gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
jackdk has joined #nixos-chat
<samueldr> (I think throwing away stuff after parsing is an open invitation to tomfoolery, nay, shenanigans!)
<pie_> everyone is coming up with their own chat app these days
<pie_> kind of wish we could jsut get a properly engineered one
<pie_> was it here that someone mentioned signal following terrible engineering practices the other day?
<samueldr> tbf, their chat system is based on matrix
<samueldr> let's hope their jenkins isn't
<samueldr> I think it was here, yeah
<gchristensen> yikes
<samueldr> who@likes@email@addresses.legit ?
<gchristensen> "sounds good to"@me.com
<samueldr> e-mails are what I use to first break new hires :)
<gchristensen> :D
<pie_> i mean i can understand how bugs happen dont get me wrong
<pie_> shits gonna happen, systems are complicated
<gchristensen> email addresses are fun because there is essentially no valid way to parse them
<samueldr> the main things you should do with e-mail addresses: check for an @, DON'T manipulate it, if you want it to be valid, validate it through sending stuff
<gchristensen> the only conclusive thing you can do is send an email to it and see if someone received it
<gchristensen> samueldr++
<{^_^}> samueldr's karma got increased to 80
<samueldr> there is a conclusive way to check whether it has a legit looking domain part... but it's hard to know for sure
<samueldr> like, can't check for presence of dots
<samueldr> I think it's legit to send to an IP? then IPv6
<gchristensen> yeah it is legit
<samueldr> the new GTLDs shouldn't be used directly at the root, but I think ccTLDs were able to for a while
<gchristensen> yeah they can be
<samueldr> (but shouldn't != aren't)
<samueldr> I have in the back of my mind something about "they really shouldn't but nothing technically stops them" [citation needed]
<samueldr> and obviously, .direct is a gtld, google thinks directly is for .direct
* samueldr sighs
<gchristensen> surely nothing stops them technically
<gchristensen> since the DNS has to be resolvable all the way to the root, there'd have to be a weird "A-only" rule in resolving that list of TLDs
<pie_> ok TIL dont use email addresses
<pie_> *only use email addresses if you are planning to do bad things
<samueldr> use them, but treat them like the user knows what they input (even though it's likely they don't)
<pie_> alternatively, donot use email as a means for authorization?
<gchristensen> "A regular expression can be used to check for all of these criteria, except that of bracketed nested comments." what a nightmare
<samueldr> it's fine as authorization as long as it waits on the recipient, and all parts agree not to mangle the thing
<pie_> ...comments in emails? waht?
<samueldr> (but prefer additional methods!)
<gchristensen> Comments are allowed in the domain as well as in the local-part; for example, john.smith@(comment)example.com and john.smith@example.com(comment) are equivalent to john.smith@example.com.
<pie_> email has quoting?
<gchristensen> sure
<pie_> what in the unholy fuck
<pie_> i did not know email is a language
<pie_> basically
<samueldr> 1980s were a hell of a time
<pie_> come on at least give it an evaluation semantics then :P
<gchristensen> "A regular expression can be used to check for all of these criteria except that of bracketed nested comments"@what.a.nightmare could be a valid address
<pie_> if i have weird shit in my email at least have it run code
<pie_> gchristensen, nah the local portion is over 64 characters
<gchristensen> lol
<pie_> whatever the fuck that means "1234567890123456789012345678901234567890123456789012345678901234+x@example.com (local part is longer than 64 characters)"
<gchristensen> pie_: yes, but, see, Postel's law was also popular at the time
<gchristensen> in other words, it is unlikely that limit was enforced
<gchristensen> "Programmers should avoid sending messages with "legal but obscure protocol features" that might expose deficiencies in receivers, and design their code" -- "please don't pwn me" codified as an RFC
jtojnar has joined #nixos-chat
<nh2> samueldr clever: I am pretty unlucky: So good I started with kernel 4_4, otherwise I would have never succeeded, as there's a kernel regression introduced in 4.5 that keeps the screen black, forever: https://bugzilla.kernel.org/show_bug.cgi?id=197895
<nh2> "efi: Refactor efi_memmap_init_early() into arch-neutral code"
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-chat
jasongrossman has quit [Ping timeout: 246 seconds]
<pie_> lesson: have a build farm and parallel test with a lot of kernel versions :v
<pie_> wait what this is a proper thing now??? :OOO http://catern.com/posts/docker.html#fn.9
<pie_> i would like to save processes to disk and stuff without a full on vm
<pie_> probably break everytihng though xD
jasongrossman has joined #nixos-chat
noonien has quit [Quit: Connection closed for inactivity]
jasongrossman has quit [Remote host closed the connection]
jasongrossman has joined #nixos-chat
jasongrossman has quit [Ping timeout: 245 seconds]
drakonis has joined #nixos-chat
MichaelRaskin has quit [Quit: MichaelRaskin]
endformationage has quit [Ping timeout: 268 seconds]
Myhlamaeus has quit [Ping timeout: 258 seconds]
jasongrossman has joined #nixos-chat
jackdk has quit [Remote host closed the connection]
jackdk has joined #nixos-chat
__monty__ has joined #nixos-chat
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-chat
jonge has joined #nixos-chat
pie_ has quit [Ping timeout: 258 seconds]
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.2)]
pie_ has joined #nixos-chat
pie__ has joined #nixos-chat
pie_ has quit [Ping timeout: 244 seconds]
jasongrossman has joined #nixos-chat
waleee has joined #nixos-chat
jtojnar has quit [Ping timeout: 255 seconds]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 250 seconds]
<nh2> pie__: with that issue you would have to literally powercycle your test farm though. Possible but you need all the computer models
jasongrossman has quit [Ping timeout: 258 seconds]
<samueldr> AFAIUI googles does :) https://www.chromium.org/chromium-os/servo
jtojnar has joined #nixos-chat
<gchristensen> nice
<gchristensen> back when I was experimenting with live boot testing nixos, I put together a little board on the reset pins of the motherboard, but I didn't get it to work since AMT was complicated and netboot didn't simulate it properly
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 258 seconds]
<clever> gchristensen: AMT?
<sphalerite> clever: intel's evil stuff
<clever> ah
<__monty__> IME? I figured AMT would be AMD's version.
<sphalerite> the ME is the hardware part I believe
<__monty__> Ah.
<clever> bbl
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 252 seconds]
jasongrossman has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 258 seconds]
<nh2> clever: I'm trying now to build the "kexec-bootloader", with initramfs built into the kernel. No luck yet though, I get a kernel panic with stack: kernel_init -> prepare_namespace -> mount_root -> initcall_blacklist -> mount_block_root -> printk -> panic
<nh2> unfortunately I can't read the full error output because it's scrolled up
<nh2> I tried `boot_delay=500` and `CONFIG_BOOT_PRINTK_DELAY=y` but it has no effect
<sphalerite> nh2: I'm doing something similar!
<nh2> sphalerite: tell
<sphalerite> I don't suppose a serial console is a possibility for you?
<sphalerite> Because that makes life a hell of a lot easier for this stuff.
<nh2> sphalerite: unfortunately no, it's a chromebook and I don't have that servo thing samueldr linked
<sphalerite> nh2: ha, even better :p I've been fiddling with chromebooks too
<sphalerite> nh2: which model?
<nh2> sphalerite: Samsung 500C
<nh2> sphalerite: I now know a lot more about Chromebooks (at least mine) than I wanted
<sphalerite> aww an intel one :p
<sphalerite> ah, and it doesn't have usb-c so you can't use the cool CCD debug cable
<sphalerite> hm, well
<sphalerite> potentially a USB network device in combination with netconsole could be useful
<sphalerite> anyway, https://sphalerite.org/dump/initrd.nix contains all the hacks I've been fiddling with
<sphalerite> the parts most likely to be relevant to you are the initrd, init script and kexecSystem script
endformationage has joined #nixos-chat
<sphalerite> nh2: actually, given your stack trace info, it sounds like it's not actually loading the initramfs
<nh2> sphalerite: thanks for these examples, that looks like some of that will save me some time
<sphalerite> sorry for the sparseness of docs on it though!
<nh2> screw `boot_delay`, I'll just use a fast camera
<sphalerite> hahaha
<nh2> ok that worked, I see `VFS: Cannot open root device "(null)" or unknown block(0,0): error -6` `Please append a correct "root=" boot option; here are the available partitions: ...
<nh2> `early-userspace/README` says `using initramfs. The call to prepare_namespace() must be skipped.` but that's in my trace so I think it takes a wrong path
<sphalerite> there should be some stuff about an initramfs earlier on
<nh2> yes in `kernel_init()`, on failure it should print `Failed to execute %s`,let me check if I can find that somewhere. Unfortunately the still image from the video is quite garbled, not sure if it's because of the line scanning of the screen or the camera
<sphalerite> my previous chromebook also had an option to expose a TTL serial port via one of the USB ports, that would be helpful here too but I think it was a chipset-specific feature
{^_^} has quit [Remote host closed the connection]
drakonis1 has joined #nixos-chat
drakonis has quit [Quit: WeeChat 2.3]
drakonis1 is now known as drakonis
waleee has quit [Quit: WeeChat 2.4]
gchristensen has quit [Quit: WeeChat 2.2]
grahamc has joined #nixos-chat
<joepie91> ,locate libX11.so.6
<joepie91> am I fucking up the command or is there a dead bot in the water
<Taneb> joepie91: dead bot in the water
<joepie91> meh :)
<Taneb> {^_^} closed connection at 1405Z
<grahamc> working on it, sorry (I noted this in #nixos a bit ago)
<joepie91> alright :P
hedning_ has quit [Ping timeout: 244 seconds]
<pie__> clever, if you ever did linix from scratch youd have to do a section on bootstrapping nix for a new platform and writing your own nixpkgs :p (or not)
<clever> pie__: lol
nocent has joined #nixos-chat
<clever> pie__: or take a page from #osdev, write your own kernel, port nix to it, then write a nixpkgs for it
<pie__> clever, full stack nix book
<pie__> vol1, vol2
<pie__> vol0 for silicon
<clever> :D
<grahamc> what, no universe?
<pie__> grahamc, thats like ring -3
<pie__> i dont think humanity has privesc-ed that far yet
<pie__> havent quite managed to manipulate quantum mechanics and general relativity to break Universe SGX yet
<grahamc> I bet you could do it in minecraft
<pie__> i mean if you can do spectre over javascript how hard coud spectre over minecraft cpu be
<grahamc> define your universe differently to prevent spectre
pie_ has joined #nixos-chat
pie__ has quit [Ping timeout: 258 seconds]
<simpson> Depends on whether you've fully abstracted the clock or not.
pie_ has quit [Ping timeout: 245 seconds]
grahamc is now known as gchristensen
gchristensen is now known as {^_^}
{^_^} is now known as gchristensen
{^_^} has joined #nixos-chat
<buckley310> I'm a minimalist. My universe wouldn't have the concept of time. It eliminates entire classes of vulnerabilities.
<Taneb> buckley310: get rid of space too and it's perfect
<buckley310> :D
<simpson> buckley310: In all seriousness, https://ts.data61.csiro.au/publications/csiro_full_text//Ge_YCH_19.pdf is a pretty good read, and I *do* think that closely-holding the ability to use a timer is a satisfactory way to protect against some of these attacks.
drakonis has quit [Quit: WeeChat 2.4]
<buckley310> its difficult to think of tasks that require time accuracy beyond miliseconds.
<buckley310> but then, if you take away fine-grained timers, its possible that programs can just use busy-loops to measure time
<simpson> A coarser timer only means that the side channel is narrower. A more holistic solution is needed; we must abstract time.
<buckley310> O.o
<buckley310> madness
hedning_ has joined #nixos-chat
__monty__ has quit [Ping timeout: 246 seconds]
__monty__ has joined #nixos-chat
pie_ has joined #nixos-chat
Myhlamaeus has joined #nixos-chat
pie__ has joined #nixos-chat
pie___ has quit [Remote host closed the connection]
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-chat
pie_ has quit [Ping timeout: 246 seconds]
pie_ has joined #nixos-chat
<nh2> sphalerite: I don't get it, something is off. The trace shows kernel_init_freeable -> prepare_namespace, but code in kernel_init_freeable doesn't seem to be executed, even a panic() doesn't trigger
spacekookie has joined #nixos-chat
jasongrossman has quit [Ping timeout: 258 seconds]
jasongrossman has joined #nixos-chat
<sphalerite> nh2: odd. How are you building the initramfs?
<sphalerite> And have you tried just building a plain kernel image and loading the initramfs with kexec?
__monty__ has quit [Quit: leaving]
disasm has quit [Ping timeout: 246 seconds]
disasm has joined #nixos-chat
<ldlework> over the last couple weeks I built a unity editor extension / assembly loader that solves the problem of loading assets with scripts on them pointing to a non-game-assembly (ie an injected one): https://github.com/dustinlacewell/Multimod
<ldlework> and then i built a runtime inspector which is like the unity editor inspector, but at runtime: https://github.com/dustinlacewell/RuntimeInspector
<ldlework> which lets me modify the game from inside and do stuff like this, https://media.giphy.com/media/cKiIc4QzpubcIKg8Wg/giphy.gif
<pie_> ldlework, oh shit cool
<pie_> i wanted to try something like that at some point
<pie_> there was this clojure thing and i was thinking about injecting it into unity games