<pie_>
samueldr, omg so satisfying that the balls are actually doing stuff in the back
<samueldr>
psst, on a hydra eval page (with full listing) `$('img.build-status:not([alt^="Timed"])').parent().parent().hide()` allows you to filter only those timed out
<eyJhb>
Currently writing tests for agent/virtual/docker.. But ideal goal is to have tests for everything in agent/ & server/ :p
<eyJhb>
So wouldn't expect anyone to want to, seeing as noen properly use it
<manveru>
heh, yeah... still got a bunch of tests to write for bundix :)
lopsided98 has quit [Ping timeout: 276 seconds]
<eyJhb>
Awww :( `There was an issue signing you in to YouTube. Troubleshoot here.`
<eyJhb>
66% coverage
<gchristensen>
fastmail is not leaving me very impressed
<eyJhb>
gchristensen: still importing?
<gchristensen>
worse
<eyJhb>
What is it doing then? :p
<gchristensen>
apparently it timed out a few days ago, but the status page just says "Importing"
<eyJhb>
`Timed out`? Doesn't sounds nice for a import thing to do
<gchristensen>
I asked... they sent me this list of instructions which is 50% excuses for why it broke (I don't care, just help me fix it) and then a decision tree of when to do each step
<gchristensen>
but I have no diagnostics information (I can't even tell it timed out, I had to ask support!) so I'm not able to navigate the decision tree
<gchristensen>
also, they don't do support over weekends, but they don't say that they say "72 hour response time" during weekends which feels a bit dishonest
<eyJhb>
gchristensen: well time to setup your own mail server then?
<eyJhb>
Doesn't sound that useable..
<eyJhb>
I hate when I start testing things, I and have to question if the third party dependencies does their job correctly...
<gchristensen>
nah I know I would not be competent
<MichaelRaskin>
Well, a receiving mail server is actually easy
<eyJhb>
Depending on how much you care about the receiver getting your mail, vise versa is too
<infinisil>
I only started using it last week though
<infinisil>
(Been running it just as a test for a while, but last week started using it as my real mail server)
<infinisil>
The only thing that was a bit difficult was the DNS setup, but now I've got it working
<andi->
I have a Testsystem with that since October and a friend has been using it for all mail for 6m
<pie_>
joepie91, you put this into words better than i was trying to https://discourse.nixos.org/t/how-would-you-pitch-nix-os-if-you-had-5-minutes/3270/5 , i figure purely functional is kind of menaingless without additional elaboration even if you know what that means. (not sure if true, since i already know how nix works) "how does 'purely functional' apply to nix's semantics?"
<pie_>
by "know what that means" i mean if you know what purely functional means, not how it applies to nix
<pie_>
having to reverse engineer this stuff is annoyin
<elvishjerricco>
I have a samsung 960 pro in my zfs pool. If I add a 970 pro to mirror it, I'm assuming the only negative effect will be that the 970's significantly better performance won't be leveraged?
<pie_>
elvishjerricco, i usually ask the zfsonlinux channel stuff like that :v
<elvishjerricco>
Yea but I recognize people here :P
<pie_>
not that there arent probably a bunch of overqualified people here i guess :D
cjpbirkbeck has joined #nixos-chat
Drakonis has joined #nixos-chat
ma27[m] has joined #nixos-chat
ma27 has quit [Quit: WeeChat 2.4]
ma27 has joined #nixos-chat
ma27 has quit [Client Quit]
<pie_>
i do wish more languages had nix's smart indented strings
<MichaelRaskin>
Most things actually work when I grab only HTML with a weird UA string and then dump that HTML to text
<eyJhb>
MichaelRaskin: now when you say that, reminds me of yesterday when someone at work sent me a onenote link, with a .one file. Ended up just using strings on it and call it a day
<MichaelRaskin>
… and yeah, Gitlab is pretty bad at non-JS use
<samueldr>
(pretty bad at JS use too)
<samueldr>
I thought they were going all-in with vue components a couple years ago
<samueldr>
in some way, when going *all-in* sometimes it works better, but in their case it's just half-broken every which way you go :/
* samueldr
should tone down the web of sourness
<MichaelRaskin>
Used as an application that happens to have an HTTPS URL, it is more or less similar to everything; using them to quickly looks at a static snapshot of whatever there is… is annoying
<eyJhb>
,locate bin useradd
<{^_^}>
Found in packages: su
<eyJhb>
.... What
<MichaelRaskin>
su is probably an alias for shadow
<colemickens>
Do the people who say GPG should be replaced ever offer a skeleton of a design?
<MichaelRaskin>
Arguably, every e2ee chat does just that
<colemickens>
I guess I was thinking of something that encompasses OpenPGP Card use cases too.
<MichaelRaskin>
I thought that part of the point of people who want to see PGP format being replaced is that a solution should take into account the security model of the task to avoid creating impossible-to-follow security practices?
<colemickens>
I feel like you're asking a question to make a point and its going over my head.
<MichaelRaskin>
There is protection (privacy and integrity) small-groups-of-people short-turnaround-time communication; there is origin control of widely published artifact, there is encryption of medium to long term storage for deryption by the same entity, there is authentication…
<colemickens>
Ah. I see.
<colemickens>
That's a nuance to the criticism I didn't grok, I guess. I'm not deep in GPG, so I'm probably naive, but I just enjoy the idea of a physical, hardware-based private key. For whatever use - both signing, and authenticating.
<MichaelRaskin>
Hardware-based is a lie anyway
<__monty__>
Also, hardware tokens are hardly unique to pgp, no?
<MichaelRaskin>
Also, «signing» in vacuum is another lie
<MichaelRaskin>
You want toi define a process for establishing what exactly a signature verifies, and how credible it is
* colemickens
feels dumb
<colemickens>
why is "hardware-based" a lie?
<colemickens>
__monty__: no, and I know there are pkcs11 apps. And I know there is a way to use a pkcs11 hardware token as a GPG provider (which makes sense, turtles all the way down)
<colemickens>
( guardian-agent might be of interest, tangentially )
<colemickens>
That's sort of what I'm brainstorming about though - a smarter type of device like the Trezor that could actually show you what is being requested so you can consent to the action before authorizing it.
<colemickens>
(trezor-agent, etc)
<MichaelRaskin>
colemickens: hardware-based is a lie because there is still firmware, which is software, and has to handle complicated evolved formats, and has bugs and key-leaking exploits
__monty__ has quit [Ping timeout: 272 seconds]
__monty__ has joined #nixos-chat
<pie_>
a small firmware implementation would still be easier to formally verify though :V
<pie_>
than a whole machine
<pie_>
not that most people do that though i'd bet 5$ some high security applications do
<MichaelRaskin>
Well, due to the horrors of modern formats, its effective attack surface is comparable
<adisbladis>
I still feel a whole lot better knowing my key does not have to live in RAM and potentially be extracted that way (or even worse, a file on disk).
<pie_>
well
<pie_>
nevermind had a brain fart. I expect keys not to leave the external device.
__monty__ has quit [Ping timeout: 272 seconds]
<pie_>
id like a device that can do arbitrary enc/decryption externally
<pie_>
havent researched how much sense that makes though
<pie_>
i guess you could connect a raspi or something over usb 2 (because usb 3 has all that dma junk right? :P
<pie_>
hmm
<Ralith>
can a raspi operate in usb client mode?
<samueldr>
Ralith: some* can
<samueldr>
1 through 3, if they have usb A on board they can't really unless you do funny stuff on the board
<samueldr>
so this leaves the compute module, and the zeroes
<samueldr>
oh, and the 4
<samueldr>
Ralith: keyword to search: usb gadget
<pie_>
Ralith, even if it cant, this is probably a solvable problem in some way or another
<pie_>
it doesnt _need_ to be a raspi
<samueldr>
pie_: isn't it thunderbolt (and next usb) that has DMA?
<Ralith>
I mean, a raspi is probably a terrible choice for a high-security device for any number of reasons, but I was curious
<samueldr>
I can't find confirmation on the info though
<samueldr>
either way
<pie_>
im not actually sure about the relationship of thunderbolt and usb 3
<pie_>
oh i mixed up 3 and c
<Ralith>
thunderbolt does have DMA, yes
<samueldr>
thunderbolt is an alternate mode over usb type-c
<samueldr>
and yeah
<pie_>
but yeah basically wanted to avoid dma fuckery
__monty__ has joined #nixos-chat
<samueldr>
the next usb will be thunderbolt, so next usb will have dma fuckery
<pie_>
not sure if there isnt some not completely obvious way that this is screwed but yeah
<jackdk>
I love how the objective was to solve the "what cable where" problem and now we have this confusing pile of overlaid functionality over physically-identical connectors. back in my day you could usually tell the plugs apart
<samueldr>
do note: type-c is not necessarily thunderbolt
<pie_>
something something glue your ports kids
<Ralith>
"next usb"?
<samueldr>
yeah, type-c created such a mess
<samueldr>
Ralith: usb 4 IIRC
<samueldr>
but wasn't sure
<pie_>
hardware hackers i stalk on irc usually say people should have just used real PCI
<samueldr>
the rpi4 has only one sense resistor for power identification (not PD), which will make some PD adapter/cable combinations fail to start powering it
<samueldr>
so if you have a type-c apple charger and type-c apple cable, the rpi4 will not start
<samueldr>
switch the cable, it may start
<jackdk>
now who the bloody hell thought _that_ was a good idea!?
<samueldr>
but
<samueldr>
the connector will not need to be flipped thrice!
<samueldr>
you only need to disconnect and reconnect four different cables and ports
<samueldr>
because one of your lef port will be thunderbolt, but not the other
<samueldr>
oh, you needed eDP, pick the other port
<jackdk>
that's it, I'm moving to a cabin in the woods with a year's supply of tinned beans
<jackdk>
don't tell me, they put drm on the bloody thing too, didn't they?
<jackdk>
n00000000 for the love of all that is good in this world n000000
<pie_>
x'D
Drakonis has joined #nixos-chat
<MichaelRaskin>
«Given a set of USB4 cables and devices, it is NP-complete to verify if the hardware on hand is enough to establish all the desired connections»
<MichaelRaskin>
The industry is currently hard at work to produce PSPACE-complete bus family.
<pie_>
:V
<MichaelRaskin>
I hope I am just joking
<pie_>
maybe we dont have to do routing manually anymore
<MichaelRaskin>
Just plug everything into a USB hub and hope it sorts things out?
<MichaelRaskin>
Or should it be a USB switch?
<samueldr>
BGP, but for usb is needed
<samueldr>
no, I'm not serious, please don't
<MichaelRaskin>
Why? Now a USB stick picked up on the street would be able to bring down the entire office instantly instead of a slow and painful process of malware spread!
<Ralith>
what I'm getting here is that I should wire my next house with USB 3 cables instead of ethernet
<samueldr>
power delivery of 120AC (or 220?) that sure would be "fun"
<MichaelRaskin>
No compromises: we demand 10kV!
<pie_>
on one hand cool
__monty__ has quit [Quit: leaving]
<pie_>
on the other hand youd never know if a connector is safe again if we used usb for literally everything
<MichaelRaskin>
It is already unsafe
<MichaelRaskin>
Think of the upside
<MichaelRaskin>
10kV means that being in the general vicinity of computer becomes an activity requiring a technical certification!