<samueldr>
(I think throwing away stuff after parsing is an open invitation to tomfoolery, nay, shenanigans!)
<pie_>
everyone is coming up with their own chat app these days
<pie_>
kind of wish we could jsut get a properly engineered one
<pie_>
was it here that someone mentioned signal following terrible engineering practices the other day?
<samueldr>
tbf, their chat system is based on matrix
<samueldr>
let's hope their jenkins isn't
<samueldr>
I think it was here, yeah
<gchristensen>
yikes
<samueldr>
who@likes@email@addresses.legit ?
<gchristensen>
"sounds good to"@me.com
<samueldr>
e-mails are what I use to first break new hires :)
<gchristensen>
:D
<pie_>
i mean i can understand how bugs happen dont get me wrong
<pie_>
shits gonna happen, systems are complicated
<gchristensen>
email addresses are fun because there is essentially no valid way to parse them
<samueldr>
the main things you should do with e-mail addresses: check for an @, DON'T manipulate it, if you want it to be valid, validate it through sending stuff
<gchristensen>
the only conclusive thing you can do is send an email to it and see if someone received it
<gchristensen>
samueldr++
<{^_^}>
samueldr's karma got increased to 80
<samueldr>
there is a conclusive way to check whether it has a legit looking domain part... but it's hard to know for sure
<samueldr>
like, can't check for presence of dots
<samueldr>
I think it's legit to send to an IP? then IPv6
<gchristensen>
yeah it is legit
<samueldr>
the new GTLDs shouldn't be used directly at the root, but I think ccTLDs were able to for a while
<gchristensen>
yeah they can be
<samueldr>
(but shouldn't != aren't)
<samueldr>
I have in the back of my mind something about "they really shouldn't but nothing technically stops them" [citation needed]
<samueldr>
and obviously, .direct is a gtld, google thinks directly is for .direct
* samueldr
sighs
<gchristensen>
surely nothing stops them technically
<gchristensen>
since the DNS has to be resolvable all the way to the root, there'd have to be a weird "A-only" rule in resolving that list of TLDs
<pie_>
ok TIL dont use email addresses
<pie_>
*only use email addresses if you are planning to do bad things
<samueldr>
use them, but treat them like the user knows what they input (even though it's likely they don't)
<pie_>
alternatively, donot use email as a means for authorization?
<gchristensen>
"A regular expression can be used to check for all of these criteria, except that of bracketed nested comments." what a nightmare
<samueldr>
it's fine as authorization as long as it waits on the recipient, and all parts agree not to mangle the thing
<pie_>
...comments in emails? waht?
<samueldr>
(but prefer additional methods!)
<gchristensen>
Comments are allowed in the domain as well as in the local-part; for example, john.smith@(comment)example.com and john.smith@example.com(comment) are equivalent to john.smith@example.com.
<pie_>
email has quoting?
<gchristensen>
sure
<pie_>
what in the unholy fuck
<pie_>
i did not know email is a language
<pie_>
basically
<samueldr>
1980s were a hell of a time
<pie_>
come on at least give it an evaluation semantics then :P
<gchristensen>
"A regular expression can be used to check for all of these criteria except that of bracketed nested comments"@what.a.nightmare could be a valid address
<pie_>
if i have weird shit in my email at least have it run code
<pie_>
gchristensen, nah the local portion is over 64 characters
<gchristensen>
lol
<pie_>
whatever the fuck that means "1234567890123456789012345678901234567890123456789012345678901234+x@example.com (local part is longer than 64 characters)"
<gchristensen>
pie_: yes, but, see, Postel's law was also popular at the time
<gchristensen>
in other words, it is unlikely that limit was enforced
<gchristensen>
"Programmers should avoid sending messages with "legal but obscure protocol features" that might expose deficiencies in receivers, and design their code" -- "please don't pwn me" codified as an RFC
jtojnar has joined #nixos-chat
<nh2>
samueldr clever: I am pretty unlucky: So good I started with kernel 4_4, otherwise I would have never succeeded, as there's a kernel regression introduced in 4.5 that keeps the screen black, forever: https://bugzilla.kernel.org/show_bug.cgi?id=197895
<nh2>
"efi: Refactor efi_memmap_init_early() into arch-neutral code"
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-chat
jasongrossman has quit [Ping timeout: 246 seconds]
<pie_>
lesson: have a build farm and parallel test with a lot of kernel versions :v
<gchristensen>
back when I was experimenting with live boot testing nixos, I put together a little board on the reset pins of the motherboard, but I didn't get it to work since AMT was complicated and netboot didn't simulate it properly
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 258 seconds]
<clever>
gchristensen: AMT?
<sphalerite>
clever: intel's evil stuff
<clever>
ah
<__monty__>
IME? I figured AMT would be AMD's version.
<sphalerite>
the ME is the hardware part I believe
<nh2>
clever: I'm trying now to build the "kexec-bootloader", with initramfs built into the kernel. No luck yet though, I get a kernel panic with stack: kernel_init -> prepare_namespace -> mount_root -> initcall_blacklist -> mount_block_root -> printk -> panic
<nh2>
unfortunately I can't read the full error output because it's scrolled up
<nh2>
I tried `boot_delay=500` and `CONFIG_BOOT_PRINTK_DELAY=y` but it has no effect
<sphalerite>
nh2: I'm doing something similar!
<nh2>
sphalerite: tell
<sphalerite>
I don't suppose a serial console is a possibility for you?
<sphalerite>
Because that makes life a hell of a lot easier for this stuff.
<nh2>
sphalerite: unfortunately no, it's a chromebook and I don't have that servo thing samueldr linked
<sphalerite>
nh2: ha, even better :p I've been fiddling with chromebooks too
<sphalerite>
nh2: which model?
<nh2>
sphalerite: Samsung 500C
<nh2>
sphalerite: I now know a lot more about Chromebooks (at least mine) than I wanted
<sphalerite>
aww an intel one :p
<sphalerite>
ah, and it doesn't have usb-c so you can't use the cool CCD debug cable
<sphalerite>
hm, well
<sphalerite>
potentially a USB network device in combination with netconsole could be useful
<sphalerite>
the parts most likely to be relevant to you are the initrd, init script and kexecSystem script
endformationage has joined #nixos-chat
<sphalerite>
nh2: actually, given your stack trace info, it sounds like it's not actually loading the initramfs
<nh2>
sphalerite: thanks for these examples, that looks like some of that will save me some time
<sphalerite>
sorry for the sparseness of docs on it though!
<nh2>
screw `boot_delay`, I'll just use a fast camera
<sphalerite>
hahaha
<nh2>
ok that worked, I see `VFS: Cannot open root device "(null)" or unknown block(0,0): error -6` `Please append a correct "root=" boot option; here are the available partitions: ...
<nh2>
`early-userspace/README` says `using initramfs. The call to prepare_namespace() must be skipped.` but that's in my trace so I think it takes a wrong path
<sphalerite>
there should be some stuff about an initramfs earlier on
<nh2>
yes in `kernel_init()`, on failure it should print `Failed to execute %s`,let me check if I can find that somewhere. Unfortunately the still image from the video is quite garbled, not sure if it's because of the line scanning of the screen or the camera
<sphalerite>
my previous chromebook also had an option to expose a TTL serial port via one of the USB ports, that would be helpful here too but I think it was a chipset-specific feature
{^_^} has quit [Remote host closed the connection]
drakonis1 has joined #nixos-chat
drakonis has quit [Quit: WeeChat 2.3]
drakonis1 is now known as drakonis
waleee has quit [Quit: WeeChat 2.4]
gchristensen has quit [Quit: WeeChat 2.2]
grahamc has joined #nixos-chat
<joepie91>
,locate libX11.so.6
<joepie91>
am I fucking up the command or is there a dead bot in the water
<Taneb>
joepie91: dead bot in the water
<joepie91>
meh :)
<Taneb>
{^_^} closed connection at 1405Z
<grahamc>
working on it, sorry (I noted this in #nixos a bit ago)
<joepie91>
alright :P
hedning_ has quit [Ping timeout: 244 seconds]
<pie__>
clever, if you ever did linix from scratch youd have to do a section on bootstrapping nix for a new platform and writing your own nixpkgs :p (or not)
<clever>
pie__: lol
nocent has joined #nixos-chat
<clever>
pie__: or take a page from #osdev, write your own kernel, port nix to it, then write a nixpkgs for it
<pie__>
clever, full stack nix book
<pie__>
vol1, vol2
<pie__>
vol0 for silicon
<clever>
:D
<grahamc>
what, no universe?
<pie__>
grahamc, thats like ring -3
<pie__>
i dont think humanity has privesc-ed that far yet
<pie__>
havent quite managed to manipulate quantum mechanics and general relativity to break Universe SGX yet
<grahamc>
I bet you could do it in minecraft
<pie__>
i mean if you can do spectre over javascript how hard coud spectre over minecraft cpu be
<grahamc>
define your universe differently to prevent spectre
pie_ has joined #nixos-chat
pie__ has quit [Ping timeout: 258 seconds]
<simpson>
Depends on whether you've fully abstracted the clock or not.
pie_ has quit [Ping timeout: 245 seconds]
grahamc is now known as gchristensen
gchristensen is now known as {^_^}
{^_^} is now known as gchristensen
{^_^} has joined #nixos-chat
<buckley310>
I'm a minimalist. My universe wouldn't have the concept of time. It eliminates entire classes of vulnerabilities.
<Taneb>
buckley310: get rid of space too and it's perfect
<buckley310>
its difficult to think of tasks that require time accuracy beyond miliseconds.
<buckley310>
but then, if you take away fine-grained timers, its possible that programs can just use busy-loops to measure time
<simpson>
A coarser timer only means that the side channel is narrower. A more holistic solution is needed; we must abstract time.
<buckley310>
O.o
<buckley310>
madness
hedning_ has joined #nixos-chat
__monty__ has quit [Ping timeout: 246 seconds]
__monty__ has joined #nixos-chat
pie_ has joined #nixos-chat
Myhlamaeus has joined #nixos-chat
pie__ has joined #nixos-chat
pie___ has quit [Remote host closed the connection]
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-chat
pie_ has quit [Ping timeout: 246 seconds]
pie_ has joined #nixos-chat
<nh2>
sphalerite: I don't get it, something is off. The trace shows kernel_init_freeable -> prepare_namespace, but code in kernel_init_freeable doesn't seem to be executed, even a panic() doesn't trigger
spacekookie has joined #nixos-chat
jasongrossman has quit [Ping timeout: 258 seconds]
jasongrossman has joined #nixos-chat
<sphalerite>
nh2: odd. How are you building the initramfs?
<sphalerite>
And have you tried just building a plain kernel image and loading the initramfs with kexec?
__monty__ has quit [Quit: leaving]
disasm has quit [Ping timeout: 246 seconds]
disasm has joined #nixos-chat
<ldlework>
over the last couple weeks I built a unity editor extension / assembly loader that solves the problem of loading assets with scripts on them pointing to a non-game-assembly (ie an injected one): https://github.com/dustinlacewell/Multimod