 are new)
<gchristensen>
336 ARM cores in Hydra.
lassulus_ has joined #nixos-chat
lassulus has quit [Ping timeout: 240 seconds]
lassulus_ is now known as lassulus
pie___ has joined #nixos-chat
pie__ has quit [Ping timeout: 240 seconds]
Myrl-saki has quit [Ping timeout: 244 seconds]
endformationage has quit [Quit: WeeChat 2.3]
Myrl-saki has joined #nixos-chat
lassulus has quit [Ping timeout: 240 seconds]
lassulus has joined #nixos-chat
lassulus has quit [Ping timeout: 268 seconds]
lassulus_ has joined #nixos-chat
lassulus_ is now known as lassulus
<sphalerite>
etu: btw #nixos-fosdem
iqubic has quit [Ping timeout: 240 seconds]
jasongrossman has quit [Remote host closed the connection]
<MichaelRaskin>
infinisil: samueldr: large parts of web are better with _all_ JS and CSS stripped. Then you finally can interact with content without the horrible «design»
<MichaelRaskin>
By the time WATWG happenned Web has already been irreversibly broken for a long time
<joepie91>
MichaelRaskin: it's mostly an education problem in my experience
<MichaelRaskin>
This is an incentive mismatch problem by now.
<joepie91>
a lot of newer-generation webdevs rolled into the marketing-and-hype-driven startup landscape where SPAs and MongoDB and whatnot are all the hype, and genuinely are unaware of the capabilities of a browser without JS
<joepie91>
it's not that they don't care; it's that they genuinely *don't know* that you can do things without crapping JS everywhere
<joepie91>
as for SGX: yes, it's basically broken, and entirely predictably so :P
<MichaelRaskin>
Someone pays for developer time for pixel-perfect reproduction of design sketches on 4 selected viewport sizes (because responsive, often still better than pixel-perfect on a single size)
<joepie91>
dunno how it managed to snag the interest of so many people who really should know better about the viability of magical tamperproof hardware enclaves...
<MichaelRaskin>
… that still requires per-application Intel approval, right?
<MichaelRaskin>
Well, Rutkowska says that _if_ issues A-Z are solved, then VPS+SGX might have better cost-of-attack parameters than plain VPS
<joepie91>
I mean, hardware enclaves can absolutely be useful to increase attack difficulty
<joepie91>
my problem is with people treating them as tamperproof
<joepie91>
which is all the hype for SGX lately
<joepie91>
it really should not be treated as anything more than an opportunistic extra layer of difficulty
<joepie91>
great if you have it; but don't count on it that you dop
<joepie91>
do*
<MichaelRaskin>
I am not sure that people that pump the hype, quoting people who should know better, understand what they quote well enough not to misquote
<lejonet>
joepie91: people STILL have some type of notion that there exists silver bullets in security...
<lejonet>
it still is, and have always been, to have several layers that hopefully can protect eachothers flaws
<joepie91>
MichaelRaskin: thing is, it's not just misrepresentation; I've seen said people-who-should-know-better *directly* make incorrect assumptions
<MichaelRaskin>
Oh well
<joepie91>
treating SGX as somehow magically different than previous enclave systems
<joepie91>
and when quizzed on why they felt it was different, they came up with 0
<MichaelRaskin>
Maybe my cutoff for expecting people to know better is higher
<joepie91>
I suspect that "it's Intel" is the primary driver here
<joepie91>
giving it an air of legitimacy
<joepie91>
and pre-empting people's skepticism
<joepie91>
but I'm not sure :P
<MichaelRaskin>
After Meltdown.
<lejonet>
Yeah and Intel is fairly good at marketing the SGX as "tamperproof, will solve your entire attack surface locally"
<MichaelRaskin>
(Actually, SGX _did_ have timing vulnerabilities disclosed)
<joepie91>
either way I'm kind of worried that this is going to get abused by intelligence agencies to propose a clipper chip v2
<joepie91>
because "well hey, SGX is accepted as tamperproof within the infosec community, right?"
<joepie91>
"so clearly the abuse problem of the original clipper chip is no longer there!"
<MichaelRaskin>
Except this is NSA from today, from whom ShadowBrokers stole NOBUS-level exploits
<MichaelRaskin>
(«We don't need to tell companies to fix these, because NObody But US can rediscover them!» — yes they can, or they can just copy them from intermediate-hop servers with NSA not taking reasonable precautions for multiple months afterwards)
<MichaelRaskin>
It might be that an SGX fiasco could be a good thing — a second bomb into the same point, but probably not too much out of the ordinary in terms of damage
obadz has quit [Quit: WeeChat 2.3]
obadz has joined #nixos-chat
averell has quit [Ping timeout: 252 seconds]
averell has joined #nixos-chat
tilpner has joined #nixos-chat
endformationage has joined #nixos-chat
avn has quit [Ping timeout: 246 seconds]
avn has joined #nixos-chat
<emily>
hey, dual_ec_drbg was cryptographically-secure NOBUS and nobody was happy with that either :P
<samueldr>
>:| something's wrong, I apparently am `Author: Your Name <you@example.com>`
<samueldr>
something changed my git config >:[
<joepie91>
samueldr: hello Your Name, I'm joepie91
<joepie91>
:P
<samueldr>
I'm extremely peeved at whatever changed the config, looks like nothing got into nixpkgs, I don't even know what could have done that
<tilpner>
samueldr: Only match is in nixos/tests/hound.nix
<tilpner>
But... that couldn't have caused this, right?
<samueldr>
ah no, I'm not thinking it's something nixpkgs, but software that could have done it
<samueldr>
though, I don't remember doing *anything* special lately on that computer, and commits done on the 30th bear the right identification :(
<samueldr>
I almost literally did nothing on this machine in the last few days :/
<samueldr>
only thing I'm thinking is I might have used env -i
drakonis1 has joined #nixos-chat
<steveeJ>
after a couple of days my NixOS VPS isn't responsive to SSH anymore until it's rebooted. in the logs this starts with "kernel: cgroup: fork rejected by pids controller in /system.slice/sshd.service" followed by many "sshd[1180]: error: fork: Resource temporarily unavailable". is this familiar to anyone?
<joepie91>
I'd interpret that as "you ran out of process IDs/slots"
<joepie91>
for that specific service, at least
<joepie91>
I'm not sure what the process limit for the sshd service group is set to normally, but if you're getting hammered unusually hard by SSH bruteforcing bots, I can see how that might occur
<joepie91>
given that each new connection gets its own process
<dtz>
everything gets an unreasonable amount of ssh attempts, although I didn't think they would cause the behavior you're describing by themselves? anyway might want to install fail2ban or equivalent, goes on every machine haha
<steveeJ>
roughly 0.5 per second
<joepie91>
"We hit the limit under sshd.service, since practically everything we do is under sshd.service for a headless box."
<dtz>
haha hooray
<joepie91>
possibly you were running a process over a (legitimate) SSH connection that spawned lots of threads or processes?
<joepie91>
as a user
<joepie91>
dtz: with unreasonable I'm more thinking hundreds per second :)
<joepie91>
steveeJ: either way, something logged in over SSH, manually or otherwise, might be doing a thing that spawns a lot of threads/processes that then all get counted as part of the sshd slice
<steveeJ>
thansk joepie91, it's a good pointer
<joepie91>
seems specific to disabling PAM though
<joepie91>
not sure if you have that enabled
<steveeJ>
I don't think I have
<steveeJ>
could it be related to using DHCP and losing the lease?
<steveeJ>
this is also weird "sshd[31320]: pam_systemd(sshd:session): Failed to release session: Interrupted system call"
<joepie91>
that definitely looks like there's more going on
<joepie91>
steveeJ: stab in the dark: have you done a memory test?
<joepie91>
(not sure how well that works on a VPS though)
<steveeJ>
I haven't, but since it's a VPS that would be weird
<joepie91>
assuming it's KVM or some such, you should probably still be able to do it
<steveeJ>
the last clue I could find is that there are some hung tasks when I reboot the machine. "systemd[1]: systemd-logind.service: State 'stop-sigterm' timed out. Killing."
<joepie91>
steveeJ: fwiw, over the years I've come to assume that "weird kernel errors that look like they should never happen === memory issues"
<joepie91>
:p
<joepie91>
"interrupted system call" definitely falls into that category...
<steveeJ>
maybe I should ask to move my VPS to a different machine
<joepie91>
also an option
<steveeJ>
I'm a bit emotional over this not working right :D I was so happy to have a NixOS VPS :D
<steveeJ>
especially because I'm a cheapskate and use VPS from contabo, which don't support NixOS natively
<joepie91>
heh, contabo
<steveeJ>
the DHCP lease time is 4k seconds, but I don't see a rebind in 4 days. that seems weird
<steveeJ>
`networking.dhcpcd.persistent` seems interesting, I'll try that
* samueldr
should never self-merge ot push to master
<samueldr>
I can't be trusted with my own rebases
<steveeJ>
does someone have a php5x version laying around somewhere?
jasongrossman has joined #nixos-chat
__monty__ has joined #nixos-chat
lnikkila has joined #nixos-chat
endformationage has quit [Ping timeout: 250 seconds]
<lejonet>
I'm having a brainfart moment, whats the builtin to write a sh script to the store, that I can later reference?
<samueldr>
not builtins, but part of nixpkgs, writeScript/writeScriptBin
<lejonet>
ah, I knew it was writeScript or similar, but couldn't find the reference for it in the nix manual, explains why
<lejonet>
Thank you :)
<samueldr>
good way to find those on the tip of your tongue is `nix repl '<nixpkgs>'`, then use write[tab]
<lejonet>
samueldr: I had completely forgotten about the repl, thanks for reminding me
<elvishjerricco>
Does Nix have a mod or remainder function?
<samueldr>
lib.mod in nixpkgs
<samueldr>
not sure if nix itself has one
<infinisil>
It does not
<samueldr>
(was about to say that since it was in lib, it mustn't)
<elvishjerricco>
`mod = base: int: base - (int * (builtins.div base int))`
<elvishjerricco>
Well that's nicely efficient looking.
<elvishjerricco>
Alright. I've made a prime number generator in Nix now :P (testing a perf thing)