gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
<gchristensen> recompiling virtualbox and alacritty on each rebuild --upgrade is ... slow ...
<gchristensen> qyliss: that did it! :o should we add libGL to the package list by default?
<qyliss> I have no idea
<gchristensen> qyliss: you have saved my life
<qyliss> :)
srk has joined #nixos-chat
<samueldr> I... uh... am ultra-confused
<samueldr> if I git checkout nixos-unstable
<samueldr> >> error: stack overflow (possible infinite recursion)
<samueldr> if I checkout the hash it works
<samueldr> if I checkout a branch pointing to the same ref it works
<gchristensen> wat
<samueldr> I'm at a loss and about to dump the computer out the window
<gchristensen> same
<pie_> samueldr, ask the git channel?
* samueldr started a git fsck
<samueldr> deleted the branch locally, re checked-it out
<samueldr> works
* samueldr weeps
<pie_> :C
<Church-> Ugh
<Church-> I can't ssh into these work hosts
waleee-cl has quit [Quit: Connection closed for inactivity]
<Church-> Can't fucking restart the services
<samueldr> that TAS in insane, and read the details about how it was achieved http://tasvideos.org/6347S.html
<gchristensen> O.O
<pie_> samueldr, omg so satisfying that the balls are actually doing stuff in the back
<samueldr> psst, on a hydra eval page (with full listing) `$('img.build-status:not([alt^="Timed"])').parent().parent().hide()` allows you to filter only those timed out
<pie_> sneaky ;)
<pie_> or am i missing something
* pie_ reads more carefully to see if he
<pie_> 's missing differences
<pie_> this is probably some reeeeally old infra but at first glance it seems like it should be possible to factor some functions out of this...
cjpbirkbeck has quit [Quit: Quitting now.]
endformationage has quit [Quit: WeeChat 2.5]
<eyJhb> Anyone fancy writing some tests in Go? ;) ;) ;)
<manveru> eyJhb: what for?
<eyJhb> manveru: platform I use for CTF events - https://gitlab.com/deviosec/octp
<eyJhb> Currently writing tests for agent/virtual/docker.. But ideal goal is to have tests for everything in agent/ & server/ :p
<eyJhb> So wouldn't expect anyone to want to, seeing as noen properly use it
<manveru> heh, yeah... still got a bunch of tests to write for bundix :)
lopsided98 has quit [Ping timeout: 276 seconds]
<eyJhb> Awww :( `There was an issue signing you in to YouTube. Troubleshoot here.`
<eyJhb> 66% coverage
<gchristensen> fastmail is not leaving me very impressed
<eyJhb> gchristensen: still importing?
<gchristensen> worse
<eyJhb> What is it doing then? :p
<gchristensen> apparently it timed out a few days ago, but the status page just says "Importing"
<eyJhb> `Timed out`? Doesn't sounds nice for a import thing to do
<gchristensen> I asked... they sent me this list of instructions which is 50% excuses for why it broke (I don't care, just help me fix it) and then a decision tree of when to do each step
<gchristensen> but I have no diagnostics information (I can't even tell it timed out, I had to ask support!) so I'm not able to navigate the decision tree
<gchristensen> also, they don't do support over weekends, but they don't say that they say "72 hour response time" during weekends which feels a bit dishonest
<eyJhb> gchristensen: well time to setup your own mail server then?
<eyJhb> Doesn't sound that useable..
<eyJhb> I hate when I start testing things, I and have to question if the third party dependencies does their job correctly...
<gchristensen> nah I know I would not be competent
<MichaelRaskin> Well, a receiving mail server is actually easy
<eyJhb> Depending on how much you care about the receiver getting your mail, vise versa is too
lopsided98 has joined #nixos-chat
<infinisil> I've been running https://gitlab.com/simple-nixos-mailserver/nixos-mailserver for a while now, and it works pretty well
<infinisil> I only started using it last week though
<infinisil> (Been running it just as a test for a while, but last week started using it as my real mail server)
<infinisil> The only thing that was a bit difficult was the DNS setup, but now I've got it working
<andi-> I have a Testsystem with that since October and a friend has been using it for all mail for 6m
<pie_> joepie91, you put this into words better than i was trying to https://discourse.nixos.org/t/how-would-you-pitch-nix-os-if-you-had-5-minutes/3270/5 , i figure purely functional is kind of menaingless without additional elaboration even if you know what that means. (not sure if true, since i already know how nix works) "how does 'purely functional' apply to nix's semantics?"
<pie_> by "know what that means" i mean if you know what purely functional means, not how it applies to nix
<pie_> :I
<pie_> sigh
<pie_> (i _can_ handle R a bit but still)
<pie_> having to reverse engineer this stuff is annoyin
<elvishjerricco> I have a samsung 960 pro in my zfs pool. If I add a 970 pro to mirror it, I'm assuming the only negative effect will be that the 970's significantly better performance won't be leveraged?
<pie_> elvishjerricco, i usually ask the zfsonlinux channel stuff like that :v
<elvishjerricco> Yea but I recognize people here :P
<pie_> not that there arent probably a bunch of overqualified people here i guess :D
cjpbirkbeck has joined #nixos-chat
Drakonis has joined #nixos-chat
ma27[m] has joined #nixos-chat
ma27 has quit [Quit: WeeChat 2.4]
ma27 has joined #nixos-chat
ma27 has quit [Client Quit]
<pie_> i do wish more languages had nix's smart indented strings
cjpbirkbeck has quit [Quit: Quitting now.]
<clever> pie_: the EOF must be at column 0, and the indent gets included in the resulting file, so it has to be un-indented
<pie_> clever, i dont know what youre trying to point out
<clever> pie_: bash's indenting rules are a pain :P
<pie_> to be clear i mean '' '' stripping left indents up to the indent of the first '' (or something like that), and i dont quite see the connection
<pie_> or was that just a comment
<pie_> s/left// :P
<clever> pie_: ive ran into similar problems when i have bash inside ''
<clever> pie_: the whole '' block indent is stripped nicely
<pie_> i didnt run into a problem
<clever> pie_: but lines 59-92 of that bash script are indented at the bash level
<clever> and '' wont strip that part of the indent
<pie_> just wishing i had it so i could indent things nicelty and still have nice output
<clever> and 66-69 must lack indent in the final file
<pie_> nevermind, misparsed "similar"
<pie_> clever, yeah thats ugly :/
<manveru> built a little game today: https://sarumem.manveru.dev/ :)
<gchristensen> numberwang?
<manveru> no idea what the name is... saw it today in a documentary about monkeys that are really good at it...
<gchristensen> oh cool I get it now
<manveru> my wife wanted to try it, so i built it
<manveru> still looking for an emoji for highscore so it doesn't have any words at all
<manveru> also needs a timer, the monkeys can do this shit in 0.5 seconds with 9 numbers :P
<gchristensen> :o
<manveru> but i ran out of time, gonna do that tomorrow :)
<gchristensen> I suck at this game
<eyJhb> gchristensen: I am at the same place
<eyJhb> Hoped I could cheat by making the screen smaller...
<manveru> lol
pie_ has quit [Ping timeout: 252 seconds]
<colemickens> lost my laptop yubikey, too lazy to use regular yubikey, found gnupg_home backup...
<colemickens> gopass works, but ssh-based auth doesn't. I've only ever had one key (though, with subkeys)
<colemickens> not really sure what I'm missing :S
jtojnar has joined #nixos-chat
<eyJhb> manveru: it was worth a try? :p
<eyJhb> manveru: what did you code it using?
Miyu-chan has joined #nixos-chat
pie_ has joined #nixos-chat
<manveru> eyJhb: mint
<manveru> eyJhb: this one, since there's so many projects called mint: https://www.mint-lang.com/
<eyJhb> manveru: got any soure?
<eyJhb> avD
<manveru> yeah, preparing the repo right now :)
<eyJhb> Would be a good candidate for a Pages thing :D
__monty__ has joined #nixos-chat
<colemickens> only google could publish developer docs that are unscrollable without JS enabled
<colemickens> well, crates.io requires JS for static page content, so everything sucks
<samueldr> only google?
<samueldr> I'm starting to get surprised when a non-geek thing just works without enabling js from 99 random sources
<samueldr> or when it fails in a controlled manner
<colemickens> i
<colemickens> I mean, actually breaking scrolling for what looks like a page of mostly text, I am still impressed.
<colemickens> Between NoScript and Firefox Nightly breaking popups on Wayland, using the web is pretty frustrating right now.
<eyJhb> I never thought I would hear something breaking popups
<eyJhb> But I really can imagine
<MichaelRaskin> samueldr: many things work fine if you kill JS _and_ CSS
<colemickens> popups as in firefox extension bubble popups
<colemickens> aka, the thing I'd need to click on 99% of pages to disable JS, just doesn'tw ork
<samueldr> MichaelRaskin: yeah, when absolutely disabling things instead of half-disabling it sometimes work better
<manveru> eyJhb: https://gitlab.com/manveru/sarumem there you go
<eyJhb> Yay Gitlab
<MichaelRaskin> Most things actually work when I grab only HTML with a weird UA string and then dump that HTML to text
<eyJhb> MichaelRaskin: now when you say that, reminds me of yesterday when someone at work sent me a onenote link, with a .one file. Ended up just using strings on it and call it a day
<MichaelRaskin> … and yeah, Gitlab is pretty bad at non-JS use
<samueldr> (pretty bad at JS use too)
<samueldr> I thought they were going all-in with vue components a couple years ago
<samueldr> in some way, when going *all-in* sometimes it works better, but in their case it's just half-broken every which way you go :/
* samueldr should tone down the web of sourness
<MichaelRaskin> Used as an application that happens to have an HTTPS URL, it is more or less similar to everything; using them to quickly looks at a static snapshot of whatever there is… is annoying
<eyJhb> ,locate bin useradd
<{^_^}> Found in packages: su
<eyJhb> .... What
<MichaelRaskin> su is probably an alias for shadow
<MichaelRaskin> > [ su shadow ]
<{^_^}> [ <CODE> <CODE> ]
<MichaelRaskin> > su.outPath + " " + shadow.outPath
<{^_^}> "/nix/store/pvyksb40wvnbwd49r0pkzmgx7b287x6z-shadow-4.6-su /nix/store/6cp4ynjbkz62hxsiq8w4n625ywph2hrn-shadow-4.6"
<MichaelRaskin> OK, that is probably indeed a bug
<colemickens> Do the people who say GPG should be replaced ever offer a skeleton of a design?
<MichaelRaskin> Arguably, every e2ee chat does just that
<colemickens> I guess I was thinking of something that encompasses OpenPGP Card use cases too.
<MichaelRaskin> I thought that part of the point of people who want to see PGP format being replaced is that a solution should take into account the security model of the task to avoid creating impossible-to-follow security practices?
<colemickens> I feel like you're asking a question to make a point and its going over my head.
<MichaelRaskin> There is protection (privacy and integrity) small-groups-of-people short-turnaround-time communication; there is origin control of widely published artifact, there is encryption of medium to long term storage for deryption by the same entity, there is authentication…
<colemickens> Ah. I see.
<colemickens> That's a nuance to the criticism I didn't grok, I guess. I'm not deep in GPG, so I'm probably naive, but I just enjoy the idea of a physical, hardware-based private key. For whatever use - both signing, and authenticating.
<MichaelRaskin> Hardware-based is a lie anyway
<__monty__> Also, hardware tokens are hardly unique to pgp, no?
<MichaelRaskin> Also, «signing» in vacuum is another lie
<MichaelRaskin> You want toi define a process for establishing what exactly a signature verifies, and how credible it is
* colemickens feels dumb
<colemickens> why is "hardware-based" a lie?
<colemickens> __monty__: no, and I know there are pkcs11 apps. And I know there is a way to use a pkcs11 hardware token as a GPG provider (which makes sense, turtles all the way down)
<colemickens> ( guardian-agent might be of interest, tangentially )
<colemickens> That's sort of what I'm brainstorming about though - a smarter type of device like the Trezor that could actually show you what is being requested so you can consent to the action before authorizing it.
<colemickens> (trezor-agent, etc)
<MichaelRaskin> colemickens: hardware-based is a lie because there is still firmware, which is software, and has to handle complicated evolved formats, and has bugs and key-leaking exploits
__monty__ has quit [Ping timeout: 272 seconds]
__monty__ has joined #nixos-chat
<pie_> a small firmware implementation would still be easier to formally verify though :V
<pie_> than a whole machine
<pie_> not that most people do that though i'd bet 5$ some high security applications do
<MichaelRaskin> Well, due to the horrors of modern formats, its effective attack surface is comparable
<adisbladis> I still feel a whole lot better knowing my key does not have to live in RAM and potentially be extracted that way (or even worse, a file on disk).
<pie_> well
<pie_> nevermind had a brain fart. I expect keys not to leave the external device.
__monty__ has quit [Ping timeout: 272 seconds]
<pie_> id like a device that can do arbitrary enc/decryption externally
<pie_> havent researched how much sense that makes though
<pie_> i guess you could connect a raspi or something over usb 2 (because usb 3 has all that dma junk right? :P
<pie_> hmm
<Ralith> can a raspi operate in usb client mode?
<samueldr> Ralith: some* can
<samueldr> 1 through 3, if they have usb A on board they can't really unless you do funny stuff on the board
<samueldr> so this leaves the compute module, and the zeroes
<samueldr> oh, and the 4
<samueldr> Ralith: keyword to search: usb gadget
<pie_> Ralith, even if it cant, this is probably a solvable problem in some way or another
<pie_> it doesnt _need_ to be a raspi
<samueldr> pie_: isn't it thunderbolt (and next usb) that has DMA?
<Ralith> I mean, a raspi is probably a terrible choice for a high-security device for any number of reasons, but I was curious
<samueldr> I can't find confirmation on the info though
<samueldr> either way
<pie_> im not actually sure about the relationship of thunderbolt and usb 3
<pie_> oh i mixed up 3 and c
<Ralith> thunderbolt does have DMA, yes
<samueldr> thunderbolt is an alternate mode over usb type-c
<samueldr> and yeah
<pie_> but yeah basically wanted to avoid dma fuckery
__monty__ has joined #nixos-chat
<samueldr> the next usb will be thunderbolt, so next usb will have dma fuckery
<pie_> not sure if there isnt some not completely obvious way that this is screwed but yeah
<jackdk> I love how the objective was to solve the "what cable where" problem and now we have this confusing pile of overlaid functionality over physically-identical connectors. back in my day you could usually tell the plugs apart
<samueldr> do note: type-c is not necessarily thunderbolt
<pie_> something something glue your ports kids
<Ralith> "next usb"?
<samueldr> yeah, type-c created such a mess
<samueldr> Ralith: usb 4 IIRC
<samueldr> but wasn't sure
<pie_> hardware hackers i stalk on irc usually say people should have just used real PCI
<Ralith> is that becoming a thing already?
<samueldr> yeah, USB4
<samueldr> type-c is messy because _even the cable_ will change the behaviour
<pie_> (have some music, im looping this: https://www.youtube.com/watch?v=umquOAdIklU , this is rad as hell tho: https://www.youtube.com/watch?v=ISS2SrHxKI4)
<samueldr> the rpi4 has only one sense resistor for power identification (not PD), which will make some PD adapter/cable combinations fail to start powering it
<samueldr> so if you have a type-c apple charger and type-c apple cable, the rpi4 will not start
<samueldr> switch the cable, it may start
<jackdk> now who the bloody hell thought _that_ was a good idea!?
<samueldr> but
<samueldr> the connector will not need to be flipped thrice!
<samueldr> you only need to disconnect and reconnect four different cables and ports
<samueldr> because one of your lef port will be thunderbolt, but not the other
<samueldr> oh, you needed eDP, pick the other port
<jackdk> that's it, I'm moving to a cabin in the woods with a year's supply of tinned beans
<jackdk> don't tell me, they put drm on the bloody thing too, didn't they?
<samueldr> can't remember if they did
<pie_> jackdk, on the topic of beans
Drakonis has quit [Quit: WeeChat 2.4]
<jackdk> n00000000 for the love of all that is good in this world n000000
<pie_> x'D
Drakonis has joined #nixos-chat
<MichaelRaskin> «Given a set of USB4 cables and devices, it is NP-complete to verify if the hardware on hand is enough to establish all the desired connections»
<MichaelRaskin> The industry is currently hard at work to produce PSPACE-complete bus family.
<pie_> :V
<MichaelRaskin> I hope I am just joking
<pie_> maybe we dont have to do routing manually anymore
<MichaelRaskin> Just plug everything into a USB hub and hope it sorts things out?
<MichaelRaskin> Or should it be a USB switch?
<samueldr> BGP, but for usb is needed
<samueldr> no, I'm not serious, please don't
<MichaelRaskin> Why? Now a USB stick picked up on the street would be able to bring down the entire office instantly instead of a slow and painful process of malware spread!
<Ralith> what I'm getting here is that I should wire my next house with USB 3 cables instead of ethernet
<samueldr> power delivery of 120AC (or 220?) that sure would be "fun"
<MichaelRaskin> No compromises: we demand 10kV!
<pie_> on one hand cool
__monty__ has quit [Quit: leaving]
<pie_> on the other hand youd never know if a connector is safe again if we used usb for literally everything
<MichaelRaskin> It is already unsafe
<MichaelRaskin> Think of the upside
<MichaelRaskin> 10kV means that being in the general vicinity of computer becomes an activity requiring a technical certification!
<pie_> some would call that an improvement
<MichaelRaskin> Obviously!