Guanin has quit [Remote host closed the connection]
<emily>
I think dracut might use that? so fedora maybe?
<emily>
exherbo might???
<emily>
it's supported with a config switch in arch and fairly commonly used at least as of years ago when I was using arch
<emily>
but not default
drakonis has joined #nixos-chat
<elvishjerricco>
emily: I couldn't get the arch one to work
<emily>
rip :(
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-chat
vika_nezrimaya has quit [Ping timeout: 258 seconds]
<Gilfoyle->
Define by default?
<Gilfoyle->
Don't most distros use systemd by default now?
<samueldr>
in stage-1
<samueldr>
in the initramfs/initrd
<samueldr>
generally distros still use a bespoke component until they pivot root into the systemd init
<samueldr>
AFAIK the systemd for initrd/initramfs wasn't always a thing
alex_giusi_tiri has quit [Quit: Leaving.]
<Gilfoyle->
Ahhh. Nifty, didn't know that
endformationage has quit [Ping timeout: 245 seconds]
<elvishjerricco>
fedora seems to use systemd in stage 1, but I can't for the life of me find a systemd binary in a cpio archive or otherwise in /boot
<elvishjerricco>
Unless it's like baked into the efi binary or something. I should try again with non-efi boot
<elvishjerricco>
The initramfs seems to only have like two files, and nothing resembling a binary
<elvishjerricco>
Or maybe it's built into the kernel. That would make sense
drakonis has quit [Quit: WeeChat 2.5]
<emily>
elvishjerricco: there's a weird packed kernel+initramfs+commandline secure boot package format thing
<emily>
that systemd-boot and maybe other things use
<emily>
fedora supports secure boot so something like that might be at play
<emily>
and yeah you can build an initramfs into the kernel too, though I don't think fedora does that since that requires a kernel rebuild I think?
<elvishjerricco>
emily: It looks like it does do that. I could lsinitrd and see a big list of files, but the actual initramfs file in /boot (which the grub config does seem to append) just contains a couple empty files.
<elvishjerricco>
And considering I couldn't find any other grub configuration of initrd, nor any other initramfs files, the kernel file is the only other place I think it could be
<emily>
right, I think it's probably in that file, but not embedded with the compile-time embed-an-initramfs thing
<emily>
rather I think there's concatenate-stuff-together things you can do.
<emily>
(and have to, for some things like UEFI secure boot)
<elvishjerricco>
Oh yea, for sure
<eyJhb>
Did not expect to wake up to that discussion :p But basically, it will run on hardware such as AWS, DigitalOcean, Google Cloud Services, etc. and I would guess that usually there might only be 10*5 file uploads (maximum) for a usual setup. So speed isn't _that_ important, which seemed to be the main argument for SHA2 instead of SHA256
<eyJhb>
Also, it is basically a simple way for clients to see, if they need to update the file. So API server with maximum 5 clients that should actually use this
<eyJhb>
(normally only 1-2)
pie_ has quit [Ping timeout: 252 seconds]
<sphalerite>
https://www.youtube.com/watch?v=iTiwgo5q56g this track is great fun, also nostalgic for me, but I'd be interested to know what someone who didn't play this game thinks of this "klezmer rag"
Arahael has quit [Ping timeout: 245 seconds]
Arahael has joined #nixos-chat
pie_ has joined #nixos-chat
an9wer has joined #nixos-chat
an9wer has left #nixos-chat [#nixos-chat]
psyanticy has joined #nixos-chat
Synthetica has joined #nixos-chat
pie_ has quit [Quit: pie_]
<eyJhb>
I must have been tired when I wrote that message... Because that did not make sense...
<eyJhb>
sphalerite: it makes me want to play the game
__monty__ has joined #nixos-chat
<sphalerite>
eyJhb: the controls are kind of awesome, but it's a fun world to explore. I think the best way to play it nowadays is on a ps1 emulator, not to play the PC version
<sphalerite>
err
<sphalerite>
s/awesome/awful/
<eyJhb>
Hmm, you might be right. I think I only played it for like one hour at a cousins house
<eyJhb>
But like, I haven't really played games for... 3 years now, and if that two hours are not included... 6+
<__monty__>
Bandicoot?
<eyJhb>
<3 Miss that too
<eyJhb>
Just saw Games Done Quick and Bandicoot
<eyJhb>
Kinda addicting
pie_ has joined #nixos-chat
<__monty__>
,${}
<__monty__>
I was actually asking what game you were talking about, as I missed that : )
<samueldr>
check your bookmarks for bitbucket mercurial repositories and ARCHIVE THEM
<samueldr>
in less than a year they will DELETE all mercurial repositories
<samueldr>
(I assume since you bookmarked the repositories you had interest in them)
<samueldr>
this went from plain bad to evil; bad would be stopping the mercurial hosting, but keeping the repositories archived; evil is deleting them :/
<gchristensen>
I made a joke repo, and am a bit scared to actually publish it
<samueldr>
if it's on bitbucket it won't matter in ~8 months
* joepie91
has had bad experiences disclosing security issues to them as well (had to go through someone I know who happened to work there, to get it bumped internally)
<joepie91>
seems to be an issue on the management layer though
<gchristensen>
I'll push the repo to my own domain
<__monty__>
Sad news :'(
<__monty__>
Isn't bitbucket the main "github for mercurial" platform?
<gchristensen>
I've never triggered the Git auto-packer on the initial root commit
<samueldr>
at one point it was
<samueldr>
gchristensen: can it pack a truck instead?
<gchristensen>
anyway. I thought better of it, but I was going to leak all the social security numbers. I decided not to, though, since maybe an overzealous mod would decide to delete my accounts
<joepie91>
gchristensen: reminds me of the site that published "every Bitcoin private key"
<gchristensen>
lol!
<joepie91>
and of course there are the good old "every PIN code" lists
<gchristensen>
a classic, and much shorter list
<Taneb>
Only a billion elements or so when you realise that you can have 12 digit pins
<infinisil>
On a distantly related note: I kind of want to see somebody accidentally finding an x such that sha256(x) = 0 and see how the world collapses
<samueldr>
gchristensen: did you actively generate them with the check digit?
<samueldr>
gchristensen: because it's one fewer significant digit than many people think it is
<gchristensen>
samueldr: it contains every social security number in the same way that pi has every social security number :P
<samueldr>
sure, but if 9 out of 10 of your list is invalid
<samueldr>
then your list is bad ;)
<gchristensen>
meh
<Taneb>
Here's a list of all digits of pi (with duplicates removed): 4129308576
<__monty__>
10/10 joke
<__monty__>
^Just gave all of Pi's binary digits with duplicates removed. Figured I'd do it twice, for redundancy.
<eyJhb>
infinisil: that would spread chaos! But you do know the fun compare thing in PHP, right?
<ashkitten>
luckily it's extremely unlikely that we'll find a sha256 of 0
<eyJhb>
ashkitten: Would it even be possible? I mean, might be, but I've never looked at how it is generated at all
<ashkitten>
i would assume so
<samueldr>
maths~~
<ashkitten>
but it's extremely unlikely that we'll ever find any specific hash we're looking for
<ashkitten>
before, ya know, the heat death of the universe a million times over
<eyJhb>
Very very unlikely yeah
<eyJhb>
Speaking of sha256, just updated from sha1 to sha256 now
<__monty__>
: o Long overdue ; )
<eyJhb>
Yeah, those couple of hours :D
<ashkitten>
hasn't sha1 been brute forced already to find collisions?
<ashkitten>
in git
<eyJhb>
ashkitten: Yup
<ashkitten>
luckily there's no chance of anyone being able to do that with sha256 at least for now
<eyJhb>
The only reason i moved from sha1 to sha256, is that I might actually have files who uses hash collisions to work.......
<eyJhb>
But that has mostly been md5 so far
<elvishjerricco>
The sha1 issue is luckily extraordinarily expensive and difficult to take advantage of. Plus its a birthday attack, so plaintext that you trust is still safe and wildly unlikely to ever collide.
<eyJhb>
elvishjerricco: if you are reffering to me, then at some point, someone might make a challenge which takes advantage of this
<elvishjerricco>
Basically, the attacker can randomly generate absurd numbers of e.g. PDF with some non-visible random data in them and visible contents of your choice, and eventually two of them will collide. They can then present you with one of them, get you to sign the sha1, and claim you signed the other
<elvishjerricco>
But it took Google an entire year and like hundreds of millions of compute hours or something to find such a pair
<ashkitten>
dang
<eyJhb>
elvishjerricco: thing there is a better/easier way now
<eyJhb>
Just say some article, but didn't read more
<eyJhb>
s/say/saw/
<joepie91>
elvishjerricco: there's a major caveat to that, which is that for cryptographic security it's not about what is /currently/ known to be broken, but about what that means for the future
<joepie91>
when one of the security properties of a cryptographic mechanism has been shown to not hold reliably, that's essentially the point where you should stop using it in new systems, and should start working on migrating away existings systems from it
<joepie91>
because it is often an indicator of further breakage, that may or may not become public when discovered
<joepie91>
as it invalidates some design assumption
<__monty__>
Case in point beIDs 😬
<joepie91>
so, from a purely practical perspective, SHA1 /is/ broken; just not critically so, yet
<joepie91>
and implementing any new system handling untrusted data of any kind, using SHA1, would be unwise at best
<ashkitten>
i mean, brute forcing isn't exactly new
<joepie91>
the SHA1 weakness isn't bruteforcing
<elvishjerricco>
joepie91: Well this isn't really a breakage in sha1 though, is my point. Google just finally put in the compute hours to pull off a birthday attack, which is well understood for *all* hashing algorithms (specifically, a hash with length N is as difficult to collide with as a hash of length N * 2 is to birthday attack)
<ashkitten>
joepie91: oh, it wasn't?
<__monty__>
ashkitten: Also, if bruteforcing was the problem, that becoming a *practical* attack is still problematic.
<joepie91>
" The SHAttered attack is 100,000 faster than the brute force attack that relies on the birthday paradox. The brute force attack would require 12,000,000 GPU years to complete, and it is therefore impractical. "
<gchristensen>
it adds pretty obvious goop to the file
<elvishjerricco>
Wow I really misremembered this attack lol
<gchristensen>
" This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations. "
<joepie91>
(which really isn't much, tbh :P)
<gchristensen>
that is correct
<__monty__>
gchristensen: But that presupposes *someone* with somewhat technical knowledge is monitoring the communication channel, no? Like, ok, companies probably aren't as vulnerable. Private persons though?
<gchristensen>
the point of that repo is to integrate it in your tools
<gchristensen>
like, have svn/git/etc. use that library to make sure the hashes are clean
<Gilfoyle->
Alright
<Gilfoyle->
I have bought the most efficient form of travel for getting down the hill my house is on
<Gilfoyle->
I'm zipline down now
<gchristensen>
hah!
<joepie91>
Gilfoyle-: wait, really?
<__monty__>
Not the most practical way back up though.
<joepie91>
aside from the dubious branding, that still seems too cheap :D
<joepie91>
though, oinly 25m
<joepie91>
only*
<joepie91>
ah, 90kg max weight
<joepie91>
that's why :P
<__monty__>
Hey, if a steel wire shot from a harpoon gun is enough to carry multiple people between skyscrapers, surely you don't need much to go down a small hill : )
<joepie91>
but yeah, if you're under 90kg that'd be a good mode of transport I suppose :D
<joepie91>
really neat though
<joepie91>
I'd say "I want one too" but I live in the Netherlands.... I'm not sure anything exists here with enough height differential :P
<Gilfoyle->
hahaha
<Gilfoyle->
joepie91: Yeah might look for a different one
<Gilfoyle->
one.*
<__monty__>
That's probably why there's such a vibrant dutch slacklining community : >
<joepie91>
lol
<joepie91>
I don't know, is there?
<eyJhb>
Gilfoyle-: you make me want to zipline to Uni
<__monty__>
I'm not sure tbh, I know it was a bit of a hype there.
vyorkin has quit [Read error: Connection reset by peer]
vyorkin has joined #nixos-chat
drakonis has joined #nixos-chat
Synthetica has quit [Quit: Connection closed for inactivity]
tilpner has quit [Quit: WeeChat 2.4]
vyorkin has quit [Read error: Connection reset by peer]
drakonis has quit [Read error: Connection reset by peer]
vyorkin has quit [Remote host closed the connection]
vyorkin has joined #nixos-chat
<__monty__>
: o I <3 Power. Intel macs really seemed like a step back in many ways.
waleee-cl has quit [Quit: Connection closed for inactivity]
<gchristensen>
Gilfoyle-: just started the chan today I think
<gchristensen>
I'm interested in nixpkgs building for power, but that isn't really a thing _I_ can do, and it would require community effort
<Gilfoyle->
Ahhhh
<gchristensen>
the thing I could do is get us the hardware
<joepie91>
I remember when... was it server4you? was offering IBM Power servers
<joepie91>
many years ago
vyorkin has quit [Ping timeout: 245 seconds]
<cransom>
i remember buying my first powerpc machine in 1997. about a year before apple revoked the hardware licensing.
<gchristensen>
ow.
<cransom>
still a great machine, just meant that power computing had to switch to intel and pcs and they died fairly soon after.
<cransom>
a giant workhorse of a 604e 225, 128megs of ram. hrm... 2gigs of 7200rpm scsi disk? oh boy and don't forget the 17" crt. i even shelled out later for one of those sweet voodoo2 3d passthrough cards because who would have ever gotten 2d and 3d acceleration on a single video card!
<gchristensen>
!
<cransom>
oh but it was a mac, so it had that super cool auto ejecting floppy too.
<__monty__>
cransom: What are you talking about? Apple used PPC all the way through G5.
<cransom>
they did, but apple stopped licensing the other hardware providers when the g3 came around.
<__monty__>
Oh, for non-apple macs? Didn't even know that was a thing.
<cransom>
yep. there were non-apple, mac-compatible machines for a few years.
<cransom>
(power computing was one of those manufacturers)