<ajs124>
They did? I'm glad I wrapped my firefox in time to always force it off, then.
<colemickens>
Yeah, it's an info popup box though, so actually decently hard to miss (evne harder on (sway)land right now due to a bug that causes those popups to be hidden/suppressed in many cases.
<colemickens>
(They give a popup when you go to settings for the first time or something to tell you theyve kindly enabled it by default)
rardiol has joined #nixos-chat
<ajs124>
My probably favourite quote about mozilla/firefox is still and will probably remain this:
<ajs124>
"A web browser is asked to declare cyberwarfare on a sovereign nation. Rather than refusing the task, the developers of the web browser slowly begin to realize the consequences of decades of aggressively insisting on being the keymasters of Internet trust: they are now expected to actively oppose an organization which, instead of a failed phone OS and some bookmark syncing software, possesses things such as a literal army."
<danderson>
does firefox use cloudflare for its DoH? Do I remember that right?
<danderson>
I remember it routinely forgetting random chunks of the internet when I used cloudflare DoT briefly.
<cole-h>
I believe so
<colemickens>
I thought they were potentially going to weight others in, but still heavily towards CF? The funny thing is, I'm pretty sure CF is my router's upstream DNS, which is what I switched to...
<colemickens>
And my DOH setting was CloudFlare before I disabled it.
<colemickens>
I guess I'm always surprised when I run into things like this. I'd expect "our DNS stops routing parts of the net" to be a near-hair-on-fire issue but ¯\_(ツ)_/¯
<danderson>
yeah, I just switched back to plain UDP 8.8.8.8 when Cloudflare DoT randomly went away and decided I wasn't worth serving
<danderson>
I might have reservations about Google, but the privacy policy is equivalent to cloudflare's, and they know how to keep DNS servers up
<danderson>
the irony is, running your own recursive resolver these days is probably less safe than one of the big public resolvers, because you can't see/react to weirdness on a global scale :/
<colemickens>
I didn't know that was something major DNS operators were doing!
<colemickens>
I thought that was sort of thing with BGP - that sometimes manual intervention was necessary, but I guess I've never read much about DNS at internet scal
<danderson>
I can't speak for cloudflare, but at least google makes efforts on the recursive resolver end to detect various DNS poisoning and DoS attacks, and work around them
<danderson>
8.8.8.8 is basically two separate systems with different challenges: the cache frontend is a planet-scale "respond to DNS fast and be always up" thing
<danderson>
the resolver side is "okay we got a cache miss, let's be *really* sure we get the right answer before we populate the cache"
<danderson>
(and some other fanciness like keeping track of high-demand names and eagerly re-resolving before TTL expiration, so that popular names are ~always a cache hit at the edge)
<danderson>
but having resolvers spread around the world, and being able to keep track of name->IP resolutions over time, gives you huge leverage in detecting and countering attacks
<danderson>
which you lose out on if you're just resolving from scratch by yourself :/
<gchristensen>
I think I'll take my chances :)
<julm>
me too
<gchristensen>
that all sounds pretty legit though
<colemickens>
julm: well, not that the coffin needed any nails, but that would do it!
<danderson>
we definitely need something better than this. But on balance, absent dnssec, random internet people are actually safer using a large public resolver, to my great sadness :(
<danderson>
(the other option of course is stop trusting DNS and enforce trust at a higher layer, which is also the correct answer)
<gchristensen>
I believe you
<colemickens>
julm: it's just frustrating because it's a "top 3" "common issues with web filters" problem that they don't seem to have considered until... and I'm assuming here... it hit twitter.
* colemickens
is glad to not be in charge of policing the internet.
wildtrees has quit [Quit: Leaving]
<julm>
:]
<julm>
In France we are building a few (1 since the nineties, and more since 2009) of small (a few hundreds people) not-for-profit ISP: https://db.ffdn.org/ so we're (policing) a part of the Internet
drakonis has quit [Quit: WeeChat 2.7.1]
* julm
pokes NinjaTrappeur :P
* gchristensen
was just thinking about NinjaTrappeur
<ashkitten>
julm: oof. this sort of thing is way too common, and not always an accident...
<julm>
Mozilla – for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK
* colemickens
isn't sure if it's full blown irony or just a coincidence
<danderson>
colemickens: if you're going to get into policing the internet, the least you'd be expected to do is "read up on the 3 major ways every content policer has fucked up, and aim to avoid those"
<danderson>
but, yay cloudflare :/
<MichaelRaskin>
«3 major ways every _known_ content policer has messed up» sounds like these are the common components of success
<ashkitten>
what is the difference between staging and unstable on github?
<ashkitten>
it looks like a mesa update got merged into staging but not unstable
<MichaelRaskin>
Staging is for large stuff, a lot of things go directly to master
<julm>
colemickens: that's indeed the major UK ISPs fighting the everlasting battle for the minds of people, to conveniently keep their privilege of tracking their customers, and an easy possibility to lie to them, in the best case after a court order to block some domain. It's not their interest to be reduced to mere relays, doing only piping work (and no peeping work).
<MichaelRaskin>
Of course there are things that go only to stable, but that's another story
<danderson>
IIUC, staging is a way of batching together mass-rebuilds, so that e.g. 3 mass-rebuild changes don't rebuild everything 3 times
<ashkitten>
ah i see
<danderson>
instead the branch accumulates "large" changes, then at some point that batch gets mass-rebuilt, and if happy, the train moves on
<ashkitten>
well, i'm rebuilding locally with the mesa update so hopefully it doesn't take forever
<danderson>
avoids hugging ofborg (more) to death
<MichaelRaskin>
staging is the branch for mass-rebuilds, staging-next is the branch for making them work
<ashkitten>
...zsh just crashed?
<ashkitten>
or my terminal
<danderson>
like, locked up? Or just vanished?
<ashkitten>
vanished lol
<ashkitten>
the window disappeared and nix-top in the other terminal was like "oh theres nothing happening now"
<ashkitten>
...oh, that's uh. a lot of packages yet to be built
<ashkitten>
417 paths, i wonder how many are trivial
<lovesegfault>
alright, I've set up a "bouncer"
<lovesegfault>
aka. I now run weechat inside tmux in a gce instance that I mosh into
<cole-h>
lol
<ashkitten>
just sitting here watching my cpu temp climbing
<ashkitten>
hmm, maybe i should put this off until tomorrow?
<ashkitten>
in theory tomorrow i will have 3 xeon phi cards to run the build on
<ashkitten>
yes, i will do that
<ashkitten>
i may need some better case fans though
<samueldr>
ashkitten: for science, you should figure out a way to time the build on e.g. your desktop, compared to the Phis, I'm curious if they're actually good a building packages
<ashkitten>
i can try to do that
<ashkitten>
by the way, builders don't need internet access right?
<cole-h>
I would expect them to. How will they get sources, etc?
<ashkitten>
could another machine download sources and put them on the builders via ssh?
<ashkitten>
i don't know whether or not it will be trivial to give the phis a network connection
<ashkitten>
er, an internet connection that is
<samueldr>
ashkitten: I think you're right
<samueldr>
that the machine that it evals on pushes all that is required to the build machines
<cole-h>
I don't know. Maybe you could copy-closure the sources to them?
<samueldr>
which is problematic with my anemic upload speed, if I wanted to use "the cloud" to make builds
<ashkitten>
gchristensen: is that not what nix-build --build-machines does? (forget the exact options)
<gchristensen>
its ...... not exactly ... the same
<ashkitten>
hmm, i hope the xeon phis support cgroups
<gchristensen>
this does all the builds on a specific remote, and only copies the drv's over. the remote builder the ndoes all the fetching and all the building, and you then hav et ochoose what you copy back
<ashkitten>
i see
<ashkitten>
i just want running nix-build on my desktop to use the phis as builders
<gchristensen>
nix-build with remote builders copies every input to a remote, built, and the result copied back. repeat for each build
<ashkitten>
idc exactly how it's done, i just want it to work, yk?
<gchristensen>
yep
<ashkitten>
btw what's the usual schedule for things getting into unstable from staging?
<samueldr>
I think it ends up depending on how long it takes to stabilizing staging-next
<cole-h>
Not necessarily on-topic enough for #nixos, but I guess it only barely belongs here as well...
<infinisil>
I guess it's a bit nit-picky yeah :P
<cole-h>
x) I'll say no more then
<pie_[bnc]>
i agree with the idea of minimizing scopes tho
<cole-h>
It springs from the recent conversation that I believe happened in #-dev, where people wanted to keep scopes down to a minimum
<infinisil>
I personally would also keep `with stdenv.lib` down where it was, but we all have our preferences, so ehh
<cole-h>
Some even going as far as to suggest removal of `with`
<infinisil>
Yeah, that's a good point for doing that
<pie_[bnc]>
that gets brought up a lot x)
<pie_[bnc]>
i think with has its place, you just shouldnt use it if you dont need it
<cole-h>
I don't think I'd comment on it if it was a new package, but since it was already "down below" and nothing new needs anything from `lib`, it just rubbed me the wrong way.
<pie_[bnc]>
makes sense
<infinisil>
Sounds good then
<cole-h>
If they don't make the change, I'll leave it to whichever committer reviews it to press it or leave it :P
<cole-h>
Thanks for the input, guys :)
<infinisil>
> PST = UTCShift (-8)
<{^_^}>
PST defined
<infinisil>
> PDT = UTCShift (-7)
<{^_^}>
PDT defined
<infinisil>
> PST
<{^_^}>
<LAMBDA>
<cole-h>
lol
<infinisil>
Damnit
<cole-h>
It is indeed LAMBDA o'clock here
<infinisil>
> :v CET
<{^_^}>
CET = UTCShift "CET" 1
<infinisil>
Ahh
<infinisil>
> PST = UTCShift "PST" (-8)
<{^_^}>
PST defined
<infinisil>
> PDT = UTCShift "PDT" (-7)
<{^_^}>
PDT defined
<infinisil>
> PST
<{^_^}>
"The time in PST is currently 22:04:42 (UTC -8)"
<cole-h>
OK, it's PDT currently then
<infinisil>
> CEST = UTCShift "CEST" 2
<{^_^}>
CEST defined
<infinisil>
> CEST
<{^_^}>
"The time in CEST is currently 08:05:27 (UTC +2)"
<infinisil>
^ for me
<cole-h>
Cest la vie?
<cole-h>
:P
<samueldr>
> EDT
<{^_^}>
"The time in EDT is currently 02:05:40 (UTC -4)"
<samueldr>
that's right
<cole-h>
samueldr: It's past your bedtime
<samueldr>
pretty much spot on the bedtime
<infinisil>
It's past my bedtime too lol
<cole-h>
> C'EST = UTCShift "C'EST" 2
<{^_^}>
C'EST defined
<cole-h>
Wait
<cole-h>
> C'EST = "la vie"
<{^_^}>
C'EST defined
<cole-h>
> C'EST
<infinisil>
Hehe
<{^_^}>
"la vie"
<cole-h>
better
<infinisil>
Nice
<cole-h>
Thank you
<cole-h>
I amuse myself sometimes
<infinisil>
Argh, I stayed up all night coding something that will be mostly useless once it's done
<cole-h>
Time well spent :^)
<infinisil>
It will be cool, and I'll probably have learned a lot, but the end result will be really insignificant, especially considering how much effort it will take
<infinisil>
samueldr: It would tell the player in an error message on the initial join that they have to wait like 1 minute until it's started
<infinisil>
cole-h: Yeah totally lol
<infinisil>
And I can even do some neat stuff like making sure only whitelisted players can start the server
<infinisil>
But man, I spent the entire day on this already and I'm not far. Half of it was spent trying to get Haskell to accept one of systemd's passed sockets. The other half trying to write the serialization for a small part of the custom TCP protocol minecraft uses
<sphalerite>
infinisil: so I heard you're starting to write a minecraft server in Haskell?
<infinisil>
Unfortunately that's correct..
<sphalerite>
ahahaha I wasn't even certain it was going to be haskell
<cole-h>
Get those cursed words away from here, heathen
<infinisil>
"Author Tweag I/O" Oh boy!
<infinisil>
Argh, why are days so short, I have so many things to dooo
<cole-h>
Short days, long todo lists, and near-0 motivation to tackle those todos x)
<infinisil>
I have motivation, just not for the right things heh
cole-h has quit [Quit: Goodbye]
<NinjaTrappeur>
julm, :)
__monty__ has joined #nixos-chat
thefloweringash has quit [Ping timeout: 246 seconds]
thefloweringash has joined #nixos-chat
boothead has joined #nixos-chat
<kraem>
wow.. have been compiling chromium for 24h now on a intel xeon x3440 (although, cpu is max throttled -> fans doesn't ramp up -> i can sleep)
<__monty__>
Sounds pretty pointless.
<__monty__>
The big browsers are usually built with a ton of optimizations and building them yourself means you lose out on those unless you really know what you're doing.
<__monty__>
It's the reason firefox-bin is more performant than firefox.
<kraem>
alright, makes sense. i am experimenting a bit to get hw decoding working
<__monty__>
Sounds interesting. Though tedious with such a monster of a build.
<kraem>
it's interesting because i'm building it with `{ useVaapi = true; properietaryCodes = true; }` and it's compiling. it struck me now; it should fetch it from the cache? because those are set to true by default. there must be something i'm misunderstanding with the default.nix
<julm>
kraem: AFAICS useVaapi defaults to false
ottidmes has joined #nixos-chat
<kraem>
julm: thanks, it does. i was looking at files at a certain commit in a PR :facepalm:
boothead has quit [Remote host closed the connection]
KeiraT has quit [Remote host closed the connection]
KeiraT has joined #nixos-chat
vika_nezrimaya has joined #nixos-chat
waleee-cl has joined #nixos-chat
neeasade has joined #nixos-chat
<eyJhb>
Any good image tool, where it is "easy" to make figures such as the hidden node problem, and things as - https://i.imgur.com/fyR1WEn.png
<eyJhb>
Oh, and it should convert text (such as plantuml does), and output a image
<ottidmes>
eyJhb: should you not just use https://www.graphviz.org/ what plantuml is using under the hood AFAIK
<eyJhb>
ottidmes: sure, but not sure how to do that in graphviz either
<MichaelRaskin>
The lines and arrows diagram looks like something pretty easy to code in Asymptote
wildtrees has joined #nixos-chat
<gchristensen>
eyJhb: maybe you can make its border 0px in graphviz
<joepie91>
eyJhb: I might roll an AST version of the deobfuscator at some point, if I get bored :P
wildtrees has quit [Remote host closed the connection]
wildtrees has joined #nixos-chat
wildtrees has quit [Remote host closed the connection]
cole-h has joined #nixos-chat
endformationage has joined #nixos-chat
omtrent has quit [Quit: WeeChat 2.7.1]
ravndal has joined #nixos-chat
* gchristensen
is considering writing a "reference architecture" document, describing a NixOS configuration with an ephemeral /
<andi->
Maybe start with a blog post first and then call it the reference? :P
<gchristensen>
:P
<gchristensen>
I heard a nice description of legacy OSes and configuration management tools like debian/redhat/ubuntu, and chef/puppet/etc. calling them "append only" infra
<andi->
Oh yeah
<andi->
They only drift they never converge.
<gchristensen>
yeah
<gchristensen>
(also lol at calling those legacy)
<MichaelRaskin>
That sounds more like eventually infrastructure than append only
<gchristensen>
they're append only in the sense that you can never clean them up or they'll break. not only are they all snowflakes, but the snowflakes make up a gear system you can't even see
<MichaelRaskin>
Look, they break the basic past of append only
<MichaelRaskin>
One wrong action and the critical part is just not even there anymore
<gchristensen>
haha
KeiraT has quit [Ping timeout: 240 seconds]
<ottidmes>
gchristensen: I would like that document! :)
<gchristensen>
=)
drakonis has joined #nixos-chat
<NinjaTrappeur>
gchristensen: would love to read that!
<gchristensen>
uh oh
<gchristensen>
now I'm basically committed
<NinjaTrappeur>
hehe
<NinjaTrappeur>
I even subscribed to your RSS feed, just for *this* post :P
<NinjaTrappeur>
^(just in case, this is meant as a joke, no pressure)
<MichaelRaskin>
That's funny. Step one: what do you mean cannot find -lm?? Step two: what do you mean a test executable crashes if I just add glibc.static to build inputs? Step three: what do you mean stdlib.h not found if I add glibc then glibc.static??? Ah OK, I need to add [ glibc.out glibc.static ] to buildInputs, exactly like that.
KeiraT has joined #nixos-chat
ixxie has joined #nixos-chat
<MichaelRaskin>
That feeling of having _zero_ clue where this knowledge could go, either on Wiki or in the manual. (Needed in case when half the package uses static linking and half the package uses dynamic linking)
<cole-h>
Why not both?
<MichaelRaskin>
Because I see no good place on either side?
<drakonis>
ruh roh
<drakonis>
gchristensen: write more :eyepop:
<gchristensen>
it hurts
<drakonis>
i'll give you sickly piles of pennies for more nix writings!
<gchristensen>
lol
<MichaelRaskin>
Correction: dictate more
<gchristensen>
okay but they'll have to go through quarantine
<MichaelRaskin>
And outsource to drakonis proofreading after Dragon
<cole-h>
Stream your inner monologues gchristensen
<drakonis>
i'll tell you what, my proofreading skills are weirdly terrible
<gchristensen>
if drakonis could go from a dragon-dictated blog post to Nix to a reasonable blog post without knowing what I said ... that would be an incredible skill.
<drakonis>
this just got weird
<MichaelRaskin>
Well, I guess also providing a recording is an option
<drakonis>
a drakonis feature is reading between the lines and filling the gaps
<samueldr>
dragon is the speech to text thing, not something weird
<drakonis>
i thought as much
<gchristensen>
it tries very hard to go from what it heard to reasonable human sentences
<samueldr>
I don't think gchristensen is blogging about dragons :)
<drakonis>
that's interesting to know
<gchristensen>
unless you get the legal or healthcare options, in which case its language model is trained on those words too
<drakonis>
ah it is paid
<MichaelRaskin>
I think Graham has paid more in sanity than in dollars to get Dragon usable for any Linux-based activity.
<gchristensen>
yes
<gchristensen>
and I declared bankruptcy and don't use it after spending more than a little bit in dollars
<MichaelRaskin>
Ouch what a pity. I assumed you sort-of-succeeded and use it for prose to give your wrists more rest
<drakonis>
yowza
<gchristensen>
nope :/
<MichaelRaskin>
Ouch
<gchristensen>
for a bit I did do prose just right in windows10 but it was a huge hassle and evidently not worht it
<gchristensen>
but it did make me wish for a FOSS thing (or even anything linux compatible) as good as OneNote
<MichaelRaskin>
From the descriptions, it looked like piping prose in real time from Windows 10 VM to arbitrary GUI text entry areas on Linux was closer to working than not.
<MichaelRaskin>
Pity
<gchristensen>
yeah so that did work, but if you made a single mistake it became very difficult to fix. Dragon is incredibly integrated in to programs and the accessibility controls of Windows programs
<drakonis>
i have never used onenote before
<drakonis>
what's the story on it?
<gchristensen>
I can't stress enough how seriously amazing it is *on Windows*
<gchristensen>
drakonis: its like a (paper) notebook: you can draw in it arbitrarly and embed a ton of rich media types etc. and move text around ... arbitrarily
<drakonis>
oh i see
<drakonis>
neat.
<gchristensen>
but also be able to type. or write notes on a touch screen and have it "OCR" it to actual text
<drakonis>
i'm not sure why libreoffice does not have an onenote clone
<ottidmes>
gchristensen: those things are why I am still working on a hybrid Win10+NixOS setup
<gchristensen>
ottidmes: really? say more
<drakonis>
i cannot reasonably suggest orgmode over it because you cannot embed rich media
<drakonis>
not to the same degree at least
<drakonis>
no arbitrary rich media
<MichaelRaskin>
I think Xournal is good at emulating paper notebook; recognising handwriting is of course dataset-bound nowadays, so that is missing
<gchristensen>
yeah, exactly, orgmode is pretty impressive but this is like if orgmode was combined with TempleOS's support for embedding pictures / bitmaps right in to the source file, etc.
<gchristensen>
xournal is pretty good
<samueldr>
MichaelRaskin: thoughts no Xournal++? (or are you now using Xournal?)
<samueldr>
are you not using**
<MichaelRaskin>
I use neither
<MichaelRaskin>
I am very much a text-first-rest-is-second-class person
<ottidmes>
gchristensen: My limitation is having only one GPU, otherwise it can be simpler, but with the limitation of one GPU, I am going for Win10 native and NixOS in a VM, where I forward X to an X server running in Win10, I am still experimenting how to get the smoothest experience, but others have been successful with this setup and I my initial experiments where hopeful
<drakonis>
evernote seems to be interesting?
<gchristensen>
oh that is cool, ottidmes
<drakonis>
but it still doesnt replace onenote
<gchristensen>
yeah
<gchristensen>
maybe I will try it again. I still have my VM :)
<MichaelRaskin>
Back when I was using Windows, I was running coLinux (that was long ago) and an Xvnc (I think TightVNC server) and then connected with a Windows VNC client
<drakonis>
i'm still waiting for microsoft to raise their office 365 support for linux
<MichaelRaskin>
So far they broke Skype on Chromium@Linux
<ottidmes>
gchristensen: also working on my own note taking app :P the language is as good as complete, first plan to integrate it in vscode (just as text) and later as a WYSIWYG editor in the web allowing rich text elements. Had those things working already for older versions of the project, but redid the language, so I have to redo them
<gchristensen>
nice
<drakonis>
ottidmes: amazing.
<drakonis>
i'll take ten
<ottidmes>
I want to use it as a personal knowledge base, cause now my notes and thoughts are too fragmented, and I don't document enough, so I have been in situations where I am researching the same thing again, cause I forgot what I exactly did months ago
<MichaelRaskin>
From time to time it is annoying to find something, even though it is known to be saved as a txt somewhere…
<drakonis>
i'll definitely take twenty of those, i got people who'd use it
<ottidmes>
Yep, that is one of the problems I am trying to address, I am using multiple databases for it, to make the notes easier to query for
<ottidmes>
I like tiddlywiki's style of linking and opening them
<MichaelRaskin>
I am OK with finding things I have written some time ago… Finding things that were auto-saved is more complicated.
evertedsphere has quit [Remote host closed the connection]
<srk>
__monty__: neuron looks cool, thanks for the tip! I'm currently using a combination of plain-text files sorted in folders, recently tried Gitit but the only difference after a while is that files end with .page and can be linked (which is too tedious to manage anyway)
<srk>
hm, now I remember I have Vimwiki instance somewhere as well
<samueldr>
What is a man? A miserable little pile of note taking attempts.
<samueldr>
I search for 2020-03, I get 2020-02 in the results
<gchristensen>
heh
<samueldr>
that's because it searches in UTC, but renders in my timezone
<gchristensen>
of course!
<ottidmes>
Is there a way to get SSH to just disconnect, rather than having it hang on connection error or having it report a client_loop: send disconnect: Broken pipe message?
<samueldr>
maybe what you want it: [enter]~.
<MichaelRaskin>
I think hanging means it is not sure the connection is beyond recovery
<MichaelRaskin>
And yes, ~. helps
<__monty__>
I think you can shorten the timeout.
<ottidmes>
What is ~. ?
<samueldr>
the "enter" in front is because IIRC that to be used as an escape by ssh, it needs to be "on a new line"
<samueldr>
ottidmes: man ssh, search for ESCAPE CHARACTERS
<samueldr>
ah, as described, always followed by a newline
<samueldr>
uh, following a newline*
<ottidmes>
So that would allow me a disconnect even it "hangs", right?
<samueldr>
that's what I use it for
<ottidmes>
I wonder how many people also added what I added to my poweroff/reboot, namely a confirmation message whether I am sure I want to do that action on that particular host, I rebooted my desktop one too many times by accident :P
<srk>
I have poweroff = true
<srk>
after multiple mishaps due to not having powertop installed
<MichaelRaskin>
On my laptop various hardware-configuration requests (poweroff, brightness, etc.) require authorisation in form of presence check (force-switch to another VT, confirmation request there)
<samueldr>
the chromeos EC serial interface completes incomplete commands on its CLI, so to reduce risks when rebooting it, I instead "reboo" it :)
<samueldr>
(EC: embedded controller, the thing that controls the main CPU and interfaces some hardware bits)
<ottidmes>
For me its mostly clicking the wrong terminal, i.e. not the one that I am ssh'ed in the remote machine
<cole-h>
MichaelRaskin: I remember you mentioning that before -- is there any code somewhere I can peek at? Sounds interesting.
<ottidmes>
MichaelRaskin: thats nice, having to switch gives you a bit more time to realize you might have made a mistake
<MichaelRaskin>
No, it's a force switch, but yeah, that level of forcing does make notice
<ottidmes>
In my case its just a question I can confirm with y/Y/<ENTER>/<SPACE>, so still quite easy to confirm to easily, but just the question being there seems to be enough, cause I always check the host when asked, so, so far I haven't made a mistake again
<ottidmes>
Why don't UEFI just sort their damn boot lists, seems to be random all the time, even if it is random, would have preferred it being sorted alphabetically
<srk>
just avoid UEFI more thoroughly
<drakonis>
a common lisp daemon, neat.
<aleph->
Hmm?
<drakonis>
see lang-os
<MichaelRaskin>
gchristensen: if I was fighting Dragon integration, I would probably do something like that: on a signal — foot pedal? — you get to the Windows VM, let Dragon drive a Wordpad window to enter the text, then at some point the data from the window gets yanked and fed into whatever was waiting for it on the other side. Kind of «It's All Text!»/«Textern» style https://addons.mozilla.org/en-US/firefox/addon/textern/?s
<gchristensen>
that is a nice idea
<MichaelRaskin>
I have a chronic trouble distinguishing nice ideas and common sense, apparently
<gchristensen>
:P
<cole-h>
I love Iosevka as a font. But I really hate how it uses node. Every time I rebuild it, it takes like 5 minutes and my load average goes to 6
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-chat
<MichaelRaskin>
I like LibreOffice as an attempt at a friendly implementation of a harmful and misguided but unfortunately entrenched concept… waitm that didn't go well
<gchristensen>
lol
<cole-h>
🤔
<cole-h>
Cool, I just logged in to teamviewer to delete my account (because I just got an email from them reminding me I had one from back in the day)
<cole-h>
And I get a "confirmation" emaill in... wait for it...
<cole-h>
Chinese.
<cole-h>
?????
<cole-h>
I ran nixpkgs-review on one package, and now I'm rebuilding ghc865 🙃
<gchristensen>
anyone want to see a starfish walk?
<worldofpeace>
nature is more fashion than fashion
<cransom>
that might have made me want to scratch myself uncontrollably
<gchristensen>
hehe
<cole-h>
Cool but unnerving at the same time
<drakonis>
life is strange.
<ashkitten>
*wow* that was unsettling... i just put my sim card into a different phone to test a thing, and during the initial google setup thing it automatically filled in my email address...
<samueldr>
convenience is kinda inconvenient
<samueldr>
though I totally understand the user experience point
<samueldr>
there are some people that don't know their e-mail address, and they end up creating one new e-mail address per phone change :|
<samueldr>
(now, that doesn't solve the *password* problem for that e-mail address)
<MichaelRaskin>
It uses some (reasonably small, but on some plan structures that's inconvenient) amount of cellular data without user permission, though
<samueldr>
eek, you're right
<ashkitten>
i assume it got that info by talking to my carrier, which is google fi
<samueldr>
oh
<samueldr>
I guess it wouldn't on other carriers
<samueldr>
that kinda makes more sense on fi
<MichaelRaskin>
For the record, I have observed factory reset of Android (non-Pixel) phones with Google services on non-Google-affiliated networks consume cellular data without permission
<samueldr>
that wouldn't surprise me either
<samueldr>
got to ping the mothership for FRC
<ashkitten>
but does it automatically fill in your email address :p
<samueldr>
uh, maybe not FRC, but that thing that locks the device if it's reported stolen
<samueldr>
and as it's developed in silly con valley, they can't see farther than their nose and realise that not all of the world is bathed in unlimited data plans
<samueldr>
or even limited data plans
<samueldr>
or even data at all!
<MichaelRaskin>
Actually, _not_ having data (or not having a SIM) works better
ixxie has quit [Remote host closed the connection]
<samueldr>
andi-: (sub ircing that tweet) that wouldn't help them in keeping you vendor locked-in
<andi->
samueldr: I did remove that part of the tweet ;)
<andi->
I am getting too negative again... I am trying to see not everything as super evil... It is a challenge
<samueldr>
it's not _evil_, it simply fits the narrative of keeping users on-board, and is an industry standard
<samueldr>
(though it's bad)
<andi->
Call me naive but bad is evil if it is intentional ;)
<cole-h>
samueldr: FRP -- Factory Reset Protection, I believe
<samueldr>
that is your judgement from your set of ethics :)
<samueldr>
cole-h: yes, that
<samueldr>
(though I agree with your ethics on that)
<andi->
I actually hope they had good reasons for not including that... Not sure what open redirect platforms are good for these days.. After all anyone can have a free redirect through them.. Arguably the meta refresh redirect hack isn't much better.
<gchristensen>
andi-: this is the same reason I won't use mastodon until it is trivial to run it on my own domain :/
<samueldr>
same, I find it's almost surprising in federated systems not to allow delegating like OpenID did
<samueldr>
or through other systems
<gchristensen>
yeah
<samueldr>
e.g. a TXT DNS stating where to go
<gchristensen>
sure
<gchristensen>
or an SRV :)
<samueldr>
oh right, SRV
<samueldr>
OpenID was a great one, a simple <meta /> in your html page, so even e.g. https://some.domain/~unprivileged/ could be used as an identity
<gchristensen>
that is cool
<samueldr>
you could send that meta to *any* other URL that supported OpenID
<samueldr>
so I always logged-on using my identity, changed backend three times, never changed any site
<gchristensen>
oh cool :D
<samueldr>
or, to rephrase, the sites using that identity never had to bother knowing about it
<samueldr>
but alas, it seems OpenID is dead :(
<gchristensen>
iirc there is a protocol for identities that mastodon uses, but I also think it requires active machinery in the backend
<ashkitten>
what's the thing the nix store uses to make itself readonly?
<gchristensen>
bind mounts I think
<samueldr>
it really doesn't make itself readonly, but rather, it re-mounts read/write in the sandbox only for relevant parts, I think
<samueldr>
(but same end-result)
<andi->
samueldr: ha, you would think so! Just today on some debian ML they are discussing moving to GitLab as their single source of truth for authentication (if I got it right by reading two of the many mails)
<samueldr>
:|
<gchristensen>
I was wanting to pitch LDAP for the nixos infra, but then flokli suggested vault
<andi->
Well actually OIDC which has a familiar name but a completly enterprised standard
<samueldr>
what's the catch with Vault?
<gchristensen>
I dunno how it'd work :P
<andi->
I think LDAP that is used with bind authentication is the wrong approach.. I do not like "guessing" if I can use some credentials somewhere and pass them through many different servers.. If you only do that for pub keys or as user database it is probably okay.
<samueldr>
is vault truly open source or is it one of those projects where it's only partly open?
<samueldr>
thinking about the way the site shows Open Source and Enterprise as being distinct
<joepie91>
ashkitten: I had that failure mode with a chinaphone once as well
<joepie91>
it just suddenly... didn't do anything anymore
<joepie91>
no charging, no powering on
<andi->
gchristensen: yeah! See no excuse for status.nixos.org not to have v6 ;)
<julm>
andi-: it says here that sending the password plaintext over TLS "is more secure than having the directory server store the password in clear text or in a reversible encryption scheme."
<joepie91>
'chinaphone [...] as well' was meant to indicate that the failure also occurred with a thing that was a chinaphone, not that samsung stuff is also a chinaphone :P
<samueldr>
samsung korean
<samueldr>
add 's where appropriate
<samueldr>
no, not there
<ashkitten>
sam'ssung
<MichaelRaskin>
I think a single bad connection on a critical power-related path failing is enough for full-failure symptopms?
<joepie91>
lol
<joepie91>
MichaelRaskin: I still have the thing laying around somewhere, maybe I should have a look at it again
<joepie91>
I couldn't identify anything weird under a microscope anyway
<joepie91>
and I was actually pretty surprised at the build qualityu
<joepie91>
did not expect a 50 EUR chinaphone to have a molded steel frame...
<samueldr>
my only phone that failed was the nexus 4, it suddenly got hot, turned it off, it never turned back on, even with a fresh battery, its CPU likely got the dreaded snapdragon issue where it just overheats instantly at some point
<joepie91>
or at least I think it was steel, might've been alu as well
<samueldr>
common in LG-made phones, somehow
<ashkitten>
the galaxy s6 active has really good build quality at least as far as i can tell
<ashkitten>
it's strange to me that a water resistant, dustproof phone that can survive being dropped so many times would suddenly die in a sweatshirt pocket
<joepie91>
lol
<joepie91>
ashkitten: in fairness, nowhere did it say it was sweatshirtproof
<joepie91>
:P
<ashkitten>
it's also interesting that it died when it did, when i was getting a blood test done with an active mri machine in the adjacent room... but i don't think the mri machine is actually at fault, it's just a funny coincidence
<joepie91>
isn't there literally a sign on the MRI rooms saying that you're not allowed to take phones in though
<ashkitten>
i was not in the room with the machine
<ashkitten>
i was about as far away from the machine as anyone else, and i didn't see anyone else complain that their phone suddenly died :p
<joepie91>
right, but "some weird leakage screwed your phone" seems more plausible to me than "of all moments in the existence of the universe, it chose that moment to die" at this point :P
<joepie91>
well the failure doesn't need to be deterministic to be caused by the MRI!
<joepie91>
like, I'm not saying that it certainly ways
<joepie91>
was*
<joepie91>
but it seems at least plausible to me :P
<ashkitten>
i think it's likely just a coincidence, but it's at least plausible that it's correlated
<ashkitten>
again, it would not have been just me that had issues
<samueldr>
other people with the same model phone?
<samueldr>
could be sensitive, like one iphone model was to I don't remember what
<gchristensen>
you can't really, because it depends upon using plain TCP to see if the host is up. I'd love to replace the "is it up?" mechanism with an SSH check, but I'd want to ping aszlig to see what he thinks about that
<gchristensen>
very unfortunately
<cole-h>
"My dog ate too much antimatter, now he is doing 'meow!'"
<cole-h>
Nice
<lovesegfault>
gchristensen: Would using sshuttle work around that?
<__monty__>
Dammit you guys, it's 2 in the morning. The last thing I needed was a cookie clicker! >: O
<drakonis>
i got you even more of those
<gchristensen>
what would that do?
<gchristensen>
(it might)
<lovesegfault>
gchristensen: it fakes a vpn with ssh, basically
<drakonis>
see also NGU idle for even more wacky mechanics
<gchristensen>
yup thatd work
<drakonis>
or just play factorio instead
<drakonis>
there's three dozen factorio clicker clones but they're all terrible
<lovesegfault>
gchristensen: 🚀
<drakonis>
i had stuff to do today, then i found out about unscaled incremental