gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
kisik21 has quit [Ping timeout: 272 seconds]
<Shados> clever: The pirates vs industry thing is rather hilarious. By their very nature as a collection of disparate, competing business entities, legal distribution groups can never manage to acquire and keep the advantage that pirating has: the convenience of being able to get all your shit in one place, and do whatever you like once you have it. Netflix briefly attained an approximation of this by being the only *worthwhile* online distributor, hence the huge
<Shados> popularity, but that is already declining as more are popping up and content is being segmented again :).
<clever> Shados: and then there is the silly licensing problems with netflix
<clever> Shados: for years, i just accepted the fact that star trek wasnt on netflix, and one day as i told others that, i checked, and noticed, it was ...
<Shados> Yeah. Like I said, it was an "approximation" only.
<clever> but i was on linux, so i knew it wouldnt play (pre widevine days)
<clever> so i went to windows, and wut, star trek isnt on netflix?
<clever> further investigation revealed, linux supports v6 by default, windows needed it enabled manually
<clever> and my v6 tunnel exits in america, so its basically a proxy
<clever> one click later, and windows was able to play the entire american lineup!
<Shados> Heh.
<clever> a year later, netflix caught on, and if your v4 and v6 dont agree on what country your in, netflix just turns itself off
<clever> so now i must do the reverse, and disable v6 support, or it wont work
<clever> and on android, you need root to disable v6 support
<clever> so, i have to choose between rooting every android device
<clever> disabling v6 on the whole network
<clever> or pirating everything
<Shados> Ah, intersecting locked-down systems multiplying their individual pain.
<Shados> Nice.
waleee-cl has quit [Quit: Connection closed for inactivity]
Synthetica has quit [Quit: Connection closed for inactivity]
cjpbirkbeck has joined #nixos-chat
<ashkitten> hmm
<ashkitten> how do i set up wireguard so i can talk to a peer-of-a-peer?
<clever> ashkitten: you want to turn on forwarding and use the node as a gateway
<ashkitten> what does that mean, exactly?
<clever> boot.kernel.sysctl = {
<clever> "net.ipv4.ip_forward" = true;
<clever> this will allow you to forward packets to other machines you can access
<clever> networking.interfaces.eth0.ipv4.routes = [ { address = ""; prefixLength = 24; via = ""; } ];
<clever> ashkitten: and this says that for any packet meant for 193.168.3.*, use .2.11 as a gateway
<clever> .2.11 will then need forwarding on
<clever> and the machines within .3.* need a matching route, to get replies back
<ashkitten> ah
<clever> ashkitten: it can help to leave a ping running, and see how far the ping and pong get along the path, to find the problem
<ashkitten> clever: i'm not actually sure how to do this via wireguard
<ashkitten> what interface do i configure it on
<ashkitten> the physical one?
<clever> ashkitten: likely a bit of both, wireguard also has an allowed ip's thing you may need to adjust
<ashkitten> clever: got it
<ashkitten> interfaces.wg0.ipv4.routes = [ { address = ""; prefixLength = 24; via = ""; } ];
<ashkitten> and then i changed each client's peer config so that the server has the whole /24 block
<ashkitten> and that worked
<ashkitten> suddenly glad i chose to get a server in canada and not france
<ashkitten> ping between my desktop and laptop through the server is 300-1100ms
jasongrossman has joined #nixos-chat
Guanin has quit [Remote host closed the connection]
<ashkitten> hnggg
<ashkitten> takes 6 seconds to ssh into my desktop thru wireguard
<ashkitten> which doesnt exactly make sense given that it only takes 1.8 seconds to ssh into the server
<ashkitten> okay, interesting thing
<ashkitten> i get consistent 100ms ping to the server, but wildly varying 300-800ms ping between my clients thru wireguard
cjpbirkbeck has quit [Quit: Quitting now.]
<Ralith> no packet loss?
jasongrossman has quit [Ping timeout: 272 seconds]
<ashkitten> Ralith: if there is it's on the other end
<ashkitten> Ralith: i did a traceroute and it always says ~100ms on the first hop and much higher on the second
<ashkitten> i've no idea why
<MichaelRaskin> clever: I think you also have an option on Android to use OpenVPN to a VM with desired routing properties, no?
<clever> MichaelRaskin: yeah, the vpn interface in android lets you pass a tun device to the app, and then it can do whatever it wants
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 272 seconds]
<Ralith> ashkitten: I mean, do you measure any?
<ashkitten> Ralith: you mean dropped ping packets?
<colemickens> Can we curse in here?
<Ralith> ashkitten: for example
<ashkitten> colemickens: there's no rules against it but as i have been told we want to keep the atmosphere light
<ashkitten> Ralith: i haven't seen any
jasongrossman has joined #nixos-chat
<Ralith> strange
<ashkitten> yeah idk because like, a ping shows up as just two packets on the physical interface on both receiving and sending ends
<ashkitten> so it's not some round-trip overhead
<Ralith> I wouldn't expect data overhead to cause wildly erratic latency, anyway
<ashkitten> yeah me either
<ashkitten> i honestly have no idea what the issue could be
<ashkitten> idk much about networking or anything specific about wireguard
drakonis1 has quit [Quit: WeeChat 2.5]
<ashkitten> and like, all i did on the server was enable ip forwarding, the only thing i did on the clients was use it through wireguard as a gateway for the vpn subnet
<ashkitten> i dont see the issue
<ashkitten> i can only assume it's some weird bug in wireguard
drakonis has joined #nixos-chat
<Ralith> server's not heavily loaded, is it?
<Ralith> might be worth reporting, wireguard is pretty new
drakonis_ has quit [Ping timeout: 250 seconds]
MichaelRaskin has quit [Quit: MichaelRaskin]
<gchristensen> colemickens: preferably not
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
jasongrossman has quit [Read error: Connection reset by peer]
drakonis has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
kisik21 has joined #nixos-chat
endformationage has quit [Ping timeout: 258 seconds]
jasongrossman has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 268 seconds]
jasongrossman has quit [Ping timeout: 246 seconds]
veske has joined #nixos-chat
__monty__ has joined #nixos-chat
<elvishjerricco> Anyone know much about networking on macOS? I'm trying to use openconnect, but DNS isn't working. I can nslookup a host on the VPN, but I can't ping it.
<elvishjerricco> I can ping the IP address manually, but I need to be able to access it through its domain name.
<__monty__> The name resolves to the wrong address?
<elvishjerricco> __monty__: Nope. Works fine if I use this VPN on Linux.
<elvishjerricco> and nslookup gives the right address
<__monty__> Oh, didn't catch the "on linux" implication.
<elvishjerricco> well I've been using this VPN on linux, and now I want to use it on macOS
<gchristensen> lol.
<__monty__> Maybe you have to add the DNS server manually in Network preferences?
<__monty__> That's fantastic! Is it still functional?
<elvishjerricco> __monty__: I don't think so. If I go to network settings > advanced > dns, I see the server there automatically
<joepie91> yeah okay no Twitter for me today https://i.imgur.com/W9iJYCl.png
<__monty__> elvishjerricco: And does dig @said-server name work?
<joepie91> (and rising)
<Taneb> joepie91: what did you do
<elvishjerricco> __monty__: It outputs a bunch of stuff and doesn't exit nonzero :P But I dunno what any of the output means
<__monty__> Hmm, mind pastebinning?
<gchristensen> has anyone considered a email rule to automatically archive mail over, say, 7d old?
<__monty__> elvishjerricco: Could you dig a domain, that's the part that's not working, right?
<elvishjerricco> __monty__: That also works fine
<elvishjerricco> It's weird. DNS lookup seems to work for nslookup/dig/scutil, but not ping/firefox
<__monty__> Sensible info in the ANSWER section?
<elvishjerricco> yea
<__monty__> Hmm, yeah DNS seems to be working fine.
<elvishjerricco> Yea so I'm not sure how it can work for some applications but not for others
<__monty__> Pinging IPs through the VPN works?
<elvishjerricco> yep
<elvishjerricco> I can even visit the site I want to use with its IP address, but it's unusable since logging in redirects to google and then back to the domain name.
<joepie91> Taneb: ended up in a blockchain discussion
<joepie91> it appears to have kept going all night
<Taneb> joepie91: oh no
<joepie91> Taneb: the worst part is that it's a discussion among generally competent people, which means that there's actually stuff worth reading in there
<elvishjerricco> Looks like the commands that work implement their own resolvers, and its the system resolver that is not working.
<joepie91> it's more like a lengthy technical mailinglist thread that ended up on Twitter by accident
<joepie91> lol
<__monty__> elvishjerricco: Maybe the order of the DNS servers matters? Put the VPN at the top?
<__monty__> I'm out of my depth tbh.
<elvishjerricco> Can't reorder them in system preferences for some reason :/ But I've also read that macOS doesn't have a strict ordering or something
<__monty__> I can rubber duck with the best of 'em (the ducks) though.
<elvishjerricco> I am way out of my depth lol
<elvishjerricco> I'm just gonna add things to /etc/hosts until everything I need works :P
<__monty__> elvishjerricco: Hmm, try reloading mDNSResponder: https://apple.stackexchange.com/questions/26616/dns-not-resolving-on-mac-os-x
<elvishjerricco> Tried that
<elvishjerricco> No luck
<__monty__> Oh, wait, first things first: https://youtu.be/nn2FB1P_Mn8?t=10
<elvishjerricco> Haha, not the whole system, but everything else. I suppose I should try the whole system
<__monty__> Also, rebooting with wifi turned off or the cable unplugged, or both.
<elvishjerricco> Reboot did not help
<elvishjerricco> /etc/hosts it is :P
<elvishjerricco> Actually, I've got a better idea... I don't actually have to do this on macOS, I only have to do it on my MacBook. Linux VM!
kisik21 has quit [Remote host closed the connection]
MichaelRaskin has joined #nixos-chat
MichaelRaskin has quit [Quit: leaving]
MichaelRaskin has joined #nixos-chat
cocreature has joined #nixos-chat
veske has quit [Ping timeout: 245 seconds]
disasm has joined #nixos-chat
pie_ has quit [Ping timeout: 258 seconds]
<MichaelRaskin> sphalerite: is today a more empty than usual day at MF@M ?
lopsided98 has joined #nixos-chat
lopsided98_ has quit [Ping timeout: 252 seconds]
pie_ has joined #nixos-chat
<MichaelRaskin> sphalerite: considering going there now (from TUM Garching), but maybe nobody is in…
<MichaelRaskin> Or should I ping sphalerit:
<sphalerite> MichaelRaskin: both work :) fpletz, WilliButz and I are there
<sphalerite> also elseym and some others
<sphalerite> there are definitely people here, and we were probably going to play some Artemis or Empty Epsilon later
<MichaelRaskin> Hm. Almost 5pm. I guess I can go to Laim ±now then (and spend an hour in transit)
<MichaelRaskin> I don't remember if there is any eduroam or free city WiFi around Laim station…
<MichaelRaskin> Or is there anyway I can get inside / find you without communication?
<sphalerite> Landsberger Str. 314, the doors are open at the bottom
<MichaelRaskin> I think I have saved the point from the website
<sphalerite> then you just come up to the 6th floor and ring, and I can let you in
<MichaelRaskin> Ring the local door bell?
<sphalerite> yeah the mayflower one :)
<MichaelRaskin> OK, if it exists, then all is cool.
<MichaelRaskin> Thanks
MichaelRaskin has quit [Quit: MichaelRaskin]
__monty__ has quit [Ping timeout: 245 seconds]
__monty__ has joined #nixos-chat
endformationage has joined #nixos-chat
<pie_> anyone know if swdunlop is on irc_
<pie_> ?
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 257 seconds]
drakonis has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
<joepie91> Taneb: update: Pinboard guy and several others are now involved in the blockchain megathread
<joepie91> this is incredible lol
<joepie91> like half of my 'following' list is in on this discussion
<joepie91> it is still going by the way
drakonis_ has quit [Ping timeout: 268 seconds]
<Taneb> Oh wow]
<joepie91> Taneb: miraculously, it is also still both snarky and constructive
<joepie91> I don't think I've ever seen anything quite like this on Twitter
drakonis_ has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis1 has joined #nixos-chat
drakonis_ has quit [Ping timeout: 245 seconds]
<__monty__> Is it about technical aspects? Or social?
Drakonis__ has joined #nixos-chat
drakonis1 has quit [Ping timeout: 252 seconds]
<joepie91> __monty__: everything really
<__monty__> Could you link the tip of the discussion (again)?
<joepie91> __monty__: I suspect that it's decidedly multi-tip by now, but https://twitter.com/bascule/status/1142111189020770304 is the most recent notification I got
<joepie91> there appear to be many branches
<__monty__> Hmm, guess I want the root.
<__monty__> I was thinking of "tip of the iceberg."
<joepie91> __monty__: this is where I first got involved: https://twitter.com/joepie91/status/1141774750387265536 (and therefore, where my notifications started)
<joepie91> but Twitter is iincreasingly useless for actually following threads :/
<Drakonis__> there's a chrome addon just for that
<Drakonis__> twitter is a sin
kragniz has joined #nixos-chat
kragniz is now known as kgz
<__monty__> Hmm, I can't go forwards in this twitter thread? Does twitter not want me using their platform?
<gchristensen> you must log in
<__monty__> Guess I won't be reading the thread then : )
veske has joined #nixos-chat
drakonis1 has joined #nixos-chat
veske has quit [Quit: This computer has gone to sleep]
drakonis1 has quit [Ping timeout: 252 seconds]
<infinisil> Okay so, how are you guys organizing your data?
<infinisil> I have 2 machines, a desktop, and a laptop
<infinisil> But most of my data isn't specific to any machine
<infinisil> So I'd ideally like everything to be everywhere
<ashkitten> i use dotbot for dotfiles, but i also haven't been maintaining it
<gchristensen> I just forget about my old machine when I get a new machine, and leave it to die (periodically running builds on it)
<infinisil> I guess with a single machine it's decently simple
<joepie91> gchristensen: organically grown buildfarm
<joepie91> :)
<gchristensen> haha
<aanderse> infinisil: syncthing
<ashkitten> i'm excited for the cosmo communicator to actually reach production stage
<infinisil> aanderse: Ah yeah of course, I could just sync everything all the time and be done with it
<infinisil> Except perhaps sync conflicts
<aanderse> i have 4 laptops, 1 desktop, 1 file server/backup desktop, and 2 htpcs... syncthing for the data you *need* everywhere, sshfs (and friends) for the other stuff
<ashkitten> finally got the money yesterday to buy one, i just hope it goes well
<infinisil> aanderse: Okay but here's where I'm also a bit curious: If you syncthing data to all machines, do you still do backups?
<infinisil> Because that is already a backup in a way
<gchristensen> yes
<aanderse> infinisil: only if configured properly can syncthing be considered a backup
<gchristensen> those aren't backups, those increase your risk of losing your data
<infinisil> Ah you can't roll back to arbitrary times with syncthing
<gchristensen> ("oops I deleted them all on machine A... oh dang, syncthing deleted them all on machine B")
<aanderse> but yeah, anything which is actually important gets a real backup
<infinisil> Got it
<aanderse> gchristensen: syncthing is very flexible in this regard
<aanderse> by default it propagates deletes, but this isn't required
<gchristensen> ah
<ldlework> +1 for syncthing
<ldlework> so helpful
<infinisil> But this is kind of where I'm saying "This could be better"
<infinisil> I add a 1GB file on one machine, it syncthings it over to the others
<infinisil> And then the other machines get backed up to my current machine
<infinisil> That's like a lot of unnecessary data moving
<infinisil> For something that was originally here already
<aanderse> yeah you shouldn't backup that sort of data on the same machine twice
<aanderse> that is redundant
<infinisil> We just agreed that syncthing isn't a backup though
<aanderse> gchristensen stated that
<aanderse> while i agree it isn't a backup solution for really important things...
<infinisil> You're fine with using syncthing as a more-or-less backup then?
<aanderse> if you set syncthing to either never propagate deletions or keep n versions of files then it is backup "enough" for files which aren't *that* important
<infinisil> And I guess backups are anyways more to guard against hardware loss than accidentally deleting files
<aanderse> don't forget ransomware
<infinisil> Ah yeah
<aanderse> my backup solutions involves a machine with a 2 disk zfs mirror, 3 local machines with single disk, a usb drive backed up monthly, 2 offsite backups which run nightly, and 2 cell phones
<aanderse> :)
<infinisil> Damn!
<aanderse> but i only do that for important stuff... pictures and videos of my kids :D
<infinisil> How much data is that?
<__monty__> infinisil: Maybe look into backup systems that do dedup? I think borg does this? Maybe restic too.
<infinisil> __monty__: I don't think that would help a lot with the above case I described
<aanderse> infinisil: this is the best indication i can give you https://static.tvtropes.org/pmwiki/pub/images/japan.png
<aanderse> -_-
<infinisil> aanderse: Hehe
<aanderse> 2018 was the worst year yet
<aanderse> over 50gb of home video
<aanderse> over 35gb of photos
<infinisil> I guess this is where I have an advantage because I don't have a life lol, I'm taking like 2 pics a year
<aanderse> oh just wait until you have stinkin' cute kids and a wife who loves cameras
<__monty__> infinisil: What do you mean? It's similar to how rsync works, right? If the file's already in the backup repo it's not sent over again.
<ldlework> i use syncthing more as a private bittorrent tracker with friends and collaborators
<infinisil> __monty__: I mean, if you add a 1GB file in your ~ on host A, which is getting synced with syncthing to host B, then backed up from B to A. How would it avoid sending A -> B -> A?
<infinisil> Specifically B -> A I mean
<__monty__> Because you run the local backup first. Or it finishes faster in any case.
<infinisil> Ahh got it
<infinisil> Yeah that would work
<__monty__> Or, you blacklist certain locations on the remotes from getting backed up altogether. Not ideal, but it'd work in your case because if A can't back it up it's probably down and none of the others would be able to back it up either.
<sphalerite> gchristensen: I'm intrigued by this slowloris boot thing. My main question is: wat?
<gchristensen> hehe
<tilpner> Is slowloris a host name or a DOS attack?
<gchristensen> DoS but in my case a way to make servers boot very fast
* samueldr thinks both
<gchristensen> when you press the power button on a server, it takes several minutes for it to do firmware / cpu / ram / disks / NICs / etc. before it even gets the chance to boot a real system
<samueldr> concurrency?
<joepie91> "wat" is always an excellent first question
<gchristensen> and then if there is no OS, it goes to iPXE which (can, and in this case does) queries an HTTP server for what to do next. so my suggestion is just apply the slowloris attack on the iPXE client at the server. when a clinet wants a new server, instead of booting a new machine just have all the machines slowly consuming headers from your provisoning infra. once the client request comes in do an HTTP
<gchristensen> Redirect over to the actual boot URL. boom, you've saved like 5min. it is trivial enough that I copy-pasted a example from python's website and implemented it already https://gist.github.com/grahamc/99cbfb4e828f24d97c7abb1bd53a35b8
<gchristensen> so it reduced the provision time of my Packet.com server to 10% of what it used to be (about 6min to 45s)
<gchristensen> make sense?
<sphalerite> hahahaha
<gchristensen> =)
<samueldr> I don't understand where the 5 minutes would come from
<gchristensen> that is all the time it spends thinking about RAM and firmware and CPUs and firmware and NICs and firmware and disks and firmware and RAID and firmware
<samueldr> is that you have a machine warmed in iPXE waiting?
<samueldr> is it that*
<gchristensen> the idea here is that when a customer request comes in, have it already ready to receive an ipxe url, isntead of having to go through all the rigamarol of getting the motherboard ready
<samueldr> >> instead of booting a new machine just have all the machines slowly consuming headers from your provisoning infra
<Church-> gchristensen: Hey we use packet at work for two serviers
<gchristensen> oh cool :D
<samueldr> right, then I guess that is it
<Church-> I can migrate those finally to linode
<gchristensen> noo
<Church-> gchristensen: 500GB ram servers that need 32GB at a max
<Church-> Like what was the infra guy a few back thinkking....
<samueldr> that's not something that actually allows an end-user to skip the 5 minutes boot, bot something at the infra level that allows machines to be pre-warmed, right?
<gchristensen> samueldr: right
<samueldr> makes sense now, I thought this was something you would end up implementing as an end-user
<gchristensen> you colud implement it yoruself, but you'd be paying for it full time
<samueldr> yeah
<samueldr> I wonder if an iPXE rom could be made to suspend and wait for WoL
<gchristensen> yeah
<samueldr> because that would needlessly consume power I guess, while it waits
<Church-> Hmm... off hand I wanna say yes
jackdk has quit [Quit: Connection closed for inactivity]
cjpbirkbeck has joined #nixos-chat
Synthetica has joined #nixos-chat
cjpbirkbeck has quit [Quit: Quitting now.]
aanderse has quit [Quit: ZNC 1.7.2 - https://znc.in]
aanderse has joined #nixos-chat
<ar> /39
tokudan has quit [Quit: ZNC 1.7.3 - https://znc.in]
tokudan has joined #nixos-chat
Drakonis__ has quit [Ping timeout: 258 seconds]
__monty__ has quit [Quit: leaving]
MichaelRaskin has joined #nixos-chat
<MichaelRaskin> … and now after a chat with sphalerite I actually got around to moving the master password input out of the X session.
jtojnar has joined #nixos-chat
cjpbirkbeck has joined #nixos-chat