gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
<drakonis> nix#3378
<{^_^}> https://github.com/NixOS/nix/issues/3378 (by edolstra, 9 weeks ago, open): Support circular flake dependencies
<drakonis> soon
<MichaelRaskin> That's a different thing though
<hyperfekt> what's the usecase of that :o
<gchristensen> imagine if haskellpkgs was its own repo, and depends on nixpkgs. but nixpkgs wants to expose shellcheck as a package
<drakonis> it'll become relevant soon enough though
<MichaelRaskin> There is no problem that cannot be solved by a larger git monorepo, except the problem of completely unnaceptably huge repo, which I guess could be solved by using a VCS supporting subtree checkouts
<MichaelRaskin> (and clones)
<drakonis> oof that graph
<drakonis> the question is
<drakonis> how did we get here
<gchristensen> graph?
<drakonis> the dependency graph
<drakonis> see pie's message
<gchristensen> lol!
<hexa-> LOIC
Emantor has quit [Quit: ZNC - http://znc.in]
Emantor has joined #nixos-chat
waleee-cl has quit [Quit: Connection closed for inactivity]
slack1256 has joined #nixos-chat
slack1256 has quit [Remote host closed the connection]
<samueldr> anyone up to be somewhat pedantic and help me find out if and where I'm wrong? https://github.com/NixOS/mobile-nixos/pull/137/files?short_path=a808fe3#diff-a808fe3d20ff69992ffb7ded3b3e9c29
<samueldr> I'm not going to debate the security of OEM firmware and OEM code, as it is already handled by letting the user decide what they assume about it
<cole-h> All that green in the rich diff is borderline unbearable
<samueldr> nice pun, about the green border borderline being
<ldlework> anyone up for some tetris
<samueldr> what platform?
<samueldr> though I say that, not sure I'm up for it right now, but curious for further offers in the future
<cole-h> Should I take Differential Equations or Linear Algebra as a CS major?
<cole-h> Just got emailed that I'm getting dropped from my "Intro to Linear Algebra Course" and they redirected me to "Applied Linear Algebra" because it's recommended for engineering students
<ldlework> samueldr: jstris
<samueldr> hm, no hold
<samueldr> oh, no, there _is_ hold
<samueldr> nice
<samueldr> I guess if I put a controller and some bindings it would do well
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixos-chat
<cole-h> Holy crap I just about had a panic attack. Somehow, the ovmf for my VM got screwed, so it would just hang on a black screen
<cole-h> ovmf-git from AUR fixed it (after symlinking it to where it was expected)
<cole-h> I can't wait to switch to NixOS after this semester is over
cole-h has quit [Client Quit]
endformationage has quit [Quit: WeeChat 2.6]
<ashkitten> > Due to the May Day holiday, the device assembly and packaging is now scheduled to start 4th of May so we should have first devices from this batch ready to ship end of next week, if they pass QC. We are making 3000 Cosmos in this run and there will be ample devices to satisfy all remaining backers - about 240 devices.
<{^_^}> error: syntax error, unexpected ',', expecting ')', at (string):308:27
<ashkitten> {^_^}++
<{^_^}> {^_^}'s karma got increased to 191
<ashkitten> samueldr: ^!
<samueldr> nice
<samueldr> not exactly related, but might help, ordered a mediatek device to look into the whole mediatek situation
<ashkitten> that's good
<ashkitten> hopefully this means i'll have the cosmo to start work soonish
<ashkitten> though they haven't even released official debian for it lol
<ar> and i wouldn't be surprised if they will never release another android update for it
<samueldr> an upwhat?
<ashkitten> ar: why?
<samueldr> this kind of arm, with a phone holder clip, can be nice if you have a place to attach it like a monitor stand https://www.ebay.ca/itm/for-Camera-DSLR-11-Inch-Magic-Arm-Super-Clamp-Crab-Plier-Clip-Articulating/133019958442
<ar> ashkitten: they aren't exactly known for being good with updates
<ashkitten> shrug
<samueldr> pretty sturdy... like... unreasonable force it's not the arm that's budging but the clip with the screw that's slipping here
<ashkitten> i haven't seen much but it seemed like they've been pushing out updates pretty regularly from the blog posts
<ar> samueldr: >Max. Load: up to 2kg; - so, good for EVIL and a small-to-medium lens even
<samueldr> I wouldn't know if it can be trusted with expensive stuff, but for trivial it looks just fine
<samueldr> for expensive you can find the design this was copied from instead :)
<ashkitten> reminds me, i'm getting a mic arm and shock mount soon, excited
drakonis has quit [Quit: WeeChat 2.8]
<sphalerite> wow, so I tried writing a polkit rule, and as soon as I tested it, polkit segfaulted
<sphalerite> A) wow such quality software
<sphalerite> B) clearly I'm a really powerful hacker
<sphalerite> joepie91: ^ another 10-minute-test failure
parsley936 has joined #nixos-chat
<MichaelRaskin> sphalerite: (B) but no interaction with polkit can demonstrate it because (A)
ixxie has joined #nixos-chat
<sphalerite> MichaelRaskin: ha, true I guess
<sphalerite> (turns out that `polkit.log` really doesn't like being passed things that aren't strings)
__monty__ has joined #nixos-chat
lopsided98 has quit [Quit: No Ping reply in 180 seconds.]
lopsided98 has joined #nixos-chat
<joepie91> sphalerite: heh, nice :D
<joepie91> (or well, not so nice)
makefu has joined #nixos-chat
<eyJhb> MichaelRaskin: have you published your jail configs?
waleee-cl has joined #nixos-chat
Jackneill has quit [Remote host closed the connection]
Jackneill has joined #nixos-chat
ldlework has quit [Remote host closed the connection]
ldlework has joined #nixos-chat
<MichaelRaskin> eyJhb: yes, but as Common Lisp code generating them.
ixxie has quit [Ping timeout: 240 seconds]
dadada_ has joined #nixos-chat
pie_[bnc] is now known as pie_
<eyJhb> MichaelRaskin: cannot find any mention on jail, using githubs search
<MichaelRaskin> It is GitHub search, not grep!
<MichaelRaskin> Look for nsjail and unshare
<gchristensen> I am confused. this box of mine does not have a mounted /boot, but does use ZFS as /
<qyliss> Maybe you mounted boot at install time but it somehow got lost later and hasn't been mounted post-boot or updated since?
<qyliss> I've had that happen before
<viric> how did that thing end of mandelbulber and opencv?
<gchristensen> qyliss: in that case at boot time it would be using some arbitrarily old profile at every boot, and then updated when I deploy next, yeah?
<gchristensen> good thing I have literally never deleted a system profile from this box.
<MichaelRaskin> Is all this even UEFI or BIOS-style?
<gchristensen> bios
<viric> Error: OpenCL context cannot be created!
<viric> how does the path to opengl work nowadays? It was LD_LIBRARY_PATH in the past
<srk> /run/opengl-driver ?
<viric> but how dlopen goes exactly there
<viric> where is it written to check there
<srk> no idea tbh
<clever> i think the opengl is patched to look there
<viric> Ah ok
<viric> and so is opencl?
<clever> maybe
<MichaelRaskin> gchristensen: I also see some indications that GRUB2 might be able to read ZFS in some cases?
<viric> I'll check
<clever> MichaelRaskin: grub can read zfs, but i find it very unreliable
<clever> MichaelRaskin: somehow, it can boot just fine, but it cant do a directory listing
<clever> MichaelRaskin: so you have zero way to debug, when things do go wrong
<srk> and you need copyKernels
<clever> yeah
<clever> it cant traverse a directory with too many files
<srk> otherwise it can reach path limit and fail trying to find things in /nix/store
<clever> so /nix/store borks it
<clever> copyKernels, or having store and boot on seperate datasets, will force it to copy
* srk learned that the hard way running hydra on zfs with grub :D
<gchristensen> I am getting the impression I am astoundingly lucky
<MichaelRaskin> clever: you shouldn't debug, you should wipe and redeploy!
<viric> it looks like opencl fails to find a cl.cfg file
<clever> MichaelRaskin: and if it doesnt boot on the first attempt? :P
<clever> MichaelRaskin: then you need some debug!
<MichaelRaskin> Nah, just bruteforce to find a working installer version
<aanderse> etu: thanks I'll check out (again!)
<viric> opencl-info only lists the cpu device. grmbl.
<emily> etu: thanks for the post!
<viric> aaaaah I was including intel-ocl (CPU) and not intel-runtime-something (GPU)
<viric> now that's a huge difference
<emily> etu: couldn't those options be set at mount time to get nixos-generate-config to pick them up?
<etu> emily: I tried that when I was working on it. Sadly not.
<etu> emily: generate config didn't pick it up
NinjaTrappeur has joined #nixos-chat
<emily> aw, sad
<emily> etu: wait, your /home is a tmpfs? these posts just keep getting weirder :p
<etu> emily: :D
<emily> "yeah, it's kind of inconvenient but I actually make sure to reset my personality on each boot so that I don't have to remember anything"
<joepie91> for anyone who has some time to kill, have a weird Dutch TV show: https://youtu.be/V68jYjP5w8Q?t=399
<joepie91> translation nor explanation necessary :P
<etu> emily: Got to live up to the "corner cases as a service" reputation ;)
aranea has joined #nixos-chat
<__monty__> joepie91: Basically best export NL has ever had : D
<joepie91> lol
<etu> emily: I have one laptop that has no persistence for /home and RO network manager settings, it's a "guest laptop" :)
<emily> people who say they believe in stateless systems but then talk about personal growth 😒
<MichaelRaskin> __monty__: but Nix!
<joepie91> __monty__: Wie Is De Mol is also quite good (though technically originally Flemish, AFAIK the Dutch version is what people watch internationally with subtitles)
<__monty__> We've produced many popular formats.
<__monty__> MichaelRaskin: I rather look at that as an international cooperation.
<joepie91> __monty__: I still want a proper continuation of Basta
<joepie91> er wait, it was called that right
<joepie91> yep it was
<joepie91> the Dutch remake wasn't quite the same
<MichaelRaskin> __monty__: Specifically of Nix, it might still be a Dutch export with some imported parts used! Nixpkgs and pre-module-system NixOS were like that originally but that is indeed no longer true of them
<__monty__> MichaelRaskin: Any academic project is by definition an international product imo.
<joepie91> __monty__: the Dutch remake is https://nl.wikipedia.org/wiki/Rambam_(televisieprogramma) but it's all just a little bit more calm and polite
<__monty__> Science doesn't do boundaries.
<joepie91> less "ludiek"
<__monty__> joepie91: Never really watched that. But yeah, Neveneffecten is great.
<adisbladis> emily: Us tmpfs / & /home peeps do have persistent stuff in $HOME, but persistence is opt-in
<joepie91> __monty__: I mean, it's worth a watch, but it doesn't *quite* have the hilarious impact that Basta does :P
<MichaelRaskin> __monty__: not really
<MichaelRaskin> I mean, no more than modern supply chains in general
<emily> adisbladis: yeah, I figured
<emily> adisbladis: still seems a bit weird to me, automatically losing all dconf changes or similar on every boot would be annoying, and if you whitelist all the big stateful blobs like that then it hardly seems worthwhile compared to just checking what new files your homedir grew lately with snapshots or similar
<emily> but maybe I just need to drinnk the koolaid more ^^
<adisbladis> emily: The usability really depends on how much buy-in you do and how much you DE/WM expects to poop out state
<emily> yeah
<adisbladis> I couldn't imagine using KDE on this setup :P
<adisbladis> For example
<emily> but comparatively, if you have a cooperative setup, then nothing is really writing to $HOME unexpectedly in the first place right?
dadada_ has quit [Quit: ZNC 1.7.5 - https://znc.in]
<adisbladis> emily: A lot of stuff still does
<adisbladis> GTK/Gnome software happily mutates dconf (as you mentioned), Xauthority
<qyliss> Surprisingly little insists on it if it's -w though
<adisbladis> .local is full of crap
<MichaelRaskin> I am using single-use cloned Firefox profiles, and find that convenient. It doesn't mean Firefox doesn't try writing there
<etu> emily: Then you have to run a kde program. And have small files added everywhere
<adisbladis> But for sure, you're pretty much required to go "full declarative"
<adisbladis> Btw, home-manager has module(s) for dconf
<etu> adisbladis: "full crazy", "special ❄️" and a corner case as a service ;)
<MichaelRaskin> I am pretty sure I could have tmpfs /home and just the same symlinks to ~/src/rc as I have now
<MichaelRaskin> So full declarative is probably not required
<adisbladis> =)
<adisbladis> It helps that I don't really leave emacs all that much
<MichaelRaskin> I can't do that, I need a text editor
<adisbladis> Funny, never heard that one before
<emily> adisbladis: my current approach has been trying to track $HOME with git instead to give me some visibility on what files I want there vs. don't, but it's for sure a mess
<emily> I have dconf backed by a text database, turns out you can actually make it do that
<MichaelRaskin> And of «hitting three-key chords in a sequence» and «keeping track of what is in what state» only one is my core skill
<MichaelRaskin> So, Vim and not Emacs
<etu> MichaelRaskin: evil mode? :)
<neeasade> etu: emacs makes a better vim than vim
<etu> neeasade: I'm fine with Emacs keybinds though :)
<neeasade> I'm glad it works for you
<adisbladis> Btw, anyone in here who has some experience with `doas`?
<adisbladis> I feel pretty excited about https://github.com/NixOS/nixpkgs/pull/86488 but I don't know how to review it properly
<MichaelRaskin> etu: I also want a script infrastructure with lexical scoping by default
<{^_^}> #86488 (by cole-h, 20 hours ago, open): [WIP] nixos/doas: init
<neeasade> my best friend is a vanilla emacs user and it's really fun to compare bindings (evil here)
cdepillabout has joined #nixos-chat
<MichaelRaskin> So I edit Common Lisp in Vim
dadada_ has joined #nixos-chat
<emily> adisbladis: I'm tempted to switch considering the volume of sudo CVEs
<adisbladis> emily: Me too :)
<emily> unfortunately I was also planning to write a sudo plugin at some point, so I'm conflicted
<adisbladis> And the fact that I get sudo to segfault pretty consistently when running inside NixOS tests (in certain conditions)
<emily> (wanted remote U2F/FIDO-based sudo; ssh agent forwarding doesn't give enough information to let you see what command you're approving etc.)
<adisbladis> I was trying to write a test for ssh agent auth + sudo
<adisbladis> Nah, the payload you're signing is not very informative
<adisbladis> emily: I have a plan for how to fix that though, just didn't get around to it yet
<emily> you may be interested in (or have already seen) https://github.com/StanfordSNR/guardian-agent
<adisbladis> Oh wow
<adisbladis> That's pretty close to what I was considering
<adisbladis> Cool
<emily> I never got around to trying it sufficiently to determine if it'd work with my usecase (I need it to be backed by a real ssh-agent because I use a yubikey)
<qyliss> At least one Linux port of doas has introduced a number of its own vulnerabilities, fwiw
<adisbladis> I had a demo a few years back, but that disappeared after the organisation I had it under was acquired
<qyliss> And IIRC the maintainer did not respond well to them
<adisbladis> emily: My thing was acting as a proxy forwarding to a "real" agent
<adisbladis> For similar reasons
<emily> looks like we use one maintained by a void developer
<qyliss> I think that was the good one
<emily> which is neither of the ones that showed up from a quick google
<qyliss> IIRC it was him that found the vulns in the other one
<evelyn> what's the point in saying you are not using gpg-agent? that surely just means you're not using gpg
<evelyn> at this point 1.4 is almost entirely unmaintained and has sevveral well-documented issues they just won't fix
<evelyn> like the thing with the massivve signature ovverload (the fix they applied to 2.x was also stupid but it was something)
<emily> evelyn: adisbladis means replacing gpg-agent for ssh use
<adisbladis> evelyn: gpg agent sucks for SSH
<adisbladis> For one it can only use the pgp slot on my yubikey
<emily> adisbladis: FWIW I now use ssh-agent with native U2F/FIDO2 keys for most things, it's great
<adisbladis> So I can only have on key
<emily> I still have a gpg-agent around for GitHub and other legacy servers though
<evelyn> agreed!
<adisbladis> s/on/one/
<emily> but I want to get rid of it
<emily> adisbladis: fwiw yubikeys support ed25519 over openpgp protocol but not pkcs#11, so it has an advantage there
<emily> (though their ed25519 is also a little slower than their p256 I think)
<emily> if you want a pkcs#11 ssh agent, this is probably the thing to watch: https://github.com/FiloSottile/yubikey-agent
<evelyn> which ones? I have a yubikey 4 I think and it doesn't do ed25519, just p256
<qyliss> Starting with Yubikey 5
<emily> it looked like it only supported RSA last I checked though
<qyliss> It was the big new feature (at least to me)
<emily> it wasn't yubikey 5
<emily> they just started silently shipping it after a firmware update
<emily> and also still haven't updated the website
<emily> I checked on Twitter and then bought new keys
cjpbirkbeck has joined #nixos-chat
<adisbladis> emily: A lot has happened around openssh since I was actively hacking on this stuff
<adisbladis> :)
<emily> yeah, the new stuff is fancy
<emily> just wish -sk key support would propagate to third-party servers quicker
<emily> iirc the Go stdlib supports them now
<adisbladis> I have yet to figure out a decent ssh solution on android though
<adisbladis> Maybe I should just go full nix-on-droid and ignore android applications
cole-h has joined #nixos-chat
<emily> there is https://github.com/DDoSolitary/OkcAgent, doesn't support fido keys though
<evelyn> on android there is juicessh but it's not OSS
<adisbladis> evelyn: Also it can't speak the agent protocol
<evelyn> on apple we havve ish.app ;)
<evelyn> (it is nothing short of astonishing: https://ish.app/)
<emily> I still don't understand why that emulates x86
dadada_ has quit [Quit: ZNC 1.7.5 - https://znc.in]
ajs124 has joined #nixos-chat
cdepillabout has quit [Quit: Leaving]
ixxie has joined #nixos-chat
<infinisil> Nice, I set up my mail such that by default, all *@infinisil.com go to a Services mailbox, while only stuff to contact@infinisil.com lands in the inbox
<infinisil> With a dovecot sieve script
<cole-h> Nice
<cole-h> Recently, I learned that 0.99999999... and 1 are the exact same number and it blew my mind.
<infinisil> > mind = "blown"
<{^_^}> mind defined
<LnL> you mean like 0.1 + 0.2?
<emily> cole-h: because 1/3 = 0.333... and 3 × 1/3 = 1 :)
<cole-h> emily: Yep, that's exactly what made it click
<cole-h> I had never really thought about it before. I always figured that 0.999999999... == 1 by virtue of rounding. But then I came across this comment on Reddit: https://www.reddit.com/r/explainlikeimfive/comments/g99rw0/eli5_how_do_we_know_some_numbers_like_pi_are/fot2cl4/
<__monty__> I like the x2 - 1 way better.
<__monty__> But I've also heard it doesn't really constitute a rigorous proof.
slack1256 has joined #nixos-chat
<sphalerite> emily: "It's like there's a demon in there that makes sure my code is sufficiently deformed, and if not, makes up stupid reasons why it shouldn't compile."
ajs124 has quit [Quit: killed]
das_j has quit [Quit: killed]
ajs124 has joined #nixos-chat
das_j has joined #nixos-chat
mynick has joined #nixos-chat
mynick has quit [Client Quit]
mynick has joined #nixos-chat
mynick has quit [Client Quit]
dadada_ has joined #nixos-chat
slack1256 has quit [Ping timeout: 265 seconds]
<srk> lxbios/hp-lxbios-3.1-1.i386.rpm
<srk> lxbios/hp-lxbios-mod-3.1-1_2.6.18.238.el5.src.rpm
<srk> this is gonna be fun
<cole-h> What're you doing?
<srk> z420 needs bios update
<srk> that was dled from hp website :)
<srk> there's also DOS Flash/DOSFlash.exe
<srk> :D
* srk needs more cores
endformationage has joined #nixos-chat
<sphalerite> so I'd like to do something with a D-Bus API, and… sure, it's all wonderfully introspectable, but how do I go from something providing a service via D-Bus to actually using that service? I feel like d-feet is the closest I have to something that really addresses my need, but that also doesn't run in a terminal so I can't use it on this headless machine where I actualyl want to use the
<sphalerite> services
<sphalerite> is anyone familiar with developing d-bus related software and can maybe enlighten me a bit?
<ldlework> playing tetris with friends here, https://jstris.jezevec10.com/join/E29UPA
drakonis has joined #nixos-chat
<emily> sphalerite: if the question is just "how do I use it in a bash script", I think the answer is probably "use Python or something instead" to some degree
<emily> (not that I have tons of dbus experience, but I never saw anything great CLI-wise, whereas the scripting language bindings seem reasonable)
<emily> heh, apparently the "canonical" Python dbus binding is basically deprecated and they tell you to just use glib's via gobject-introspection...
<emily> pydbus seems nice convenience-wise though
slack1256 has joined #nixos-chat
slack1256 has quit [Ping timeout: 272 seconds]
__monty__ has quit [Quit: leaving]
<eyJhb> Feels great finally getting gVisor+multiple networks+generally networking to work in my setup. What wonders time can do!
<danderson> wheee, nixos laptop
<danderson> need to get it into shape and usable now
<cole-h> Oh no
parsley9366 has joined #nixos-chat
parsley936 has quit [Ping timeout: 246 seconds]
parsley9366 has quit [Remote host closed the connection]
<cole-h> Hahaha
<ldlework> cole-h: you wanna play some Go?
<ldlework> oh right, two weeks
parsley936 has joined #nixos-chat
<sphalerite> emily: hm, using it isn't so much the problem — I think I can actually manage what I want to do with the gdbus tool from a bash script — the problem is discovering the API that I actually want to use
<emily> sphalerite: ah, I see -- I misunderstood what you were saying about d-feet
<emily> there's always xpra at least :p
<drakonis> some things are relevant to us
<gchristensen> "don't reinforce the frame" :(
<gchristensen> hexa-: hey can you join #nixos-borg to talk about loki a bit? :)
<gchristensen> "The new image is considerably bigger than the old one (12 MB vs. 5.7 MB)"
<cole-h> Hmmmm
<gchristensen> (netboot images)
<cole-h> Hmmmmmmmmmm
<gchristensen> hmmmmmmmmm ramdisk_size