<globin>
ashkitten: we've had zfs hang when swap being on zfs (obviously not a good idea in hindsight)
<elvishjerricco>
globin: The zfs-on-linux wiki implies swap on ZVOL is supposed to work, but I could never get it to. Whenever I'd start swapping, the system would hang.
<globin>
yep, same experience
<ashkitten>
swap on zvol should work but is not recommended at all
<ashkitten>
and it's not surprising you'll find weird behavior
drakonis_ has quit [Ping timeout: 240 seconds]
Remosi has quit [Ping timeout: 240 seconds]
Remosi has joined #nixos-chat
waleee-cl has quit [Quit: Connection closed for inactivity]
<ashkitten>
hmmmmmmmm why is dlna/upnp casting not a thing in firefox tbh
drakonis1 has joined #nixos-chat
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 252 seconds]
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-chat
<pie__>
OHGODNIXCONISINTWOWEEKSORSOMETHING
<ashkitten>
hi pie__
<ashkitten>
you seem excited
<pie__>
more like internal panic
<pie__>
not sure what im panicing about but im panicing
<pie__>
i havent done nix stuff in like two months
<pie__>
which is why you havent seen me ranting constantly
<ashkitten>
yeah i did feel like i was missing something in my life
<ashkitten>
i thought it was my phone but i guess it was you
<samueldr>
pie__: you have a talk scheduled
<pie__>
samueldr: wait what
* samueldr
intentionally dropped the question mark to make them panic
<pie__>
did i forge about a talk im giving
<pie__>
oh god lmao
<pie__>
samueldr: ffff
<pie__>
you gave me a bit of a heart attack there because i did kind of want to give a talk at some point
<samueldr>
maybe check your e-mails just in case
<samueldr>
but I was only teasing
<pie__>
i know
<pie__>
i was just telling someone i was about to go to bed then conference panic
<pie__>
but now the panic really hit
<pie__>
xD
<samueldr>
I'm stoked about it all
<pie__>
oh its gonna be ggreat i jus tdont have my life in order
<pie__>
like, ever
<samueldr>
though a bit concerned about my talk... but more about having too much content :)
<samueldr>
I want to talk for hours on every minutiæ but it's probably not a good idea
<pie__>
we should probably just strap a tape recorder to samueldr and sit him down somewhere
<pie__>
can put it in a podcast
<samueldr>
that's not really podcast material either :)
<samueldr>
though I'm sure I'll have my chances in unpacking everything during the three days
<pie__>
can use it to put yourself to sleep at night :P
<samueldr>
I'm also really glad of how things are turning out for pre-talk preps, I'm way done with the minimal stuff
<ashkitten>
did you know grant kirkhope composed the soundtrack for ghostbusters (2016)? i sure didn't until just now, that's pretty rad
endformationage has quit [Ping timeout: 264 seconds]
hyperreal has joined #nixos-chat
tilpner has quit [Ping timeout: 265 seconds]
__monty__ has joined #nixos-chat
<Taneb>
"16187 store paths deleted, 726873.83 MiB freed"
NinjaTrappeur has quit [Quit: WeeChat 2.6]
NinjaTrappeur has joined #nixos-chat
<jackdk>
I feel like there should be a high-score table for that
<hyperfekt>
manveru: That's pretty cool. I wonder how much better than 240MB 120MB really are. How large would the simplest interpreter able to run a language you could write a C compiler in be?
<qyliss>
hyperfekt: have you seen GNU Mes?
<__monty__>
hyperfekt: Considering a MB roughly equals 500pages, a *lot* better.
<__monty__>
We're talking about having a trusted foundation here.
<hyperfekt>
Yeah, I just saw that's essentially what they're doing. I think I underestimated how much complexity there is to compiling a C compiler.
<hyperfekt>
__monty__: That's my point, it's still gonna be really hard to review 60.000 pages.
<qyliss>
C is a ridiculous language
<__monty__>
hyperfekt: A lot easier than twice that though. And they're not done cutting it down.
<__monty__>
A single step will only get you neglibly closer to your goal but not taking it will get you nowhere fast.
<hyperfekt>
Yeah, I'm excited for that Scheme-only bootstrap. Looks like they'll really get to a place where you could review it. Also I see NLNet is sponsoring that like all the other cool things ^^
<__monty__>
Yeah, definite props to NLNet to connect EU funding with foss.
pie__ has quit [Ping timeout: 240 seconds]
atopuzov[m] has quit [Ping timeout: 248 seconds]
worldofpeace has quit [Ping timeout: 250 seconds]
<hyperfekt>
Ah, there's stage0 which is more along the lines of what I imagined. Less than 1kb trusted binary size. That is where my comment was rooted, in the intuition that much less *should* be possible (even if it takes a ton of work).
<gchristensen>
poor matrix :(
<__monty__>
Still getting DDoSed?
worldofpeace has joined #nixos-chat
atopuzov[m] has joined #nixos-chat
pie_ has joined #nixos-chat
<eyJhb>
AW!
<eyJhb>
Pwntools is broken on 19.09...
<gchristensen>
trying to use an external monitor on my second machine here reminds me of all the reasons I switched to wayland, and is making me wish super hard that obs had even better support for wayland.
edef_ has joined #nixos-chat
edef has quit [Killed (wolfe.freenode.net (Nickname regained by services))]
edef_ is now known as edef
pasukon_ has joined #nixos-chat
pasukon has quit [Ping timeout: 268 seconds]
drakonis_ has quit [Ping timeout: 268 seconds]
disasm has quit [Ping timeout: 268 seconds]
tokudan has quit [Ping timeout: 268 seconds]
pasukon_ is now known as pasukon
drakonis_ has joined #nixos-chat
disasm has joined #nixos-chat
LnL has quit [Ping timeout: 263 seconds]
kgz has quit [Ping timeout: 276 seconds]
LnL has joined #nixos-chat
<gchristensen>
I wonder if I could have my system run wayland and x11, choosing which one after boot?
<adisbladis>
gchristensen: SDDM can do that
<gchristensen>
oooh!
kgz has joined #nixos-chat
<adisbladis>
Probably GDM too, but I don't have any experience using that
<pie_>
joepie91: i tried to get a hetzner but they disabled my account before i could upload my ide cuz they were like give us your id lol
<pie_>
joepie91: i was gonna do a babbys first website
<pie_>
now what
<joepie91>
pie_: afaik they e-mail you about the ID?
<pie_>
and the jerks even have the audacity to not let you create an account without giving a credit card first :P
<pie_>
joepie91: they have some web interface now
<joepie91>
huh what, I don't have a CC on file with them
<pie_>
how do you pay for stuff then
<pie_>
oh paypal probably
<pie_>
right i forgot could choose, derp
<joepie91>
pie_: bank charge for hetzner iirc
<pie_>
anywayi registered, the system was like
<joepie91>
SEPA direct debit
<pie_>
* anyway i registered on sunday, the sysstem was like WE REQUIRE ADDITINAL VAERIFICATION (maybe because im coming from hungary)
<pie_>
some google results were lowendtalk where people were like lol they dont want your business you entitled little
<joepie91>
yeah you can mostly ignore those posts
<pie_>
im open to other hosting options -_-
<ajs124>
digitalocean?
<manveru>
vpsfree :)
<manveru>
or netlify, for static stuff
<pie_>
joepie91: also i was recommended njalla as an anonymous domain registrar, which is cool, but registration just gives me permission denied ;_;
<joepie91>
I don't know of anything that matches the price:resources ratio of Hetzner at similar quality
<pie_>
i want to do some dynamic stuff too later
<pie_>
joepie91: aw.
<joepie91>
if the ratio can be a bit worse, then there are plenty of options
<pie_>
i was starting with hetzner cloud
<joepie91>
pie_: where's the requirement for 'anonymous registrar' come from?
<ajs124>
Although all my stuff does run on Hetzner. As in, these messages go through Hetzner...
<pie_>
nowhere, i just thought it would be nicer
<pie_>
and it makes me feel better
<joepie91>
pie_: there's a risk tradeoff; if you register your domain through Njalla, that means that they own the domain on paper and therefore you're SOL in a dispute
<joepie91>
this is not true for non-anonymous registrars with WHOIS privacy (afaik)
<joepie91>
where you can file a dispute through ICANN
<pie_>
my domains probably arent that important
<pie_>
i kind of just want to give it a shot anyway but i cant even register for the site lol. i dont suppose youve ever used it
<joepie91>
I haven't
<joepie91>
my only experiences with anonymous domain registrations were with PRQ
<joepie91>
which, uh, did not go well :)
<joepie91>
my own domains are primarily at internetbs
<gchristensen>
I bet r13y.com could get some interesting unreproducibility issues if I turned on filename normalization: $ touch $'\377' => «touch: cannot touch ''$'\377': Invalid or incomplete multibyte or wide character»
<gchristensen>
(I really like gandi)
<ajs124>
All my domains are with hosting.de. Their api is nice and they're pretty cheap.
<ajs124>
Not true. Some are with namecheap, for reasons. Which kinda sucks.
<pie_>
joepie91: dont suppose you could poke njalla on twitter why i cant reg? :p
<buckley310>
eyJhb, fwiw, pwntools works if you install it via pip
<joepie91>
pie_: my limit for today is at 1 customer support proxy service :P
* joepie91
is sick
<pie_>
aww
<pie_>
get well soon \o/
<joepie91>
thanks
<pie_>
buckley310: eyJhb: and virtualenv has generally worked for me, once you have the external deps down
<pie_>
im still not sure i know hwo to properls use python infra :/
<pie_>
joepie91: ill ask again later? :P
<pie_>
i also kind of just want to practice doing stuff anonymously and whatnot, but yea
<joepie91>
pie_: that'll involve a lot more work than picking out a few providers :)
<pie_>
yeah but you have to start somewhere
<pie_>
or at least i have to
<joepie91>
pie_: well... yes and no. the point to start is by establishing a threat model (and thus learning how to do that), not by picking things that claim to be "anonymous"
<joepie91>
the latter won't get you anywhere
<pie_>
the thread model is if it has your address and credit card youre dumb
<joepie91>
that's not a threat model :P
<pie_>
:P
<pie_>
i wish i could security tabletop with some people, im so bad at it
<pie_>
". Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine [...] f your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://"
<pie_>
3) What are their incentives/goals?" youve been reading somethng
<pie_>
" 2) What are their resources/capabilities?
<pie_>
this sounds familiar
<joepie91>
?
nckx has joined #nixos-chat
<pie_>
or maybe this is just obvios
<joepie91>
it's obvious to people who have been dabbling in security and subconsciously learning threat modelling for a while
<joepie91>
it's definitely not obvious to most people :P
<joepie91>
for starters, a lot of people think in a binary {secure, not secure}
<joepie91>
entirely missing the 'incentives' and 'costs' points
<joepie91>
"security is about making an attack on something unjustifiably expensive for the attackers you expect" seems obvious to security people, but not so much to most other people
<pie_>
ive kind of come full circle
<pie_>
but maybe thats because im interested in secure messaging in the face of state actors
<ajs124>
do I hear OTPs and carrier pidgeons? :D
<pie_>
not scalably
<joepie91>
pie_: so then the next question is, why are you interesting to state actors :P
<joepie91>
because state actors have a budget
<joepie91>
it's a big budget, but still a budget
<joepie91>
and they will allocate more or less to you depending on why you're interesting
<pie_>
nah man everyone knows state actors are magic
<pie_>
i feel like this kind of comes down to an argument about dual use technologies and whether it should be relevant if youre interesting or not
<pie_>
i guess im still super naive but i feel like it should be accaptable to have a system that doesnt break at the slightest prodding
<pie_>
and that means metadata too
<pie_>
maybe ive got my manties in a bunch over nothing :p
<joepie91>
it's nice if you can build such a system, the problem is that increased robustness often comes at the expense of other things
<pie_>
yeah
<joepie91>
and it's difficult (often impossible) to make that tradeoff determination without knowing the context
<joepie91>
which is what the threat model is for :P
endformationage has joined #nixos-chat
<pie_>
leanring this stuff in a vacuum sucks
<joepie91>
it's also useful to keep in mind that everyday systems that have been running for many years, outside of IT, are super prone to fucking with them
<pie_>
my brain isnt so good that everything sticks the first time :( or im just learning wrong
<joepie91>
like, it isn't especially difficult to take down your local electricity grid
<pie_>
i guess
<joepie91>
or poison the water supply
<pie_>
but the state isnt interested in taking down the electricity grid
<joepie91>
but people don't do this, because why would they
<pie_>
unless for false flags or something :P
<joepie91>
and this is where 'incentives' come in
<pie_>
right
<pie_>
th enecessity of capability and incentive even i figured out
<pie_>
to be able to do something...you have to be able to do itű
<pie_>
but then you have to actually want to do it
<pie_>
gchristensen: whois privacy is a thing by default now?
<gchristensen>
eh?
<pie_>
does gandi.net hide my whois info
<gchristensen>
`whois gsc.io` to find out? :P
<pie_>
nope
<pie_>
got your contact info
<joepie91>
that's not a great metric
<pie_>
err
<joepie91>
WHOIS privacy allowedness varies by TLD
<pie_>
rather your name and state
<pie_>
joepie91: ah yeah?
<joepie91>
and some registrars will hide your info by default if you're in the EU (because GDPR) but otherwise not
<pie_>
right
<gchristensen>
whois grahamc.com
<joepie91>
some registrars do that for everyone
<joepie91>
some registrars (like internetbs) have been offering it as a free option since long before the gdpr
<pie_>
gchristensen: that one looks better
<pie_>
guess ill look at internetbs
<joepie91>
in pretty much every case, the details of the WHOIS policy are listed on the registrar's site
<pie_>
joepie91: whats the "name" field in the dns record manager?
<pie_>
it defaults to @ (or thats just empty, im not sure)
<pie_>
im trying to figure out how to make a *.mail.example.com
psyanticy has quit [Quit: Connection closed for inactivity]
<joepie91>
pie_: no idea, I don't use their DNS, I don't know if they support wildcard records (most DNS services don't)
<joepie91>
I just point it at dns.he.net
<pie_>
ok
<pie_>
i was thinking id set up my own dns but later
<sphalerite>
pie_: @ is the domain without a subdomain
<sphalerite>
pie_: you can try putting *.mail in
<pie_>
yeah meanwhile i figured out @ means "root" and name is the, yeah *.mail in name
<pie_>
worked
<pie_>
i should probably read a book on dns or something
<pie_>
any pointers
<sphalerite>
40.40.76.144.in-addr.arpa. 21595 IN PTR lugn.soundray.org.
<sphalerite>
(scnr)
<pie_>
:P
<pie_>
,locate dig
<{^_^}>
Found in packages: bind.dnsutils
<pie_>
wtf it told me its in bind
<gchristensen>
in reflection of the start of Yom Kippur, and in the spirit of atonement, I'm thinking about this response in Litany of Atonement by Rob Eller-Issacs: "We forgive ourselves and each other; we begin again in love."
<pie_>
sphalerite: i added *.mail and mail both, but nothing is showing up on mail. do i have to wait for my ttl? i didnt need to wait for the wildcard (because it wasnt cached yet? but if its about caching, it should still have it when i had an mx set on the top level...)
<sphalerite>
yes probably caching
<pie_>
i mean, i set an mx for my top level but when i removed it and added *.mail it seemed to immediately work
<pie_>
err
<pie_>
well ok ill wait a bit
<pie_>
ive got ttl at 10 minutes so shouldnt be too bad
drakonis1 has quit [Quit: WeeChat 2.6]
drakonis has joined #nixos-chat
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 250 seconds]
drakonis has quit [Ping timeout: 250 seconds]
drakonis has joined #nixos-chat
<samueldr>
really generic linux question: isn't it udev that adds /dev/disk/by-* symlinks? if so, is it by an internal rule? it doesn't seem to be in /etc/udev/rules.d
<infinisil>
Probably hardcoded yeah
<samueldr>
looks like it's provided in another way, and that I was copying it to the target device (comparing to my local computer)
<samueldr>
though it somehow doesn't apply to the local storage of *that* phone :/
<samueldr>
it doesn't in stage-1, it will within stage-2
<buckley310>
I was under the impression that everything under /dev/ was handled by the kernel through devtmpfs
<samueldr>
my understanding is that devtmpfs does a chunk of it, but udev does the rest
<buckley310>
interesting
<gchristensen>
adisbladis: do you have any info / links w.r.t. sddm & sway / sddm & i3?
<pie_>
OH. I HAVE TO ADD ALIASES MANUALLY. I just thought i set the domain stuff and aliases magically come into existence when they receive mail
<samueldr>
hmm! looks like udev doesn't start; will need some more debugging but it's possible something is not yet ready that it needs
<samueldr>
that would explain why the symlinks aren't created
Jackneill has quit [Remote host closed the connection]
<__monty__>
qyliss: How bad does it look?
pie_ has quit [Ping timeout: 240 seconds]
<eyJhb>
Anybody experienced this problem on a Macbook 12" 2016 model? Sometimes it works if you get the screen in perfect rotation - https://i.imgur.com/KPYWvGa.jpg
<eyJhb>
Happened a couple of weeks after some idiot store replaced the back of it + battery for 5.000,- DKK
<eyJhb>
> DKK 5000
<{^_^}>
"5000 DKK = 750.000000 USD"
<gchristensen>
:o currency conversions? lol
<eyJhb>
I can't remember who got tired of my DKK, but somebody did it yeah :p
<eyJhb>
Maybe sphalerite ?
<samueldr>
something something not a general purpose programming language
<samueldr>
anyone has a gut feeling about why udevd won't start in an init script, but will in a (dropbear) ssh session? error is `Assertion 'close_nointr(fd) != -EBADF' failed at src/basic/fd-util.c:71, function safe_close(). Aborting.`
<samueldr>
though the assertion along doesn't tell me what's up, setting more debug info to track it down
<samueldr>
ooh, got a feeling about the console output, the ssh session "had an output", while it could be that the initrd didn't; I've been having weirdness with that device
<samueldr>
stripping console= from /proc/cmdline; arguments that were in the OEM cmdlines, fixed the issues :)
freeman42[NixOS] has joined #nixos-chat
tokudan has quit [Quit: Dunno.]
freeman42[NixOS] has quit [Ping timeout: 240 seconds]
tokudan has joined #nixos-chat
<infinisil>
Ugh, some youtuber made a word filter for things that sound like bad words, which can be very useful. Now he made a video "publishing" the code because others might find it useful
<infinisil>
And by "publishing" he meant a friggin web api for it, a web api!
<infinisil>
Like come on, he probably used dozens of open source projects as dependencies
<drakonis>
github's UI is not fit for looking at patches
<infinisil>
I'm also not very comfortable with slnos mysteriousness
<drakonis>
same
<qyliss>
I'm going to open a PR to pull from upstream
<infinisil>
+1
<qyliss>
I'll go through the patches and figure out if anything's worth keeping
<drakonis>
there's also nix and nixpkgs forks from 2017
<samueldr>
I think you're making too much of "a thing", it's just someone's derivative that's being kept secret; tor-browser patches notwithstanding in this statement
<samueldr>
oxij can keep the secret fork as they please
<qyliss>
I'm only talking about the Tor thing
<samueldr>
yeah, that wasn't addressed to you qyliss :)
<gchristensen>
for me, it seems unwise to be pulling something as sensitive and complicated as the tor browser from a fork
<samueldr>
the tor patches are of concern
<gchristensen>
not to mention the "up-to-date"edness
<drakonis>
for some reason the tor derivation has multiple packages?
<drakonis>
firefox esr 52
<samueldr>
as long as upstream is maintaining them it's not an issue
<samueldr>
ESR is the extended support releases
<drakonis>
they arent maintaining esr 52 anymore
<drakonis>
mozilla that is
<drakonis>
neither tor supports a version that old
<qyliss>
I'll kill that in the same PR
<samueldr>
then it's an issue
<drakonis>
the latest firefox esr is 60
<qyliss>
Which is what current tor-browser is based on
<drakonis>
yes
<drakonis>
esr 52 users get force bumped into 60
<samueldr>
it's amazing, that one console= bug basically fixed all the issues specific to that one phone in early boot :3
<qyliss>
:D
<drakonis>
noice
<drakonis>
tor's description is totally a thing that oxij would write lmao
<qyliss>
Can we tone down the ad hominems?
<drakonis>
yes
<drakonis>
i'll stop it now
<gchristensen>
qyliss++
<{^_^}>
qyliss's karma got increased to 11
<qyliss>
Thank you
<qyliss>
I can't link this discussion in the eventual PR now
<drakonis>
my bad
<drakonis>
axe this one line from the logs tho
<samueldr>
I can't, and won't
<drakonis>
aight
<samueldr>
I even let the decidedly rude ascii art from the spammers that one time
freeman42[NixOS] has quit [Quit: Leaving]
<qyliss>
samueldr++
<{^_^}>
samueldr's karma got increased to 122
<samueldr>
I don't want to cast any doubts about editing the logs
<samueldr>
though, now thinking about it... maybe an addition for spam which greys them out a bunch could be good, but I still wouldn't mark a user's words as spam
<joepie91>
booted into install image, mounted from there, worked fine
<joepie91>
clearly the block devices and filesystem are fine\
<joepie91>
guess I'll debug it tomorrow
drakonis__ has joined #nixos-chat
drakonis has quit [Ping timeout: 268 seconds]
drakonis__ is now known as drakonis
<tokudan>
i realize it's a bit late as an addition to the release notes, but would it make sense to add a note about the new feature system.autoUpgrade.allowReboot? i completely forgot that when working on the PR back then
<samueldr>
tokudan: not too late, late, but not too late :)
<samueldr>
tokudan: open a PR targeting master, adking for backport, or doing the backport PR yourself :)
<tokudan>
samueldr, gotta look up how to change that first ;)
<tokudan>
samueldr, is that a highlight or does it belong into Other Notable Changes?