<gchristensen>
right now that flag has to be removed manually
<gchristensen>
sort of on purpose, so I can go look at what happened
<gchristensen>
I'd do it now, but I don't have enough free disk space to start firefox
<cole-h>
Oh, understandable
<cole-h>
(and lol)
<gchristensen>
(if znapzend worked differently, I would have plenty of space by now)
<danderson>
TIL znapzend!
<danderson>
gchristensen: what's annoying about it?
<gchristensen>
I have two datasets, A and B. znapzend sends everything from the oldest sync'd snapshot for A to the newest one to a remote target, and then sends everything for B
<gchristensen>
if you cancel in the middle of a send, it won't clean anything up. this means nothing gets cleaned up until everything in A has sent, which in this case is quite a lot
<pie_[bnc]>
hooray failure modes
<gchristensen>
if instead it did a round-robin of (a, b, a, b, a, b, ...) it could progressively clean up snapshots as it went instead of waiting for a weeks' worth of snapshots to send
<pie_[bnc]>
znapzend you are not in a pure type you are in IO what are you doing
<pie_[bnc]>
#justIOthings
<gchristensen>
this is made even worse if you're sending to 2 remotes, where it won't clean anything up unless the entire dataset's snapshots made it to every remote
<danderson>
ah, so it's not granular enough if you have a lot of snapshots?
<gchristensen>
yeah it works great until it doesn't, and then ... well :)
<pie_[bnc]>
and then you fall back to zfs error supression modes :D
<pie_[bnc]>
or recovery rather
<gchristensen>
to clarify though I'm not going to stop using it, it is really great almost all the time
<gchristensen>
but if, say, you have to redo your backup server and forget to setup your SSH key for a while ...
<gchristensen>
also, znapzend uses bash on remotes, which is unfortunate. it could so easily use exec's nice argv handling, and instead they wrote some shell escaping code
<danderson>
does it use ssh?
<gchristensen>
yeah
<danderson>
because if so it has no choice, ssh has no way to just pass an argv to exec, everything is spawned via "the shell" (unspecified)
<danderson>
(I mean unless they spawn some handler process on the other end and mediate through that - but if they're just running commands through ssh's exec logic, there's no way to bypass the shell :(
<gchristensen>
I think you can skip the shell with force_command?
<gchristensen>
but I guess that wouldn't work, since it needs to pass arguments
<danderson>
yeah
<danderson>
in the wire protocol, the "thing to execute" is a string, and the ssh spec says it's just passed to "some shell"
<danderson>
very underspec'd :(
<gchristensen>
hrm
<danderson>
I once wrote a go library to work around that, which basically did its own shell escaping
<gchristensen>
and the man page is not so nice about it either "If a command is specified, it is executed on the remote host instead of a login shell."
<danderson>
so the string was /bin/sh -c "<horrible escaped gobbledigook here>"
<gchristensen>
joyous
<gchristensen>
making me hate computers all over again :P
<danderson>
I have a vague memory that I even did something horrible with base64 encoding for some reason
<danderson>
like passing encoded string to |base64 -d|/bin/sh or somesuch
<danderson>
I can't remember why now... I'm pretty sure there was an awful reason
<gchristensen>
I am certain you're right
<andi->
regarding weird SSH features: I recently discovered an SSH server that did just started spawning a shell "session" (or was it stream?) before OpenSSH 7.8 considered the connection fully estagblished. You wouldn't figure that out unless you had a lower connect timeout then the default (which is infinite?)...
<gchristensen>
danderson: erasing large swaths of my hard drives on each boot has made me a bit more cautious about backups :P
<gchristensen>
okay, good night y'all
<cole-h>
o/
<colemickens>
GH's email is sooo lossy.
<colemickens>
I Wonder how many important notifications I've missed since I only use email.
cjpbirkbeck has quit [Quit: cjpbirkbeck]
slack1256 has joined #nixos-chat
<lovesegfault>
samueldr: Yeah, I saw that; now to wait for nixos-unstable-small to pick that up
rardiol has quit [Ping timeout: 260 seconds]
rardiol has joined #nixos-chat
andi- has quit [Ping timeout: 256 seconds]
slack1256 has quit [Remote host closed the connection]
lovesegfault has quit [Quit: WeeChat 2.8]
andi- has joined #nixos-chat
<infinisil>
I originally transfered all the data on my laptop from macos to linux, putting it in ~/legacy
<infinisil>
Now that my laptop's SSD is broke, I'm transferring all data to my PC. Now the original data is in ~/legacy-legacy :)
<infinisil>
I've been slowly sorting everything out though, removing what I don't need, and saving what I want to keep
<infinisil>
(but it's a lot)
lovesegfault has joined #nixos-chat
waleee-cl has quit [Quit: Connection closed for inactivity]
endformationage has quit [Quit: WeeChat 2.6]
drakonis has quit [Quit: WeeChat 2.7.1]
cole-h has quit [Ping timeout: 256 seconds]
lovesegfault has quit [Ping timeout: 252 seconds]
__monty__ has joined #nixos-chat
<MichaelRaskin>
Hmmm. So how can I run a GC that would leave all the current build dependencies of all GC roots, but delete older fixed-output derivations for the paths that have a different one now?
<MichaelRaskin>
I.e., do not pin each curl ever instantiated for fetchurl, only the newest one.
<yorick>
MichaelRaskin: define "newest curl"
<__monty__>
Are the GC roots from nix-shell evaluations? Cause if so, I think lorri makes sure to only keep the most recent GC roots... rooted(?).
<srk>
I was looking at how GC chooses paths and it uses PRNG to shuffle paths and delete (in case of max bytes)
<srk>
would prefer delete-oldest first
<yorick>
I would prefer least-recently-used
<MichaelRaskin>
yorick: used in the latest instantiation of the fetchurl
<srk>
that's problematic
<srk>
lru requires atime or something like that
<__monty__>
Yeah, LRU seems like the most sensible approach.
<yorick>
srk: you could imagine a realization updating the time somewhere
<MichaelRaskin>
I want build-dependency closure of most of the stuff I have installed
<srk>
yorick: that info (atime) is not in the store but date of build is
<srk>
yorick: atime is problematic and causes a lot of overhead
<srk>
which is why ppl sometimes use systems with noatime
<MichaelRaskin>
The problem is that the keep-derivations + keep-outputs leads to unbounded collection of curl versions and corresponding glibc versions
<MichaelRaskin>
My goals are purely definable in terms of instantiations that have actually happenned, so I have _some_ hope
<yorick>
srk: I don't want atime
<yorick>
srk: I want the time since it was last poked at by nix
<yorick>
whenever it wants to re-realize that path
<srk>
yeah, makes sense
Jackneill has joined #nixos-chat
<srk>
re-realize you mean like when something uses it?
<yorick>
yeah
<srk>
but!
<srk>
how would you know?
<srk>
it's just a path in the end
<yorick>
srk: well, nix obviously checks, because it builds it if it doesn't exist
<srk>
yeah but if you have path already you can use it without nix interaction :)
<srk>
now I wonder how bad would that be if all /nix/store ops went thru daemon :D
<MichaelRaskin>
I am actually OK with using the latest created deriver as the main deriver and GC-ing the others
<yorick>
srk: yeah, but I don't think you ever do that for things that aren't gc roots
<MichaelRaskin>
srk: well, realisation of a path is an operation of Nix
<srk>
MichaelRaskin: sure, I mean more like .. read
<srk>
:D
<MichaelRaskin>
srk: not _that_ bad, have you ever used FUSE?
<srk>
true!
<MichaelRaskin>
You could also do something silly like a FUSE /nix/store where everything is a symlink to the same name in /nix/real-store
<MichaelRaskin>
And LRU statistics is aggregated in RAM and dropped into the DB hourly
<srk>
yorick: yes. I guess there's no point in doing this for dependencies of the main deriver either
<srk>
MichaelRaskin: maybe it could be done efficiently like just tell stats to daemon but passthru read like it's regular file
<MichaelRaskin>
I think what _I_ want is doable with the data Nix currently has anyway, but I would prefer not to write the queries from scratch if someone has already written a script
<MichaelRaskin>
srk: hm, inotify on all valid paths can indeed be done
<srk>
nooo
<srk>
:D
<srk>
inotify doesn't scale well
<srk>
with many files
<MichaelRaskin>
Is 100k already that bad for inotify?
<srk>
think so, is 100k your store size roughly?
<yorick>
fatrace?
<srk>
if you don't mind that you loose notifications from time to time it would be fine
<srk>
yorick: that's bpf?
<yorick>
srk: it's fanotify
<srk>
I see
<srk>
you can do the same with bpf nowadays
<yorick>
yeah, but I'm not sure if it's faster
<MichaelRaskin>
srk: my current store path count is like 35k
<MichaelRaskin>
100k would be enough for me, 10k would not
<yorick>
my nix store is 350k
<MichaelRaskin>
I do not need recursion
<MichaelRaskin>
Yeah, 350k is harsher
<srk>
I'm afraid to run the count :D
<srk>
but it shouldn't be that bad
<yorick>
sqlite3 'file:///nix/var/nix/db/db.sqlite?immutable=1' 'SELECT COUNT(*) FROM ValidPaths'
<srk>
on my armv7 laptop I've managed to run out of inodes recently tho
<srk>
ty!
<srk>
58k
<MichaelRaskin>
I ran out of inodes because of symlinks _inside_ the paths
<yorick>
I just use zfs
<MichaelRaskin>
I use btrfs for store
<yorick>
it has room for 281474976710656 store paths, currently
<srk>
:D
<yorick>
I'm really missing "open a CoW snapshot of this path" on linux
<yorick>
(zfs doesn't even do --reflink :/)
<srk>
my friend is joking that NixOS is a filesystem benchmark
<srk>
due to amount of symlinks
<__monty__>
yorick: Can't you kinda do that with overlayfs?
<yorick>
__monty__: only if you mess with other writers
<__monty__>
Other writers?
<yorick>
__monty__: you'd need to remount the file for this
<__monty__>
You do? You said a snapshot, you didn't say it had to be in-place.
<yorick>
__monty__: I don't, but how would you do this using overlayfs then?
<eyJhb>
adisbladis: do you know what chipset tha bananapi uses?
<__monty__>
yorick: The thing you want to snapshot is the lower dir, writes would end up in the upper dir, and you address the snapshot using the merged dir? s/dir/mountpoint
<yorick>
__monty__: so I have to point the writers at the merged snapshot somehow?
<yorick>
merged dir*
<yorick>
but they already have the file open
<__monty__>
That's a new constraint.
<yorick>
__monty__: I want to snapshot *arbitrary* files
<__monty__>
Well you can, just not at arbitrary times : )
waleee-cl has joined #nixos-chat
Jackneill has quit [Ping timeout: 250 seconds]
KeiraT has quit [Ping timeout: 240 seconds]
Jackneill has joined #nixos-chat
neeasade has joined #nixos-chat
KeiraT has joined #nixos-chat
<joepie91>
holy crap what happened to github
<joepie91>
a script I use that depends on its API is suddenly flying through its jobs
<gchristensen>
is it doing the right thing?
<joepie91>
yeah
<joepie91>
it seems to be a genuine significant performance improvement
<joepie91>
not sure if I'm hitting a cache or what
<gchristensen>
maybe they deleted the speedup loop
<joepie91>
hah
<joepie91>
quite possibly
<joepie91>
I guess they really were migrating stuff when everything fell over yesterday
<__monty__>
Maybe lots of services failed during the outage and haven't been restarted yet?
<gchristensen>
maybe they moved back to their own DC after azure ran out of capacity
<MichaelRaskin>
People gave up and still did not recover, the load is down
<gchristensen>
lol
ekleog has joined #nixos-chat
lovesegfault has joined #nixos-chat
cole-h has joined #nixos-chat
drakonis has joined #nixos-chat
<colemickens>
"before all the scripts in Nixpkgs have been updated to not use the Nix 2.0 CLI" <- ?? cc: qyliss
<colemickens>
I need to plug into nixos world more than just in irc...
<qyliss>
Nix 2.0 CLI is going to be an experimental feature in Nix 2.4
<qyliss>
So disabled by default
<colemickens>
Ah yes, I've noticed.
<colemickens>
Makes sense to avoid in scripts.
<yorick>
I suspect literally everyone will have it enabled
<samueldr>
I might not
<samueldr>
other than `nix log` and `nix repl` I am not using the new cli
<samueldr>
I may wrap `nix repl` into a `nix-repl` script with the experimental feature turned on
<yorick>
samueldr: why not just turn on the rest?
<samueldr>
keep ourselves honest
<samueldr>
dogfooding that it's experimental and turned off by default
<yorick>
we have thousands of lines of scripts using the new api all over
<samueldr>
oh well
<joepie91>
wait, are we experimental-ing something that was previously stable?
<gchristensen>
no, `nix` was never stable
<joepie91>
or am I misunderstanding here
<gchristensen>
but there was no mechanism to mark it as unstable before
<samueldr>
(I thought we were in #nixos-dev here, that would be on-topic for #nixos-dev)
<__monty__>
Please tell me invoking "nix repl" will complain with a very clear error message about how it moved to experimental, always was experimental and how to enable it.
<gchristensen>
I think repl will be marked stable ? something to bring up in this meeting :)
<__monty__>
Well, whatever ones will be marked experimental.
<samueldr>
(continuing in #nixos-dev -> )
<cole-h>
RIP, I got no audio in jitsi. I'll try again next time.
<infinisil>
gchristensen: Wait were you able to read the poster on my back wall??
<gchristensen>
yeah :)
<cole-h>
Yes :D
<infinisil>
Hehe
<infinisil>
I just read that and was like "Oh I have a poster that says exactly that!"
<gchristensen>
hehehe
ottidmes has joined #nixos-chat
<gchristensen>
just got some nice phishing mail
<gchristensen>
FYI: looks like there is some phishing going for github users, saying some private file was modified withe curlx. don't click it :P
<ottidmes>
I keep getting SMS, something about my bank, funny thing is, I don't even go to that particular bank, so clearly phishing
<waleee-cl>
high budget phishing then, apparently the operators don't provide bulk prices for mass-SMS
<ottidmes>
One time I thought I clearly got a phishing mail, it turned out to be an actual offical mail. Which is worrisome, who the hell designs the customer interaction to be to click on a generic mail containing a link that requires you to straight up pay to another company you know nothing about. Turns out my dentist does...
cransom has quit [Quit: WeeChat 2.6]
cransom has joined #nixos-chat
<__monty__>
Don't 2FA SMSs get charged to the recipient?
<samueldr>
probably depends on the location
<samueldr>
telcos are not globally heterogenuous
<samueldr>
I'm pretty sure here both ends can be charged, but most plans include unlimited SMS so you end up not paying
<MichaelRaskin>
Charging for incoming SMS is not legal in many places
<joepie91>
pretty sure it isn't possible here
<leah2>
gchristensen: just got that too, interesting
<MichaelRaskin>
Never underestimate what's possible!
<MichaelRaskin>
I feel excluded!
<MichaelRaskin>
Where is my phishing email
<samueldr>
I never get to join in the fun either, MichaelRaskin
<eyJhb>
To block ads+malware at the DNS, or not to. That is the question...
ottidmes has quit [Quit: WeeChat 2.7.1]
<joepie91>
eyJhb: considerations: more performant than in-browser blocking, also works with devices/clients that do not support adblocking; BUT it will catch less
<joepie91>
because it can only block entire domains
<joepie91>
not detect by URLs or visual properties
<joepie91>
also no possibility for whitelisting if you care about that
<eyJhb>
Yeah, but from a security point of view I might be curious!
<eyJhb>
But yeah, the same thing I am thinking
<eyJhb>
Any good lists? Currently working with StevenBlack
<eyJhb>
Hmm, can't really be used for this. But didn't know that!
<eyJhb>
Currently, I am trying to just make something that I can include directly in my unbound dns config on the my nixos router
<manveru>
been trying nextdns.io for a day now instead of my pi-hole, it's pretty neat
<__monty__>
Did the pi-hole affect your day-to-day browsing in any noticeable way?
<eyJhb>
Come with all your good points, will read tomorrow! Night folks!
* cole-h
uses a pihole and hasn't had any problems
<manveru>
__monty__: it was quite effective... i still run uBlock origin anyway, but it's great for blocking ads in mobile games and stuff, so my son doesn't try to watch ads for infinite gems and such :)
<drakonis>
ah game ads
<drakonis>
the most wasteful form of time conversion
<manveru>
have to turn it off once in a while so my wife can check google analytics for her clients though
lovesegfault has joined #nixos-chat
<__monty__>
So it definitely doesn't mess with internet experience like umatrix or blocking JS does?
<manveru>
yeah
<manveru>
really could be more strict if i added more blacklists