<cole-h>
This `pull` bot on GitHub is super annoying
<cole-h>
I want to see the original PR (if any) in the current repository, not in some random fork
<samueldr>
yes
<infinisil>
GitHub's new notification system (in beta) is neat
<infinisil>
In general at least. I just submitted some feedback pointing out some issues or potential improvements
<infinisil>
Anything is better than the previous notification system though :)
<cole-h>
It is really nice not having to go back multiple times before reaching the inbox again
jasongrossman has joined #nixos-chat
jasongrossman has quit [Client Quit]
<gchristensen>
[5987500.555687] dhcpcd[19031]: segfault at 100cc ip 000000000042982e sp 00007ffe2994aaa0 error 4 in dhcpcd[407000+32000]
<gchristensen>
heh...
<cole-h>
You seem to be breaking everything recently, gchristensen
<cole-h>
:D
<joepie91>
o_O
<joepie91>
run `ffplay --help`
<joepie91>
and marvel
<samueldr>
7.5k lines
<gchristensen>
cole-h: this is my home system which I back everything up to, with evidently failing hardware
<gchristensen>
truly the ideal destination for all my important data
<andi->
ha, backups… just reduce the amount of state ;)
<gchristensen>
my failing hardware is trying its best to reduce the amount of state I have :)
<andi->
cooperative state reduction
<gchristensen>
"systemd[1]: systemd-machined.service: Current command vanished from the unit file, execution of the command list won't be resumed" ....what?
<samueldr>
I love writing extremely out of my comfort zone exploratory code
<samueldr>
but whew that'll need a big rewrite with all the pitfalls now understood :/
<gchristensen>
nice! what'd you do and learn?
<samueldr>
working on automating bindings, binding some sizeable lib to a runtime
<samueldr>
though it's layered new things, like *actually* learning to implement a depper DSL in ruby, then learning how bindings in mruby are made, then how to fit all of this in an ergonomic thing
<gchristensen>
nice
<samueldr>
fun note: using `cpp`'s output it's more trivial to badly parse the C to extract enums
<gchristensen>
wow
* gchristensen
eyes those new ryzens
<samueldr>
is that why your hardware is failing?
<gchristensen>
hehe
<gchristensen>
this system is from early 2011 ... I'm not sure it owes me anythig
<samueldr>
respect while it still lives under your roof
<gchristensen>
no doubt, I am not wanting to replace it. Ogden and I have a long history
<gchristensen>
I don't really like to buy computers
<gchristensen>
too stressful
drakonis has joined #nixos-chat
<cransom>
the ryzens have been good to me. i still enjoy my threadripper.
<samueldr>
I don't see any ryzen to splurge for a new computer
<samueldr>
(I only did it for the pun)
<gchristensen>
:|
<samueldr>
maybe in 2-3 years it'll be worth it compared to what I rock... not that it's particularly good, but that it's good for what I do
<gchristensen>
yeah
<drakonis>
what do you rock?
<gchristensen>
cransom: why threadripper vs. ryzen?
<drakonis>
dont buy intel server motherboards, they charge you up the wazoo
<clever>
samueldr: take note of the [solved] in the title of the thread ... :D
<samueldr>
clever++ !
<{^_^}>
clever's karma got increased to 333
<samueldr>
I like how the "engineer" basically said crap :/
<clever>
samueldr: they did follow up with more, in a reply further down
<clever>
and did link to vc4boot, which was massively helpful (at both general dev, and cracking it :P)
<clever>
samueldr: once i knew it was an hmac, i looked for the magic 0x5c and 0x36, and quickly found a function that was definitely computing opad and ipad
<samueldr>
that's amazing
<clever>
after several hours of studying that, i discovered that the master key was at a certain address in sram
<clever>
so i booted up a start4.elf little-kernel, and dumped it, nada
<clever>
the bootcode.bin had over-written it
<clever>
then i dumped more sram, and i found the opad value, 64 bytes long
<clever>
the first 20 bytes, being the key xor'd with 0x5c
<clever>
undo the xor, solved
<samueldr>
meanwhile I'm here in my corner eating paste^W^W writing code that writes more code so I can write less code
<gchristensen>
samueldr: yeah I think it'd be a better fit. I should look at those discount-ey workstation sites
<clever>
samueldr: now the problem is more about what the legal ramifications are, if i share this key...
<samueldr>
oh, I was thinking new ryzen or threadripper or w/e but on server hw, so you can get full ECC working
<samueldr>
not sure if ECC works on "consumer" boards
<samueldr>
(never looked)
<samueldr>
but sure, reusing is also good, rather than making new future ewaste yours
<samueldr>
clever: you could... make a dumper :)
<samueldr>
though this discussion is probably fine for most people that know what to do with what you said
<clever>
i didnt mention the address or byte order of the key
<colemickens>
looks like xorg-server is non-trivial to build from actual source (and not a release tarball)
<colemickens>
autogen + custom m4 macros in a separate package, oh joy
* colemickens
is it worth it?
siers has joined #nixos-chat
__monty__ has joined #nixos-chat
jared-w has quit [Ping timeout: 245 seconds]
savanni has quit [Read error: Connection reset by peer]
jared-w has joined #nixos-chat
savanni has joined #nixos-chat
__monty__ has quit [Quit: leaving]
claudiii has joined #nixos-chat
averell has joined #nixos-chat
<yorick>
colemickens: I think xwayland is made from that too
<yorick>
so we may still need it in the future
endformationage has joined #nixos-chat
drakonis has joined #nixos-chat
cole-h has joined #nixos-chat
waleee-cl has joined #nixos-chat
__monty__ has joined #nixos-chat
<evanjs>
Crazy idea and don’t know how I would do it — but {home-}configuration.nix on zeal, or better yet, dash. Automatically updating after each rebuild, which I already have scheduled for every 6 hours. Hrmmm
<joepie91>
tired of all the "just use this magical boilerplate generator to set up your project" and "just read the source code of webpack/browserify for 3 hours" approaches to this problem
<joepie91>
it's all so totally unnecessary :P
<gchristensen>
:D
<drakonis>
are you still at 36c3? :V?
<viric>
I was looking for some programming thing for children. So far I liked most the things around microbit.
<viric>
But I wish there was something for children that were typing-programming and not drag-and-drop-blocks programming.
<__monty__>
We recently started using those at coderdojo.
<__monty__>
You can switch to writing code in makerblock (the microbit recommended IDE).
<viric>
then it's js
<__monty__>
Yep.
<viric>
I started with a BASIC prompt and I think that was far easier to grasp than js
<joepie91>
drakonis: so long as I don't remove it I can pretend that 36C3 hasn't ended yet!
<__monty__>
You can also use python iirc but no makerblock support for that.
<drakonis>
heh
<viric>
also tinygo builds for microbit. Or C, or anything
<viric>
I like that they don't focus it to motors, motors, motors. How are motors fun? They are not.
<gchristensen>
I think motors are fun because they let you affect the real world
<viric>
gchristensen: but it's an axis that moves forward and backward. Very limiting.
<__monty__>
There's displays you can hook up to a microbit.
<gchristensen>
slap a couple motors on a dustpan with a couple mason jar lids + rubberbands as wheels and you're off to the dustpan races
<viric>
You can have LEDs, pixels, a speaker, a light sensor, an accelerometer, ...
<__monty__>
Oh, and the simple communication makes having 2 microbits definitely worth it btw.
<viric>
RIGHT, and communication!
<viric>
microbit is by far the best I found for children
<viric>
But when I was young I didn't want to program a microcontroller - I wanted to program a computer. I think this should be easier, but somehow children "computer" workshops are directed towards these devices.
<viric>
(motors, robots, etc. all MCUs)
<viric>
With the Amstrad I started with I had 1) a screen 2) a speaker, 3) I/O (Sega-like joystick), 4) a keyboard
<viric>
At university we had boards for FPGA design that were basically an FPGA and pins that went to a PS/2 port and a VGA. We could build anything with the FPGA between the PS/2 and the VGA.
<samueldr>
might not be exactly kid-friendly
<__monty__>
viric: We use scratch heavily.
<__monty__>
It's just that the step from scratch to "real" programming is really big.
<viric>
scratch is not very FOSS
<viric>
samueldr: definitely
<viric>
microbit has a 5x5 LED matrix + two buttons. That's almost a display and a keyboard. :)
CRTified has quit [Quit: Gateway shutdown]
CRTified has joined #nixos-chat
noonien has joined #nixos-chat
clever has quit [Ping timeout: 260 seconds]
clever has joined #nixos-chat
<gchristensen>
wow! you can use ssh keys for signing data now!
<__monty__>
Using the ssh cli? Or, what's new about this? Haven't they always been asymmetric keys?
claudiii has quit [Quit: Connection closed for inactivity]
<gchristensen>
"OpenSSH v8 introduced new functionality for creating signatures using SSH keys"
<rycee>
Another alternative is to generate an ssh key from your gpg identity.
* gchristensen
is trying to get rid of his gpg identity
<cole-h>
Curious as to why
<gchristensen>
I'm not competent enough to use it
<rycee>
Hehe, I become an expert every 5 years or so when I create new keys for whatever reason. Now I've doubled down on gpg by getting a yubikey and putting the keys on it.
<cole-h>
I'm planning on getting a SoloKey when they release their rev 2
<__monty__>
gchristensen: If you move all the things you use gpg for now into ssh you'll end up not competent enough to use ssh. Stop this madness before you're relegated to telneting all over the place!
<samueldr>
minicom is where it's at
<rycee>
cole-h: Neat, do you know if it's possible to use solokey as a gpg smart card?
<gchristensen>
__monty__: the things I do with GPG are not complicated
<cole-h>
When I was researching them a while ago, I'm pretty sure yes
<__monty__>
I've heard sequoia pop up a number of times. Let's hope that improves the situation.
<joepie91>
gpg--
<gchristensen>
oh it has a cli now
<__monty__>
gchristensen: That's not ready for primetime yet. At least according to the people in #hagrid.
<gchristensen>
what do you call gpg ...
<rycee>
cole-h: Nice! I guess my yubikey will last for a few years but it would be nice to have something more open in the future.
<cole-h>
That's the main reason I'm waiting -- I don't want my key calling out to Yubico's servers :P
<emily>
yubikeys don't do that...?
<gchristensen>
the keys don't have network access anyway :)
<emily>
if you don't use the ancient keyboard-imitating passphrase mechanism they don't have anything to do with yubico at all
<emily>
and even in that case they certainly don't make network connections
<emily>
(that cc[line noise] stuff trusts yubico somehow, I forget exactly how, but there's no reason to use it anyway)
<__monty__>
gchristensen: Well I explicitly asked whether it supported my workflow yet. Which is stupid simple gpg use, just adding a new subkey every so often and signing releases and they said no.
<cole-h>
I must have mis-interpreted something along the way then. Thanks for correcting me. Either way, it's still more open than a yubikey AFAICT :)
<emily>
it is, yeah. I believe the hardware security properties are also worse, though I haven't looked at their newer models
<gchristensen>
gotcha __monty__ I don't do those things really
<emily>
(as in, solo's is worse than yubikey's)
<gchristensen>
I only decrypt mail when someone is rude enough to send me gpg-encrypted mail
<emily>
part of the problem is that most of the "secure element" chips come with draconian NDAs.
<gchristensen>
oh, and signing git commits :(
<joepie91>
brb sending encrypted line noise to gchristensen
<joepie91>
:P
<gchristensen>
go for it
<gchristensen>
make sure it has a good subject like "critical rce in nix"
<cole-h>
Critical RCE in lorri 👀
<joepie91>
lol
<__monty__>
UNFIXABLE exploits in openssh signing implementation, guess you're stuck with gpg after all, details in the encrypted body! (Tagged important.)
* gchristensen
moves to spam
<colemickens>
I think I've seen people describe ways to sign git commits without involving gpg tooling.
<joepie91>
lol
<gchristensen>
the execlp("gpg"...) isn't the bad part, it is the times I have to do maintenance with on my key
* colemickens
nods
<__monty__>
No one stops you from having a forever-valid key though.
<colemickens>
I just meant, depending on how much you wanted to get rid of gpg, you could potentially widdle down use-cases maybe
<gchristensen>
yeah
<gchristensen>
maybe I'll start signing my commits with s/mime :)
<__monty__>
And if you act responsibly with gpg expiry then wouldn't you act equally responsible with other methods and incur the same amount of maintenance.
* colemickens
has flashes of trying to wrangle x509 in Go many years ago. yay for security tooling.
<cole-h>
(colemickens: sorry to be a pedant, but it's 'whittle')
<gchristensen>
the maintenance is not the problem, GPG is the problem
<colemickens>
Am I allowed to dislike gpg purely because of the UX? I don't even mind the "burden" of maintenance.
<gchristensen>
colemickens: yes
<gchristensen>
the UX is actively dangerous and the UX is literally a reason to not use it
<colemickens>
cole-h: happy to be corrected, I feel pretty silly now actually, haha
<gchristensen>
you basically can't have a secure system which is hard to use
<cole-h>
"Look how cute that widdle puppy is!" :D
<viric>
gpg is very hard to use.
<viric>
I'm amazed how some people write gpg things for Android
<gchristensen>
btw colemickens I sent you PMs :) (I think matrix makes them harder to see?)
<viric>
I didn't know matrix had anything to do with encryption, btw - today I read it may have.
<__monty__>
viric: Matrix has support for e2ee. And upcoming(?) support for some sort of encrypted group chat.
<viric>
Isn't it compulsory?
<__monty__>
Nope.
<__monty__>
May be default though.
<viric>
I liked ideas (not implementations) like tox or that mail over tor thing I can't remember anymore
<__monty__>
Matrix is far more than just a protocol for instant messaging. Forcing OTR encryption doesn't necessarily make sense for all the applications of the protocol.
<viric>
I don't like the "run your server" approach
__monty__ has quit [Quit: leaving]
<viric>
pond. Pond was a thing
<viric>
why is there so much trust in Signal?
* joepie91
considers GPG insecure because of the UX
<DigitalKiwi>
<3 Signal
<joepie91>
viric: you can use someone elses matrix homeserver if you don't want to run your own :P
<joepie91>
viric: combination of pioneering and marketing
<DigitalKiwi>
...but it's a <3 </3 relationship
<joepie91>
Signal genuinely improved things a ton with its encryption protocol/setup, but it's also banking off Moxie's reputation quite a lot, even where not really appropriate
<joepie91>
and as an organization, they've been... less than good-faith in their behaviour overall, IMO
<joepie91>
Moxie in particular
<DigitalKiwi>
it'd be nice if it like...worked reliably :( since it's the only one that even seems to try to put security as high of priority as it can and still be useable...
<DigitalKiwi>
signal-desktop especially falls flat