<gpsych>
I'd like to configure a trackpoint middle-click to emulate scrolling while held, without using libinput. Is there a way to do this from configuration.nix?
buckley310 has joined #nixos-chat
gpsych has quit [Ping timeout: 260 seconds]
drakonis has joined #nixos-chat
lovesegfault has quit [Quit: WeeChat 2.7]
<samueldr>
I think it's time we get with the decade, and start shipping our installer images on FAT32, ext2, and ZFS all at once https://github.com/pcd1193182/cursedfs
drakonis has quit [Ping timeout: 245 seconds]
<colemickens>
zimbatm: what actually brings your /run/keys into reality at runtime on your system?
<colemickens>
(I'm thinking about doing a big refresh of my configs, moving to home-manager and trying to actually keep secrets out of the store a bit more.)
<joepie91>
tilpner: it's not actually a NixOS system :)
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
infinisil has joined #nixos-chat
<zimbatm>
colemickens: is that for your personal machine or remote servers?
<colemickens>
yes, both, sorta.
<colemickens>
I use git-crypt and get away with gpg forwarding so...
<zimbatm>
yeah that's what I do too. git-crypt for the config repo, and then `nixos-rebuild --target <host>` for remote deployments.
<zimbatm>
I don't really have secrets to forward to the remote server at the moment
<zimbatm>
if I had, I would scp them in my nixos-rebuild wrapper script
* samueldr
checks if the rabbitmq<->irc bits are in there
<yorick>
yeah, looks like it :)
<samueldr>
yeah, gateway
<gchristensen>
:)
<gchristensen>
note the protocol exposed there is intentionally *very* restricted
drakonis has quit [Ping timeout: 272 seconds]
<__monty__>
Does that mean {^_^}'s protocol is less restricted?
<gchristensen>
{^_^} uses that protocol
<eyJhb>
Lets see if updating my ZNC works smoothly! Changed config + not having updated NixOS in some time
<yorick>
gchristensen: does freenode send ERR_NOCHANMODES if you're not in a channel you want to send to?
<gchristensen>
not by default
<yorick>
gchristensen: how does it join anything? :D
eyJhb has quit [Quit: Clever message]
<yorick>
I guess that's in the irc lib :)
<gchristensen>
the list of channels is defined in the gateway's config
<gchristensen>
right now, rabbitmq senders have no authority to join
eyJhb has joined #nixos-chat
<eyJhb>
Works!
drakonis has joined #nixos-chat
<ashkitten>
i'm curious if anyone has any ideas for ways that anti-cheat could be implemented on linux to help game developers port their games? no game with anti-cheat on windows can currently be ported afaik since they do stuff like reach into the kernel and completely compromise the system's security
<yorick>
ashkitten: there's no hope for this on open-source kernels
<gchristensen>
not to mention very little hope for this on Windows
<gchristensen>
since Microsoft has closed off security vulnerabilities in the past which were abused for this purpose
<yorick>
I have no hope for client-side anticheat whatsoever. of course, they could use tpm attestation but I don't want to give them ideas
<yorick>
physical access just means game over
<ashkitten>
i mean, if microsoft wanted they could implement their own infallible anticheat in the kernel and make every game developer use that
<samueldr>
imagine a usb dongle being required to play your game
<samueldr>
a "securom usb dongle"
<samueldr>
but obviously a "securom lightning dongle" would be better, as they can use DMA to... uh... securom their games
<ashkitten>
but unfortunately if the user builds their own kernel there's no hope
<yorick>
ashkitten: they could not, it would be broken in a week
<ashkitten>
yorick: how so?
<ashkitten>
with secure boot, even?
<__monty__>
Do they really think they can prevent cheating with software?
<ashkitten>
i don't see how they can't, with control over the entire stack
<eyJhb>
There is really NO way to prevent cheating :p
<ashkitten>
aside from os bugs, of course
<yorick>
ashkitten: secure boot allows you to install your own keys
<gchristensen>
gamers prove to be robust opponents
<eyJhb>
Because they will never be entirely in control of anything
<samueldr>
well... streaming services will tell you there is a way
<samueldr>
implement all as a streaming game
<samueldr>
no one will play
<samueldr>
no one will cheat!
<eyJhb>
Unless you are some kind of streaing service, which only accepts inputs, but then again you can cheat in that as well
<yorick>
ashkitten: also this is literally tens of thousands of 15 year olds with assembly knowledge and nothing better to do
<eyJhb>
samueldr: computervision ?
<samueldr>
computervision?
<ashkitten>
yeah, that's fair
<eyJhb>
There are multiple bots etc. that use computervision to guess what is on the screen, and act on it
<samueldr>
ah, right
<samueldr>
I was going for the fascetious tangent "no one will want to play"
<eyJhb>
There really is no way to prevent cheating, unless you don't own the hardware or have access to anything
<eyJhb>
Makes sense :p
<eyJhb>
But really, cheating in general is not something you can "kill" entirely, but you can make it more difficult and add more obstacles
<eyJhb>
And detecting is hard as well
<ashkitten>
can't microsoft detect what secureboot keys are loaded?
<yorick>
ashkitten: and prevent anyone with different secureboot keys from gaming? that would be a riot
<__monty__>
Just sort players by skill. Eventually you'd have all the aimbots fighting eachother, good riddance.
<eyJhb>
Or that just categorises the good and bad cheats :p
<ashkitten>
that's actually a fantastic idea
<eyJhb>
but it isn't really a solution :p Look at CSGO
<ashkitten>
have a way to enable cheats in your game, but cheaters can't play with normal players
<eyJhb>
Also, once you go competetive, it is no fun
<ashkitten>
there's special leaderboards for cheating
<ashkitten>
you can show off how good you are at it
<ashkitten>
how good your cheats are compared to everyone else's
<eyJhb>
Reminds me, would be awesome to see a special OL where drugs etc. are permitted, that would be crazy
<samueldr>
I think the issue with the olympics is ethics and "doing that to humans"
<ashkitten>
yeah^
<eyJhb>
well, if they want to do it theeen
<samueldr>
yeah, not saying that's my opinion of it
<eyJhb>
I would just be "awesome" to see, and it would enable us to get additional information about the human body
<eyJhb>
I get that, but yeah, that is most likely the reason why
<ashkitten>
you're providing an incentive to do that, which makes you the bad person ethically
<eyJhb>
ashkitten: me?
<eyJhb>
I know I am a bad person :D
<ashkitten>
well, whoever is in charge of the drug olympics
<eyJhb>
`The latter was part of German efforts to save Luftwaffe pilots downed in the North Sea: working at Dachau, SS doctor Sigmund Rascher had prisoners strapped down naked in freezing weather or submerged in ice water for hours at a time; blood, urine, and mucus samples were taken regularly while their body temperature dropped. On one hand, Rascher obtained data that no responsible researcher ever
<eyJhb>
could, and he developed the life-saving hypothermia treatment technique called rapid active rewarming. On the other hand, he killed as many as 90 people to do it.`
<__monty__>
🤨 Just watch the olympics we haave.
<eyJhb>
__monty__: but no drugs :(
<__monty__>
If you believe that you're incredibly naive.
<eyJhb>
__monty__: the quote?
<__monty__>
No, that olympics are drug free.
<eyJhb>
Ohh, yeah. It's really just who has the best ones
<eyJhb>
But I still think the amount of druggies is somewhat low
<eyJhb>
But the quote was basically just to show, it _can_ be hard discovering *things* when you have to be ethical. Not saying "go for it" or saying anything goes/is okay.. Important to find a middleground
<__monty__>
Having to kill 90 people to figure out heat is the answer to hypothermia is hardly defensible.
<eyJhb>
__monty__: I think there is more to it than that
<joepie91>
eyJhb: detecting cheating is not that difficult as a baseline; what's difficult is *continuing* to detect cheating after alerting the operators that you've detected them, and they have a reason to improve their evasion
<joepie91>
which is what makes silently reclassifying cheaters into a 'cheater pool' such an interesting option (basically shadowbanning, online games edition)
<eyJhb>
joepie91: but that is the cat and mouse game
<eyJhb>
And it will continue like that...
<joepie91>
yes, the point is letting the mouse believe they've evaded the cat
<joepie91>
while they haven't actually
<joepie91>
it's the same reason tarpitting and such can be so effective
<joepie91>
you're removing the feedback loop for the cheater
<eyJhb>
Yeah, that's why there is basically shadowbaning as you say
<eyJhb>
But if your userbase is large enough, then detecting it becomes easier
<joepie91>
eyJhb: it will continue without the abuser ever upgrading their methodology, yes
<eyJhb>
E.g. look at all the bots for WoW and blizzard games in general
<joepie91>
(if the detection can be hidden well)
<ashkitten>
joepie91: i think it'd be cool to have built-in cheats in games and the ability to write your own, but using them puts you on a special cheater leaderboard
<__monty__>
Those bots exist because in-game objects have value.
<eyJhb>
__monty__: also because one might be lazy
<eyJhb>
But mostly the last part
<__monty__>
If blizzard didn't want bots they could sell gold on the cheap.
<eyJhb>
or levels
<eyJhb>
or items
<eyJhb>
Basically pay-to-win
<joepie91>
ashkitten: yeah, that's an idea I've had bouncing around my head for a while as well
<eyJhb>
shadow clasifying?
<ashkitten>
one of my favorite examples of a social solution to social problems comes from the incompatible timesharing system (its)
<joepie91>
ashkitten: I've actually been idly thinking about how to design a game that's specifically targeted towards cheaters, and how to make it interesting
<ashkitten>
> To deal with a rash of incidents where users sought out flaws in the system in order to crash it, a novel approach was taken. A command that caused the system to crash was implemented and could be run by anyone, which took away all the fun and challenge of doing so. It did, however, broadcast a message to say who was doing it.
<{^_^}>
error: syntax error, unexpected WITH, expecting ')', at (string):275:9
<__monty__>
How about having people police themselves? Put anyone you suspect is a bot on an ignore list. Abuse the ignore list and reduce your pool of opponents.
<joepie91>
unfortunately those ideas tend to trend towards essentially Factorio
<joepie91>
since that's the canonical hyper-optimization-and-automation game...
<ashkitten>
joepie91: have you seen screeps?
<joepie91>
ignore lists don't scale
<joepie91>
ashkitten: have not
<joepie91>
ashkitten: nevermind! I have, apparently
<ashkitten>
it's a game where you have to write code for your little minion robots to execute to efficiently mine resources and expand your base
<infinisil>
__monty__: Ohh, how about people have a "bot-score", which is some number representing how much other people perceive that person to be a bot
<infinisil>
And then this bot-score is used for matching, so you get matched with people with a similar bot-score
<joepie91>
infinisil: you do need to normalize that for the amount of people that *could* have branded them a bot, and then you need to find some way to incentivize people to actually indicate that - if they feel like their reports don't do anything, they'll stop making them
<infinisil>
"1 free lootbox every time you report a user as a bot!"
<drakonis>
overwatch is an example of how ignore lists can be abused
<drakonis>
there's people that are so good with a specific character that they're mass ignored and are unable to queue
<__monty__>
drakonis: That's not abuse imo.
<__monty__>
If it's not fun to play them why should you be forced to play them?
<__monty__>
I'll readily admit I'm mediocre at best at any game I play. I don't care to be pitched against top players.
<__monty__>
Not that it's an issue for me, I don't play any PVP games currently and haven't for years.
<__monty__>
Games are about *fun*, not about getting put in your place.
<drakonis>
truly they're about fun
<joepie91>
ashkitten: so I was trying to figure out why I'd dismissed screeps in the past, and I had a hunch that it used to be proprietary, and a look at the wayback machine seems to confirm my hunch :P
<ashkitten>
since when isn't it?
<ashkitten>
the server code is open, but the client is not
<joepie91>
no idea! but back in 2015 when it launched there was no mention of open-source on the site
<ashkitten>
i haven't checked on the game in a long time but afaik the client isn't open source
<joepie91>
hrm, yeah, seems no source for the client
<joepie91>
so open-core then I guess, not open-source
<ashkitten>
people have made alternative clients, though
<ashkitten>
also you can use webassembly modules now which is cool
__monty__ has quit [Quit: leaving]
<ashkitten>
joepie91: iirc to get the client you have to buy the game which gives you one month subscription on the main server but you can also just use a custom server indefinitely
<joepie91>
this PSA seems to have accidentally turned into an ask-a-cryptographer thread
<joepie91>
that's one of the good kind of twitter plot twists, I guess? :D
<ashkitten>
joepie91: is there anything wrong with sha2?
<joepie91>
ashkitten: going from memory here so don't quote me on it or take my word for it, but I believe it uses the same basic construction as SHA1, whereas SHA3/Keccak uses an entirely new construction (believed to be more secure), and so while there are no *known* attacks against SHA2 it's believed that SHA3 with its newer construction will withstand attacks for longer
<joepie91>
disclaimer: big red font, I am not a cryptographer
<joepie91>
I just understand it enough to know what to avoid
<ashkitten>
heh
<ashkitten>
good to know
<joepie91>
and BLAKE2 is just faster :P
<joepie91>
than any other CS hash really
<ashkitten>
everything seems to currently use sha2 right now, i'm guessing that's only going to change if there's some sort of attack
<joepie91>
including the broken ones like MD5 and SHA1
<joepie91>
probably, yeah
<joepie91>
but there's no immediate reason to worry about SHA2; there's just no point in using it in new stuff, unless you have strict compat requirements
<joepie91>
and if you have SHA2 in an existing deployment, it's probably a good idea to start thinking about your transition path towards SHA3 or BLAKE2, for when an attack does get published
<joepie91>
don't be like Git and immutably design your entire system around a fixed hash function, basically :P
<ashkitten>
will git ever be able to transition to other hash functions?
<drakonis>
it can, yes.
<drakonis>
because there's enough hinging on being able to transition
<infinisil>
13 September 2020, 12:26:40 UTC
<drakonis>
what's that date for?
<gchristensen>
joepie91: in other words, don't use content-addressed storage?
<yorick>
but joepie91, blake3 exists now
<infinisil>
drakonis: Something mildly interesting happens at that point, for this channel to figure out :P
<joepie91>
gchristensen: content-addressed storage can be fine, so long as you have a migration path :P
<joepie91>
pretty sure this is why IPFS has multihash for example
<yorick>
wish there was a good IPFS implementation
<ajs124>
drakonis: that's 1600000000
<gchristensen>
ah
<drakonis>
well that was easy enough
<yorick>
but joepie91, SHA3 is easier in hardware :D
<gchristensen>
yorick: fierce :P
<infinisil>
ajs124: \o/
<joepie91>
yorick: I am currently out of Twitter office, please retry any Q&A requests tomorrow :D
<yorick>
gchristensen: I have tried to run my website on ipfs, but it needed more than 4GB RAM
<drakonis>
a new era eh
<joepie91>
infinisil: oh, unix new year!
<gchristensen>
yorick: yeah, I still get hundreds of connection attempts at the IPFS ports, many many months since I shut down my IPFs node
<infinisil>
New um, 100-million-second-epoch?
<drakonis>
1600000000
<drakonis>
its big
<gchristensen>
hmmm my 30 line Python function turned in to a 90 line Rust function
<infinisil>
Ah so it's the unix newyear after the next one :o
<drakonis>
neat
<yorick>
still 1579475859610 here
<ashkitten>
samueldr: so the cosmo update from last week said that they were still using the digitime updater software but they asked digitime to remove the "vulnerable code" (intentional backdoor)
<samueldr>
oof.exe
<ashkitten>
apparently they've verified with ninji that the code is gone
<ashkitten>
but i'd still be very suspicious
<samueldr>
to be fair, they might not have the expertise and, most likely, the time to invest in figuring something else than what was shipped in their BSP :/
<samueldr>
it's not necessarily a trivial thing to make
<samueldr>
though I don't remember seeing ninji saying they looked or anything