gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
<adisbladis> andi-: A couple of us met him at camp last year
<adisbladis> He's a really nice guy
<andi-> yeah
<andi-> I think he means well
parsley936 has quit [Remote host closed the connection]
<emily> so does anyone have ideas for ways to create a prepopulated zfs filesystem from within a nix derivation that are less heavyweight/awful than "just use qemu"
<emily> I guess this is what libguestfs is for, but I don't know if the libvirt machinery will even work in the Nix sandbox
<emily> I wonder if zfs works with user mode linux x_x
drakonis has quit [Quit: WeeChat 2.8]
<elvishjerricco> emily: I've never looked into libguestfs before. How does it support different file systems? Does it just reimplement them? Or does it link to their fuse ports?
<emily> elvishjerricco: because it's actually just based on linux VMs in libvirt
<elvishjerricco> Regardless, looking at the faq, it *seems* like it'd work in the sandbox
<emily> it's the qemu thing but with a lot of abstraction layers
<emily> the question is more whether you can reasonably bring up libvirt and run VMs in it in the build sandbox
<elvishjerricco> emily: Hm, their man pages say it doesn't require libvirt or kvm or any of that
<emily> hm
<emily> "libguestfs works with any disk image, including ones created in VMware, KVM, qemu, VirtualBox, Xen, and many other hypervisors, and ones which you have created from scratch."
<emily> I think this is maybe just implying it supports multiple VM backends? I'm not sure
<emily> I'm pretty sure they don't have their own ZFS implementation :p
<emily> and stuff like http://libguestfs.org/virt-rescue.1.html is obviously VM-based
<emily> it may also be that there's some amount of functionality without a VM, but I doubt it'd be enough to reasonably do what I want (install NixOS to them)
<elvishjerricco> emily: Ah. Well qemu can emulate I think all of its platforms, so it doesn't require KVM. It'll just be much slower. I guess that's how they don't require and VM tech
<emily> right, I guess even just giving the build sandbox KVM would be a fuss :/
<emily> software emulation sounds kind of awful but I guess it wouldn't be too bad as long as you keep all the CPU-intensive stuff out
<elvishjerricco> emily: Don't think so. Tons of derivations in nixpkgs use kvm
<elvishjerricco> It's best to add to the meta info that it requires kvm, so nix can error on machines that don't claim to have the kvm feature
<emily> oh yeah I guess the tests stuff probably uses KVM
<emily> it would be nice if you could use systemd inside builds
<emily> maybe there should be a function from nixos configurations to builds that spawn a VM with that configuration and fish the build output from it
nckx has joined #nixos-chat
<elvishjerricco> emily: I don't think that'd be too hard. Lots of the infrastructure required for something like that seems to already exist in nixpkgs
<emily> I'd appreciate pointers! there's lots of fancy stuff in nixpkgs but it's not very discoverable...
<emily> I mean, beyond the NixOS VM tests machinery which I should look at more
<emily> but it'd a little awkward to use that directly to do base image builds
slack1256 has quit [Remote host closed the connection]
<pie_> sounds fancy, what are you up to?<emily> so does anyone have ideas for ways to create a prepopulated zfs filesystem from within a nix derivation that are less heavyweight/awful than "just use qemu"
vika_nezrimaya has quit [Ping timeout: 240 seconds]
cjpbirkbeck has quit [Quit: cjpbirkbeck]
drakonis has joined #nixos-chat
julm has quit [Remote host closed the connection]
julm has joined #nixos-chat
<ekleog> Well… wrt. my comments earlier on github and saved searches… I got nerd-sniped and did https://ekleog.github.io/yuubind/dashboard/ (my first react+bootstrap app AFAIR), that gives the UI I was hoping github would have -- if anyone else is interested I can probably try to extract it into another repository so that it's easier to reuse :)
endformationage has quit [Quit: WeeChat 2.6]
drakonis has quit [Quit: WeeChat 2.8]
<pie_> hm neat
<lovesegfault> ekleog: oh, that's nice
JJJollyjim has joined #nixos-chat
<{^_^}> jtojnar's karma got increased to 47
<lovesegfault> Oh, that is nice
<lovesegfault> jtojnar++
<{^_^}> jtojnar's karma got increased to 0x30
<ashkitten> infinisil++
<{^_^}> infinisil's karma got increased to 286
<lovesegfault> tired: Nix finding stuff in your binary cache and downloading it
<lovesegfault> wired: Nix recompiling chromium on your unplugged laptop for no reason
<ashkitten> these things happen
<ashkitten> sometimes you just gotta accidentally build firefox on yr phone
<lovesegfault> lol
<ashkitten> note: my phone cannot build firefox without suffering a thermal shutdown
<ashkitten> or in general
<JJJollyjim> i run firefox on my phone, surely that's the logical next step
<ashkitten> do you run nixos on your phone yet?
<JJJollyjim> no :P
<ashkitten> well why not?
<JJJollyjim> can't argue with that
<ashkitten> if i were JJJollyjim i would simply have nixos on my phone
<ashkitten> what a name, btw
<JJJollyjim> ugh i need a new one
<JJJollyjim> names are hard
<srk> this
<ashkitten> i like it
* srk too :D
<ashkitten> people always think their names are bad
<ashkitten> other people don't think your name is as uncool as you think it is
<JJJollyjim> is it less cool knowing that i first used it on club penguin? :P
<ashkitten> if anything that makes it cooler
<ashkitten> i'm sure acid burn from the movie hackers (1997) thought she needed a new hacker name at some point
cole-h has quit [Quit: Goodbye]
<ashkitten> i bet acid burn from hackers (1997) first used her name on club penguin
<JJJollyjim> * on club penguin (2005)
<ashkitten> that's a fact, guaranteed™
<JJJollyjim> :3
<ashkitten> i like how nobody has called me out on hackers being released in 1995
<samueldr> mods are asleep, post inaccurate movie facts
<ashkitten> did you know william shatner first starred in the movie the avengers return (1998)
<JJJollyjim> in Jurassic Park (1993), the character Lex Murphy exclaims "It's a NixOS system! I know this!" and proceeds to restart the building's access control system, locking the control room's doors
<ashkitten> that's actually a difference in the movie adaptation. in the original manga she actually realizes she needs a different version of gcc so she puts an override in her configuration.nix and gets eaten by a dinosaur while waiting for a mass rebuild. maybe they thought that was too graphic for an american audience
parsley936 has joined #nixos-chat
<eyJhb> Anyone want to test this issue (requires Docker), and validate it is like that on their own machine as well?
<{^_^}> moby/moby#40901 (by eyJhb, 5 days ago, open): Networking - container always uses Name of network
<eyJhb> Would enjoy some traction
<MichaelRaskin> On names and phone OS'es I would expect JJJollyjim to use Sailfish…
__monty__ has joined #nixos-chat
<pie_> nix nix nix
<eyJhb> Anyone knows of a web view to inspect traffic from e.g. tcpdump?
<eyJhb> Think wireshark, but a web app instead
<eyJhb> hmm - https://webshark.io/
<MichaelRaskin> This is how the plan of fully equating devops tag at Lobste.rs with Nix fails?
<gchristensen> hah
<gchristensen> I enjoyed reading in to what they're saying
<gchristensen> tags can be useful barometers: they get +'s and -'s, and you can see how interested the community is
parsley936 has quit [Remote host closed the connection]
evils has joined #nixos-chat
balsoft has joined #nixos-chat
<evils> balsoft: i used a pi with a soic8 clip to flash coreboot
ravndal has quit [Quit: WeeChat 2.8]
<evils> i made an unfortunate attempt at setting up a pi with nixos to do the flashing
<balsoft> evils: I have both an rPi and some arduinos and some arduino-like things
<balsoft> What would you recommend?
<srk> rpi :)
<srk> less trouble, tools can just use /dev/spi
<evils> whatever is supported by flashrom
<evils> srk: rpi spi support on nixos is not quite working yet i think
<srk> sure it is :) but you have to fiddle with overlays
<srk> not for long #79370
<{^_^}> https://github.com/NixOS/nixpkgs/pull/79370 (by sorki, 13 weeks ago, open): Improve device-tree overlay support
<evils> i was about to link that
<evils> i gave up trying to get it working on nixos, just to find out raspbian's documentation isn't much better xD
<srk> aah, I wasn't sure if that was you ":D
cjpbirkbeck has joined #nixos-chat
<evils> oh and flashrom on aarch64 isn't working either
<evils> raspbian has an older version, it works; i managed to build the latest on nixos, but never tested it, and there's an open PR on their repo by a nixer
<balsoft> I think I'll just use some n00b-friendly SPI programmer program for Arduino...
<balsoft> I don't really feel like playing with rpi
<srk> 5V or 3v3? :)
<balsoft> Oh shit, yes
<balsoft> So... rPi it is then :)
<evils> there's a lot of FUD around the cheap usb spi interfaces' voltages..
<evils> anyway, read multiple images of the flash to be sure you got it right, if you have that you should be able to recover from anything
<balsoft> I have a couple of backup thinkpads in case I brick this one
<evils> and after flashing coreboot you should be able to flash internally from then on
ravndal has joined #nixos-chat
<evils> and read the output of flashrom carefully, if you try to flash the entire image you get an error, and there's a relevant warning hidden in the scrollback
<evils> dunno if there's an exception to this, but you should only ever write the bios region, and can't verify the ME region (and maybe others) from the OS
neeasade has joined #nixos-chat
<evils> not sure if there's a practical next step towards packaging coreboot... having the toolchain pre-build would be nice, but i think that should be linked to a specific coreboot rev, and that needs to be mutable...
<balsoft> evils: I get i386-elf-gcc: error: src/lib/gnat/a-unccon.ads: Ada compiler not installed on this system now...
<balsoft> During make
<evils> oh right, you need a recent channel
<balsoft> I'm on master from a couple of days ago
cole-h has joined #nixos-chat
<evils> odd, i used <nixpkgs>
<evils> that is, nixpkgs-unstable
<evils> correction, there's an open issue on flashrom about aarch64, not a PR
<cole-h> Why can't I reproduce this clippy error from Travis locally?!
<cole-h> "error" means "warnings are denied and become errors"
<evils> with gnat/gcc 10 i get an ld error on making gcc-8.3.0; with `gnat` (`gnat9`) in nix-shell --pure coreboot-shell.nix (based on nixpkg master) it builds for me for a lenovo/t410
parsley936 has joined #nixos-chat
avn has quit [Ping timeout: 272 seconds]
KeiraT has quit [Ping timeout: 240 seconds]
<yorick> balsoft: flashrom on the arduino works well
<yorick> qyliss: did you manage to compile coreboot on nixpkgs?
<yorick> we fixed gnat recently
<balsoft> yorick: I've investigated that before, and the voltage is wrong on mine
<yorick> 3.3v works for my bios thingy
KeiraT has joined #nixos-chat
<balsoft> I've got 5v I think
<yorick> wait, on the pi?
<yorick> the arduino might be 5v
<sphalerite> yorick: I've got a nix-based coreboot+linux build for the gru-bob chromebook, idk if that's relevant to you https://github.com/lheckemann/coreboot-gru-bob-nix
<sphalerite> it even kind of works :p
<emily> sphalerite: thanks for the link, looks relevant to my nixos-on-pixelbook dreams
<emily> does it use depthcharge?
<emily> ah I guess it's a full linux payload
<balsoft> <yorick "the arduino might be 5v"> On the Arduino
<MichaelRaskin> You also have just read how horrible wl_roots is?
avn has joined #nixos-chat
<yorick> MichaelRaskin: is there anything better?
<gchristensen> I didn't read it but I have never been a fan of wl_roots, where's the deets?
<MichaelRaskin> That Lobste.rs article about wrapping wl_roots in unsafe Rust
<gchristensen> link?
<MichaelRaskin> Yes
<MichaelRaskin> yorick: I cannot shake the impression that Xorg
<gchristensen> cool
<cole-h> gchristensen: How was the cake?
<gchristensen> haven't had it yet :x
<cole-h> Oh
c4rc4s has joined #nixos-chat
<cole-h> zzzz why does `cargo fmt` fail in a macos GH Actions saying that it doesn't exist, yet it shows up in the `cargo --list`
<cole-h> :(
<qyliss> emily: I'm running NixOS on a Pixelbook right now
<qyliss> yorick: no I used a Debian container
<emily> just with the "usual" "enable seabios/uefi/... and run it without verification", or a fancy custom coreboot setup?
<qyliss> I built my own coreboot, and plan on porting Heads to it
<qyliss> But I only got it a week ago so haven't got _too_ far yet
<qyliss> (I've ported heads to new boards before and it's pretty straightforward)
<emily> my plan was to mirror the "stock" depthcharge setup as much as possible
<qyliss> The most immediate things I'm planning on doing are figuring out what I need from the Google kernel to make all the hardware work
<emily> though something fancier might be necessary for dualbooting chrom(ium|e)os+nixos which i was vaguely interested in
<qyliss> Because I'd like to be able to run mainline and patch as required
<emily> I believe samueldr already has a bunch of stuff wrt this
<qyliss> I have no interest in running Chromium OS, but their tech is neat
<emily> this - chromebook hw support things
<qyliss> emily: what about depthcharge interests you?
<emily> mostly just "it seemed like it'd meet my needs over having yet another linux system involved" + secure boot-style verification, no particular reason to prefer it over something like heads other than it seeming like fewer moving parts (and I guess probably being quicker)
<emily> (since otherwise with heads or similar you start a kernel once and then kexec to start one again I suppose?)
<qyliss> With Heads most of the time in boot is spent verifying the TOTP code, so speed doesn't matter too much :P
<qyliss> Yeah
<qyliss> I like running a full Linux, because it saves the initramfs step
<qyliss> I'm hoping that I can get ZFS into Heads, and then have my whole disk be ZFS
<emily> using it to replace initramfs conceptually makes sense
<qyliss> And it's still the same amount of kexec
<qyliss> I'd also like to translate Heads into a proper programming language
<qyliss> I plan on doing that script by script
<emily> well, I do like how fast the pixelbook boot is, but part of it is just "packaging depthcharge sounds a lot easier than Heads"
<emily> right now I'm just... waiting for my SuzyQable order to not be backordered any more
<emily> so I can't really do anything
<qyliss> emily: I managed to get a SuzyQ from digikey
<qyliss> Building Heads is pretty much the same as building Coreboot
<emily> could heads' totp use be replaced with u2f/fido ctap?
<qyliss> I don't know what ctap is
* emily trying to have as much yubikey and as little OTP in her life as possible...
<qyliss> But I suspect not, because remember the TOTP in Heads is the computer proving itself to you, not the other way around
<qyliss> It displays a TOTP, you compare it to one on your phone
<emily> right, ok
<emily> (CTAP is just the host<->device USB protocol part of u2f/fido2/webauthn/billion other names)
<qyliss> The point is that you can check your firmware hasn't been compromised before entering your passphrase
<emily> yeah, I misunderstood the purpose
<qyliss> It could just display a static secret, but then somebody could intercept that and create a fake firmware
<qyliss> So to get around that it uses TOTP
<emily> I mean, your phone also gets the private key though, right?
<emily> better would be to have it actually just sign some nonce with public key cryptography and show it as a QR code
<emily> then you can keep the keys on-TPM or such and only need to "tofu" the public key at setup time
<emily> (of course then you'd need a custom app to verify it)
<qyliss> Yes, that would be better.
<emily> I guess with pixelbook TPM-based protections are actually even reasonable because it's a titan thing
<qyliss> Yeah!
waleee-cl has joined #nixos-chat
<emily> my ideal setup would use my yubikey to unlock disk encryption keys etc. rather than a password... I can imagine a sufficiently smart security token that gets the signed nonce from the laptop and automatically unlocks the disk encryption keys for it in response. (though PINs get in the way of that, sadly.)
<qyliss> Heads does that
<qyliss> (using your yubikey to unlock the disk)
<qyliss> I think
<qyliss> Although I don't remember how it works
<emily> the whole FIDO2 thing of PINs being entered on the untrusted computer isn't ideal tbh
<emily> but then having a tiny keyboard on security tokens is also terrible
<emily> the ideal security token interface is probably just a phone, but then you have to trust your phone
<qyliss> And have a phone, which is undesirable for many reasons
<evelyn> requiring a phone to verify the security of your laptop is pretty bad because it depends on you being able to afford a new phone every 2-3 years
<evelyn> (in order to get security updates reliably)
<qyliss> if you get a 5 year old phone and keep it airgapped and physically secure, you don't necessarily need security updates
<qyliss> Unless scanning a QR code on the laptop screen or whatever can compromise the phone
<evelyn> I think it depends on your circumstances, but e.g. modern phones can be compromised through the mic (e.g. google assistant)
<evelyn> so it might not be enough
<qyliss> Yeah, you need to be able to disable as much of that stuff as possible
<FireFly> there's def been exploits through dodgy handling of QR codes before (though maybe not of phones), so I wouldn't be surprised tbh
<MichaelRaskin> Well, here it is QR code reading by a TOTP app
<qyliss> No, this would be a QR read by a custom app as emily described above
<emily> it would be convenient if humans could verify ed25519 signatures in their heads
<emily> their heads, i mean, not their Heads
drakonis has joined #nixos-chat
<viric> who is Heads?
<emily> (wow, no https...)
<emily> it's a linux-based bootloader coreboot payload
<emily> with TPM fanciness
<viric> screenshot of ash job control turned off. I hate job control turned off
<viric> I'm not too much into security.
<viric> these days I'm interested in decentralized software, like social networks and file sharing.
<viric> Quite a desert.
<MichaelRaskin> For file sharing — doesn't mldonkey Overnet work?
slack1256 has joined #nixos-chat
<__monty__> emily: Where would you get enough entropy for the nonce?
<emily> you could have it prompt for a nonce if you really want.
<emily> the TOTP thing is equivalent to just using the timestamp
<emily> but: the previous boot, the environment, ...
<emily> early-boot entropy is not that hard a problem to solve, and your TPM already has to deal with it
<__monty__> Is it not? I assume you can't really run much code at all?
<eyJhb> gchristensen: is it worth rolling back / on each boot?
<eyJhb> vs. the trouble
<evelyn> emily: it's a github pages site (and github pages is remarkably difficult to get to work with https)
<MichaelRaskin> eyJhb: Well, setting it up is a good way to clean up stuff, and then it is no trouble!
<evelyn> [at least when I used to have such a github pages thing]
<eyJhb> I am really considering switching to ZFS, and then doing that while
<emily> vm-test-run-acme-dns> /nix/store/shr8mc5hx0vasv92b307mzymj2b5fxxl-stdenv-linux/setup: line 1271: 3 Aborted (core dumped) LOGFILE=$out/log.xml tests='exec(os.environ["testScript"])' /nix/store/avjf5sg8bxvz3nkl4psgaakhsm1x9flq-nixos-test-driver-acme-dns/bin/nixos-test-driver
<emily> this is too cursed. get it off me
<MichaelRaskin> eyJhb: you can just use tmpfs though
<eyJhb> Then it will regenerate the files at each boot MichaelRaskin ?
<MichaelRaskin> Yes, but your / should not contain much
<MichaelRaskin> Although you need to figure out shadow in this case
<eyJhb> Seems like extra boot time, the most efficient seems like having a snapshot to rollback
<MichaelRaskin> Snapshot or no snapshot, either you figure out /etc directly in store and then the couple of mkdir/symlink calls are negligible, or you get NixOS activation enumerate /etc/ and check link targets
<emily> rollback is probably slower than making a tmpfs...
<emily> one involves disk IO
<__monty__> Doesn't populating the tmpfs involve disk IO too?
<emily> tmpfs is in RAM
<emily> so not unless it get swapped out
<MichaelRaskin> Well, you need to read the source from store
<etu> emily: Just don't create your swapfile in tmpfs :p
<MichaelRaskin> OK, now I have seen a website that gives content normally to curl, but for unknown user-agents it doesn't just close immediately, but just keeps the connection open indefinitely.
<emily> etu: that makes it faster though!
<emily> you can avoid wearing out your SSD with all those swap writes
<qyliss> evelyn: I think they just have a letsencrypt integration now
<evelyn> I could not for the life of me get it to work with a custom URL, you need to fiddle with DNS and it would not accept any changes I made
<eyJhb> Having it in nix store would be cool :p
<eyJhb> https://i.imgur.com/aQcOT1p.png Hoping it will be a little more nice with less red
<eyJhb> Might be crazy, but this is easier to look at - https://i.imgur.com/9vLvYyJ.png
<__monty__> eyJhb: You're not crazy. Blue-on-red is usually the worst combination.
<__monty__> Blue-on-red yuck!
<cole-h> My eyes
<MichaelRaskin> Meh, blue on red. Red on orange!
<eyJhb> __monty__: that is what happens when each line is a error :p
<eyJhb> Haven't put in any functions yet
<__monty__> Red-on-orange? That's not as common a combination in terminals though.
<eyJhb> THis hurts, why does IRC allow this madness?
<makefu> colors are explicitly enabled on this channel
<joepie91> eyJhb: because mIRC
<eyJhb> Who is the mad one who did this? :(
<eyJhb> Sounds right joepie91
<__monty__> eyJhb: It's lots of fun!
* eyJhb adds __monty__ to mortal enemy list
<__monty__> I don't deserve this! Do I?
<__monty__> Wow, that's the worst combination yet...
<eyJhb> :D
<evelyn> that is so excrutiating it's almost audible
<infinisil> > vom "Couldn't do this without colors!"
<{^_^}> "Couldn't do this without colors!"
<cole-h> > vom "infinisil is a heathen"
<{^_^}> "infinisil is a heathen"
<MichaelRaskin> Good thing my «less» escapes the horror instead of actually leading to colours
<eyJhb> Vom? Whyy?
<eyJhb> > vom "Something"
<{^_^}> "Something"
<eyJhb> > vom "Icecream for dinner"
<cole-h> > :v vom
<{^_^}> "Icecream for dinner"
<{^_^}> vom = str: lib.concatStrings (r (map randomColored' (lib.stringToCharacters str))) + irc.reset
<eyJhb> Perfect
<cole-h> > :v randomColored'
<{^_^}> randomColored' = str: g: let color = randomAttrValue' (builtins.removeAttrs irc.colors ["reset"]) g; in { r = "${color.r}${str}"; g = color.g; }
<cole-h> > :v irc.colors
<{^_^}> irc.colors = irc.colors is not defined
<MichaelRaskin> > irc
<{^_^}> { bcolors = <CODE>; bold = ""; codes = <CODE>; colors = <CODE>; italic = ""; reset = ""; reverse = ""; underline = ""; }
<MichaelRaskin> > irc.colors
<{^_^}> { black = <CODE>; blue = <CODE>; brown = <CODE>; cyan = <CODE>; darkgray = <CODE>; gray = <CODE>; green = <CODE>; lightblue = <CODE>; lightcyan = <CODE>; lightgreen = <CODE>; lightmagenta = <CODE>; li...
waleee-cl has quit [Quit: Connection closed for inactivity]
waleee-cl has joined #nixos-chat
<emily> qyliss: wait, how would skipping initramfs with heads work, if you want to update the kernel regularly and have encrypted rootfs? you can't persist the mounts, encryption keys, ... across kexec
<emily> and you can only avoid initramfs if you can mount root without any fanciness, so there's no space for complicated key handover schemes that I cans ee
<qyliss> oh, maybe you're right :(
__monty__ has quit [Quit: Gotta work on that WPM, zaeph.]
<samueldr> emily: my depthcharge is "not good", it's only the minimum required to boot without any security consideration
<viric> MichaelRaskin: these days of confinement and closed schools, the classroom things are shared in very centralized ways
<samueldr> I haven't looked to see if you can enroll your own keys without a custom coreboot build yet
<viric> MichaelRaskin: do you use mldonkey? Since some time ago it's crazy about its html frames
<MichaelRaskin> viric: for classrooms themselves a local BBB sounds like the level of centralisation that makes sense, no?
<viric> emily: tmpfs won't go to swap, will it'
<MichaelRaskin> No, I don't use mlDonkey nowadays.
<emily> it will. ramfs won't
<viric> MichaelRaskin: BBB is BBS?
<MichaelRaskin> No, BigBlueButton
<samueldr> though the main reason I have depthcharge support is for users of Mobile NixOS who wouldn't want to flash a custom firmware, and even then, mostly for tablet users
<viric> MichaelRaskin: anything centralized at school infrastructure would be fine. But they use commercial things. As for which, all is video publishing for the requests and video publishing to show the work. No group videoconference at the age of my child
<viric> (pre-school)
<MichaelRaskin> So they basically failed to set up a dumb fileserver?
<viric> The whole state failed
<viric> Even in the 90s teachers gave us work through their personal or school webpages in the state teaching servers.
<MichaelRaskin> Oh well, the _whole_ state failing does not imply failure of low level bureaucracy and inrastructure. But sometimes they come together, which is indeed bad
<viric> I don't think there is anyone capable in the local school.
<viric> for setting up a dumb fileserver.
<MichaelRaskin> I would actually bet there are quite a few. Among the last year students, I mean.
<viric> Another problem is accessibility of all families. Some lack internet access, or might know how to operate only whatsapp and little more
<viric> MichaelRaskin: the oldest in the school are 11 or 12 years old
<MichaelRaskin> Ah, that's a split one.
<viric> that's a model that quite spread. It used to be until 14.
<MichaelRaskin> Actually, it is still quite likely there are a few who would suceed in a couple of days…
<viric> English lessons through Zoom. Class work with Whatsapp + email + "padlet.com webpage"
<viric> MichaelRaskin: but the result has to work for families who barely know to operate anything 'new', if they have internet access at all
<viric> so it's not like a ftp server :)
<viric> I've checked the EC2 pricing and it's quite demanding for the videoconferencing bbb or jitsi.
<MichaelRaskin> Come on, EC2 is unimaginably expensive
<viric> I never looked at these things
<MichaelRaskin> (but mass-videoconferencing is a mess even UI-wise)
<viric> I wondered if there is some one-click solution they can pay and have an instance
<MichaelRaskin> (Even provided a huge server and perfect connection)
<viric> So the state of everything is quite bad
<MichaelRaskin> Well, there is some managed hosting for BigBlueButton
<viric> I remember in early 2000 we had some CMS for classrooms
<viric> It looks like today there is NOTHING for teachers to use, and they have to figure all out
<MichaelRaskin> I would not be surprised if it was already Moodle
<viric> moodle rings a bell.
<viric> a php thing
<viric> it was terrible
<MichaelRaskin> Moodle is definitely PHP!
<MichaelRaskin> Hmm, interesting
<viric> That's interesting
<viric> $0.8169 /hour
<viric> (their c2-60 instance)
<drakonis> hmm, what's the nix-instantiate replacement in nix cli 2.0?
<samueldr> drakonis: you're on -chat :)
<drakonis> oops
<viric> MichaelRaskin: I expected someone would have build a FOSS solution with decentralized p2p mesh with clever multicast, etc. for such videoconferencing
<viric> MichaelRaskin: kind of 'acestream'
<viric> that'd introduce delay but I wonder how much
<MichaelRaskin> Well, either you need a defacto server, or you get a lot of hops where each one can go wrong
<viric> then all should readjust quickly
<MichaelRaskin> Readjust is good for binary right/wrong
<MichaelRaskin> Hear I mean «go wrong» as in «hello, you get a sudden 100ms jitter»
<viric> Would it be so bad as noone built anything?
<viric> I find it hard to beliee
<MichaelRaskin> I mean, there is Tox I guess.
<MichaelRaskin> If your network is anywhere near good…
<viric> does it have group videoconference?
<viric> it didn't
<MichaelRaskin> Nobody has good group video.
<viric> agreed.
<viric> I guess I'd have to try something and see why is it so hard
<MichaelRaskin> Jitter jitter jitter.
<eyJhb> Zoom says it will get end-to-end encryption soon btw
<MichaelRaskin> BigBlueButton is actually pretty good.
<MichaelRaskin> In the sense of having a good chance to keep intelligible sound flow
<viric> well, people's microphones and echo cancellation is a whole other thing
<MichaelRaskin> BBB both keeps sound separate from video, and does quite a bit of audio cleanup
<viric> acestream works very well I've seen
<viric> I don't know with what latency people use it, it's only one direction.
<MichaelRaskin> Streaming is orders of magnitude simpler. Because you can hide three second buffer somewhere and pretend nothing happens
<gchristensen> eyJhb: I have 0 annoyances with / erasing on each boot.
<gchristensen> the onyl times I found it a bit annoying was when I setup my first server and figured out how to setup acme and ssh keys to persist
<viric> MichaelRaskin: I think a 1s buffer could work for a classroom
<gchristensen> eyJhb: as a rule I reboot after each new service is setup
<gchristensen> (or zfs diff against blank)
<eyJhb> gchristensen: makes sense. How do you make files persistent then?
<eyJhb> Nix store?
<gchristensen> I have some examples in here https://grahamc.com/blog/erase-your-darlings -- not the nix store no
<MichaelRaskin> viric: yes, but 1 second buffer is considered small in casting
<eyJhb> But.. Wouldn't nix store be nice? :o
<viric> MichaelRaskin: there isn't even any acestream FOSS
<MichaelRaskin> eyJhb: not for everything
<gchristensen> eyJhb: not really, because mostly they're state
<eyJhb> Secrets I assume MichaelRaskin
<MichaelRaskin> eyJhb: some servers carry SQL databases
<eyJhb> MichaelRaskin: pss... Dynamic data?
<eyJhb> static it
<gchristensen> many services are not very interesting if their data is static
<eyJhb> All the logic. Didn't really think of that
<eyJhb> Makes sense
<eyJhb> Will read it when I have the time :p Not sure what the best thing would do. tmpfs would be nice
<gchristensen> it isn't very long
<gchristensen> tmpfs is nice if you don't mind sparing the ram
<eyJhb> Sitting in the middle of rewriting my API :p
<eyJhb> But might be break time
<MichaelRaskin> viric: it looks like smashing random remotely plausible components together often produces a working stream; maybe everyone feels they need to be better than Nginx-proxied something in some direction, and feel it's hard to beat what already works and give up
<viric> MichaelRaskin: I guess so
<viric> but even amateur or a student's work
<viric> only around ipv8 (tribler's) I found some pieces, from TU Delft
<viric> libswift, for example.
<viric> because there is also the chance that I failed to find.
<eyJhb> gchristensen: no dataset/partition for /tmp?
<gchristensen> I put that on the erased root, too
<eyJhb> Also, at any point you wouldn't want to use this, you can simply remove the line that restores to the snapshot, right?
<eyJhb> Just read this `Note: in my systems, datasets under rpool/local are never backed up, and datasets under rpool/safe are.`, I want to setup ZFS now to use for backups...
<eyJhb> Also, you mention ` mount -t zfs rpool/safe/persist /mnt/persist` but use `/persistent` for everything. Is the correct or am I mising something?
<eyJhb> Also gchristensen, any link for `my raspberry pi garage door opener` ? :p
<gchristensen> heh, no
<gchristensen> /mnt/persist is during installation
<gchristensen> and the raspberry pi garage door opener is https://pinout.xyz/pinout/automation_hat# + an iOS Shortcuts thing which SSH's to the pi, and the user is configured to run a program on login
<gchristensen> (the program: drive a relay high, then low)
tilpner has quit [Remote host closed the connection]
<samueldr> .oO(you shouldn't drive when high)
<eyJhb> Sooo basically, you have the most secure garage door, as it requires a SSH key?
<eyJhb> Unsure what the rules are for this
<eyJhb> ( samueldr )
<samueldr> garage door remote* as the garage door is probably not that secure
<samueldr> I mean, probably plenty fine, but like your usual door I figure
<eyJhb> samueldr: it is zero tollerance
<eyJhb> I wish I had a garage door to toy with...
<eyJhb> That wonderful feeling when 8 error messages can be removed. So so nice. Lets remove MORE
<gchristensen> you don't really want a garage door lol
<gchristensen> it sounds like fun but it isn't really
<gchristensen> mostly I was annoyed I couldn't buy a replacement remote after the one it came with died
<colemickens> esphome ftw
<colemickens> my dad found some C app and modified it and has it driving the garage doors but is already hitting some problems. we're going to try to rewrite it as an esphome yaml this week.
<colemickens> makes stuff like "I need a remote thing I can just randomly set/monitor a pin high/low" almost declarative
slack1256 has quit [Remote host closed the connection]
<cole-h> Somehow, I always manage to screw up my windows vm just by like watching YouTube lol