<eyJhb>
Almost 100.000 entries. And thankfully dups are removed :D
<gchristensen>
nice
<gchristensen>
the dns based blocklists spook me for maybe no good reason. I think about how ublock origin sometimes breaks buying flights or hotels, for example
<eyJhb>
But need a good way to autoupdate this. Not sure if it should just be a service that runs the script and then rebuild-swicth
<gchristensen>
buying those thinsg makes me anxious anyway, so having extra stress there doesn't help
<eyJhb>
But I think that is mostly because of the element blocking. Might be wrong! But many lists are well tested to ensure this does not happen
<MichaelRaskin>
Me, slowly drifting away from the shared context: wait, you run everything with the same DNS?
<gchristensen>
what is it you do? :)
<MichaelRaskin>
Well, given that each browser instance is in its own nsjail, and most of these include netns and unix-domain-socket-based proxying of the few things they get to access (read: Squid with wildcard domain-based CONNECT blocklist), I can easily pass different DNS. Although in practice it's either local BIND and local Squid, or Squid going through my VPS and (unfiltered) DNS view from there
neeasade has quit [Remote host closed the connection]
<eyJhb>
MichaelRaskin: so each host has a specified set of records?
<MichaelRaskin>
No, I have not yet reached that level of enlightenment
<MichaelRaskin>
It's just that some wildcard domain masks for complete garbage (like Google Analytics) are no-go for CONNECT by default.
<manveru>
eyJhb: btw, `fromJSON` is faster than importing nix files :)
<manveru>
and would probably make your python easier as well
<eyJhb>
MichaelRaskin: I wish that unbound had wildcards
<eyJhb>
manveru: hmm.. yeah, that might be a good idea
immae has quit [Quit: WeeChat 2.4]
immae has joined #nixos-chat
<eyJhb>
I love APIs where they trust the client! premium=true, sure thing!
<infinisil>
These github-imitating spam mails keep happening :/
cole-h has joined #nixos-chat
KeiraT has quit [Remote host closed the connection]
KeiraT has joined #nixos-chat
vika_nezrimaya has joined #nixos-chat
<aleph->
Hmm, hey yorick if you're around. These prometheus rules look off? They compile, but an alert doesn't seem to fire off like it should be when the service is down. https://paste.rs/9gA
<yorick>
aleph-: you may need == 0
<aleph->
Ugh
<aleph->
kk, let me try that
<aleph->
Oh that's interesting... it's saying I have no rules defined. Huh
<samueldr>
never had those github e-mails
<samueldr>
though *again* my e-mail address must have been used in a credential stuffing run on the netflix website
* samueldr
sighs
<aleph->
Okay, that's finally fixed. Now to see if alertmanager actually ingests these rules/
<talyz>
eyJhb: thanks! :)
<aleph->
Ugh, prometheus config in nix is hellish
<aleph->
heckish*
endformationage has joined #nixos-chat
<cole-h>
It's so windy here... Feel like my house is gonna blow away
<__monty__>
cole-h: Shouldn't have built it with straw so you could have fun in the sun, tsk tsk.
<cole-h>
It's actually made out of sticks :(
<__monty__>
Should have gone one step further.
<__monty__>
Though pressed straw is supposedly a pretty awesome building material.
<cole-h>
My next house will be bricks, fingers crossed
<__monty__>
Fireproof and insulating. So it'd be better than the status quo in the US.
<cole-h>
😱
<joepie91>
I've always wondered why the primary component of houses in the US, a country not unfamiliar with forest fires, seems to be "shit that is easy to set on fire"
<cole-h>
$
<__monty__>
Yeah, let's build wooden wall, *with* air pockets. And faulty-by-default wiring tyvm.
<samueldr>
faulty by default wiring?
<samueldr>
the wiring is no different than most of europe, the plugs are different though
<__monty__>
Grounding's a mess over there from what I've seen.
<samueldr>
please elaborate
<samueldr>
(tbf, I'm not sure about the US code, but the Canadian one should be close enough AFAIK)
<gchristensen>
joepie91: the structure is wood, but I think the drywall is fire retardant
<joepie91>
nevertheless having the most structurally important part of your house be a flammable material, seems like a bad idea :P
<__monty__>
I don't know enough so I'm gonna hold my silence. There's something dangerous about the socket housing being grounded and something about jamming metal objects in sockets to prevent some failsafe mechanism from keeping things from working.
<gchristensen>
__monty__: "poka yoke" applies here (accidents vs. willful sabotage) though I don't know what youmean about putting things in to sockets to prevent failsafes, that sounds like a more UK thing
<__monty__>
That's possible.
<samueldr>
that doesn't sound right, if idiots are doing what idiots do best, whatever socket type will fail
drakonis has joined #nixos-chat
<__monty__>
EU sockets are more foolproof than average afaics.
<MichaelRaskin>
«EU sockets»
<gchristensen>
yeah, and a car key makes the UK socket compatible with the german socket afaik
<MichaelRaskin>
I have worked in three EU countries and seen like 6 socket formats? One is not a EU socket, though.
<joepie91>
gchristensen: welllllll sorta kinda
<joepie91>
the spacing doesn't quite match
<joepie91>
but you can jam shit in there, if it's really necessary
<joepie91>
if you keep open the shutters with some sort of object (preferably NOT a metal object like car keys...)
<joepie91>
of course that means it will be ungrounded
<joepie91>
source: have done, did not have travel adapter
<samueldr>
how is the german socket grounded?
<gchristensen>
:P
<joepie91>
samueldr: Schuko has side ground
<samueldr>
ah okay
<joepie91>
iirc
<MichaelRaskin>
Yes, side ground in Germany by default
<joepie91>
contrast to the french things, which have third-pin ground, but otherwise are more or less compatible with schuko
<samueldr>
though I guess as with electric things here, there must be double-insulated devices, where there is no need for ground, but not having a third pin to know about it is scary
<MichaelRaskin>
Yep. third pin in the opposite direction I would note
<joepie91>
(which is why Schuko plugs typically have a hole for a third pin, which does not get used in actual Schuko sockets, but is meant for compatibility with the French sockets)
<samueldr>
if you see a US/Canadian (and legit) plug with only two prongs, the circuit has been designed to have strong guarantees about insulation
<MichaelRaskin>
Germany has narrow sockets (phone charger will fir, laptop charger no), some old stuff in France has flat-pin sockets in addition to round-pin ones
<joepie91>
notably, the French plug cannot be inserted into a Schuko socket; the compatibility is one-way
<__monty__>
Not sure why you'd call that a schuko plug.
<joepie91>
(afaik that's exactly what those side things are for)
<__monty__>
It's a standard, CEE7/7.
<samueldr>
weird, all our north-american plugs are inter-compatible without weirdness :)
<MichaelRaskin>
There is also Denmark, that doesn't seem to believe in grounding
<__monty__>
And I haven't seen any CEE 7/6 plugs in my life even though we have the CEE 7/5 sockets.
<joepie91>
__monty__: no, AFAIK Schuko is a different standard, I think CEE7/7 is specifically the variant that is compatible with the French sockets
<joepie91>
which would not be Schuko Proper
<__monty__>
Afaik schuko is CEE 7/4.
<joepie91>
Wikipedia says CEE 7/3 and 7/4
<__monty__>
Hence my confusion about you calling them "schuko plugs".
<joepie91>
in practice, CEE 7/7 is sold as Schuko because that's what it's primarily used for, and CEE 7/4 is almost impossible to find
<__monty__>
The french design's about polarity reversal. Which breaks if the socket's wired wrong of course. It never seems to have really caught on in electrical goods. So the reversibility of schuko is nice. Though I've seen corrosion on schuko but not the french type.
<joepie91>
hence collectively labelling both as Schuko and pointing out that one of them is a compat thing :)
<__monty__>
Maybe it's sold as schuko in holland.
<__monty__>
CEE 7/7 is most definitely not called schuko here.
<joepie91>
__monty__: slight irony in you saying holland in a discussion about Technically Correct things ;)
<joepie91>
(it's the Netherlands, not Holland; Holland is just two provinces)
<__monty__>
Nah, just wanted to offend you and your patriotism ; p
<joepie91>
of course :)
<aleph->
Heh
<MichaelRaskin>
Would it be possible that a plug would be more often sold under that name in Holland than in the rest of the Netherlands?
<joepie91>
MichaelRaskin: technically possible, in practice it's extremely unlikely :)
<joepie91>
provincial differences in retail are almost non-existent
<joepie91>
aside from a few small shops that only have 1 branch, chances are that both the products on offer and their prices are exactly the same nation-wide
<__monty__>
I wouldn't be surprised if something like that was true in belgium tbh. The german part and french parts are prone to disagreement on things like this.
<__monty__>
And the dutch parts disagree with both of those on different things.
<__monty__>
etu: Please tell me that's a late april fool's?
<__monty__>
Hmm, april fools'.
<etu>
__monty__: How so?
<__monty__>
Just a joke about you being a PHP enabler ; )
<etu>
It helps me in my work and we spent a lot of time to get that pr together
<gchristensen>
etu: yaaas!
<gchristensen>
<3 PHP
<__monty__>
etu: I know someone who'll probably benefit from said work. 👍
<__monty__>
etu: Will it make it easier to work with older PHP versions that nixpkgs has dropped?
<etu>
__monty__: It shouldn't make a difference for that afaik
<__monty__>
Ah, too bad.
<etu>
But we have a much better organization of the packages and it's much more flexible. Together with smaller closures :)
<etu>
For example, we don't mix packages and extensions on the same attribute :p
<__monty__>
Sounds good. Their specific problem was to set up a dev environment for PHP 7.1, I think.
<etu>
Yeah, we don't care about hosting unsupported versions.
<etu>
But it could always be easier to customize
<drakonis>
that php blog post is great.
<etu>
Thanks :)
<drakonis>
time to sell nix to php consumers
<__monty__>
Still think legacy software would be a killer nix package repository feature.
<drakonis>
quite.
<joepie91>
wouldn't flakes make it easier to provide that as a separate thing?
<drakonis>
yes it would
<joepie91>
then there you go :D
<joepie91>
I can understand why core nixpkgs people would not want to support things indefinitely, on top of an already-quite-big workload
<drakonis>
flakes would enable a very real restructuring of the ecossystem
<joepie91>
but if it can be provided externally, and integrated first-class, then the core people wouldn't need to do that, and some people who are interested in this could just do it themselves without needing anyone's cooperation or approval
<joepie91>
right
<joepie91>
(one that I think is necessary, personally :P)
<drakonis>
move the packages that have strict rules to its own repository
<drakonis>
keep nixpkgs as sis
<drakonis>
as is
<drakonis>
a subset of nixpkgs that's guaranteed to be supported
<drakonis>
having a flake for doing lutris-like things would be legit a killer feature
<drakonis>
its such a big deal.
immae has quit [Quit: WeeChat 2.4]
immae has joined #nixos-chat
ottidmes has joined #nixos-chat
<cole-h>
It's really coming down outside...
<drakonis>
weather or things breaking down?
<samueldr>
gravity tends to work like that
<cole-h>
;)
<cole-h>
It's raining so hard that there are bubbles forming on the surface of the pool
<__monty__>
Free bubble bath? Nice!
aleph- has quit [Read error: Connection reset by peer]
aleph- has joined #nixos-chat
abathur has quit [Quit: abathur]
aleph- has quit [Read error: Connection reset by peer]
<cole-h>
zzz 3rd fake GH email in the past few days
<aleph->
drakonis: Yeah SaltStack is rather nice far as cm goes
<aleph->
Ansible is okay too
<drakonis>
its actually using python for that
<drakonis>
instead of a DSL
<cransom>
ansible/chef/etc are all fine, provided you only run it once on a machine ever and then throw it away.
<aleph->
Heh
<drakonis>
its not unlike guix and nix here, using a whole language just for that
<drakonis>
this doesnt seem to do any of the nicer things the other stacks do
<aleph->
That's effectively what I do, aside from updating users or deploying new packages
<joepie91>
drakonis: only skimmed it, but, why do s-expressions / lisps (as a general concept) not get mentioned?
<joepie91>
that seems relevant to the requirements
<drakonis>
because they're massively obscure
<drakonis>
these days at least
<drakonis>
guix did not get mentioned because nix has eclipsed it
<drakonis>
however elisp has been mentioned there
<joepie91>
I feel like Nix is more obscure than lisps? :P
<joepie91>
yeah but it doesn't go into the general concept and their applicability
<drakonis>
sure, i dont know why it did not get explored
<drakonis>
the post is authored by a lobsters user, so if it gets brought up in the comments, it might be read
<drakonis>
ah, the author has even commented, time to bring it up
<drakonis>
there we go, let's wait and see
<joepie91>
as an aside
<joepie91>
" But again, if your program is written in Javascript and doesn't interact with other languages, why don't you just make the config Javascript? "
<joepie91>
the problem with this rationale is that it's very difficult to predict how any given project will evolve
<joepie91>
and most languages, including JS, are very difficult to (reasonably) embed
<joepie91>
so if your config format is JS, and you decide to add a Python utility, you now have a Problem
<joepie91>
configuration is data, even if it is data with logic, and so there's real value in a language-independent format :P
<joepie91>
eyJhb: that would be what the "reasonably" is about
<joepie91>
embedding a JS engine is basically a death sentence for the maintainability of your project :P
<joepie91>
builds are gonna break all the time, be inexplicably slow especially if using spidermonkey, you're likely to end up with a significantly larger binary, and in 2 weeks there's someone on your issue tracker asking why `require()` doesn't work
<__monty__>
I agree. There's still degrees though. Purity can make it less of a problem. And S-expressions would at least be easier to parse than most languages.
<eyJhb>
joepie91: only linked it to mess with you :p Have only used it once, because the site I needed to automate changed encryption key each day, and was obfuscated in the js source
<joepie91>
eyJhb: right :P
<MichaelRaskin>
If you keep the non-plain-data part of the config as simple as feasible (but still allow it), you can often a) convert the plain-data part and ignore the non-plain-data part in that one external tool, and if really pressed, b) transpile the critically necessary small pure function already
<joepie91>
I usually just deobfuscate code like that...
<eyJhb>
I did not want to do that each day... :p
<eyJhb>
They even moved all the vars around, changed names, etc...
<joepie91>
eyJhb: you typically deobfuscate it once or twice, find the pattern or method by which it obtains the actual information
<joepie91>
and then only reproduce that part
<joepie91>
generally if stuff gets "moved around every day", most of that stuff is just red herrings that doesn't matter
<joepie91>
meant to make it look more complex than it really is
<eyJhb>
Well, it was basically 4-5 vars that was added together, were each var changed name and was some bs js code ... :/ Wish I had the source to show you
<eyJhb>
If it was logic that was obfuscated, sure, reverse it and then cake :p
<joepie91>
speaking of JS
<joepie91>
my query builder project is making steady progress \o/
<joepie91>
the whole \x00 crap is just a red herring
<joepie91>
just escaped characters
<joepie91>
I probably even have the actual deobfuscation code for this somewhere here
<eyJhb>
If it didn't change each day, then I am all for. But then I need to parse it, handle arrays, etc..
<joepie91>
eyJhb: sure, gimme a sec
<eyJhb>
joepie91: only do if for fun, I don't use it anymore. Also not the exact same website. But it was the same way
<joepie91>
eyJhb: this is for educational purposes :D
<eyJhb>
The fun thing about this website was, that I reversed it all, made a client in python and then won all the games. They figured it out, and obfuscated the code
<eyJhb>
However, not the key or anything. So my implementation worked as usual
<eyJhb>
Good joepie91 :D
<MichaelRaskin>
Next round: you write a geckodriver-based client in Python just to mess with them
<MichaelRaskin>
Of course, with _daily_ key rotation there is a pretty good chance one can simply take the key from the Network tab in the Web Developer Tools
<joepie91>
eyJhb: some day... some day I will learn that "just hacking this together with regex will save me some time over proper AST parsing" does *not* apply when dealing with obfuscated code.. lol
<joepie91>
not the most robust code on earth, mind, but it works
<joepie91>
or at least seems to work
<joepie91>
I really should have just used an AST parser for this...
wirew0rm has joined #nixos-chat
<joepie91>
it does make a few assumptions, like that array definitions always include only either literals or array references
<joepie91>
but it would deal fine with renames, extra intermediate steps, etc.
<joepie91>
basically it has a very naive parser for those array definitions, which unescapes the values in the strings, and stores them in a mapping from variable name -> array of decoded values
<joepie91>
then it does the same for the arrays consisting of references to other array values, looking them up in the previously established lookup table and then adding the new variable in there with its resolved values too
<joepie91>
then finally it starts working on the actual js_salt = code
<joepie91>
reduces the `[a, b, c][i]` pattern down to the specific item indicated by `i`
<joepie91>
resolves the array references to strings using the lookup table
<joepie91>
and then finally removes the "+" pattern to make it one big string, and strips off the " at the start and the "; at the end
<joepie91>
and what you're left with is a single string
<joepie91>
which is the salt :)
<joepie91>
(my hobby: breaking obfuscators and showing that they really don't work)
<MichaelRaskin>
Well, in the worst case you can just interpret JS in a differently configured sandbox, I guess
<joepie91>
MichaelRaskin: the more serious obfuscators will do runtime fingerprinting to detect that
<joepie91>
and produce nonsense results
<joepie91>
things like timing irregularities
<joepie91>
or even using a known-buggy browser implementation of a particular obscure web API
<joepie91>
and checking whether it behaves wrong as expected
<joepie91>
or doing canvas (timing) fingerprinting to detect headless browsers
<joepie91>
and so on, and so forth
<MichaelRaskin>
Which is surprisingly effective at breaking the non-Chrome browsers, as an added benefit!
<joepie91>
the only really reliable way to deobfuscate this sort of thing is through human-assisted static analysis :P
<joepie91>
MichaelRaskin: yep
<MichaelRaskin>
Throwing humans off is not _that_ horribly hard
<MichaelRaskin>
But requires the person writing the obfuscator to think, of course.
<joepie91>
indeed, but that's what the tooling takes care of
<joepie91>
humans individually are easy to throw off
<joepie91>
tooling is easy to throw off
<joepie91>
but human-assisted tooling / tooling-assisted humans? you've already lost
<joepie91>
I have never seen a single obfuscation technique that would effectively throw off both humans and tools
<joepie91>
in JS that is
slack1256 has joined #nixos-chat
<MichaelRaskin>
Including Asm.js?
drakonis has quit [Quit: WeeChat 2.7.1]
<joepie91>
MichaelRaskin: that functionally counts as webassembly rather than JS :P
<joepie91>
though even there it should be quite doable to reverse-engineer with the right tools, just like webassembly
drakonis has joined #nixos-chat
<joepie91>
like, you can basically think of wasm/asm.js as the best-documented processor architecture in the world, with no hidden gotchas
<joepie91>
so all the usual machine code RE tactics apply, except the architecture you're targeting is really simple, and there's no obscure corners in the arch with weird undocumented behaviour
neeasade has joined #nixos-chat
viric_ has joined #nixos-chat
viric has quit [Ping timeout: 268 seconds]
viric has joined #nixos-chat
viric_ has quit [Ping timeout: 265 seconds]
viric has quit [Read error: Connection reset by peer]
viric_ has joined #nixos-chat
viric_ has quit [Read error: Connection reset by peer]
vika_nezrimaya has quit [Ping timeout: 250 seconds]