gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
drakonis has quit [Quit: WeeChat 2.6]
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 265 seconds]
<colemickens> lol VS Code remote functionality broken purely due to their proprietary closed source validation component that can just be disabled.
<colemickens> VS Code : Remote Debugging :: Chrome : Chromecast.
<pie_> oh, right, flokli see what i said above, just a followup on what we talked about
<gchristensen> omg first try this server booted
<gchristensen> zfs on root with mirrored grub on hetzner :) so happy
<samueldr> won't it be harder to read?
<gchristensen> hm?
<samueldr> if it's mirrored
<gchristensen> I have no idea
<gchristensen> I'll share the config
<pie_> :D
<samueldr> gchristensen: ^
<pie_> oh...ha...haaaa xD
<gchristensen> :|
<samueldr> I am *not* sorry
<gchristensen> it is 1:30am you can't make those jokes with me at 1:30 :P
<samueldr> I don't think it was a trivial one though :)
<gchristensen> :)
<pie_> wait whats a mirrored grub
<samueldr> grub installed to both disks, right?
<gchristensen> yea
<samueldr> which is not trivial to do, but kind of needed when doing something raidy
<pie_> huh
<gchristensen> in the morning I can continue on to stage 2 of my master plan. make ofborg evals faster, and build all the linux PRs
<samueldr> yay
<colemickens> Do any of the clouds support booting an efi kernel directly so you could forego boot?
<samueldr> "but I want to boot legacy since it's *insert inane reason*"
<gchristensen> several packet machines boot efi, but directly no. you can ipxe of course
<gchristensen> ok I am like 2.5h late for bed, g'night!
<samueldr> 'night
<colemickens> The info in this thread is making my blood boil: https://news.ycombinator.com/item?id=21423019
drakonis1 has joined #nixos-chat
<pie_> holy crap, so apparently some stuff got mainlined a while back
<pie_> i just booted the nixos live distro on my non-pro surface 3
<pie_> it sees a little iffy but no major issues so far??
<samueldr> are you booting the new-kernel variant?
<samueldr> because it could be even better than you expect!
<pie_> samueldr: whats that! ?
<pie_> colemickens: heh ` We need an America-specific corollary to Hanlon's razor: "Never attribute to malice that which can be explained by an attempt to avoid liability in a maximally litigious society."`
<pie_> colemickens: huh. interesting take. `This is essentially what elections are for: to let people revolt against government power without resorting to violence. But if elections are perceived as not valid, or as ineffective, they can no longer release that tension... `
<colemickens> pie_: I want someone to make a "DoesMicrosoftLoveLinux.com" website with a big huge "NO" that links to open kernel bug reports for Surface devices.
<pie_> lolsigh
<colemickens> I get it, MS has changed, blah blah blah whatever, and yet Surface devices still take months (or longer), post-launch, of community love to be usable.
<colemickens> As for the HN thread, the twitter comments from DHH and the Bark guy really just got to me.
<colemickens> I can't imagine how much harder HS would've been with that sort of pseudo mind thought survelliance.
<pie_> hm touchscreen doesnt seem to work by default
<samueldr> oh
<samueldr> minimal...
<samueldr> might not be as useful to test stuff
<pie_> samueldr: what is this
<samueldr> the installer image, but using the latest mainline kernel, rather than the latest LTS
<samueldr> sometimes needed for shiny new unsupported hardware
<pie_> ahh
<pie_> hm, says 4.19 on the tin for the graphical, should probably be new enough...
<pie_> maybe nixos isnt as fancily onfgured as ubuntu or something
<pie_> also no battery info
<samueldr> ubuntu is known to backport stuff or patch stuff that isn't part of mainline yet
<samueldr> especially if it fits their desires for hw compat
<pie_> cant remember if my touchscreen worked on ubuntu
<pie_> hm....why wont gparted let me format to et4
<pie_> ext4
waleee-cl has quit [Quit: Connection closed for inactivity]
<pie_> unless the graphical installer is messed up somehow
<pie_> i just used mkfs.ext4
<pie_> hm brightness control doesnt work either
* colemickens catching up on Discourse.
<colemickens> Hm, complaining about Linux diversity in a NixOS thread feels like a hot take. lol.
<pie_> i hope i get battery stats with the new kernel before i run out of battery xD
<drakonis1> which thread?
<pie_> whelp, think i just ran out of batt
<pie_> i cant remember how to charge this device lol
<pie_> oh wait...mamybe it uses the "Microsoft" labeled charget ive been using with my phone...
<colemickens> it was a random thread, it was in the context of musing about Linux desktop polish for Mac users. I get the complaint, sort of, but it does feel a bit funny to wish for standardization in the Linux world as I glance at my massive /nix/store :)
<drakonis1> it is amusing, as it has never truly worked out
<colemickens> "Okay, which DE do you like?" -> "I like [DE1]" -> "Oh, what if the community standardized on {other DE2} and dropped [DE1] over ngiht?" -> "oh"
<pie_> too bad, its a necessity for engineering nte big >.>
<pie_> s/,//
<pie_> id be happy with interface standards :P
<pie_> samueldr: dunno if it was the proper install or the kernel update but the touchscreen works now :D
<pie_> something weird nd bossibly deep is broken
<pie_> touchsreen seems to break after login , and my wifi just ?gave out? and caused anythin networking related to hang (?)
<pie_> systemctl wasnt responding either
<colemickens> Microsoft Loves Linux pie_, don't you know
<colemickens> jeez
<pie_> this must be beaue i dont love linux enough
aminechikhaoui has quit [Quit: The Lounge - https://thelounge.github.io]
aminechikhaoui has joined #nixos-chat
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-chat
<Church-> Alright, think this edgerouter once updated can finally be set up for wireguard
<drakonis1> ahhh crap i need a replacement lappy now
<drakonis1> mine died just as predicted
<drakonis1> too soon though
das_j has quit [Remote host closed the connection]
das_j has joined #nixos-chat
endformationage has quit [Ping timeout: 268 seconds]
<Church-> Alright I'll fiddle with my router some other time. Least wifi ap is working and routing correctly
<Church-> Somehow
<Church-> Given that every interfaec seems to be a switch interface now and I can't set dhcp...
drakonis1 has quit [Quit: WeeChat 2.6]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 276 seconds]
etu has quit [Quit: WeeChat 2.4]
talyz has quit [Quit: WeeChat 2.4]
etu has joined #nixos-chat
etu has quit [Quit: WeeChat 2.6]
etu has joined #nixos-chat
talyz has joined #nixos-chat
tilpner has joined #nixos-chat
drakonis_ has quit [Remote host closed the connection]
lucus16 has quit [Ping timeout: 240 seconds]
<andi-> infinisil: actually it tries to do syntax checking and fails at the first comment :D
lucus16 has joined #nixos-chat
__monty__ has joined #nixos-chat
<infinisil> andi-: Hehe
<eyJhb> samueldr still holding the crown for king of dad jokes.. :p
ar has quit [Ping timeout: 250 seconds]
ar has joined #nixos-chat
ajs124 has quit [Quit: Gateway shutdown]
<samueldr> what did I do?
ajs124 has joined #nixos-chat
<eyJhb> samueldr: the gchristensen mirror joke :p
<samueldr> ah
<kraem> ar: thanks for the iwd config :) one thing i've been wondering though; if we're letting iwd act as the dhcp client, would the system be able to get an ip if we connect via ethernet?
<eyJhb> And I do recall a bunch of others as well samueldr :p
<eyJhb> Anybody that can recommend some god circuit tools that is "nice" to Git. Basically just for a hobby project
<eyJhb> s/god/good/ - also electronic circuits, if that needs specifying :p
<kraem> ar: also i couldn't find the rank option you have defined anywhere in the iwd documentation
<ar> kraem: it's in the example main.conf in sources
pie_ has quit [Ping timeout: 268 seconds]
<ar> kraem: and iwd (or, ead for that matter) don't seem to handle dhcp on wired connections.
<kraem> ar: yeah that
emily has quit [Remote host closed the connection]
<kraem> that's what i thought. i'll try to have dhcpcd handle the ip then. not that i'm often connected over ethernet but if i know myself, next time i connect via ethernet i'll forget i don't have any daemon getting me an ip.
emily has joined #nixos-chat
<gchristensen> anyone know if github publishes their ssh host key fingerprint anywhere?
<gchristensen> nice
<gchristensen> thanjs
<andi-> It always creeps me out a bit knowing that they are probably sharing private keys amongst hundreds of machines..
<gchristensen> yup.
<eyJhb> Sharing?
<eyJhb> Ohh.. Sharing like reusing?
<andi-> yes
<infinisil> Oh nice, I'll add those to my config
<andi-> They also do not have SSHFP or DNSSEC or IPv6 or … how should I trust them to get that private data stuff correct?
<infinisil> Hm wait, how can I put this into .ssh/known_hosts?
<eyJhb> github.com fingerprintstuff
<eyJhb> I guess
<eyJhb> Or are you thinking actually, how, and not just format?
<eyJhb> infinisil: nvm, opened the link as well :p
<infinisil> I mean the format
<infinisil> Because known_hosts wants the base64-encoded public key
<infinisil> Not a fingerprint
<eyJhb> I might be a idiot for this, but can't you just take the current from known_hosts
<eyJhb> E.g. delete from known hosts, connect to github, validate it is the correct sha, use the one added to known_hosts as the one to add in the future
<eyJhb> But that might bestupid
<infinisil> Yeah that's what I thought of too
<eyJhb> I might have found something! :p
<infinisil> And I just validated the one I had in known_hosts already, the sha256 matches indeed
<infinisil> Guess nobody at github thought this could be used to populate known_hosts preemptively
<eyJhb> Well... You can do something... Which I find somewhat stupid
<infinisil> That is?
<eyJhb> But basically use ssh-keyscan to get the cert from github.com, and then validate against it before you add it to known_hosts
<eyJhb> But I would prefer just converting the sha256/rsa to the known_hosts format
<infinisil> Hehe I see, neat
<andi-> Is anyone using Firefox Multi-Account containers and can tell me if those settings sync across devices when using (custom) firefox sync?
<infinisil> Can't really convert from fingerprint to public key (which makes sense, it's just a fingerprint after all)
<infinisil> unfortunately, as I just found out
<andi-> Trying to figure out if it is worth investing an evening or if that will have to be done on every device…
<eyJhb> infinisil: yeah that sucks.. So I suggest doing the "I know this is good, therefore I can add it"
<eyJhb> It should be the same for everyone right?
drakonis has joined #nixos-chat
<eyJhb> I had a feature some time ago in my code, but now it doesn't support that thing it used to ,and I have no clue where it went
<infinisil> andi-: They don't sync
<infinisil> Just checked
<andi-> :'(
<hexa-> multi-account containers also had that annoying bug … have to look it up
<gchristensen> the one where it deleted all the containers when you uninstall?
<gchristensen> (or if firefox uninstalls it for you because a cert expires ...)
<hexa-> no, just a second
<hexa-> I've uninstalled multiaccount-containers for a while now, that's why I don't remember exactly
<hexa-> it had to do with opening tabs from within group A, that needs to be opened in group B
<hexa-> I think it duplicated tabs weirdly
<gchristensen> ah
<{^_^}> mozilla/multi-account-containers#728 (by ph0enix49, 2 years ago, closed): Always open in container spawns two tabs instead of one
<hexa-> was infuriating
xd1le has quit [Quit: leaving]
<eyJhb> Is there anything container like for Android? E.g. putting apps into containers, where "of course you can have access to my contacts, but there is none" and "sure thing! My location is always Greenland!"
<__monty__> Interesting idea.
<__monty__> Would obviously not be an officially supported product.
<eyJhb> Wondering if something like that can be accomplished using the multi-user setup
<eyJhb> Maybe not.. But it would be kinda cool if it could be done
<__monty__> Someone should implement that fingerprint checking stuff to the ssh module. You list your trusted fingerprints and it fetches keys and compares fingerprints during setup.
<eyJhb> __monty__++
<{^_^}> __monty__'s karma got increased to 9
<eyJhb> Didn't think of that
<eyJhb> But then, how should it store it? Do we have a global known_hosts?
<eyJhb> `programs.ssh.knownHosts` guess so
<__monty__> /etc/ssh/knownhosts I think?
<__monty__> Or the user specific one for the HM module.
<eyJhb> But then it should just be build into the programs.ssh module I would assume
<__monty__> I'm thinking of a `programs.ssh.trustedFingerprints = { "github.com" = blah; "gitlab.com" = blah; }`
<eyJhb> __monty__: it could follow the syntax from https://github.com/wercker/step-add-to-known_hosts
<eyJhb> hostname, fingerprint, type
<__monty__> Or just strings because, do we care about the types for example?
<infinisil> How about programs.ssh.knownHosts.<name?>.fingeprint
<eyJhb> infinisil: wouldn't work for IPs
<__monty__> eyJhb: Oh, it's necessary for hosts that offer multiple key types? Yeah, sure, let's add that.
<eyJhb> Also, it should prop accept a list of hostnames/ips as well
<infinisil> eyJhb: Setting fingerprint would imply that the host should work with ssh-keyscan
<__monty__> eyJhb: Could still work if fingerprint is actually a record where name only defaults to <name?>.
<__monty__> ssh-keyscan works with IPs though?
<eyJhb> Yeah, but how well does NixOS handle a option named `programs.ssh.knownHosts.` ?
<infinisil> programs.ssh.knownHosts."".fingerprint ?
<eyJhb> WELL!
<eyJhb> That is cheating
<infinisil> xD
<eyJhb> (did not know that)
<eyJhb> But yeah, that would be minimal invasive :D
<eyJhb> Even if it would be nice to have a list of hosts with X fignerprint
<eyJhb> E.g. gist.github.com github.com
<infinisil> Oh and there's `programs.ssh.knownHosts.<name?>.hostNames` defaulting to `[ name ]`
<__monty__> Ok, so needs host, fingerprint, type, port, timeout and which hash.
<__monty__> And you can omit everything but the host. No fingerprint specified means TOFU.
<infinisil> Hmm
<infinisil> Not sure I like TOFU for this
<infinisil> I guess it's what we do anyways already though
endformationage has joined #nixos-chat
<infinisil> s/anyways already/already anyways
<__monty__> Yeah, it just moves the TOFU from your first ssh interaction to setup.
<infinisil> I guess I don't like how it's implicitly tofu
<eyJhb> Really need a TOFU explaination here
<gchristensen> trust on first use
<eyJhb> Urban is just not doing it `bean curd, that is good with everything, meat for vegans`
<eyJhb> Ahh
<__monty__> It's a meat substitute, eyJhb
<eyJhb> Precisely
<eyJhb> :p
* __monty__ wipes brow
<__monty__> Enough brainstorming from me. That was obviously the hard part, now someone selflessly write it up and then stick my name on top and let's call it a day : )
<infinisil> Hehe
<infinisil> Although, maybe we should spend our time instead on improving certificate support for ssh instead
<infinisil> s/instead//
<__monty__> S/MIME?
<gchristensen> probably not, certificates are a nightmare to configure and use. SSH is easy to use and still shockingly secure
<infinisil> gchristensen: This is why we should make it easier!
<infinisil> Managing ssh keys is annoying
<__monty__> I'm not a huge fan of the centralized authority certificates imply though.
<gchristensen> you should try certificates lol
<__monty__> How bad is it?
<gchristensen> try it for yourself :
<gchristensen> :)
<__monty__> infinisil: Can't you use gpg for ssh?
<__monty__> That might never happen though. Since I don't really like the certificate trust model.
<infinisil> You can, but I recently decided to not do that, because I don't want a separate subkey for every machine
<infinisil> And then have to move my gpg subkeys around
<__monty__> Well, you don't *have* to : >
<infinisil> Hm, I guess as long as I trust all my machines there shouldn't be a problem with allowing each of them to log into any other
<infinisil> But ehh
<gchristensen> gpg for ssh is nice for using a hardware token as the ssh key
<infinisil> Yeah when one machine is breached, you have to revoke the subkey you use for all machines
<infinisil> Which I don't want
<gchristensen> the point though is your key is on the token not on the computer
<infinisil> gchristensen: Does that mean you can't use this for remote servers?
<__monty__> Unless you leave a token in them.
<__monty__> Which defeats the point.
<gchristensen> right, I wouldn't recommend using gpg for ssh keysunless you're using it with a hardware token to hold the key
<infinisil> __monty__: "Since I don't really like the certificate trust model." Why that?
<__monty__> Why does it have to be gpg for a token btw? Is it just because that's what tokens already support?
<__monty__> infinisil: Because it implies centralized authority.
<infinisil> __monty__: Hm wouldn't with ssh certs the central part be only the machine giving access which makes a lot of sense?
<__monty__> Wait, ELI5 ssh certs. I was assuming it'd be like ssl.
<infinisil> Hm I'll look it up properly myself before spurting nonsense hol on
<infinisil> __monty__: https://ef.gy/hardening-ssh has a decent tutorial (section SSH certificates)
<__monty__> infinisil: I like how "Central Authority" is like the first feature in that section : )
<infinisil> Hehe yeah, but I don't view that as something bad since it's *me* that's the central part
<infinisil> It doesn't use the SSl certificate chain
<__monty__> Ah, but you're only talking about ssh between *your* boxes?
<infinisil> Yea
<__monty__> I thought we were still talking about the github stuff.
<__monty__> You're the central authority too if you're the one copying ssh keys everywhere : )
<infinisil> Ah no I wasn't
<infinisil> I guess
<infinisil> My explanation of ssh certs: For one you have a CA for hosts. So for each host you have to sign their public key with that CA. Then you declare in each host that you trust to access hosts from that CA
<infinisil> Then you also have a (recommended different) CA for users. So each users has to have their public key signed with that CA. And the server will give access to all users that have a signed public key from that CA
<infinisil> This means to add a new user you generate a public key, then sign it with the user CA. No need to do any change on the server. Similarly the other way around for new hosts
<infinisil> That does sound pretty good
<__monty__> Yeah, not sure why github doesn't.
<__monty__> They could have keys specific to machines.
<__monty__> Only thing I don't like is revocation. You have to get these from a trusted source or revoke keys on every host, which gets us back to manual key management mostly.
<infinisil> Hm yeah..
<__monty__> gchristensen: Are we missing anything obvious? Generating the signatures doesn't seem all that horrible?
<infinisil> I guess gpg has a better way to handle revocations
<infinisil> At least with NixOS/nixops you could easily revoke certs declaratively on many machines
<infinisil> __monty__: I guess it's a bit annoying to manage the CA: To sign a public key of a new user, the user needs to somehow get their public key to the machine where the CA is at, then it signs it and needs to send back the certificate
<infinisil> I know openssl has some certificate signing request thing that probably makes this a bit more streamlined
<infinisil> (probably can't be used for ssh certs though)
<__monty__> Hmm, and that step's still vulnerable to MITM of course.
<eyJhb> Sounds like one of you guys will update the module! :D
<infinisil> I think certs are already supported by the ssh modules :)
<eyJhb> Oh, but the trusted thingy! :D
<infinisil> programs.ssh.knownHosts.<name?>.certAuthority
<infinisil> eyJhb: The fetch-public-key-and-compare-it-against-fingerprint thing?
<eyJhb> Precisely! Such a short and describtive name :p
<infinisil> xD
<infinisil> Oh you know what, couldn't we abuse fixed-output derivations to do that?
<infinisil> Because the fingerprint is the sha256
<infinisil> !
<infinisil> This might just work, lemme try
<eyJhb> :| I don't know how I should feel about abuse
<eyJhb> How would you do so?
<infinisil> We want to fetch the public key at build time, so we just write a derivation that fetches it, but for this to work it needs to be fixed-output
<infinisil> But how can we know the hash? We know it already, because we know the fingerprint!
<infinisil> And that automatically checks whether the fingerprint is correct as well!
<eyJhb> This soudns like the chrome hack :%
<eyJhb> Ohh the joys, where to handle the logic.. Client, server or worker
gchristensen has quit [Quit: WeeChat 2.4]
{^_^} has quit [Remote host closed the connection]
<eyJhb> :o something bad happened
gchristensen has joined #nixos-chat
<eyJhb> Whoo welcome back gchristensen
{^_^} has joined #nixos-chat
<gchristensen> thanks
<gchristensen> going to 19.09 :)
<infinisil> eyJhb: I got it! It works!
<eyJhb> Ahh, makes sense ;)
<eyJhb> infinisil: let me see! :D
<infinisil> Hold on, cleaning it up a bit
<infinisil> The most difficult bit was to write a base64 -> hex converter in nix
<eyJhb> Quick question, is this a good/easy/optimised way of doing it, or mostly a fun way infinisil ?
<gchristensen> oh no
<eyJhb> gchristensen: what? :p
<infinisil> eyJhb: It's super easy and convenient, and not really hacky even imo!
<infinisil> I mean yes it's kind of hacky, but not in a bad way
<eyJhb> Waiting in excitement to view your masterpiece infinisil :D
<samueldr> >> I mean yes it's kind of hacky, but not in a bad way
* samueldr is ordering a headstone
<eyJhb> samueldr does not sound ammused
<eyJhb> s/ammused/amused/
<samueldr> I *am* amused, by that :)
<eyJhb> By the headstone on the hacky bit, or both?
<samueldr> by the quote
<eyJhb> Lets see :D
<eyJhb> High expetations from infinisil now
<samueldr> I don't pass judgement against hacky experiments...
<samueldr> ... I pass judgements against those that use bad hacky experiments instead of fixing their hacks :D
<samueldr> I like quirky experiments
<infinisil> Okay well whatever, I'll clean it up later
<infinisil> This fetches the public key from github.com in a pure nix derivation by knowing the keys sha256 from https://help.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints
<samueldr> now do the same for their private key
<samueldr> :3
<eyJhb> #hacked
<infinisil> !
<infinisil> This now needs another derivation around it
<eyJhb> And as expected, I have no clue how or why it works
<infinisil> Because the result of the current one is the public key in binary
<infinisil> eyJhb: The base64 decoder?
<eyJhb> Basically, everything. Line 1 to 43.
<eyJhb> But I might have to look at it some more, before it makes sense
<infinisil> Hehe
<eyJhb> But my Nix i generally .. not there. :p
<eyJhb> I haven't done enough of it, to actually be able to do anything besides writing basic things
<infinisil> I'll clean it up more and maybe make it a function you can use like `programs.ssh.knownHosts."github.com".publicKey = sshKeyscan "github.com" "<ssh sha256>";`
<eyJhb> So, it won't be a part of the module?
<infinisil> AH yeah that would work too
<infinisil> Could upstream the base64 converter too :D
<eyJhb> Whooo!
<eyJhb> Do that!
<eyJhb> And please, do not restrict/censor(?) it
<__monty__> Wow, infinisil, way to not give a bro even a fighting chance at contributing to nixpkgs.
<__monty__> ; >
<infinisil> Hehe
<infinisil> I'm lazy, so this might never actually happen
<infinisil> And hell, I should do other stuff actually!
<eyJhb> NO infinisil ! Go go! We believe in you!
<__monty__> Implements what we're talking about for shits and giggles, "I'm lazy."
<eyJhb> __monty__: don't you ever do that? :p I tend to do that myself
<eyJhb> But not in Nix, because I can't do much in Nix. But other times just for shits and giggles yeah :D
<__monty__> I don't grok lines 8-32.
<infinisil> __monty__: Comments are coming in a bit
<eyJhb> I just realised I need to change some base functionality of my plugin, for it to work optimal again...... :( God damn it
<eyJhb> Btw. a good "thinking pose", if any of you ever need it. Sit down in a chair, place your arms by your side, and then just faceplant into your desk and lay like that until you haven't given completely up on your problem
<samueldr> I called that monday
<__monty__> Worked for my thesis.
<eyJhb> Because that is also a good way of doing it
<eyJhb> We have started getting a collection of images like that in my group. Because we will just turn around, and the other guy is just sitting like that.. Goes both ways :D
<eyJhb> BUt I guess your employeers might look at it with a different look
<MichaelRaskin> Of course, «apply directly to the forehead» also reminds of other memetic hazards…
<eyJhb> Does _not_ include firearms
<eyJhb> Well, time to use the thinking corner...
<eyJhb> Wondering if there is any company that will let you bake, when you get stuck with a coding problem...
<jackdk> at a previous job there was an oven in the kitchen and we had the odd birthday cake
<joepie91> eyJhb: sounds like something DHH would be all in favour of
<__monty__> DHH?
<colemickens> I'm uploading from my soon to be decommissioned server to google drive at 80-90MB/s from my home PC. So spoiled to be back on gigabit.
<gchristensen> jealous
<joepie91> __monty__: https://twitter.com/dhh
<colemickens> (server is a hyperv nixos vm mounting the drives and running rclone that used to be in a chassis that is now my partners pc)
<eyJhb> jackdk: but not a current workplace? Do I remember completely wrong if I remember morph and srhb+adamt?
<eyJhb> joepie91 but that is a private person, right?
<eyJhb> ALso, I think my cake might fail. Didn't have the right form for it, so I winged it. Did not count on it risen that much
<joepie91> eyJhb: yes, but they've been yelling about this sort of "less stress at work" stuff for a while now, and they founded a company (Basecamp)
<eyJhb> Ahh, sounds like something for me. I am not sure how well I would function in a strict workplace.. Like, you can force me to code 8 to 16, but I cannot promise it to be of quality or that I would produce quantity wise
<eyJhb> Oh, I have friend who have _used_ basecamp before
<eyJhb> I remember we had a survey once before on how many screens people use. What was the count?
<eyJhb> I seem to remember gchristensen using a single one?
<gchristensen> yep
<gchristensen> unless it is office hours, then I use 5
<__monty__> Brag much?
<eyJhb> What, 5 for what?
<eyJhb> One for each person? :p
<eyJhb> I think I can run a maximum of 4 off my x230
* infinisil uses a single one
<gchristensen> on the recording computer, zoom, obs, pavucontrol. on my computer, chat, zoom. and then a dinky little thing for timers
<eyJhb> Ahh, makes sense then if it is split over multiple computers ;)
<eyJhb> Do you use tiling window managers infinisil and gchristensen ?
<__monty__> gchristensen: You stream a lot at work?
<eyJhb> I don't think I could live with a single display... 100% not my 12.5", but also not a 24"
<eyJhb> __monty__ NixOS Office Hours I would assume
<gchristensen> __monty__: no, the second computer is an old laptop
<gchristensen> eyJhb: i3 (recording computer -- old laptop) and sway (main laptop)
<colemickens> are your office hours for clients or people generally needing your wisdom?
<eyJhb> When you say old, then which make+model?
<gchristensen> colemickens: anybody can come!
<eyJhb> Somewhat confused, do you stream anything else than the Nix Office Hours thing gchristensen ? :D
<gchristensen> no
<infinisil> eyJhb: Yeah I use xmonad
pie_ has joined #nixos-chat
<gchristensen> eyJhb: not very old at all actually, just that I can't manage >1 personal computer. a dell xps 9560.
<gchristensen> (I very strongly prefer one computer and one screen)
<eyJhb> Newer than mine :p
<eyJhb> Is there any reason you two prefer single monitor? (I understand the single computer, that is why I love my x230)
<jackdk> eyJhb: You must have me confused with someone else
<gchristensen> for me, I get distracted too easily
<eyJhb> jackdk: sorry! :) My memory sucks atm...
<eyJhb> gchristensen: but don't you miss like.. code, browser and docu on the side?
<gchristensen> nope
<__monty__> 24" is plenty for that.
<samueldr> documentation is admitting defeat
<gchristensen> haha
<__monty__> Also, browser/docs and code easily fit a 15" screen.
<eyJhb> samueldr: I somewhat don't want to guess how people might have might e.g. their API :p
<eyJhb> might have made*
<samueldr> happywat?
<samueldr> :)
<eyJhb> Happywat?
<samueldr> (AP -> HaPpy)
<samueldr> feigning ignorance of what an API is
<samueldr> though I now realize that A is said A, not A
<samueldr> :)
<jackdk> eyJhb: np
<eyJhb> Might just be me then, I usually do screen 1 with Weechat+Browser, middle multiple coding things+terminals, third screen debugging, issues, etc.
<samueldr> as for I, three screens, two main ones, 2K resolution, one vertical for the main chunk of code
<samueldr> though now that I'm not doing web anymore, it's less useful
<__monty__> eyJhb: Learn to use tabs and tmux : >
<eyJhb> samueldr: I might be completely lost now (again), but you know, people do random weird stuff when they design REST APIs, and some do not follow standard convention :D
<eyJhb> Hmm. I usually do vertical for webpages if needed
<samueldr> yeah, I failed at making a pun, too used of saying API with A said "ah", as in french
<eyJhb> __monty__: I use tabs :( But not tmux... Feels like there is no reason if you already run a tiling window manager
<samueldr> well, vertical *is* useful for breaking pages :)
<eyJhb> You cannot break something which is already broken! (basically all my webpages)
<eyJhb> But yeah... I do however miss the days, that I didn't have to click accept on every.. single.. website I visit with the big banner that is on-top of everything
<__monty__> Yes, so annoying.
<__monty__> Especially with the opt-out defaults.
<eyJhb> Some danish radio program actually did hunt down the person who made the proposal, etc. he did not expect it to be like that
<eyJhb> Also, it is generally weird to enforce anything on the web. But that might just be me
<samueldr> no good deed goes unpunished
<__monty__> I especially love sites that go "OIC you're in a GDPR country, fuck off!!"
<eyJhb> Is there any of those?
<__monty__> Yeah, had one even today.
<eyJhb> Remember which one?
<eyJhb> Also, can they actually do that?
<__monty__> "We currently *cannot* provide an experience without tracking, sorry, not sorry."
<__monty__> I think it was healthline.com? Not even really worth visiting but hey, if it's a google result surely it should have the answer to my query?
<__monty__> First disabled all the cookies then was redirected to that gdpr notice, then I clicked the back button and the site was just working.
<__monty__> Probably illegally tracking me though.
<eyJhb> Prop yeah
<joepie91> eyJhb: virtually every one of those "agree pls" modals violates the GDPR btw
<eyJhb> Yup, I think most things do in general
<eyJhb> GDPR is a weird thing in general
<joepie91> how so?
<__monty__> It's not weird, it's the only recent internet legislation that makes sense.
<eyJhb> Well... I think basically every company in the world is screwed if they get checked if the actually do comply with GDPR. There is just so much, and so much information that needs to be in X, Y and Z with central systems that knows where everything is
<joepie91> if you mean it's weird that they were willing to introduce such sweeping legislation, then I agree :)
<__monty__> eyJhb: That extension is terrible.
<joepie91> but I think that's mostly a consequence of having slacked on this for two decades
<joepie91> and now having to retroactively clean up the mess via legislation
<joepie91> like, for context, very little in the GDPR is actually new, in terms of requirements
<joepie91> most of it existed in the predecessor legislation, it was just widely ignored and never enforced
<joepie91> eyJhb: also, the reason 'basically every company in the world' would be screwed, is that basically every company in the world has been negligently handling private data for the past decades...
<gchristensen> +1
<eyJhb> joepie91: but it is just.. Video things as well is just _hard_ to handle
<eyJhb> The worst part is having to handle this with professors, researchers, etc.
<joepie91> eyJhb: what do you mean?
<joepie91> eyJhb: I have no idea what you're talking about here
<eyJhb> joepie91: think of a university, in that context there is so much more data/information that needs to be handled and in most cases there is not a standard way. For Facebook, Google, etc. everything can just be put into a database because it fits a specific model
<eyJhb> But in such cases like this, with research and so many different parties involved it becomes a nightmare
<manveru> so... i'm looking for some minimal configs for different DEs for the new graphical nixos installer, anyone got some? :)
<joepie91> eyJhb: sure, and said university has had a long long time to get this sorted out.
<joepie91> it's not the legislation's fault that they haven't
<joepie91> I also suspect you overestimate the work that's needed
<eyJhb> joepie91: but doesn't make it less of a hassle to handle in general sadly.. :(
<gchristensen> why do you care?
<eyJhb> gchristensen: me?
<gchristensen> yeah
<eyJhb> It is part of my department
<gchristensen> ah!
<joepie91> of course not, but the choice is either dealing with that hassle, or sweeping it under the carpet and negligently handling personal data all over the place
<joepie91> the reality is that private data is a liability and handling it requires work; it's always been that way, ethically speaking
<eyJhb> I work infosec at my university, which also includes SOME GDPR/data handling. Luckily we have some people dedicated to it :D
<joepie91> there's no "c) just leave it sitting there unchecked and everybody will be happy" option
<eyJhb> Totally agree
<eyJhb> Also...
<eyJhb> That reminds me of a meeting from Copenhagen University, I think I have a link to it. It has some GREAT fun stuff to read
<eyJhb> On average, one (1) data processor agreement is signed each week at one of the faculties, which obliges the University to live up to a standard we do not know if we live up to and give us external auditing rights. An audit and insight into the area we do not give ourselves internally
<eyJhb> Also this `Data stored on a server agreed with no backup and clearly marked No Backup must be recovered from corrupted disks by an external company for a fee` :D
<gchristensen> I think the thing is that we've been treating people's data too fast andloose, and even if it sucks and is anonying, it must change
<samueldr> oh gosh, with the time falling back one hour, and my jetlag... I'm going to wake up at like 7h30 (AM) wth
<__monty__> If you agreed not to back up then you shouldn't be backing up. That sounds pretty straightforward. RAID 1's not a backup.
<gchristensen> samueldr: perfect time for waking up
<gchristensen> if a little late
<samueldr> I'm not used to that
<samueldr> I was awake at 8h30 this morning, it scared me
<samueldr> until I remembered that yeah, that sleeping-in time on the other side of the pond
<__monty__> Sleeping-in time?
<eyJhb> gchristensen: that is true... And sadly still is. I had problems with https://fossa.com - they have confirmed 3-4 times that they have deleted all my data, but I kept getting e-mails from them...
<samueldr> __monty__: waking up late
<samueldr> I am not an early riser
<eyJhb> I usually get up at around 8-11 currently.. And I need to be up by 6 AM this monday.. To catch a flight :(
<__monty__> samueldr: You made it sound like a cultural expectation though.
<samueldr> hmmm, lol, no it isn't
<__monty__> nn
<eyJhb> night!
<eyJhb> Also looks like it is time for some bananacake
__monty__ has quit [Quit: leaving]
<gchristensen> I think I might read a dilbert and go to sleep myself
<eyJhb> gchristensen: what is the time for you?
<gchristensen> 23:38
<gchristensen> you?
<eyJhb> Wait... WHich timezone are you in?
<eyJhb> 23.38
<samueldr> 2013, 38th month?
<samueldr> oops
<gchristensen> I'm in CET (for now)
<samueldr> 2023, 38th month, eyJhb?
<eyJhb> Ah, makes sense... But normally you aren't right?
<eyJhb> samueldr: yeees :D
<eyJhb> 23.38.-5
<samueldr> that's going to be a weird release
<gchristensen> usually I'm in America/New_York (18:39) but I'm in Paris visiting Tweag
<eyJhb> Or we could just do 23.49.35
<eyJhb> Ohh sounds lovely!
<eyJhb> So when will you be visiting Aalborg gchristensen ?
<gchristensen> yeah ... good question. I really want to do a tour to nix UGs :)
<eyJhb> UGs?
<gchristensen> user groups
<samueldr> come visit the Québec nixos user group... I think I can scrounge up another user
<eyJhb> Oh. It is fairly lonely here in Aalborg. I think I know of 4 guys, where I am only speaking with one of them
<eyJhb> Who! Bigger than samueldr's group!
<gchristensen> samueldr: that is easier than aalborg :) :)
<eyJhb> That's true... Might also be more fun. :p
<eyJhb> I cannot make many garantees of Aalborg.
<gchristensen> I very much enjoy visiting new places, so it would be fun for certain
<eyJhb> How fund are you of bars and beer? Because that is mostly what I know here. Also board game places (w/ beer)
<eyJhb> But if you are interested you can always write to me!
<gchristensen> I like to drink a beer and chat :)
<eyJhb> That's perfect then
* gchristensen forgot to go to bed
<eyJhb> Uhh, I forgot to get some cake as well. Thanks gchristensen :D
tilpner has quit [Quit: tilpner]
<infinisil> infinisil's SSD troubles part 3:
* andi- waits anxiously
<infinisil> Last episode we saw that a simple adjustment of the SATA connector fixed the problems
<infinisil> However, it turns out that this either was a coincidence or just a temporary solution
<infinisil> Because it started to give errors again
<andi-> have you checked the connector?
<infinisil> What I did now is exchange the SATA cables between my SSD and HDD
<infinisil> And...
<infinisil> SSD still doesn't work
<andi-> did you also swap the connector on the board?
<infinisil> Ah yes, also did that
<infinisil> Same problem
<infinisil> So it's pretty much confirmed that indeed my SSD is failing
<andi-> maybe the pins on the SSD aren't perfectly connected? Maybe temperature differences affect the conductivity between the connector and PCB?
<infinisil> Hm, it definitely throws errors that seem to indicate the problem being the link
<infinisil> But I'm no hardware guy, this seems to lie beyond my capabilities
<infinisil> So the bad news is obviously that my SSD is broken and that I can't use my PC right now until I restore from a backup. Good news is that my backups are working properly, and that I can confidently order an NVMe now :)
<joepie91> infinisil: maybe just a wobbly connector *on the SSD itself*?
<joepie91> wobbly socket, that is
<infinisil> Hm I'll take another look
<ivan> infinisil: bad SATA cable has a certain error signature that looks like "device is working fine for N days, disconnects and then reconnects"
<infinisil> ivan: And then it repeats or?
<ivan> infinisil: yes
<infinisil> Huh odd
<ivan> if you have good SATA cables from e.g. monoprice with the latches then it's probably not the cable
<ivan> also sometimes the SATA controllers on the motherboard or PCIe card itself are bad :(