<danderson>
so you don't have the enterprisey remote management features (which is a good thing because they're a massive security risk)
<danderson>
but you do have a management engine running the machine still, like every other Intel system
<colemickens>
yeah, I was under the impression it took a fair bit of effort to get away from ME with Intel
viric has joined #nixos-chat
<colemickens>
googling the value in the QR code on the little sticker gives no results. CN0G451FC5B007C6082NA01
<colemickens>
not really sure what I expected
slack1256 has quit [Ping timeout: 250 seconds]
ajs124 has quit [Quit: killed]
das_j has quit [Quit: killed]
das_j has joined #nixos-chat
ajs124 has joined #nixos-chat
viric_ has joined #nixos-chat
viric has quit [Read error: Connection reset by peer]
viric_ has quit [Read error: Connection reset by peer]
viric has joined #nixos-chat
LnL has quit [Ping timeout: 256 seconds]
LnL has joined #nixos-chat
viric_ has joined #nixos-chat
viric has quit [Read error: Connection reset by peer]
viric has joined #nixos-chat
viric_ has quit [Read error: Connection reset by peer]
viric has quit [Read error: Connection reset by peer]
viric_ has joined #nixos-chat
viric has joined #nixos-chat
viric_ has quit [Ping timeout: 256 seconds]
viric_ has joined #nixos-chat
viric has quit [Read error: Connection reset by peer]
viric_ has quit [Read error: Connection reset by peer]
viric has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
viric has quit [Read error: Connection reset by peer]
viric has joined #nixos-chat
viric has quit [Read error: Connection reset by peer]
viric has joined #nixos-chat
viric has quit [Read error: Connection reset by peer]
waleee-cl has quit [Quit: Connection closed for inactivity]
viric has joined #nixos-chat
lovesegfault has joined #nixos-chat
endformationage has quit [Ping timeout: 264 seconds]
lovesegfault has quit [Ping timeout: 265 seconds]
<sphalerite>
colemickens: that's probably a serial number or something :)
cole-h has quit [Quit: Goodbye]
CRTified has quit [Ping timeout: 240 seconds]
ottidmes has joined #nixos-chat
LnL has quit [Read error: Connection reset by peer]
LnL has joined #nixos-chat
CRTified has joined #nixos-chat
__monty__ has joined #nixos-chat
<eyJhb>
joepie91: seems nice, but ast would have been nice to look at :D
<eyJhb>
Wondering if I will receive a warranf for my arrest today. Hate writing to people about vulns in their ... s...
<andi->
colemickens: I had that as well.. even the parts list of mine shows that.. Ironically the first thing that happend after I started it was a software updated "Updating Intel ME…"
<__monty__>
Are you sure? It was brought up here yesterday.
<__monty__>
And the post does.
<infinisil>
It's just brought up as an example in a big list, no actual discussion around it
<__monty__>
As a general purpose interchangeble config format nix doesn't score very well though tbf.
<__monty__>
I know there's haskell and rust bindings, maybe go? I assume C.
<__monty__>
Dhall for example has been explicitly designed to be easy to implement.
<infinisil>
Currently in NixOS we're often doing (in the style of rfcs#42): Write config in Nix, transform it to JSON/whatever to pass it to the program
<infinisil>
Then you have the power of Nix but no extra complexity in the application
<__monty__>
That approach is mentioned in the article and it does have its problems.
<infinisil>
Ah I didn't actually read the full article (shame on me :))
<infinisil>
__monty__: You mean this: "Downsides of such languages is that they aren't widespread yet. If you don't have bindings for your target language, you'd end up parsing JSON again. However, at least it makes writing configs pleasant. "?
<__monty__>
Not really. One of the problems with a step through JSON is it becomes harder to do things like store a nix function in a config.
<__monty__>
Host <-> config language transfer in general.
<infinisil>
Ah true
<__monty__>
There's also config drift when people are tempted to make a quick change to the JSON because it's "easier." Which the article mentions iirc.
<__monty__>
Wow, github download is taking ages. I guess the outages still aren't fixed.
<infinisil>
I've been dreaming about being able to switch parts of NixOS configs between "static" and "dynamic"
<infinisil>
Static means the config is in Nix and you have to rebuild-switch to change it
<infinisil>
Dynamic means the config can be changed directly where the application is reading them, with some action to reload it in a universal way
<infinisil>
Switching between static and dynamic is a rebuild. Static -> dynamic sets up everything for the dynamic reloading to work. dynamic -> static reads the dynamic config back into Nix in some way and undoes the switch to dynamic
<infinisil>
When you need to debug service X, you'd switch it to dynamic mode
<infinisil>
Permanently switch to dynamic mode for things that you change so often it would be annoying in configuration.nix
<ottidmes>
would be nice, I am doing way to many nixos-rebuild switch'es myself, is still bearable, but sometimes gets annoying for smallish changes
waleee-cl has joined #nixos-chat
cjpbirkbeck has joined #nixos-chat
cole-h has joined #nixos-chat
<aleph->
Yeah it get's a bit annoying but I usually only do it when configuring some software on a server. And I promptly delete the old generations once configured and don't touch nixo-rebuild switch for months
<aleph->
Depends on the use case I guess.
<aleph->
I could see it being useful.
<eyJhb>
Have had one complaint against my dns. Apparantly my ... whatever ... is annoyed that she can't view ads for in-game money in her game anymore
<cjpbirkbeck>
eyJhb: what a tragedy
<eyJhb>
Yes! \jk, but weird part is that iPhone caches the records, and there is no easy way to clear it
<gchristensen>
did you reply with "oh I guess I broke that" or like "oh weird, I wonder why"
wildtrees has joined #nixos-chat
<eyJhb>
Not even airplane mode
<eyJhb>
She knew it was me :(
<gchristensen>
hehe good, honesty is the thing
drakonis has joined #nixos-chat
<cjpbirkbeck>
actually, i've been using the pi-hole for a while and i've notice how it breaks the youtube android app. with pi-hole on, it cannot record any history or your place in any video you watch
<cjpbirkbeck>
i am assuming it is because to blocks google trackers, but it works fine on my pc's that also use the pi-hole. not a big deal though
<eyJhb>
Seems right, but it is getting difficult to block video ads with DNS, as they have started to host them on the same server as the content
endformationage has joined #nixos-chat
* colemickens
looks at the light switch that has been torn apart for... a week now
* colemickens
has an exceedingly patient partner
<__monty__>
Shame on you, grab a screwdriver and fix that hazard.
<srhb>
colemickens: They're not even calling you a... knob? *badum tisch*
<__monty__>
srhb: : O Such raunchy language!
buckley31078 has joined #nixos-chat
cbarrett_ has joined #nixos-chat
<srhb>
Uh oh, maybe I should have used a better thesaurus.
<gchristensen>
haha
cbarrett has quit [Ping timeout: 246 seconds]
buckley3107 has quit [Quit: Ping timeout (120 seconds)]
<colemickens>
Oh the circuit is off, I wouldn't leave a hazard or work on live wires :)
<colemickens>
I think the using a flashlight to shower was fine, less so for shaving (for proper mask usage, yay)
cbarrett_ is now known as cbarrett
<gchristensen>
I have ... not yet ... committed to shaving.
<cole-h>
I have no reason to go out (for now), so nor have I
* gchristensen
had to take someone to a doctor appointment today :x
<srk>
same, and when I do I have to cover my face so it doesn't matter xD
<cole-h>
Godspeed gchristensen o7
<gchristensen>
I feel it would be probably smart to shave, but I can't stress enough how unpleasant that sounds.
<danderson>
I've had to go to medical centers a bunch in the past weeks. It's been a wild ride seeing the progressively escalating measures they have
<cole-h>
Cold face = no go
<srhb>
I went to a regular appointment for various blood testing today at the biggest hospital in Copenhagen. It was indeed weird.
<danderson>
started with a check-in desk where they ask if you have a fever. Now it's nurses with facemasks, behind a plexiglas shield panel, extending their arm around the side to take temperature with a non-contact thermometer
<srhb>
Almost no people in the halls, usually it's crowded.
<gchristensen>
danderson: they didn't take any temperatures here! astounding
<danderson>
I mean I'm also in ground zero for one of the infection sites in the US
<srhb>
Ah.
<danderson>
so they're being a bit more paranoid :)
<srhb>
I did a stupid. They had a "press button to get number slip" thing, and when i used it (why is it not hands free) I made a mental note to wash my hands once I biked home.
<srhb>
Of course, I forgot until I had thoroughly rubbed my face.
<srk>
one of local hospitals uses thermocamera in lobby
<srhb>
Sooooo that wasn't a genius move.
<gchristensen>
my little county is in the top 10 of infections per capita :x
<cole-h>
Uh
* cole-h
washes hands
<gchristensen>
(in the US)
<cole-h>
Stay 6 feet away from me gchristensen >:(
<srhb>
gchristensen: Where do you get stats that detailed? :)
<gchristensen>
well the stats are all garbage because nobody is testing
waleee-cl has quit [Quit: Connection closed for inactivity]
<srhb>
Listening to our PM detailing the first reboot plan right now.
<srk>
gchristensen: gonna be a wild ride
<srk>
srhb: what does reboot mean?
<srhb>
srk: Gradual reopening.
<srk>
they were talking about country wide blackout @SVK, like wtf
<srhb>
srk: Basically a plan for when which job-types will go back to work.
<srk>
srhb: yeah, that seems to be case here in CZ as well
<srk>
they might extend current measures but they are starting to realize it's not the best way to handle the situation due to economics and immune system "training"
<srhb>
srk: We're downward-trending on number of new infectees per day now, so they want to increase it gradually here.
<srk>
gchristensen: that doesn't look *that* bad
<srk>
srhb: cool! hope there won't be more waves coming, guess travel restrictions are gonna stay for a while
<srhb>
I imagine there will be, but gradual reopening hopefully means it's possible to adjust as we go. Makes sense, I think
<srhb>
Fingers crossed.
<srhb>
All our summer festivals just got killed off though. Sadface. :( (but makes sense.)
<srk>
yeah, same here
waleee-cl has joined #nixos-chat
abathur has joined #nixos-chat
<eyJhb>
srhb: seems weird that the lower classes gets opened again
<eyJhb>
The reason for it is even more idiotic (I think)
<eyJhb>
(+ kindergarden etc.)
<srhb>
Why?
<srhb>
I mean, why is it weird or idiotic? I don't have any immediate impressions of whether it's smart or not.
<eyJhb>
The reason is, that their parents have a lot of work todo, and that is hard while there are children at home. <- that reason in itself is nonesense... I could better understand development etc.. but now they will yet again infect each other, bring it home and infect parents
<eyJhb>
Kids are NOT clean and hygenic.. The move makes no sense.. :/
<eyJhb>
We have playgrounds that are closed because of this, and now they are opening for this...
<srhb>
My understanding is this: The assumption is that ~60% of the population will eventually get infected no matter what we do. all we can control is who and how fast.
<srhb>
If that's correct, I don't see that that's worse than so many other groups. Kids have reasonably isolated social spheres, easier to predict how many people will be at risk of infection per child.
<cole-h>
Curious how isolated one can be when going to school instead of staying home
<srk>
:D now I imagine a kid coming home from school
<srk>
going thru decontamination room and a tunnel directly to their room
<cole-h>
Imagine all the kids that live with grandparents
<srhb>
cole-h: I *think* that's rare here, but I may be mistaken.
<srhb>
eyJhb: Don't get me wrong, by the way. I mean, ideally we'd all stay isolated until a vaccine is forthcoming.
<srk>
cole-h: kids are fine, grandparents and old people are probably scared to death already due to media and panic
<srhb>
eyJhb: I'm just not sure Society™ is willing to wait for that.
<srhb>
So, plan B...
<srk>
srhb: problem with that is the consequences of isolation can be way worse than the disease. still you cannot isolate everyone as we cannot even grow food without people
<srk>
we're almost able to build cars automaticall tho!
<srk>
*y
<srhb>
I don't think I buy that, it looks like we're able to keep things running pretty well even while maintaining quite effective isolation. And yes, I realize the Imaginary Money in stock markets are suffering, but there's solutions for that as well :P
<cole-h>
Sure, you can't isolate everyone. But why not isolate as many as possible?
<srhb>
cole-h: Indeed. I think the main sticking point is determining the size of "possible"
<srk>
cole-h: you don't know the impact of that either, only time will tell
<cole-h>
Paraphrasing a quote I heard recently: "We'll never know if we did too much, but it will be blatantly obvious if we did too little."
<MichaelRaskin>
Well, «things running» is also a question of what gets slowly exhausted that would be easier to refill. If people lose jobs, but getting a job is hard…
<srhb>
MichaelRaskin: Very true. Unemployment especially in service businesses is rising at incredible rates, and it's difficult to tell for how long the govt will be willing or able to foot that bill.
<MichaelRaskin>
In some countries even kind-of-non-emergency medical care is halted, which means yet another kind of debt being accumulated.
<srhb>
Yes. We're mostly (as far as I know) in non-emergency-care territory, but that will eventually cause emergency-care to be required.
<srhb>
And that's one area where slowing the spread as much as at all possible seems unambiguously smart.
<MichaelRaskin>
Well, the problem is that there are _unrelated_ medical issues, and they also build up if you close too much
<srhb>
Yeah, that's the ones I was talking about.
<srhb>
Non-acute issues tend to turn into acute ones.
<MichaelRaskin>
Some of them do not turn, but turn out, actually
<srhb>
The image of the empty hospital from today was very sobering in that way.
<srhb>
I think we're aggressively agreeing. :)
<MichaelRaskin>
And then the rental market is not exactly the most balanced in liquid thing in better times; a slowly growing number of people has problems _now_ because of that, and when the measure-taking winds down, I would also expect a small disaster there.
<srhb>
No doubt. All we hear now is pleas for banks and landlords to be lenient, postpone...
<MichaelRaskin>
And now note that there are leases running out.
* srk
slightly betting on that
<MichaelRaskin>
I can easily be optimistic enough to assume that in most cases they get somehow extended until all that settles; but afterwards the situation won't be pretty
<MichaelRaskin>
In the meantime: Zoom automatically enables «company address book feature» for people with emails in the same domain, seems unaware that public mail services exist outside US, too.
<danderson>
shared email domains are the bane of everything. Just gmail vs. googlemail.com (in Germany) trips up so many things
<srk>
you can generalize to centralization
<MichaelRaskin>
Well, a moderately-sized-nation-state-scale ISP providing email hosting to customers is kind of not that much of centralisation. More like, not enough for Zoom who would prefer the only shared email domain to be GMail.com
<danderson>
yup, it's tricky.
<danderson>
(tricky because it's really handy to assume 1 domain == 1 organization, and there's no well-established easy way of proving that mapping)
<samueldr>
make the owners of the domain register opt-in to the feature, and verify via DNS
<MichaelRaskin>
I mean, there is a trivial way of handling this, either you have no relation to the organisation and then please stop caring if it is an organisation, or you have and then ask them.
<danderson>
that's a well-established method, but not an easy one. It's a huge speedbump to enrollment.
<danderson>
(not saying that means you shouldn't do it, just pointing out the reality that it being hard to do means people take shortcuts)
<MichaelRaskin>
Not verifying and letting the person doing the agreement tick or not tick the checkbox would still be better than what happens.
<MichaelRaskin>
I guess even if Mozilla started collecting a public suffix list for emails like it does for web domais it wouldn't help
<gchristensen>
what is this suffix list?
<MichaelRaskin>
Mozilla has a list with entries like «co.uk is not a company, it is effectively a TLD… tumblr.com is closer to a TLD than to a site…»
<MichaelRaskin>
Used for example for implementing «nope, you don't get to set cookies on a TLD» policy
<gchristensen>
ah
<samueldr>
the PSL
<MichaelRaskin>
Of course, with Zoom proven to lie in the Privacy Policy this funny bug won't even matter even if someone would do per-count GDPR on them.
<Irenes[m]>
I would be surprised if they lied in the privacy policy. I would be surprised because, as a privacy expert, I am well aware that even the best privacy policy stops short of making any true commitments.
<MichaelRaskin>
They seem to have managed.
<Irenes[m]>
Please do not take this as an endorsement of Zoom's behavior; their privacy and security practices are horrific.
<Irenes[m]>
do you have a link with more context for that?
<MichaelRaskin>
They have some direct data transfers from app to Facebook, and by EU rules they must have disclosed the name of the counterparties, and in their disclosure Facebook is missing
<MichaelRaskin>
Wouldn't their security practices need to _exist_ to be horrific?
<Irenes[m]>
intentionally building code that subverts the OS's security is a security practice
<samueldr>
that's unfair, in the context of modern app development™ there's way too many third, fourth and fifth party to keep track of
<samueldr>
how would the app developer know where they're sending data!?!
<samueldr>
(just in case, yes, /s)
<MichaelRaskin>
Well, they _did_ even know there was Facebook-something! Also, if someone has «violate privacy requirements imposed by Facebook in your bingo card»…
<MichaelRaskin>
Irenes: does security malpractice count as security practice?
<srk>
:D
<Irenes[m]>
I make no claim to be able to define words authoritatively :)
<MichaelRaskin>
I wonder, if someone told people discussing the Sony rootkit that there will be a remake of this story, but with copyrights replaced by usability, would people believe?
<Irenes[m]>
I mean, that was one of the first high-profile issues of its nature; it was reasonable to see it as exceptional, at the time
<Irenes[m]>
but it really, really isn't
<Irenes[m]>
everything is horrible and most people don't really care
<MichaelRaskin>
Well, it is true that it was exceptionally high-profile
lovesegfault has joined #nixos-chat
__monty__ has quit [Quit: leaving]
lovesegfault has quit [Quit: WeeChat 2.8]
lovesegfault has joined #nixos-chat
neeasade has quit [Remote host closed the connection]
<lovesegfault>
Oh god the hydra queue is huge again 😱
<samueldr>
the size of the queue shouldn't matter much, it's the rate at which it reduces (or grows) that should be worrying
<lovesegfault>
samueldr: it's also been slower than usual (I feel like)
<samueldr>
plausible, AFAIK some machines at packet were needed back for other clients