<eyJhb>
infinisil: we need one to get a random PR ;)
<infinisil>
Oh that's a neat idea
<eyJhb>
I might add that to my PRs dupler project, little ugly website, with a endpoint for that. Because, that would be easier to just hit /randompr, and then return then number/URL
veske has joined #nixos-chat
pie__ has joined #nixos-chat
pie_ has quit [Ping timeout: 240 seconds]
pie__ has quit [Ping timeout: 240 seconds]
aszlig has quit [Quit: Kerneling down for reboot NOW.]
<Taneb>
I remember seeing something recently about home directories being revolutionized by a new version of systemd or somethihng and I can't find it now...
<Taneb>
Was slightly messing up my google search and getting worried that I'd made up the whole thing
<eyJhb>
Taneb: I have had more confusing dreams, but that could happen for me as well
<eyJhb>
It seems like a nice idea, kinda like it
<eyJhb>
But many problems with it, as far as I could see
<Taneb>
eyJhb: I'm curious enough about it to want to give it a go
<eyJhb>
But NixOS + Homed? Or what one might call it
<eyJhb>
I forgot what I was about to do, but I do remember I was excited for it...
<Taneb>
Get it all set up, and then I could swim over to your house, plug in a USB, and there'll magically be a "Taneb" account on your computer with all my stuff
<eyJhb>
*my stuff!
<Taneb>
That said, I'm probably not going to be able to swim to wherever you are unless that's, like, north Cambridge, in which case I'd probably walk
<eyJhb>
Come on, you just need to cross the North Sea to Denmark?
bitmapper has joined #nixos-chat
<eyJhb>
OH! I remember now, I wanted to change my search angine
<eyJhb>
engine*
<eyJhb>
Oh god, I just remembered that PDf collision funny fhingy in Chromium browser..
bitmapper has quit [Read error: No route to host]
<eyJhb>
Anyone tried out brave/have a opinion on it? ( joepie91 )
<joepie91>
eyJhb: avoid avoid avoid
<joepie91>
grossly unethical company
<joepie91>
their past two business models have been "replace website's ads with our own upon load" and "collect 'donations' on behalf of people without their consent, and pocket them if unclaimed"
<joepie91>
and more recently, various cryptocurrency nonsense
<joepie91>
they only backed down on aforementioned business models once it started threatening their reputation
<gchristensen>
that has been my understanding as well
<joepie91>
their "look at us being the good guys" spiel is nothing more than BS marketing
<__monty__>
#ffmasterrace!
<ashkitten>
can we cut back on the "master race" thing it eeks me out
<ashkitten>
anyways morning folx
<__monty__>
Even when used ironically?
<gchristensen>
please
<eyJhb>
I have been considering FF, but it most things I can read, and the kinda programs Google offers, seems to make Chrome/Chromium the better choice security wise
<eyJhb>
I just don't like the pravacy concerns...
<__monty__>
: / I'm always late on memes. Have to really on the late-night ironic bandwagon.
<eyJhb>
Morning ashkitten ;)
AluisioASG has joined #nixos-chat
<ashkitten>
__monty__: it's literally based on nazi values..
<__monty__>
*rely
<__monty__>
Haven't gamers reclaimed it by now?
<ashkitten>
gamers...reclaim....racism?
<__monty__>
eyJhb: What privacy concerns with FF? You're using chrome ffs.
<__monty__>
The word, like people always go on about the n-word.
<eyJhb>
__monty__: Reread :p Security concerns with FF, privacy concerns with Chromium :p
<__monty__>
What security concerns?
<ashkitten>
__monty__: what word do you think "gamers" have "reclaimed"
<__monty__>
pcmasterrace
<eyJhb>
__monty__: generally Chrome offers better programs for reporting security vulns, and in generally (as far as I can read and see), Chromium/CHrome is viewed as more secure than FF... (by better programs, I mean you get more money)
<eyJhb>
Also, thanks joepie91 did not know that. Will remove it once again.. I really liked the idea of ungoogled-chromium, but do not like to rely on a Fork, that might seem "less" active than e.g. Brave
<gchristensen>
chrome also has (iirc) better sandboxing. but firefox does take security issues very seriously, see also the whole investment in Rust :)
<__monty__>
I wouldn't be surprised if google's bounty programs are better but duh.
<ashkitten>
ok so just consider that what you're saying is based on rhetoric of racial superiority, and "pc master race" wouldn't make sense in a cultural context if people didn't understand that it refers to a history of rhetoric around presumed racial superiority in real life
<eyJhb>
gchristensen: that is also what I am thinking, and why I want to stick with Chromium, I am just getting really tired of everything privacy related... - Starting to rewrite FF in Rust?
<eyJhb>
__monty__: yeah, they are quite a bit better
<gchristensen>
eyJhb: they fund a lot of Rust so they can do that. and they've already done a lot
<__monty__>
Yes, most of the rendering is rust now afaik?
<gchristensen>
yeah
<__monty__>
Or is stylo just CSS?
<cransom>
mozilla is rust, really. they started it and eventually ff will be all rusty. in a good way.
<eyJhb>
But DO we trust RUST?! \s
<eyJhb>
But no really
<eyJhb>
But making it in Rust, as far as I know/have read, it great security wise. Maybe the sandboxing will follow
<__monty__>
ashkitten: Fine, I won't ever repeat that one-off joke.
<cransom>
fwiw, remember that that the guy that doodled down javascript in two weeks is also the guy that started brave. hopefully thats not an inspiring tale.
<ashkitten>
__monty__: i just want you to consider the implications of your words. we all make mistakes, i've sure as hell said jokes in poor taste before and been approached about it
<ashkitten>
try to take it in stride, nobody is upset at you
<joepie91>
cransom: "doodled down javascript in two weeks" is a nice bar tale, but doesn't have much to do with reality :)
<eyJhb>
Arghh.. Should I go with Firefox?! Or.. Try to package ungoogled-chromium? Or just say screw it, and run with Chromium because Security > Privacy
<cransom>
eyJhb: i think doodle is appropraite. i remember the stories of it being forged in 10 days on some short schedule.
<__monty__>
I'm not upset about it. Just think it's not worth worrying about. Anyone who thinks I'm a supremacist for making a joke about firefox wasn't gonna be my friend without that joke anyway.
<samueldr>
eyJhb: adding a random patchset that you haven't personally vetted in depth is possibly reducing your security
<gchristensen>
eyJhb: I choose firefox :)
<samueldr>
I would say use both
<joepie91>
cransom: that was probably meant for me. but yes, I know the 'stories', but they're not representative.
<joepie91>
cransom: because the stories ignore all the work that isn't "writing the code".
<samueldr>
don't attach yourself to a browser
<joepie91>
language PoCs are regularly implemented in a few days
<joepie91>
but that's not where most of the work is
AluisioASG has joined #nixos-chat
<joepie91>
neither before (the designing of the language, gaining experience to learn about the tradeoffs, etc.) nor after (the extension and maintenance and bugfixes etc.)
<joepie91>
like I said: a nice bar tale, but not much more than that :)
<ashkitten>
__monty__: never said you're a supremacist, but it's poor taste regardless
<cransom>
regardless of how long it took to craft, when you have things like that, that is not sane.
<eyJhb>
samueldr: random patchset? Ohh, regarding third party? Also, "don't attach yourself to a browser"?
<eyJhb>
And .. Use both?
<samueldr>
ungoogled-chromium is a patchset from a third-party
<joepie91>
cransom: I'll happily agree that implicit coercion was a design mistake. I just don't really care for the whole "HAHA LOL 10 DAYS LOOK AT HOW CRAP IT IS" narrative, because that helps noone.
<samueldr>
use both
<eyJhb>
Yes, that is also a main concern
<samueldr>
I use firefox on a computer, and chromium on another
<joepie91>
it's meaningless
<joepie91>
it doesn't make any points, doesn't support any arguments
<samueldr>
this way I can literally keep track of what irritates me in both
<joepie91>
it's just bashing
<eyJhb>
Any reason why not using a single browser? Like I have both Chromium and FF installed, but I use chromium mainly
<samueldr>
to not spread monoculture culture
<samueldr>
there's this sad state of affair where the web technologies have ballooned so big it's pretty much impossible for a new incumbent(?) to come in and make their own engine
<eyJhb>
So basically, being diverse?
<samueldr>
yeah
<samueldr>
and I have this cynical point of view that it's by design that the techs and features ballooned so big to be inconvenient to implement :/
<samueldr>
not sure how true it is though
<__monty__>
Probably a sad amount.
<samueldr>
might just be a convenient side-effect
<cransom>
joepie91: i wasn't trying to say that because it happened fast is why it's bad. it grew fast and is a weird part of culture where if you know javascript, somehow you have a super power. it just rubs me the wrong way.
<samueldr>
eyJhb: for a good while it was using insecure webkits :/
<joepie91>
cransom: right. I don't really recognize that culture at all, though.
<eyJhb>
Yup, also why I won't go with it :(
<samueldr>
(not sure if it was *that* browser, but one of the fancy small team one)
<eyJhb>
I have my SurfingKeys anyways, so that takes care of MOST things
<eyJhb>
I actually think SurfingKeys have better support on FF
<cransom>
joepie91: i think i've went to too many meetups where people introduced themselves as fullstack engineers and javascript was the only tool they knew.
<eyJhb>
*reads SUrfing Keys permissions* Do not feel safe anymore. Maybe I should just shutdown my computer, until my paranoia levels comes down from tinfoil hat level
<joepie91>
cransom: right, that's not really specific to JS, though. before JS, it was Ruby.
<joepie91>
it's the crop of 'bootcamp developers'
<cransom>
it's like if i could only make toast and demanded that people call me chef. but now i'm gatekeeping, so i should shut up.
<joepie91>
who have been told that they've followed 2 weeks of bootcamp and now congratulations, they're an engineer!
<joepie91>
I'd put the blame for that squarely with the bootcamp industry
<eyJhb>
nvm. worse support
<joepie91>
cransom: btw, you can see a very similar thing happening in 'traditional' education
<joepie91>
people follow a course for a few years, are being told that they'll become a 'software developer', but actually learn little to nothing about being a software developer
<joepie91>
it's mainly a problem of unrealistic expectations set by educational organizations
<joepie91>
someone at revspace had a nice way to phrase it; these courses aren't designed to make you a software developer, they're designed to make you a software mechanic
<joepie91>
and that's not even necessarily a bad thing, so long as the correct expectations are set...
drakonis has quit [Quit: WeeChat 2.6]
<cransom>
and that's equivalent to certifications. you learned the steps in the book.
<joepie91>
cransom: right. which is fine if you're a mechanic! but not if you're a software developer....
<cransom>
but then they find an architect title. anyway, enough complaining from me.
<eyJhb>
Damn, FF has 707 reported CVE with Code Execution, while Chromium has 120
<eyJhb>
Yeah, but still a somewhat good indicator in this case I would say, especially when it is known, that there are big bounties on such things
<gchristensen>
they're really not comparable
<joepie91>
eyJhb: no, CVE counts just tell you absolutely nothing whatsoever about the level of security of a thing
<joepie91>
not without a lot more context anyway
<joepie91>
more than just "there are bounties"
<andi->
you can arguemtn in all directions by looking just at those numbers.
<joepie91>
it's like download counts and issue counts, they're metrics that look really significant intuitively but have basically 0 value when actually considering things from a technical perspective
<joepie91>
right
<eyJhb>
Well, from the CVEs, if you do just "blindly" look at the numbers, FF would actually stand to be "more secure" (please note the _blindly_ thingy)
<eyJhb>
But I do understand what you are saying ;)
<cransom>
i'd be curious what that look slike over time too. firefox existed before chrome
<gchristensen>
that isn't true either, eyJhb
<eyJhb>
gchristensen: do you remember that when FF was "rewritten" in rust?
<gchristensen>
it isn't like a "catch 'em all!" game, the number of CVEs has no bearing on the number of severe bugs existing in the software. and past performance has no bearing on future performance
<eyJhb>
gchristensen: in what way is it not that?
<eyJhb>
I will again underline, the _blindly_, and taking nothing into consideration
<eyJhb>
Except X > Y
<samueldr>
the bigger the amount of CVEs, the more secure it is!
<gchristensen>
if I fix 1,000 severe bugs, there may be 1,000 more
<samueldr>
you see, all of those are bugs that were found!
<cransom>
firefox isn't rust just yet. they are porting things over incrementally. but it was firefox56 for bigger rust things.
<andi->
there was no entire rewrite yet. The oly argument (I think) you can make is that Firefox acked the issue of being vulnerable and started moving things over to rust (slowly).
<samueldr>
the lower the amount of CVEs, the more secure it is!
<samueldr>
you see, there are fewer issues!
<andi->
there are just less funded researchers!
<joepie91>
eyJhb: the 'blindly' is what makes the conclusion wrong ;)
<samueldr>
hey now, andi-, I was using the same argument here, instead of two different ones :)
<joepie91>
it's an "if cows were spheres..." type conclusion
<gchristensen>
there are no conclusions you can make based on a CVE count, beyond "there are N CVEs against it"
<samueldr>
metrics can and will be skewed
<eyJhb>
joepie91: the blindly it what makes the case for that :p I am not saying it is true or realiable
<joepie91>
eyJhb: like I said, if cows were spheres!
<andi->
If you knew there are N severe UNPATCHED(!) CVEs in Firefox that would be a thing.
<eyJhb>
joepie91: then they would roll a lot!
* joepie91
is not yet sure how to counteract humans' tendencies to see significance in numbers
<eyJhb>
But I am more curious in what happened in 2017 for FF
<joepie91>
(other than by hiding the numbers)
<eyJhb>
joepie91: I will generate the numbers myself then!
<eyJhb>
:p
Navi is now known as Church-
<eyJhb>
Seems like FF 56 was released that year, but late.. Hm
Church- is now known as legion
legion is now known as Church-
waleee-cl has quit [Quit: Connection closed for inactivity]
drakonis has joined #nixos-chat
<andi->
was there a synergy like thing for wayland yet?
<samueldr>
which is my number 1 reason I haven't tried wayland still
<andi->
I tried wayland regardless and now I do not want to go back anymore :)
<samueldr>
hmm
<samueldr>
reading the barrier issue reminded me
<samueldr>
a couple years back there was that uinput-based implementation of the synergy protocol
<samueldr>
which was implemented by adding an absolute point device
<samueldr>
it should work; it worked on android and on chromeos
<andi->
I was actually thinking that they might go the uinput route since otherwise they'll have to adjust every single compositor.
<samueldr>
through a quick search it seems the idea might have been re-implemented more than once
<andi->
On the other hand I'd probably also take a hardware device where I use some key sequence to switch between computers.
<andi->
As long as it isn't smashing esc 20x and waiting for a second.
<samueldr>
big warning: most KVMs won't transmit "fancy" keyboard keys outside the usual 105 keys
<samueldr>
if it matters
<andi->
I was mor thinking about using OTG and some Linux device
<samueldr>
ah, raspberry pi and gadget mode
<andi->
and gadgetmode or whatever that is called
<samueldr>
(e.g.)
<samueldr>
the zero is well supported, and at the price it seems about right
<andi->
I just don't know anything about those input devices.
<samueldr>
though, through gadget mode your android phone could do it, once mobile-nixos is useful enough to run it :)
<andi->
It probably is just piping it through until some magic sequence appears?!
<samueldr>
KVMs?
<andi->
I am thinking about a gadget mode implementation
<samueldr>
there are multiple kinds, but those that switch via keyboard input generally slurps your inputs, and re-transmits them through usb-connected "dumber" generic input devices
<samueldr>
so e.g. 8th mouse button might not work
<samueldr>
hmm, this reminds me again of something else
<samueldr>
there is a project that aims to *just* pipe uinput events to another computer
<samueldr>
that you can switch using a key combo
drakonis has quit [Ping timeout: 268 seconds]
<andi->
I wonder how compatible that is whit the usb hub that my keyboard emits.. Probably doesn't matter since it only cares about input devices (on some USB ports)
<samueldr>
it's likely to be a mixed bag among the existing implementations :/
<samueldr>
roll a dice, here's the feature it will lack
<andi->
Since I currently have a spare kinesis it doesn't matter that much.. have to move my body by a few degrees to use the other keyboard...
<andi->
as the number of computers increases that will be more painful
<samueldr>
I don't know if the situation changed, but at the moment I wrote that, the two different kind of wiimotes weren't compatible in configuration between each-others, this was meant to paper over the issue
<gchristensen>
we've discussed whether it should or shouldn't in the past
<infinisil>
And the conclusion was no because?
<gchristensen>
with the hash, the value of TLS is reduced. there is still the first time -- is this pwn'd? -- and that is largely avoided by ofborg and hydra and everybody else who builds it
<infinisil>
I'm more worried about people updating it
<gchristensen>
updating it?
<infinisil>
Increase version, url changes, change hash a bit too, nix-build to get the correct hash for new version
<gchristensen>
right, the first time?
<infinisil>
Well first and later times too
<gchristensen>
yes, but "first time" in the sense that we talk about the hash's trust model being TOFU
<infinisil>
Huh
<infinisil>
Why would we not check that the certificate is actually correct, especially for the first use?
<infinisil>
Yes it's trust on first use, but that doesn't mean we have to give up on any sort of security
<gchristensen>
I don't remember the reasoning, just the justification
<gchristensen>
it would be good to move this to -dev and discuss further :)
<gchristensen>
or maybe a github issue has some discussion
* infinisil
nods
<kraem>
wow, just found weechat smart filtering join/part/quit msgs.. my head is gonna thank not having to filter them :p
<gchristensen>
it is so nice
psyanticy has joined #nixos-chat
<__monty__>
glirc has a good approach to them by default. It folds all those messages so you don't get bothered but you can still see them if the FOMO is too strong.
<kraem>
i constantly find myself writing really bad english when chatting on irc though, forgetting to type half of the words in a sentence and so on.. but that's not something weechat can help me with though :p
<gchristensen>
I can barely write a single message without at least a few egregious mistakes
<samueldr>
hello, it's me, pressing enter before entering the last lette
<kraem>
__monty__ seems like one can deactive the filter if the fomo is bad, sometimes you just want to have that unpolished old school look right?
<kraem>
samueldr don't find myself doing that too often.. but mixing two different sentences i have in my mind while typing is a favourite
<__monty__>
kraem: Mostly useful when people start with nick changing shenanigans.
endformationage has quit [Quit: WeeChat 2.6]
endformationage has joined #nixos-chat
<kraem>
i'm currently moving my home server to some real hardware instead of a scrapped laptop. curious; how are you organising vm:s/containers? i'm fairly new to the game but have worked some with docker, currently trying out virt-manager as well. maybe it's just easiest defining all services with a docker-compose and run with it?
<kraem>
never heard of before.. gonna check them out
endformationage has quit [Quit: WeeChat 2.6]
endformationage has joined #nixos-chat
drakonis has quit [Ping timeout: 245 seconds]
<__monty__>
kraem: I use them because they're included with systemd. Pretty simple to set up.
<__monty__>
There's also nixos containers though. You might wanna look into that. I haven't yet.
<__monty__>
I suspect it's just some wrapping around nspawn though.
<__monty__>
nn
__monty__ has quit [Quit: leaving]
<gchristensen>
I wonder if swayidle could put up a lock screen but not actually lock for the first5s, to give me a chance to tap a key
<samueldr>
it probably could
<samueldr>
if only there was a way to get its sources and edit it :3
<samueldr>
(not a jab against you, just saying I love open source and Free software)
<kraem>
oh i'd love that for i3lock as well
<gchristensen>
of course :)
drakonis has joined #nixos-chat
<gchristensen>
the reality is, I don't have much time for that sort of thing :x at least, not with how annoying it is now (not very)
<gchristensen>
samueldr: I also love that. so very much.
AluisioASG has joined #nixos-chat
<gchristensen>
how would y'all describe JTAG to a jury?
<samueldr>
I assume JTAG debugging
<gchristensen>
yeah
<samueldr>
a way to communicate "with the brains" of the system
<samueldr>
among its features, debugging allows stopping "its thoughts"
drakonis has quit [Ping timeout: 276 seconds]
<samueldr>
and peeking, looking at what is going on exactly in there
<gchristensen>
nice, that sounds liek a good ay
psyanticy has quit [Quit: Connection closed for inactivity]
<samueldr>
there's one thing though
<samueldr>
which is hard to convey
<samueldr>
JTAG doesn't allow you to directly read the data off a device
<samueldr>
and this doesn't map to thoughts of a person
<samueldr>
e.g. if you encrypt your phone, and do the magic to evict keys (generally turning it off) you can't read the data any more than you could beforehand
<samueldr>
but it's hard to convey without technical words
<samueldr>
because even *encryption* is hard
<samueldr>
the idea that you can write down something, and you need something else to read it off
<samueldr>
like a decoder ring
<samueldr>
when you wrote the thing down, you still remember it
<samueldr>
if done properly, once the key has been evicted from the phone, it won't
<gchristensen>
yikes right
<samueldr>
so... maybe like peering into the thoughts of someone with severe amnesia readings its own journal entries
<samueldr>
that were coded in a way they can be reminded of
<samueldr>
like if he memento fella could remember pig latin and read the pig latin entries