drakonis_ has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
emilazy has joined #nixos-chat
emily has joined #nixos-chat
emilazy has quit [Changing host]
emily has quit [Changing host]
arcnmx has quit [Changing host]
arcnmx has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
abathur has joined #nixos-chat
ravndal has joined #nixos-chat
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis1 has joined #nixos-chat
drakonis_ has quit [Read error: Connection reset by peer]
drakonis has quit [Ping timeout: 240 seconds]
drakonis has joined #nixos-chat
drakonis1 has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 240 seconds]
lopsided98 has quit [Remote host closed the connection]
lopsided98 has joined #nixos-chat
waleee-cl has quit [Quit: Connection closed for inactivity]
ravndal has quit [Ping timeout: 260 seconds]
samueldr has quit [Ping timeout: 260 seconds]
Church- has quit [Ping timeout: 260 seconds]
mutantmell has joined #nixos-chat
Church- has joined #nixos-chat
kcalvinalvin has joined #nixos-chat
ravndal has joined #nixos-chat
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
samueldr has joined #nixos-chat
mutantmell has quit [Ping timeout: 260 seconds]
mutantmell has joined #nixos-chat
LnL has quit [Ping timeout: 255 seconds]
LnL has joined #nixos-chat
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis1 has joined #nixos-chat
drakonis_ has quit [Ping timeout: 252 seconds]
drakonis_ has joined #nixos-chat
drakonis1 has quit [Ping timeout: 255 seconds]
<ashkitten>
hmph.. my l2arc gets hit so rarely aside from during boot
drakonis has quit [Ping timeout: 255 seconds]
drakonis has joined #nixos-chat
drakonis has quit [Client Quit]
drakonis has joined #nixos-chat
lovesegfault has joined #nixos-chat
drakonis has quit [Quit: WeeChat 2.6]
lovesegfault has quit [Ping timeout: 240 seconds]
lovesegfault has joined #nixos-chat
endformationage has quit [Quit: WeeChat 2.6]
drakonis has joined #nixos-chat
<cole-h>
wtf why did {^_^} ping me in #nixos
<cole-h>
I'm spooked
<ashkitten>
ghosts
drakonis_ has quit [Read error: Connection reset by peer]
<ashkitten>
damn, curl --libcurl is so cool i wish i had a use for it
<ashkitten>
unfortunately i don't write c
drakonis_ has joined #nixos-chat
<ashkitten>
(or fortunately?)
<ashkitten>
i tend to get angry at c so it's probably a good thing
<etu>
ashkitten: I've found it useful even though I don't write C. I use other languages where they use the same constant names etc for setting curl up. So I've used the flag to figure out what options I need :)
<ashkitten>
ahh yeah legit!
<ashkitten>
i wouldn't use libcurl in rust anyways tho
<ashkitten>
there's reqwest for that
<ashkitten>
it's async!
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 265 seconds]
abathur has quit [Ping timeout: 252 seconds]
lovesegfault has quit [Quit: WeeChat 2.7.1]
drakonis_ has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
veske has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
cole-h has quit [Ping timeout: 240 seconds]
KeiraT has quit [Ping timeout: 240 seconds]
drakonis has quit [Ping timeout: 240 seconds]
__monty__ has joined #nixos-chat
KeiraT has joined #nixos-chat
veske has quit [Quit: This computer has gone to sleep]
abathur has joined #nixos-chat
veske has joined #nixos-chat
abathur has quit [Ping timeout: 260 seconds]
tazjin has quit [Excess Flood]
tazjin has joined #nixos-chat
veske has quit [Quit: This computer has gone to sleep]
veske has joined #nixos-chat
<Taneb>
Is it bad I've started making puns in my dreams
veske has quit [Quit: This computer has gone to sleep]
Jackneill has joined #nixos-chat
malSet has quit [Quit: Quit.]
veske has joined #nixos-chat
malSet has joined #nixos-chat
veske has quit [Quit: This computer has gone to sleep]
waleee-cl has joined #nixos-chat
malSet has quit [Quit: Quit.]
psyanticy has joined #nixos-chat
drakonis has joined #nixos-chat
<eyJhb>
Taneb: get out :p
malSet has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
<infinisil>
Aw damn, Librem 5 Evergreen batch moved back to mid August at least
<infinisil>
At least they started shipping earlier batches
<infinisil>
I'm still confident they can deliver
<etu>
I've tested phosh on my pinephone
<etu>
It's one of the better experiences on the pinephone imo
<andi->
I am reqlly thinking about canceling my librem5 order... I still believe in supporting those efforts
<infinisil>
If I wouldn't see anything from librem then I'd probably think about it too
<infinisil>
But they've shown that they're working hard on it
drakonis_ has quit [Ping timeout: 258 seconds]
tazjin has quit [Excess Flood]
tazjin has joined #nixos-chat
drakonis_ has joined #nixos-chat
<eyJhb>
When atomic is used to describe NixOS, then what is the definition of it?
<__monty__>
eyJhb: nixos-rebuild switch is atomic because interrupting it at any point before actually switching the symlink leaves you with no changes.
<__monty__>
You never end up with a half-updated system.
<__monty__>
Which happens a lot on distros like arch for example.
<emilazy>
*except for services and other activation script stuff
<emilazy>
which is often the most important stuff :/
<gchristensen>
emilazy: no way!
<gchristensen>
the "Critical section" of puppet/chef/apt/rpm/ansible/etc. is basically from the start to th efinish of the time the program is running. nixos-rebuild switch's "critical section" is like 2-10 seconds at the end
<emilazy>
sure, it's much better
<emilazy>
er, let's put it this way: I'm coming at this from the perspective of someone who wants a fully atomic system and is disappointed by the extent to which NixOS still resembles "classical" Linux distros in that regard, not as someone defending the crappy other system trying to patch over this stuff on those
<gchristensen>
well you could deploy like I deploy
<emilazy>
but e.g. if you care about your webserver being restarted separately and port 80 only being switched when it's tested as working and then the old one being torn down, nixos doesn't really help you out much there
<eyJhb>
BUt is there any definition of it? Because currently I am reading on atomic in a way of ordering and messages. And there it means, that the messages are always received in the same order
<__monty__>
eyJhb: That's not what atomic means.
<__monty__>
Atomic means undivisible.
* gchristensen
is disappointed by no "how do you deploy?"
<eyJhb>
"Atomic broadcast (messages delivered to all nodes in the same order; messages of the same
<eyJhb>
node are delivered in their sending order)
<__monty__>
eyJhb: That's not a definition of atomic though, that's a definition of "atomic broadcast."
<__monty__>
And not one I've run into.
<__monty__>
What is this about anyway? TCP kinda achieves that through sequence numbers.
<gchristensen>
on most servers, the first thing to run is erasing every disk and creating a blank stripe across all of them, and then starting the services
<eyJhb>
__monty__: Network Technologies and Distributed Systems
<eyJhb>
:p
<emily>
gchristensen: go on then :p
<emily>
oh, you just mean using throwaway servers?
<gchristensen>
yeah
<emily>
that's a little less practical with hetzner
<emily>
you could use an immutable partition and just reboot with a different generation each time tho
<gchristensen>
I forget, can you make a hetzner box netboot permanently?
<emily>
that gets you a lot at the expense of sucking
<emily>
i think so
<emily>
you can access the bios at least. i turned uefi on with mine
<eyJhb>
gchristensen: what is the usecase?
<gchristensen>
getting my deployment methodology to work on hetzner :)
<talyz>
gchristensen: Note that the demo uses the eu-north-1 region, which doesn't work with the current release of nixops - I have to patch boto for it to work
<talyz>
gchristensen: ..but that might work just fine if boto is up-to-date :)
<gchristensen>
nice... ok
abathur has quit [Ping timeout: 265 seconds]
drakonis_ has quit [Ping timeout: 255 seconds]
drakonis_ has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 260 seconds]
waleee-cl has quit [Quit: Connection closed for inactivity]
<infinisil>
Updated nixpkgs from c3414919a539d06a73c41f90dcf2f346523ae585 to ea79a830dcf9c0059656da7f52835d2663d5c436, but there's no changes to that setting in the nginx module
<infinisil>
Guess that's not it then
drakonis has quit [Read error: Connection reset by peer]
<infinisil>
Oh also: I downloaded an SSL test app to debug a bit, and it showed infinisil.com having *two* certificates. One trusted, one not trusted
<gchristensen>
and dav.infinisil.com according to the certificates
<infinisil>
I'll just turn off dav.infinisil.com (where radicale is running) for now
neeasade has joined #nixos-chat
abathur has quit [Read error: Connection reset by peer]
abathur has joined #nixos-chat
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 272 seconds]
<ajs124>
mail.infinisil.com doesn't even have a AAAA record
drakonis has joined #nixos-chat
<infinisil>
Oh good point, I should do that
drakonis_ has quit [Ping timeout: 265 seconds]
<ajs124>
my claws-mail crashes when verifying s/mime signatures. do I try to fix it or just turn the s/mime plugin off, because i don't care? hm...
<__monty__>
Fate of so many security solutions... : ) : (
<infinisil>
Will have to debug this further later, now eat
<gchristensen>
I'm impressed someone is sending s/mime signatures
<__monty__>
I know someone who used to because gpg is too much work. Particularly for the verifying party.
<LnL>
"someone"?
abathur has quit [Read error: Connection reset by peer]
<gchristensen>
haha, LnL :D
abathur has joined #nixos-chat
abathur has quit [Read error: Connection reset by peer]
<ajs124>
Yeah, I've run into 2 people sending s/mime in the last week. Then again, that's probably a coincidence/confirmation bias/something. I don't think I receive more than 10 s/mime emails a year.
veske has quit [Quit: This computer has gone to sleep]
endformationage has joined #nixos-chat
drakonis has quit [Ping timeout: 240 seconds]
abathur has joined #nixos-chat
abathur has quit [Read error: Connection reset by peer]
abathur has joined #nixos-chat
abathur has quit [Read error: Connection reset by peer]
abathur has joined #nixos-chat
abathur has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
myskran has joined #nixos-chat
myskran has quit [Read error: Connection reset by peer]
myskran has joined #nixos-chat
myskran has quit [Read error: Connection reset by peer]
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
<eyJhb>
Curious question, why is it that you tend to see people from America more against swearing/cursing?
<eyJhb>
I hate seeing shows from the US, where there is a big tendency of bliping out curse words..
infinisil has joined #nixos-chat
drakonis_ has joined #nixos-chat
<__monty__>
Puritan origins which were carried on in TV censoring?
<samueldr>
eyJhb: though you probably were thinking USA, there *is* a similar mindset in english canada, but in french canada it's more subdued
<eyJhb>
__monty__: Maybe, I just find it odd. We have had Danish Radio appoligize, because they played a censored version (curse words)
<samueldr>
which might help answer the question a bit, that it's rooted in the cultural background from the people that went there
<samueldr>
AFAIK in the USA it's the FCC, a federal institution, that sets the rules, while in Canada it's the broadcasters in a kind of union that does
neeasade has quit [Remote host closed the connection]
<eyJhb>
Seems about right, just annoying that it is frowned that much upon...
<__monty__>
The US is a bit weird, land of extremes. A lot of bleeping but also a lot of rap music replete with cussing. Fairly prudish but also the world's largest producer of porn. Economically extremely liberal but socially extremely conservative.
<samueldr>
the thing to note is that all those "rap music replete with cussing" have a radio edit
<samueldr>
(or don't get aired)
drakonis_ has quit [Read error: Connection reset by peer]
<infinisil>
That's pretty much exactly the issue I'm having
<infinisil>
"Looks like you have found a solution. [as it works now]" "This topic was automatically closed 30 days after the last reply. New replies are no longer allowed."
<eyJhb>
Also, what is the current problem infinisil ? Your own site?
<infinisil>
Poop
<infinisil>
Yeah, there's two problems with it: TLS 1.2 doesn't seem to work, 1.3 does, even though I have `ssl_protocols TLSv1.2 TLSv1.3` in nginx's config
<eyJhb>
She is that as well... Not that good at the litter box yet infinisil...
<infinisil>
The other problem is that it seems to send a completely unrelated SSL certificate for that domain, namely one from dav.infinisil.com
<eyJhb>
You sure it is the right config it is using?
<infinisil>
These two problems seem related to each other, as e.g. from https://github.com/openssl/openssl/issues/7147 I got that the openssl error comes from some domain name confusion
<{^_^}>
openssl/openssl#7147 (by gogo9th, 1 year ago, closed): sslv3 Alert Handshake Failure (alert number 40)
<infinisil>
eyJhb: Yea, got it from `systemctl cat nginx`
<infinisil>
All I did was update my nixpkgs to a version that has the new ACME v2 support
<eyJhb>
infinisil: did they merge the new module? And that seems weird
<infinisil>
I did get the same "Chain issues: Incorrect order, Extra certs" thing on that test
<emily>
it actually broke something? huh
<emily>
I only got that warning and no actual breakage
<infinisil>
emily: It only broke on my old iphone, firefox on pc works fine
<emilazy>
aha
<infinisil>
Well unsure if this is really the fix, but I'll try it out now
* emilazy
really hopes her acme PRs can be merged before 20.03 merge window ends
<emilazy>
they're pretty important fixes
<eyJhb>
Anyone that has a good method for detecting a "bad" change in activity? As of right now, I am just thinking of detecting a % drop in usage from week to week..
<eyJhb>
emilazy: When does the merge window end?
<infinisil>
emilazy: Oh yeah definitely, we should make those a blocker for 20.03
<infinisil>
Got links to them?
<samueldr>
february 10th
<samueldr>
but *fixes* can still happen, even after the release
<emily>
well
<emily>
the timing change one isn't really a fix
<eyJhb>
So... 15 days late samueldr ?
<emily>
it's just a "stop torturing let's encrypt"
<emily>
rip on the merge window though, didn't realise that
<samueldr>
for the 20.03 freeze for new features, yeah :)
<ajs124>
the whole simp_le -> lego thing is already in 20.03, right?
<samueldr>
emily: I could see that as being a fix, depending on the scope of breakage this can bring
<samueldr>
though that would be the RMs' job to determine
psyanticy has quit [Quit: Connection closed for inactivity]
<emily>
tbh nixos is probably a small blip on let's encrypt's metrics in reality
<samueldr>
(or maybe with overwhelming agreement from contributors)
<ajs124>
the only way requesting certificates at a different time of day can break something, is if you have a really really weird setup.
<emily>
ajs124: yeah
<emily>
that's why I didn't bother backporting anything further back
<ajs124>
and if your setup is that weird, you're probably not relying on the ACME stuff from nixpkgs, in the first place.
drakonis has quit [Read error: Connection reset by peer]
<infinisil>
Hm that might not have been it after all
<infinisil>
Not seeing any change to before in all checks
<infinisil>
Although
<infinisil>
I might need to restart
<infinisil>
the acme services
drakonis has joined #nixos-chat
<infinisil>
emily: Or do I need to do something else to apply the PR's changes?
<emily>
you need to force a cert renewal
<emily>
I just made the valid min days really high. there should be a better way to do it but there isn't
<emily>
not sure the best way to expose it, maybe you can expose some "forced run" from systemd services, or maybe it should expose some shell script as an attribute, who knows
<infinisil>
Hm, what if I just delete the existing cert
<ajs124>
you can also just run those commands manually
<aanderse>
emily: i'm really glad you're doing these prs, thank you
<aanderse>
emily++
<{^_^}>
emily's karma got increased to 9
<aanderse>
i have been a bit occupied for testing them, unfortunately... :\
<aanderse>
but i agree with your statement that they are very important
<ajs124>
what aanderse said. It would have sucked to run into this stuff when switching to 20.03
<infinisil>
Okay so I have a clue: Removing "ssl_ciphers EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL;" from my nginx config makes it work
<gchristensen>
unchanged since 2016, probably out of date :|