gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
Myhlamaeus has quit [Quit: WeeChat 2.4]
drakonis_ has joined #nixos-chat
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-chat
obadz has quit [Ping timeout: 258 seconds]
obadz has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 252 seconds]
endformationage has quit [Ping timeout: 272 seconds]
<andi-> infinisil: {^_^} behaves differently in query and in the channel? > <nixos-config> works in a channel but not in a query
<andi-> > <nixos-config>
<{^_^}> /nix/store/a2h7mqdfdb1zv9rfpnmfys2c1jdgblim-configuration.nix
<eyJhb> pie_ ^._.^
<eyJhb> Ohh, what. How much stuff has people put onto the server??
Jackneilll has joined #nixos-chat
Jackneill has quit [Read error: Connection reset by peer]
<eyJhb> pie_ your payload seems quite elaborate :D
<joepie91[m]> eh...
<joepie91[m]> cucrulr:l :( 5(2)5 2E)m pEtmyp trye prleyp lfyr ofmr osme rsveerrv
<joepie91[m]> (it's supposed to say 'Empty reply from server')
__monty__ has joined #nixos-chat
<eyJhb> joepie91[m]: close enough ? ;) :p
<joepie91[m]> I mean, it /technically/ contains the correct characters...
<eyJhb> joepie91[m]: *forensics* ;) :p
<eyJhb> I am really starting to LOVE Gitlab registry :D Seems very very awesome
<joepie91[m]> ?
<eyJhb> https://gitlab.com/deviosec/challenges/aarhusctf2019/web-awesome-calculator/container_registry that each repository/project on Gitlab has its own Registry to use with Docker, if you so want to use it :D
<joepie91[m]> aha
* joepie91[m] does not use Docker
<eyJhb> So I don't have to create a docker-hub account for them, plus, if you create a private repo, the registry is private too!
<eyJhb> Oh... I love docker... E.g. getting that challenge up and running from yesterday - `docker run --rm -it -p 8080:5000 registry.gitlab.com/deviosec/challenges/aarhusctf2019/web-awesome-calculator:latest`
<eyJhb> Even use Docker for the release part of my repos... Seemed like the most elegant solution tbh
Jackneilll has quit [Read error: Connection reset by peer]
Jackneill has joined #nixos-chat
Jackneill has quit [Read error: Connection reset by peer]
Jackneill has joined #nixos-chat
Jackneill has quit [Remote host closed the connection]
Jackneill has joined #nixos-chat
Jackneill has quit [Remote host closed the connection]
Jackneill has joined #nixos-chat
<manveru> docker is fine, as long as you build your images with nix ;)
<eyJhb> manveru what is the minimal size of a Nix Docker image?
<eyJhb> Or, does it support custom images? :p
<eyJhb> hmm... 64 MB doesn't seem that bad .. - https://hub.docker.com/r/nixos/nix/tags . But would never use it for the current purpose
<manveru> The above is not built with nix I think
<eyJhb> Hmm, I would actually go as far as to say, that I wouldn't even want to approve a challenge which was Nix specific in that way, except if it was as a 'nix does this stupid thing, attack it'
<manveru> well, it's not related to nix, it just makes reproducible images possible
<pie_> eyjhb, its not a payload its a frontend :D you should try it
<eyJhb> pie_ but I am doing maths :( And guess how fun it is by the title, Engineering Mathematics for Electronical Engineers.
<pie_> i like math but maybe engineers make it boring :P
<eyJhb> Wait. How is it a frontend? Isn't it a python script that contains, e.g. "runRemote"?
<eyJhb> No no, engineering makes it more fun than normal maths. Because we like to just.. Throw stuff away when it is convenient for us
<pie_> just copy paste it somewhere and run it :D
<pie_> (no thats not sketchy at all)
<eyJhb> I feel like there is something missing from what I have :p
<pie_> well ok i guess there is apayload in there
<pie_> the code probably isnt optimal tho :c
<eyJhb> Makes no sense that this - https://i.imgur.com/prLpmdu.png gives the same amount of points as this WOT - https://i.imgur.com/dKgYzS8.png
<__monty__> I like the nederlands-english-svenska mix : >
<__monty__> Oh, it's probably denska or something.
<__monty__> Ah, dansk.
<eyJhb> Haha, yeah, just danish ;) But danish is like... english, french and german. And nederlands is somewhat the same, but different.. :p
<pie_> wait
<pie_> is the mixed english with not english technical words real
<pie_> what the f*** :D
<eyJhb> Am I blind, where are the english stuff in that? :p
<pie_> eyjhb, find, for, at :p
<eyJhb> Ohh... Yeah. We do have a lot of english words in Danish...
<eyJhb> we also do have `fart` which is... `speed`
lejonet has quit [Ping timeout: 272 seconds]
<adisbladis> eyjhb: Ironically enough https://hub.docker.com/r/nixos/nix/ is not built using nix
<pie_> its not? :O
<adisbladis> It's weird...
<eyJhb> That.. That dockerfile could be so much more pretty... Waayyy too much hardcoded stuff in the RUN
yorick has quit [Quit: nixos-rebuild]
yorick has joined #nixos-chat
Jackneill has quit [Ping timeout: 245 seconds]
<manveru> that's how you build images with nix :)
<pie_> wow thats magic
drakonis_ has joined #nixos-chat
<eyJhb> Not going to happen :p Using the standard Dockerfile syntax is just as easy for small stuff
<eyJhb> But for services, e.g. my ZNC etc. might
<pie_> eyjhb, but imagine controlling the entire CTF infrastructure from a couple nix files
<pie_> build the machine hosting the ctf containers \o/
<eyJhb> pie_ there is a lot more to it ;) Checkout octp in deviosec on Gitlab :p
drakonis has quit [Ping timeout: 268 seconds]
drakonis_ has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
Jackneill has joined #nixos-chat
lejonet has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 272 seconds]
<pie_> eyjhb, not sure if this counts as cleaned up :P https://bpaste.net/show/d1fb2346e3db
<eyJhb> pie_ all the lambda really really really hurts! :p
<eyJhb> I might cook togehter how I would do it later.. Still in doing maths..
<pie_> eyjhb, wouldnt it be great if you could just define functions like
<pie_> functionname arg1 arg2 arg3 ... = ...
<eyJhb> I would prop just make a class for it all, init it, make a for loop and then just call a exec function :p
endformationage has joined #nixos-chat
<pie_> well you dont even need a loop because you have cm
<pie_> d
<pie_> oh heh so i just counted and without whitespace thats 10 lines of python
<pie_> if i dont do the from import and use a qualified name then its 9
<eyJhb> Readability > Lines :p Especially in Python, since it is slow whatever you do
<pie_> a less artificially compressed version https://bpaste.net/show/899d36c962c3
<pie_> man I wish R didnt do everything slightly different
<pie_> or something, i dont even know what the problem is. spent a day and a half on some "simple" (?) data transformation
<pie_> and counting
<eyJhb> *python
<etu> gods why is windows so garbage
<etu> been spending hours just trying to get through the partitioning :D
<etu> How can people cope with it?
<gchristensen> partitioning?
<etu> gchristensen: Yeah, where you chose where to install it and it creates a bunch of partitions
<gchristensen> ah
<gchristensen> I cope with it through liberal application of filesystem snapshots
<etu> For me it created like 4 partitions and complained that they were in the wrong order
<gchristensen> lol
<etu> And then it complained that the ESP was NTFS (it's not)
<etu> And then it complained that it couldn't make itself bootable
<pie_> etu, wat. ive never had problems like that what are you doing xD
<gchristensen> looks like my install created only 2 partitions
<pie_> gchristensen, too bad windows cant do zfs eh
<gchristensen> (1) it _can_ r/w ZFS (2) it _is_ on ZFS
<etu> So I made a new USB stick, wiped the drive with a clean gpt partition, and selected the drive and pressed "New" as in new partition. Now it's been waiting for like 10 minutes.
<etu> It's a hourglass as a cursor for the past 10 minutes :p
<pie_> gchristensen, oh huh. (wat) or are you just using VMs
<gchristensen> $ file -Ls /dev/zvol/rpool/windows10
<gchristensen> /dev/zvol/rpool/windows10: DOS/MBR boot sector MS-MBR Windows 7 english at offset 0x163
<pie_> gchristensen, but...how?
<pie_> or maybe im just missing something simple
<gchristensen> it runs in a Qemu / VirtualBox VM which uses the zvol as its root device
<pie_> yeah ok so as i said, vm :p
<gchristensen> however, ZFS is basically the lingua franca of filesystems right now (https://openzfsonosx.org/, https://openzfsonwindows.org/)
<pie_> yeah, as you may have noticed i started peeking in that direction recently
<pie_> didnt know about that last link
<pie_> makes sense tho
<pie_> will there ever be a day windows boots off zfs? :D will truly be a glorious day for homogeniety
<gchristensen> hehe no idea
<pie_> huh why is it the osx people
<samueldr> isn't UFS (the DVD filesystem) the lingua franca?
<samueldr> and it's "as useless to boot from" equally on all systems!
<gchristensen> ohh doesn't UFS have that rewritable option too
drakonis_ has joined #nixos-chat
<samueldr> oh, I thought it was from DVDs, but looks like it isn't.... or I'm thinking about another one https://en.wikipedia.org/wiki/Universal_Flash_Storage
drakonis1 has joined #nixos-chat
drakonis has quit [Ping timeout: 250 seconds]
drakonis1 has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 250 seconds]
drakonis_ has joined #nixos-chat
<__monty__> Why do you say useless to boot from? I think I've made a multi-boot usb formatted UDF before.
<__monty__> I have run into something that seems to require FAT though. Didn't work with UDF.
drakonis has quit [Read error: Connection reset by peer]
<samueldr> meaning that most (all?) OS will not mount the UDF filesystem as their root, but I haven't verified
drakonis has joined #nixos-chat
<pie_> when can we set chrome to unfree? ;)
drakonis_ has quit [Ping timeout: 248 seconds]
<infinisil> > google-chrome.meta.license.free
<{^_^}> false
<infinisil> pie_: ^
<pie_> kehehehe
<__monty__> Installed a security update today, removed my ublock for safari...
<__monty__> And the recent firefox bugs affecting ublock origin aren't very comforting either.
<pie_> __monty__, security updates making you les ssecure ;P
<pie_> man i should be running this stuff in a VM
drakonis has quit [Ping timeout: 252 seconds]
das_j has quit [Quit: "Bye!";]
das_j has joined #nixos-chat
<eyJhb> Have anybody actually escaped a privileged container?
<gchristensen> you don't even need to escape if your container is privileged
<eyJhb> How would you execute commands on the host gchristensen ?
<eyJhb> I am really strugling to find anything useful
<gchristensen> if you manage to get root, you have root on the host -- direct access to the kernel, hardware, memory,
<eyJhb> Any PoC of this?
<gchristensen> of what?
<gchristensen> the getting root part, or the things you can do once you have root?
<eyJhb> Once you have root, actually turning it into something useful
<gchristensen> you can load kernel modules ...
<eyJhb> I just find it weird, that I cannot find anything just "point and shoot"
<gchristensen> okay
<gchristensen> it is like asking for a PoC of any sytemy ou have root on.
<gchristensen> docker run -it --privileged debian:jessie /bin/bash -c "for device in /dev/disk/by-id/*; do echo 'lololololoPoCnewbs' > $device; done"
<gchristensen> /dev/disk/by-id mifght not actually exist, but your drives are exposed
<gchristensen> you can manage NICs
<gchristensen> *you can load kernel modules*
<gchristensen> there is no point in providing a PoC, because there is no trick to it
<eyJhb> But, e.g. mounting the disks inside the Docker container, is only possible from root, right?
<eyJhb> Just thinking about this, since I have some stuff, that requires --privileged....
<cransom> i have definitive proof here... i have a tshirt that says 'freebsd jails, there is no escape'. I don't have one of those for linux containers.
<gchristensen> yes they would need to gain UID 0 in your container to have root
<eyJhb> Wasn't really about, UID0 == Root, but yeah. Might have to set specific flags rather than just --privileged... Only need it to disable ASLR etc.
<gchristensen> that would be a good choice :0
<eyJhb> Not quite sure which.. But, problem for another day. So much else that can be done
drakonis has joined #nixos-chat
<gchristensen> finally, a modern and more full featured echo https://github.com/Unlimiter/put
<drakonis> we needed a more modern and fully featured echo?
<das_j> What is the point of a timeout for echo?
<eyJhb> ` but it is not necessarily faster.` just what I needed, a slower version of echo
<__monty__> The bottleneck when it comes to speed is the human. Put is 25% shorter than echo so on average it's almost 33% faster!
<__monty__> : >
<gchristensen> there you go
<andi-> Does it use multiple threads? :)
<gchristensen> I hope so, it has to be tty-scale
<das_j> OT: I have just completed the first successful test for OSPF in wireguard. Feels amazing after 2 weeks
<andi-> das_j: why not babel? :)
<das_j> andi-: Umm why would I?
<gchristensen> oh cool das_j
<das_j> I could have also used BGP
<andi-> Many things possible. That's why I ask :)
<das_j> andi-: It's built on bird2, so multiple protocols *should* be supported
<pie_> i have no idea what ospf is but it sounds important
<pie_> bird is some kindof autoconfiguration/propagatey thing iirc?
* pie_ has wanted to play with networking stuff like that for a while :c
<das_j> pie_: Dynamic routing daemon
<drakonis> is lutris merged yet?
<das_j> ospf is one protocol for that
<pie_> ah right that sounds right
<das_j> It's also packaged pretty weird because there is bird 2 (v4 and v6), bird 4 (bird 1 with v4) and bird 6 (bird 1 with v6)
<das_j> It's like the Python 2/3 thing
<__monty__> das_j: What is this for? Having ospf work inside encrypted tunnels rather than having an encrypted tunnel over a plain ospf connection?
<das_j> __monty__: Not every host peers with every host. It's a messy mesh. This way, every host can access every host
<das_j> There are problems like hosts behind NATs (laptops)
<__monty__> Is this like what tinc does but for wireguard?
<das_j> __monty__: Kinda, yes. Not sure if tinc does onion routing, I do not
<pie_> das_j, sheesh lol talk about naming
<das_j> pie_: Huh?
<pie_> das_j, i mean the 2 4 6 thing
<das_j> oh yes
<__monty__> Don't think it does. It just does mesh networking afaiui.
<das_j> My first thought was "take the latest one. Let's go for bird6"
<__monty__> What exactly are you working on btw? Could it replace tinc or toxvpn?
<das_j> __monty__: Probably, yes. It's a module (helsinki vpn) which allows you to peer with other hosts and route over the network using bird
<das_j> It was initially built to access my binary cache from everywhere
<gchristensen> so ... any chance you'll be writing up a blog post? :)
<das_j> ummmm
<das_j> Once it works and I have the motiviation - of course
<das_j> Still struggling with the shitty C code of bird
<gchristensen> sounds like bird
<das_j> also, I am not really a C developer
<gchristensen> I am constantly annoyed by wireguard's resolution and NAT holepunching problems
<das_j> gchristensen: wdym?
<das_j> Oh wait, dynamic endpoint addresses?
<gchristensen> yeao
<das_j> gchristensen: ajs124 did something for that
<das_j> wait, I'll look it up
<das_j> well, ask him yourself, I can neither find the code in the repo nor would I understand it^^
* pie_ waits for the glorious nix personal cloud
<Church-> Hmm, do we have openstack on nix yet?
<manveru> doesn't look like it
<manveru> only nix on openstack
<andi-> We had..
<andi-> Nobody maintained it so I removed it a year or so ago
<manveru> heh "its ok. its nixos. the documentation makes the learning curve look like a cliff"
<gchristensen> oh?
<manveru> btw i started working on new ruby docs
<manveru> i now run all the code snippets through nixfmt :P
<manveru> leads to some interesting formatting...
drakonis has quit [Read error: Connection reset by peer]
nckx is now known as god
god is now known as nckx
<pie_> manveru, lol, source?
<pie_> @ quote
<pie_> lol
<eyJhb> I. HATE sites, that try to screw with my scrolling. Just. Don't
<andi-> I hate most websites...
* pie_ pets andi- and eyjhb
<pie_> its going to be ok
* pie_ TOTALLY isnt trying to just tell himself that
<andi-> I just don't open the browser again.... I am tryihg..
<eyJhb> andi- I hate most people tbh.
<eyJhb> DO I win now?
<andi-> no, this isn't a contest
* eyJhb sounds like I won
<pie_> ekleog, where u at geographically btw? planning to come to nixcon?
<eyJhb> Why would Gitlab implement a incremental snippets...
<ekleog> pie_: do we even know yet when/where nixcon will be?
<pie_> ekleog, depends on what granularity you want to know xD
<ekleog> well, something more than europe & end-of-year :p
<ekleog> I hope I'll be able to come, if that's your question
drakonis has joined #nixos-chat
<andi-> ekleog: czech republic, brno, end of october
<ekleog> hmm, I currently have no reason for not being able to go :)
<pie_> \o/
__monty__ has quit [Quit: leaving]