gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
ericnoan has quit [Ping timeout: 245 seconds]
ericnoan has joined #nixos-chat
<ashkitten> dang, i set up bluetooth audio output on my computer but the connection is pretty bad even from a couple meters away
<ashkitten> my desktop is on the floor at the other end of the room and it keeps crackling and losing signal from my phone briefly
<Gilfoyle-> Eesh
noonien has quit [Quit: Connection closed for inactivity]
<samueldr> oof
<samueldr> steam-run ./Mindustry from their linux release just works
<samueldr> this is a dangerous game to play
<drakonis> this reminds me of factorio
endformationage has quit [Quit: WeeChat 2.5]
drakonis has quit [Quit: WeeChat 2.5]
<manveru> looks like it's open source: https://github.com/Anuken/Mindustry
aszlig has quit [Quit: Kerneling down for reboot NOW.]
aszlig has joined #nixos-chat
<pie_> whaaat :D
<etu> Sweet sweet space internet, between 600-6000ms ping times :D
<vika_nezrimaya> I'm so excited I'm so excited I'm so excited
<vika_nezrimaya> Nixpkgs is cloning and I'm about to make my first patch
<etu> vika_nezrimaya: Nice!
<pie_> yeee \o/
sphalerite_ has joined #nixos-chat
<vika_nezrimaya> It's building the compiler from master
<vika_nezrimaya> It's got to work, I hope it's gonna work
<vika_nezrimaya> 13.5G left on /
<vika_nezrimaya> please pray for me!
<vika_nezrimaya> It worked... It built
tilpner has quit [Remote host closed the connection]
<eyJhb> vika_nezrimaya: patch for what?
<eyJhb> (package, etc.)
tilpner has joined #nixos-chat
<vika_nezrimaya> eyJhb: lua: fix cross-compilation; fixes #66742
<{^_^}> https://github.com/NixOS/nixpkgs/issues/66742 (by kisik21, 2 days ago, open): lua fails to build when cross-compiling
<vika_nezrimaya> I opened it, now I'm fixing
<eyJhb> I feel like I should start using another name on IRC...
<vika_nezrimaya> I'm considering to change my github username...
<eyJhb> To vika_nezrimaya ?
<pie_> eyyy jhb
<vika_nezrimaya> yep
<vika_nezrimaya> It should be unique enough
<pie_> ugh my python is rebuilding the world
<pie_> whyyyy
<eyJhb> vika_nezrimaya: yeah, just keep in mind the connection between the public logs and your github account, etc.
<eyJhb> pie_: Eyo ! :p - Remember to make the world better bwt.
<eyJhb> btw.*, more money for me etc.
<etu> 18178ms ping time :D
<vika_nezrimaya> eyJhb: could you clarify? my mind is so dug in Nixpkgs I don't seem to be able to understand anything else O_O
<vika_nezrimaya> I'm waiting for the full clone to complete...
<eyJhb> `DO NOT MERGE: Changes associated with the tzdb 2019a update` when you see that in a update to your phone.. I am not sure I should update.
<eyJhb> vika_nezrimaya: more just remember how everything links together online if you use the same username everywhere :)
<eyJhb> And that samueldr's logs seem to be quite liked by Google :p
<eyJhb> etu: AWESOME ping :D You at the camp?
<vika_nezrimaya> I'm transitioning to that username in a lot of places
<vika_nezrimaya> funny because I didn't start transitioning as in medical transgender transitioning yet lol
<vika_nezrimaya> but seeing this username is better than my previous one which is an incomprehensible blurb of alphanumeric
<eyJhb> Well, I still love when people try to pronounce my username
<eyJhb> Even better if they expect me to do it
<etu> :D
<pie_> eyJhb: what? xD
<eyJhb> pie_: which part? :p
<pie_> <eyJhb> pie_: Eyo ! :p - Remember to make the world better bwt.
<vika_nezrimaya> well both of my usernames are at least pronouncable :P
<eyJhb> pie_: you said that your python is rebuilding the world? :p
<pie_> oh
<vika_nezrimaya> and this one even contains my name :3
<pie_> ok xP
<eyJhb> _vika_? Finnish?
<vika_nezrimaya> Russian
<vika_nezrimaya> the second part is my pseudonym
<vika_nezrimaya> I like using it instead of my last name
sphalerite has quit [Quit: WeeChat 2.4]
<eyJhb> Hmm.. I just remember a girl from Finland who was named something "vika" :p Ahh
sphalerite_ is now known as sphalerite
<eyJhb> I have my cover name.. Accidentially signed my drivers license in a weird way.. So now I just use that as my cover name if needed :p
<vika_nezrimaya> ohhhh the clone almost finished
<vika_nezrimaya> resolving deltas...
<vika_nezrimaya> wow my notebook is overheating
<vika_nezrimaya> probably boost-clock
<vika_nezrimaya> only one core is loaded...
<eyJhb> vika_nezrimaya: what is your connection??
<eyJhb> Guess I should feel blessed for my 100/100 sometimes
<vika_nezrimaya> It's 100/100, but Gigabit on the LAN
<vika_nezrimaya> BUT
<vika_nezrimaya> I'm on WiFi, means I'm capped at 50
<vika_nezrimaya> (actually 54 but who cares)
<vika_nezrimaya> Gigabit is used for mediaserver, mom's PC, old notebook and will be used for my RPi 4 once I buy it
<eyJhb> I should get a RPI 4..
<eyJhb> I have the whole series until that one
<vika_nezrimaya> WOW
<vika_nezrimaya> Even the zero?
<vika_nezrimaya> I mean, last time I saw the prices on AliExpress - it was when it launched
<vika_nezrimaya> people asked $500 for one
<eyJhb> ... I forgot about that one. I might change this to, I have most of the "normal" RPIs
<vika_nezrimaya> or more
<vika_nezrimaya> What about A-series>
<vika_nezrimaya> >
<vika_nezrimaya> ?
<vika_nezrimaya> ugh
<eyJhb> I would think so, but it might be at my dads/moms etc.
<eyJhb> I mostly use/have my 3's :D
<eyJhb> Had my own little C&C setup with some of them :D
<vika_nezrimaya> C&C is?...
<eyJhb> Command and control :p
<eyJhb> But is was more like a distributed automated system, where main server gave X, Y and Z to RPi A, B or C
<adisbladis> Hmm, I have a zero-w I never used
<vika_nezrimaya> sounds cool, what does it do? turns on lightbulbs and schedules Hydra rebuilds for your local repos?
* etu has a zero-w in his hamradio DMR hotspot
<eyJhb> Using for doing some automation on websites (botting basically)
<adisbladis> Pesky 32 bit chips without binary cache :/
<eyJhb> etu: We still need antenna update on your current project! :D
<vika_nezrimaya> adisbladis: I want to fix that, but I lack POWER now
<vika_nezrimaya> I need RPi4, RPi4 is POWER
<etu> eyJhb: I'm on the ferry to the camp :)
<vika_nezrimaya> If I get one, I might be able to host a small binary cache to help people with compiling and/or cross-compiling
<adisbladis> Well I could build on our community builder
<eyJhb> etu: From Sjælland?
<adisbladis> Even more powah
<vika_nezrimaya> Community builder is said not to be trusted, because one can inject stuff into /nix/store, blablabla
<etu> eyJhb: Nah, I'm going trelleborg sassnitz
<vika_nezrimaya> and I'm just a local Nix girl who won't even think about doing something evil like poisoning a binary cache or a server
<eyJhb> etu: I love the encouraging words from David :p
<adisbladis> You'd never!
<eyJhb> vika_nezrimaya: well, I would say that as well :D
<etu> eyJhb: :D
<eyJhb> "ME? Botting! NO I would NEVER do that" :D
<adisbladis> :D
<vika_nezrimaya> Well, if you trust me, you won't even need community builder when I put my Project Glovebox (i'm officially calling my new binary cache project that, starting now - guess why!) in action :D
<eyJhb> Because it will be on the road and constantly moving so it won't even be attacked!
<eyJhb> s/even/ever/
<eyJhb> etu: is there any rule in Sweden regarding keeping kangaroos as pets?
<etu> Uhm, I don't know :D
<eyJhb> Well... I must research then. Guessing it isn't a usual thought :p
__monty__ has joined #nixos-chat
<eyJhb> joepie91: can you recommend any CSS lib for creating somewhat dynamic sites with menus etc. that does not require JS?
<eyJhb> Trying to build my initial site with as little/no JS at all (if possible)
pie_ has quit [Ping timeout: 252 seconds]
<eyJhb> `that you are building a website for a target group that has JavaScript disabled in higher numbers` the cons of making website for tech people and security folks
<vika_nezrimaya> I have JS enabled, but I'm not a security person
<eyJhb> Me too, but many have it disabled if they can
<eyJhb> Also, disabled images loading etc..
<joepie91> I have JS enabled, but very much appreciate a JS-less site
<joepie91> eyJhb: are we talking dropdown menus?
<eyJhb> Yeah, that too. I haven't quite figured our how the site should look yet etc. (as I am NOT good at designing things), but just if there was a go-to lib for it, like UIKit, BootStrap etc.
<joepie91> eyJhb: drop-down menus are particularly erratic to handle in CSS without breaking accessibility or general usability
<joepie91> eyJhb: I'd recommend designing your site to be usable without the dropdown menus (eg. having the dropdown items listed on the page that the button itself points at), and then just using JS for the dropdowns
<joepie91> such that the user gets more convenient menus if they have JS, but can still navigate the site without
<joepie91> (there are various hacks to make dropdown menus work in CSS, but they're a decent amount of work to fully understand, and by their nature you can't easily turn them into libraries, not in the least because CSS basically doesn't have a module system)
<eyJhb> joepie91: yeah, that is basically my plan currently as well... Making it work with base functionality without JS, and then adding extra enhancements with JS
<eyJhb> It looks lovely as is -> https://i.imgur.com/l4KvpWN.png
<__monty__> eyJhb: Bonus points if you make it work without *css* before adding the extra css enhancement : )
<eyJhb> __monty__: do I get bonuspoints if I don't use HTML too?
<eyJhb> Btw. then I am currently getting bonus points __monty__ ! :D
<__monty__> Hmm, no bonus points for dropping HTML, hypertext is still a pretty good idea for the web.
<eyJhb> Aw. Would make my job easier :(
<eyJhb> But no CSS should be fairly easy, but it will look like hell
<__monty__> The idea is it's still usable, it doesn't have to win any beauty contests.
<eyJhb> Should be 1. Useable 2. Faster to make
<eyJhb> As I do not design normally
<eyJhb> Now I am just.. messing around with my templates, waaaay too long since I did any template rendering in Golang
psyanticy has joined #nixos-chat
<eyJhb> Doing the auth part is going to be weird, since I won't require login.. THe joys
asymmetric has joined #nixos-chat
jtojnar has joined #nixos-chat
pie_ has joined #nixos-chat
endformationage has joined #nixos-chat
drakonis has joined #nixos-chat
Peetz0r is now known as Peetz1r
Peetz1r is now known as Peetz0r
<infinisil> Woow, that's really cool: https://www.youtube.com/watch?v=HuGHV0fbBiE
alex_giusi_tiri has joined #nixos-chat
<gchristensen> =)
<Gilfoyle-> Sup folks
<srhb> infinisil: I want one!
<srhb> >_>
<samueldr> ... I'm falling in the habit of telling myself "don't look at github notifications, you're slacking, work instead"
<samueldr> which is not partially untrue :/
<srhb> samueldr: In the vein of the "standards" xkcd, I wish every site and thing out there had a similar API for fetching notifications so I could run it through my own whatever with scheduling etc.
<samueldr> oh, that would be great
<gchristensen> some sort of activity publication
<samueldr> even some really simple syndication
<Gilfoyle-> gchristensen: Gee if only we had a spec for that...
<pie_> joepie91: i really need to make my nix search engine...running across solutions to things clever told me about because google indexes the logs...
Taneb has joined #nixos-chat
<samueldr> oh...
<samueldr> >> source/blog/drafts/WIP_call-for-reproducible-builds.md
<samueldr> this is from before I knew about nix lol
<gchristensen> :o
<Taneb> I'm curious to read it
<samueldr> it's way too wippy, but the gist of it was: stop relying on opaque build artifacts and make the build of your whole thing observable
<samueldr> at that point I had a completely workable toolchain thing that was used to build the dependencies, and project, for a cross-platform game engine
<samueldr> definitely not as good as nix, but it went from rm -rf to full builds reliably
<pie_> man sorting tabs is tiring
<samueldr> now imagine if you had them expanded to spaces, there would be 2 to 8 times as many
<pie_> i mostly disabled evaluation to avoid that
<pie_> tabs are evaluated lazily you know, so its like schroedingers tab
<pie_> it may or may not explode if you observe it
drakonis has quit [Quit: WeeChat 2.5]
drakonis has joined #nixos-chat
vyorkin has joined #nixos-chat
<__monty__> Medium's gotten a paywall? o.O As if I needed another reason *not* to read medium.
vyorkin has quit [Remote host closed the connection]
vyorkin has joined #nixos-chat
vyorkin has quit [Remote host closed the connection]
vyorkin has joined #nixos-chat
obadz has quit [Quit: WeeChat 2.5]
vyorkin has quit [Remote host closed the connection]
<sphalerite> um, I'm having an odd problem. Pasting into alacritty is making it freeze.
<__monty__> What are you pasting?
<infinisil> sphalerite: Sometimes freezes for me too when I paste too much data I think
<infinisil> I haven't updated in a while though, so I'm hoping this has been fixed since
<sphalerite> __monty__: infinisil: it's just a password, nothing huge
<tilpner> gchristensen: beep!
<gchristensen> boop
<tilpner> It's dark enough now c.c
<gchristensen> ah
vyorkin has joined #nixos-chat
psyanticy has quit [Quit: Connection closed for inactivity]
Guanin has joined #nixos-chat
drakonis has quit [Ping timeout: 246 seconds]
<asymmetric> has anyone successfully configured the wireguard module to route all traffic throught the vpn?
<sphalerite> asymmetric: yes
<asymmetric> sphalerite: is your config available somewhere?
<asymmetric> and do you use the namespaces approach?
<sphalerite> asymmetric: I didn't say I did it :p
<asymmetric> lol
<asymmetric> do you know who then?
<pie_> "yes"
<eyJhb> __monty__: bonus points for no images?
<__monty__> I have nothing against images. Doubt they'd look good without css though.
<eyJhb> Well... You can specify height+width.. :p
<eyJhb> Wait, what do you have against CSS?
<eyJhb> __monty__:
<__monty__> Nothing really, I just like clean/semantic html. And css allows you to do the craptastic <div><div><div>.
<eyJhb> I am a little scared of showing you my current plain HTML then
<samueldr> don't tell me you suffer from divitis?
<eyJhb> I think it is more, I suffer from... Not doing enough HTMLitis
<eyJhb> https://termbin.com/bzpi this is my current, not that well worked challenges page
<asymmetric> there does seem to be an issue with setting allowedIPs to 0.0.0.0
<eyJhb> I would basically enjoy any good things you can tell me to do, or I should do
<eyJhb> Like, from what I can hear from you, using all the propper tags might be good? -> https://www.w3schools.com/tags/
<samueldr> well, first steps is to never click again on a w3schools link again
<samueldr> :)
<__monty__> samueldr+++
<eyJhb> samueldr: CLick all the w3schools links!
<samueldr> your links list at the top could be wrapped in a <nav>
<samueldr> though, did you see that word?
<samueldr> the third one
<samueldr> your links _list_
<eyJhb> I would say, in my defence, I normally don't use w3schools
<samueldr> I generally *also* wrap them in ul, so `nav > ul > li > a`
<eyJhb> Yeah, but doing that samueldr you would get a vertical menu, and if you think no CSS/JS
<eyJhb> Or am I wrong?
<samueldr> your alternative is (possibly) smushed links
<samueldr> the list will be a better experience without CSS
<samueldr> at least each element will be separated visually
<eyJhb> My main challenge is currently, that everything will basically be a long list without CSS as far as I can see
<eyJhb> Like.. Element 1, element 2, element 3, etc. all the way down
<samueldr> that's the way it is
<eyJhb> Yeah, I guess I would have to accept that...
<eyJhb> But
<samueldr> ime, it at least makes the CSS-less version of the site more usable to have navigation shown as list
<eyJhb> .. Damn it.. But `nav > ul > li > a` is you recommandation?
<samueldr> that's what I usually do
<eyJhb> But would you recommend the same for category selection too?
<eyJhb> MInus the nav
<samueldr> depends, if it's _content_, multiple separate entries of content, no
<samueldr> there's no hard rules
* samueldr is currently working on his website
<eyJhb> No no, of course not :) But I still like hearing what you think, and if it makes sense for me too, I might as well use it
<samueldr> it's been left untouched since 2015, and it's a pain to update the toolchain because of how the static generator I used has decided to evolve :/
<eyJhb> Well... It is basically filtration, so default is show "everything", and then it is show category X or Y or Z
<eyJhb> samueldr++ for dark mode
<{^_^}> samueldr's karma got increased to 106
<samueldr> btw, I prefer using <button /> for all buttons (<button type="submit" />)
<samueldr> eyJhb: I did that before it was cool
<samueldr> and it's probably going away in the next iteration
<eyJhb> samueldr: why button? - NOOO
<samueldr> because it's a button?
<eyJhb> I actually want this now, so bad. But, only CSS version
<samueldr> well, it would be <button type="submit">Go do the thing</button>
<eyJhb> ... Defeated by such simple logic
<samueldr> you can also add more elements than simple text
<samueldr> if needed
<samueldr> and it's easier to target via CSS
<samueldr> button { /* rules */ }
<samueldr> rather than input[type=submit], input[type=button] { /* rules */ }
<samueldr> also almost allows you to do input { /* rules for text inputs */ }
<samueldr> though it may (will) break radios and checkboxes
<joepie91> also <button> allows you to include more than just plain text and <input type="button"> does not
<samueldr> [17:01:31] <samueldr> you can also add more elements than simple text
<samueldr> :D
<joepie91> oh
<samueldr> though your phrasing was better
<joepie91> missed that
* joepie91 is only half paying attention, is busy moving code into standalone packages
<eyJhb> samueldr: I feel like <nav> is missing text to specify it is a menu
<samueldr> won't the code be all lonely that way?
<joepie91> lol
<joepie91> samueldr: isolated and dedicated to a purpose, just how I like it
<eyJhb> samueldr: https://termbin.com/ywtw
<eyJhb> joepie91: code without purpose is the best
<joepie91> samueldr: more seriously, the results so far: https://www.npmjs.com/package/split-filter + https://www.npmjs.com/package/split-filter-n
<eyJhb> I remember a group at uni that was at the exam. The lecture asked them "what does this code do?" and they ensured him it was VERY important. It ended up never being called or used.
<joepie91> lol
* joepie91 is allergic to dead code
* eyJhb knows how to kill joepie91 now
<Remosi> joepie91, you can get anti-histermines for that now.
<joepie91> :c
<eyJhb> Damn. I am even missing a <html> tag.
<infinisil> I wonder how much of nixpkgs is dead code..
<eyJhb> I should.. Look more closely at what I am doing
<infinisil> Where dead code = code that isn't used by anybody
<eyJhb> Hmm.. Don't know if I should use the same style for categories now.. Properly shouldn't, as it really isn't navigation like that
<infinisil> I can imagine nixpkgs having lots of this
<samueldr> eyJhb: <html> is optional under circumstances
<eyJhb> Ahh, I like including tags even if I may omit it
<samueldr> you probably should always
<samueldr> it was more shared as a factoid
<eyJhb> I might have been messed up, but is it good/bad practice to end e.g. `<input type="something"/>`, instead of no `/>` ?
<samueldr> AFAIK with HTML5 it won't matter
<samueldr> if it was served as (the almost never used) XHTML5 it would matter
<samueldr> I should check if I still have that "polyglot" html5/xhtml5 thing
<samueldr> no idea where it would be
<eyJhb> But it basically won't hurt, right?
<samueldr> right
<eyJhb> `<a id="myanchor" /> ` except such things
<eyJhb> THat might hurt
<samueldr> the anchor is not forced to be set on a <a>
<samueldr> any id can be used
<eyJhb> samueldr I think I have another site you can design/make? ;)
<samueldr> I'm retired :)
<eyJhb> post-retirement fun? :p
<sphalerite> asymmetric: but there's #66300 and there's #52411 where someone linked their namespace-based config
<{^_^}> https://github.com/NixOS/nixpkgs/pull/66300 (by grahamc, 1 week ago, open): wireguard: allow whole-internet VPN configuration
<samueldr> like an artisan wood worker making themselve a good chair
<{^_^}> https://github.com/NixOS/nixpkgs/issues/52411 (by anderspapitto, 35 weeks ago, open): Support network-namespace based wireguard vpn setup [feature request]
<asymmetric> samueldr: yeah, it seems the version of the module in master doesn't allow for the whole traffic to be routed through the vpn
<samueldr> sphalerite: ^
<asymmetric> i'll look into the PRs, i hadn't seen the one by gchristensen
<alex_giusi_tiri> what would your experience be of zeromq on nixos? i've noticed that it can't pass its self tests... my project is using zyre, but zpinger doesn't work...
<__monty__> Man, people who complain about nix being slow have never tried using homebrew...
<eyJhb> ... Just realised that I cannot use sha1 as basic hash for cache (don't care about evil), as I might get files that actually uses hash collision....
<joepie91> :)
<__monty__> eyJhb: You mean as part of an assignment or something?
<__monty__> How about X-> sha(X),md5(X), still cheap but a collision only occurs when both functions are compromised.
<__monty__> I'm not sure that's more performant than just sha256 though.
<emily> please use SHA-2 or blake2. there is no reason to use anything else
<emily> if you really care about performance, blake2 is faster than MD5 while being cryptographically secure.
<Remosi> what emily++ said
<{^_^}> emily's karma got increased to 2
<joepie91> emily++
<{^_^}> emily's karma got increased to 3
<__monty__> Sha256 is often implemented in hardware though. Is blake2 really faster on not-the-latest hardware?
<emily> I'm not sure, but it's definitely going to be faster than SHA-256 when neither are implemented in hardware, which is the more relevant case
<emily> see: AES vs curve25519 on contemporary TLS
<__monty__> Is it?
<emily> I'm pretty sure?
<emily> it's faster than MD5.
<__monty__> Don't all intel cpus have hardwar sha256?
<emily> SHA-2 is slower than MD5.
<emily> oh, you're questioning the relevant case.
<emily> blake2 runs at 3 cycles per byte on modern intel CPUs
<emily> looks like fancy SHA-2 is within a reasonable factor of that
<emily> either way they're both probably not your bottleneck.
<__monty__> That's the rub though. I suspect eyJhb is running this on either uni hardware, or personal hardware. Either way, not super recent hardware.
<__monty__> All speculation on my part though.
<emily> I think it's unlikely that this graph looks substantially different on older x86, tbh
<emily> and blake2's lead over SHA-2 is very substantial
<infinisil> Btw, if security isn't important, there's a range of non-cryptographic hash functions much faster
<Remosi> presumably at that speed you're probably going to run out of memory bandwidth first?
<emily> this shows the exciting thing thing where SHA-512 is actually faster :)
<__monty__> One issue I take with your "sha2/blake2 nothing else" canned answer is it stands in the way of learning through experimentation and making mistakes.
<emily> you probably want to use SHA-512/256 rather than SHA-256 in practice if you care about performance
<emily> __monty__: that's fair, but well, one issue I take with recommending sha1(x)||md5(x) is that it's all three of slow, insecure, and difficult to understand/implement
<emily> I think if you want to understand how a hash function works learning about one good one is better than learning about two broken ones
<__monty__> It's also super easy to implement, understand and then improve upon though.
<joepie91> unless you're actually actively learning about cryptographic implementations, all of that is pretty much irrelevant though, and all you're doing is setting yourself up for failure :)
<joepie91> "learning through experimentation and making mistakes" is not something you can afford where security is concerned
<joepie91> at least not in production code
<__monty__> But security isn't involved here.
<joepie91> (where "production" == anything you make available for other people to use, directly or indirectly)
<__monty__> I like infinisil's suggestion too. So many hash functions to learn about.
<pie_> what do you learn from using a bad hash function
<__monty__> Could imagine there's far better hashes for cache coherency than cryptographic ones.
<pie_> for some value of bad
<pie_> its not like it actually breaks
<__monty__> pie_: The learning is from realizing that concatenating sha1 and md5 is a dumb thing to do.
<emily> is your argument that it's good to recommend bad things because then you spontaneously learn it's dumb ;w;
<pie_> besides the fact tha tmd5 looks sketchy to begin with, id deliberately have to find a paper or something explaining why that is bad
<emily> it's also strictly harder to implement than one hash function, I find all your arguments really confusing.
<pie_> im not intending to argue anytihng right now other than i dont see how to get from "its broken" to "learning from it being broken"
<__monty__> And potentially learning that you can't simply rehash everything if you want to change hashes. So you end up with hash pyramids, like facebook.
<emily> that was in reply to __monty__ not pie_
<infinisil> __monty__: Seems like XXHash is one of the fastest, being limited by mostly IO
<infinisil> Followed by Murmur hash and Fnv1a
<pie_> emily: yes my reply being orthogonal was not clear
<emily> using hashtable functions as a hash for something like the nix store would be a bad idea, btw
<emily> like they're designed at best for ddos-resistance at relatively low key sizes, not long-term content-addressed-storage
<__monty__> See? I haven't heard of *any* of those. Imo the non-crypto hash path is the more interesting one here.
<emily> because non-crypto hash functions are generally an antipattern :)
<infinisil> emily: Only for crypto-related things
<emily> eh, I disagree. they're useful for some cases where performance is paramount but I'm unconvinced by e.g. siphash and the like as general-purpose hashtable functions etc.
<__monty__> I was assuming eyJhb was talking about an ephemeral cache.
<emily> since they tend to have both bad performance properties *and* not be cryptographically secure
vyorkin has quit [Ping timeout: 272 seconds]
<emily> even using a non-cryptographic RNG often turns into a vulnerability you have to change
<emily> *nethack* had this problem :p
<infinisil> emily: What hash would you use for checksumming some data after transmission over a potentially unreliable network?
<infinisil> Because that's an application where you don't have to care about security at all
<emily> sha2 or blake2.
<emily> like rsync.
<emily> of course you have to care about security @.@
<emily> you're trying to ensure data integrity over an unreliable (~ untrusted) network
<emily> (ok, rsync actually uses fancy rolling window hash functions, but my point is: it uses a cryptographically secure hash)
<__monty__> pie_: If you didn't know what I meant, facebook's user passwords are hashed in several layers because they didn't or didn't properly salt and then used an insecure hash, etc. And it's harder to remember all the old password hashing schemes, in case users don't log in for a long time, since you can't just recalculate with a new hash function because you don't know their password. So they just apply
<__monty__> the new hash to all of the stored hashes. Now every time someone logs in they have to do sha256(md5(md5(password)+salt) (made up but it's something like this).
<infinisil> emily: Well I didn't say untrusted
<emily> for one, how do you check whether you downloaded the right sha-1 collision?
<emily> those files actually exist in the wild and you have to deal with them
<__monty__> It uses a crypto hash? I'd expect better options to exist, with error recovery.
<infinisil> Maybe my example wasn't great though
<emily> IMO you thinking that it's a good idea to use a non-cryptographic hash for a general-purpose file transmission over a network is exactly the instance of this kind of bad thinking/architectural pattern... same reason we have a bunch of insecure HTTP being globally passively monitored
<emily> my point is basically that it's really hard to come up with airtight examples where you know for sure there is never any security-relevant context
<emily> and the cost of using cryptographic hash functions is extremely low these days
<emily> so unless you're a standard library maintainer tweaking your hashtable or whatever, it's rare that there's any reason to consider a different one
<infinisil> I'm just trying to say, non-cryptographic hashes also have their uses
<__monty__> emily: There's things that crypto hashes just can't do though. Thinking of blockhash-like things.
<__monty__> And designing a small cache to speed up a webpage sounds a lot like designing a hastable tbh.
<joepie91> infinisil: they do, just not anywhere near as many as people think :D
<infinisil> Yeah probably, I can't think of anything other than a hash table at the moment
<infinisil> Ohh, a bloom filter is a good application right?
<infinisil> Yeah
<infinisil> emily: ^
<infinisil> Just talked about bloom filters in #nixos a couple days ago for potentially making nix faster :)
<__monty__> Surely there's plenty of applications where collisions don't matter?
<__monty__> I'll find out how naive a view that is tomorrow.
<__monty__> nn, peoples
__monty__ has quit [Quit: leaving]
<joepie91> infinisil: only some bloom filters!
<joepie91> infinisil: for example, you probably wouldn't want to use a non-cryptographic hash for safe browsing
<joepie91> (which uses a bloom filter)
<joepie91> as that would allow an adversary to intentionally create a collision with a target site
<joepie91> and get that site erroneously blocked
<infinisil> I mean, bloom filters will have false positives, so collisions should ultimately just make that probability of false positives higher, right?
<joepie91> infinisil: the problem isn't collisions, the problem is *craftable* collisions
<joepie91> bloom filters will inherently have a risk of collisions, that's by design, and that isn't an issue so long as the collisions are effectively random and low in number
<joepie91> it becomes a problem when you can intentionally collide with any entry, with 100% certainty, for applications such as safe browsing
<joepie91> because now I can effectively take down your site by setting up a shitty phishing site at a hostname that I know is going to collide with your site
<joepie91> and waiting for google to block it
<joepie91> the phishing site doesn't even have to log anything, it just needs to exist and get Google to block it
<infinisil> joepie91: Huh, there isn't a mechanism to handle false positives?
<infinisil> I'd imagine it would first check the bloom filter to see if it's certainly not a bad site, and do a secondary check if the first didn't succeed
<joepie91> infinisil: I don't know if this may have been changed, but at least originally it was /just/ a bloom filter
<joepie91> (and this has actually caused one real-world collision I believe)
<joepie91> (or at least one, anyway)
<infinisil> I think that's what bloom filters are supposed to be used for, give a fast early-exit with high probabilyt
<joepie91> point being, if you use a non-cryptographic hash for that and rely on the answer, you have a problem :)
<samueldr> Irrelevant, but just now there's a nice river https://stuff.samueldr.com/screenshots/2019/08/20190819193352.png
* samueldr wonders about Latex-based IRC renderer
<joepie91> ha
<elvishjerricco> Anyone know a linux distro that uses systemd for initrd by default?
<gchristensen> can't think of any