<tilpner>
Even if we convinced someone who could decide, that might still break existing Nix
<tilpner>
And introducing new syntax for our behaviour is... similarly unlikely to happen
<pie_>
well maybe for nix 3 then or something ;P
<pie_>
or we can get ghc style language extensions in hnix ;DDD
<infinisil>
Wow, it took me 4 (!) calls to increase my credit card limit
<infinisil>
First to the bank, they told me it was already increased for some reason; then to the credit card company, they told me that no it wasn't increased and I should call the bank; then to the bank again, they go "oh no it wasn't increased already after all, we'll do that now, should take a day"
<infinisil>
After two days I call the bank again because it still wasn't done
<eyJhb>
infinisil: know the feeling. Called my inssurance 4 times (there is a 50 minute wait each time), because they inssurance was on the wrong address..
<infinisil>
Support at its finest
<eyJhb>
Best part, another time I had to call them because.. Yeah, something. And because it is basically three companies that is the same, but not. THey had listed the wrong number.. So 30 minute waiting, to be told "I can see it, but I can't change it".
<infinisil>
I once wanted to ask my ISP to give me a public IP, I was forwarded through like 5 different people until I got to somebody that could tell me "you can't"
<eyJhb>
Ahh, that sucks.. Mine is like "You can.. for money"
<eyJhb>
Or, not anymore, but previous place.
<infinisil>
Ah yeah, I probably could've gotten one with lots of money, they said it was only available for companies
<eyJhb>
Normally the ISPs I have had, the only time your public IP changes, is if your router has been down for 30+ minutes, or you change the MAC on it
<eyJhb>
infinisil: isn't it the same for you? I would assume so
<infinisil>
eyjhb: Well our internet goes through LTE
<eyJhb>
Ahh.. So not really able to forward anything
<infinisil>
Well we have two ways: Cable (slow but reliable, public ip), and LTE (fast but slightly unreliable, no public ip)
<infinisil>
And I only have a connection to the latter
<infinisil>
(from my room)
<eyJhb>
You could always use a VPN to forward stuff if you want
<eyJhb>
That is what I do
<infinisil>
Yeah that's what I ended up doing
<infinisil>
Got my own server
<eyJhb>
I love it, except my provider is under DDoS basically every night
<tilpner>
And I managed to create a profile that crashes apparmor
<__monty__>
Is dyndns an option? Something like freedns?
<eyJhb>
__monty__: the problem is more or less that you cannot forward anything out, as it is NATted (as far as I remember). So it isn't because it changes IP
<eyJhb>
If that is what you were saying
<eyJhb>
saying/asking
<cransom>
ssh -R is also handy in a pinch if you want remote ports forwarded to a machine and didn't want to do a vpn setup and only need tcp.
<eyJhb>
+1 yeah I use that one all the time
<eyJhb>
But not handy for Plex setups :(
waleee-cl has quit [Quit: Connection closed for inactivity]
ixxie has quit [Ping timeout: 246 seconds]
<ashkitten>
andi-: wait, what? i overrode systemd i didn't even know there was a systemd.package option
<joepie91>
__monty__: aye, seen it. encryption backdoors are already here :)
<gchristensen>
I guess then the right thing to do is get involved and help them solve the numerous, reasonable, open questions posed in the linked issue.
<joepie91>
gchristensen: if you look at the referenced issue about core signing - https://core.trac.wordpress.org/ticket/39309 - you'll see that Scott has been doing that for *well* over 3 years now
<joepie91>
this is well, *well* beyond "be the change you want to see"
<joepie91>
I think we're at like 4 or 5 years of work now?
<joepie91>
not to mention that the first issue linked - which I presume is what you're referring to - is specifically about plugin signing, not core signing
<joepie91>
they're different things and that's the whole problem here, the latter is being thrown out because of issues with the former
<gchristensen>
> Does WordPress want a solution sooner-than-later? (This answer will dictate Paragon's resource allocation into this initiative.)
<{^_^}>
error: syntax error, unexpected '(', expecting ID or OR_KW or DOLLAR_CURLY or '"', at (string):262:51
<joepie91>
gchristensen: take into account that wordpress core have been stalling on this for months or years
<joepie91>
several rounds of "no we don't actually care about this, we'll get to it some time next year"
<joepie91>
no actionable feedback, no issues to address
<joepie91>
wordpress core is 100% unambiguously in the wrong on this matter
<joepie91>
and have been behaving far from good-faitrh
<gchristensen>
okay
<gchristensen>
I guess they must have a personal grudge against scott then
<joepie91>
very unlikely; they just don't seem to value security, as has been evident from quite a few incidents in the past
<joepie91>
and so to them, it's no more important than "can you add this feature to the dashboard"
<gchristensen>
yeah, I'm pretty sure that isn't true
<joepie91>
there's many years of evidence that it is
<joepie91>
there's a point where I stop giving people the benefit of the doubt
<gchristensen>
I hear you saying that
<joepie91>
like, almost literally every single security-related issue has been handled with the utmost reluctance
<gchristensen>
I wonder why they would do that?
<joepie91>
speak to ~any security researcher who has had to deal with wordpress core about any kind of non-trivial change and you will hear the same thing
<joepie91>
gchristensen: you tell me
<gchristensen>
hi yes I have been involved in wordpress core before :)
<joepie91>
I can speculate, but no more than that
<joepie91>
then perhaps you can shed light on it? given that core people have been incredibly unforthcoming about this throughout the years
<joepie91>
it's not like "why is this such a problem" hasn't been asked before
* cransom
feels a few pangs of regret of being a wordpress user
<gchristensen>
my experience was that they care very, very deeply for their users, to a degree that people misunderstand their care for their users as incompetence
<gchristensen>
and that they work hard to weigh risks and benefits in ways that benefit their users, even if it hurts them
<gchristensen>
and so I have a very hard time believing that this is so one sided
<joepie91>
none of that answers my question, though
<joepie91>
why they are being so consistently reluctant to address any non-trivial security issue
* gchristensen
shrugs
<gchristensen>
I don't know
<joepie91>
and like, people have asked this many times
<gchristensen>
it is possible you're right
<joepie91>
it would be one thing if core came up with a sensible rationale, "we can't fix X right now because it would break Y" or "we have a more urgent security issue to attend to" or whatever, but not even such an explanation has ever been given, to my knowledge
<joepie91>
tickets just go dead for extended periods of time, or are responded to with "this is not currently a priority to us <end of reply>" or other vague statements
<joepie91>
and no amount of "they're nice people" excuses that kind of attitude when they're effectively running a double-digit percentage of the web
<gchristensen>
I didn't say nice
<joepie91>
no, but that is - paraphrasing somewhat - what your statement about "caring deeply about their users" boils down to
<gchristensen>
it is completely mischaracterizing what I said
<joepie91>
it is paraphrasing and simplifying, my point is that there's no actionable information in there, there's nothing relating to the actual problem in there, it's a general statement about the character of the people involved
<gchristensen>
there is!
<joepie91>
I don't see where. "there may be tradeoffs" is a truism
<gchristensen>
when you have double digit percentages of the web, dropping off 0.01% of your users is millions of websites
<joepie91>
gchristensen: see, but this is the problem. they haven't actually provided any such rationale, and that is pure speculation as to the reason
<gchristensen>
it is important that whatever they do work for such a long tail, and not just today, but for years and years and years
<gchristensen>
well, having worked closely with the core team, this is what we were stuck on most of the time
<joepie91>
okay, so why are they not saying so? why are they not laying out the constraints so that the people who have literally offered to do all the work for free can figure out a way to deal with them?
<gchristensen>
but maybe they're just incompetent!
<joepie91>
gchristensen: so, putting your bias due to personal experience aside, in all honesty: what conclusion do you *expect* people to draw after being stonewalled and effectively shit-on-with-polite-words for years?
<gchristensen>
yeah, that really sucks
<joepie91>
because even on an interpersonal level, their behaviour has been less than stellar
<gchristensen>
I don't know what I'd expect
<joepie91>
given the shit that Scott has had to deal with from core, I fully understand his conclusion that "they must be either idiots or malicious" -- because despite repeated attempts to dig out information and rationales, core has failed to provide any evidence to the contrary
<gchristensen>
aye
<joepie91>
he isn't necessarily /correct/ about it, but the assumption is entirely understandable and justifiable, imo
<gchristensen>
I can understand that
<averell>
god, adobe--, flash broken again
<averell>
is flash harder to kill than john wick? they should do an epic rap battle
<andi->
Flash is still a thing?
<averell>
not a big thing, but not 100% dead
Jackneill has quit [Remote host closed the connection]
<gchristensen>
manveru: good news! it'll be uploaded to youtube shortly
<gchristensen>
doing the post-processing stuff
<gchristensen>
which, lol, I can't do on this laptop because I run out of RAM. neato.
<manveru>
:D
endformationage has joined #nixos-chat
<manveru>
well, i'm watching it already
<gchristensen>
:o
<gchristensen>
oh cool
<gchristensen>
oh man you lose the first few minutes of audio
<manveru>
who needs that :D
<gchristensen>
dang.
<gchristensen>
my recording did, too.
<gchristensen>
ANOTHER LEARNING FOR THE LIST
<gchristensen>
streaming is hard work, man
<manveru>
indeed
<manveru>
it's still pretty fun to have a tiny nixcon every week :)
<aanderse>
:D
<manveru>
reminds me of freeswitch
<worldofpeace>
suddenly gchristensen becomes that professional streamer type.
<gchristensen>
I never imagined how hard this is
<worldofpeace>
insert: when stuff happens that you didn't intend to truely happen but do anyway
<worldofpeace>
But is that fate! :D
pie_ has quit [Ping timeout: 252 seconds]
<infinisil>
I wanted to watch some twitch streams, but I didn't want the selection of which one to watch be biased towards more popular streams (which is the default sort order)
<infinisil>
So I created a small script that uses the twitch API to play streams in a random order :)
<infinisil>
averell: Yeah the normal rate limit is 30 requests per minute, which kinda gets in the way if there's more than 3000 streams (because you can fetch 100 per request)
<infinisil>
There's some way to get 800 per minute, but I haven't figured out how :)
<infinisil>
actually I just can't be bothered
<infinisil>
averell: Hehe right, I originally used `rg 'remaining: (.*)' -or '$1'`, but then I was able to refactor it a bit
<infinisil>
Not sure if grep could do that
<__monty__>
manveru: Do you know the story of Terry Davis? It's pretty sad : /
<manveru>
yeah
<averell>
there is some -o match extraction but probably very ugly
<manveru>
usually saw his comments on HN, really miss that :(