gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
<lovesegfault> vim $(rg -o --pcre2 '(?<=start\ \")\/nix\/store\/.*?-git' "$(nix-build -A foucault)")/activate
<lovesegfault> el master hacko
parsley936 has quit [Remote host closed the connection]
<gchristensen> lovesegfault: no
<lovesegfault> gchristensen: it's hyperscale
<lovesegfault> synergy
<gchristensen> lol I mean the zpool.cache thing
<lovesegfault> gchristensen: Ah, okay, I thought you were hack-shaming me
<lovesegfault> I stopped using zfs for / and removed the rollback; I just mount it as a tmpfs now
<gchristensen> my best code is a hack
<gchristensen> maybe that doesn't say much about my code
<lovesegfault> My best code is a hack too
<iqubic> So, I know I'm going to doing something like this: "mkdir pkgs/applications/audio/castersoundboard", but I have no idea where to put the hyphens in that name.
<DigitalKiwi> caster-soundboard matches the upstream capitalization
<iqubic> DigitalKiwi: I'll do that then.
<iqubic> I'm going to need to clean this up a bit:
<DigitalKiwi> or could do no hyphens too idk
<DigitalKiwi> i don't think it matters much half of nixpkgs aren't even in the right folders lol
<iqubic> First off, I'm going to need figure out what to replace the first line with, as I don't want "with import <nixpkgs> {};"
<iqubic> I'm also going to need to tell it to pull the source from github, and I'll want to add a meta section.
<iqubic> Is this a valid value for the lisence field? "license = stdenv.licenses.lgpl3;"
<iqubic> Also, should I add myself as a maintainer, or not?
<DigitalKiwi> yes
<iqubic> Which means I'll need to add myself to the list here: https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix
<DigitalKiwi> yes
<iqubic> How do I find my github id?
* DigitalKiwi would do it in two commits that one first
<iqubic> I will.
<iqubic> And then I'll submit this as one PR though.
Peetz0r has joined #nixos-chat
<DigitalKiwi> if you view your profile image it's in the url lol
<samueldr> iqubic: have you read the top of the file, it's explained how get the values where it's not obvious
<iqubic> samueldr: I did just do that.
<DigitalKiwi> oh that's easier than view source :P
<lovesegfault> HAHAHAHA
<lovesegfault> etu: it works!!!!
<lovesegfault> cc. talyz cole-h
<lovesegfault> fully bind-mounter homedir!!!
<cole-h> Woo! :D
<lovesegfault> PR coming in soon
<iqubic> I have no idea what platform this is for, but I'll worry about that later, I suppose.
drakonis has quit [Ping timeout: 260 seconds]
<{^_^}> nix-community/impermanence#3 (by lovesegfault, 10 seconds ago, open): impermanence: bind mount with correct permissions
<iqubic> Is the version field required? I'm asking because I can't seem to find any version numbers here.
<iqubic> Oh wait... I can't just do a fetchFromGithub can I? The source is one level deep in the github repo.
<cole-h> lovesegfault: nit: to make the bash scripting more readable, needs more whitespace
<cole-h> My rule of thumb is basically "newline before a comment"
<iqubic> How do I find the correct rev for this?
<iqubic> I want to know what rev to pull from for fetchFromGithub
<cole-h> rev = git hash
<iqubic> I know that. I just don't know how to find that.
<gchristensen> (this would be better for #nixos)
<gchristensen> my touchpad has a bootloader version?
<iqubic> gchristensen: Are you saying that my questions would be better for #nixos?
<gchristensen> yea
<samueldr> gchristensen: sounds plausible, now is it running nixos, and if not, why aren't you working on that?
<gchristensen> very good question
<samueldr> it's likely you have an embedded controller that is "hella smart" that handles not only the touchpad
<samueldr> (thinking keyboard and *some* stuff like leds and such)
<samueldr> aaaand, a closed source component of most machines
<gchristensen> :(
<samueldr> sums up my feelings when I realised as much
<samueldr> annoying when you know that fact, there is a firmware, that you probably cannot fix, that needs fixing
<lovesegfault> cole-h: editing
<cole-h> ty
<lovesegfault> cole-h: done :)
<cole-h> lovesegfault: Another nit: the `unset`s should be slightly separated from the rest of the stuff (e.g. `previousPath=...\n\n unset ...` rather than just `previousPath=...\n unset ...`)
<lovesegfault> fair, I mostly unset out of paranoia
<lovesegfault> done
<cole-h> lovesegfault: Final nit (more personal style, so feel free to disregard) I prefer control flow separated as well (e.g. `previousPath="/"\n\n for pathPart...` and `targetPath=...\n\n if ...`)
<gchristensen> you canunset by creatinga new (...) scope
<gchristensen> avoid unset*
<cole-h> separated from variable declarations*
<lovesegfault> gchristensen: Hm, maybe
<gchristensen> also I wonder what it'd take to get shellcheck running on those scripts
<cole-h> copy it out and run it manually? :P
<lovesegfault> cole-h: I lest previousPath attached to the for b/c it's the accumulated state of the for
<gchristensen> cole-h: or break it out ot a script which is executed with arguments
<lovesegfault> gchristensen: I generated them, copied them from the activation file, and pasted into a .sh file and ran shellcheck
<lovesegfault> came out clean
<gchristensen> yah but I mean like forever
<cole-h> lovesegfault: I understand. But I don't usually do that in e.g. my Rust code (`let i = 0;\n\n for x in i..100 { ... }`). Just looks cleaner IME
<lovesegfault> Ah, yeah, the only way is to extract them
<cole-h> lovesegfault: Why not extract them and use @file@ and stuff with the substitute family?
<lovesegfault> cole-h: I'm not against that, I just don't want to do it :P
<cole-h> Heh
<lovesegfault> After this is merged that can be a task
<lovesegfault> talyz: Are you around?
<cole-h> Hmm, I wonder how shellcheck handles @foo@
<cole-h> Doesn't appear to dislike it
<gchristensen> for args?
<cole-h> Yeah
<cole-h> e.g. `sourcePath="@persistentStoragePath@@file@"`
<cole-h> Doesn't appear to dislike it
<cole-h> (Oh I sent that already oops)
<gchristensen> why not just pass them in as arguments?
<cole-h> That works too
<lovesegfault> Alright, fully bind-mounted system take one
<lovesegfault> brb
drakonis has joined #nixos-chat
<lovesegfault> test-0: 4a07ae9a7c514b6d8cbaee70ee1001ad
<lovesegfault> test-1: 4a07ae9a7c514b6d8cbaee70ee1001ad
<lovesegfault> talyz: I can't repro your issue
<lovesegfault> Full bind mount working!
<cole-h> Noice!
<lovesegfault> I have to say this feels pretty magical
<cole-h> lovesegfault: What benefits does BSD3 have over e.g. MIT?
<lovesegfault> cole-h: the third clause of BSD-3 is what I like about it over MIT
Peetz0r has quit [Quit: Doej!]
Peetz0r has joined #nixos-chat
AluisioASG has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
AluisioASG has joined #nixos-chat
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-chat
Valodim has quit [Ping timeout: 260 seconds]
drakonis has quit [Read error: Connection reset by peer]
Peetz0r has quit [Quit: Doej!]
slack1256 has quit [Ping timeout: 256 seconds]
Peetz0r has joined #nixos-chat
<etu> lovesegfault: oh, wow, good job! That's a pile of bash :) Then we only want to wrap the users API right as a last step. Should be fairly easy now with the creation that flexible and permissions taken care of :)
<etu> lovesegfault: I'll test it in... a bunch of hours or so, like in 5 hours when I have time free :)
<etu> ✨ lovesegfault
<{^_^}> lovesegfault was put on Santa's "nice" list
AluisioASG has quit [Read error: Connection reset by peer]
AluisioASG has joined #nixos-chat
<lovesegfault> etu: Ah, you're up :D
<lovesegfault> I'm using it right now and it seems to work!
<lovesegfault> I've learned you can't make zsh_history a bind mount b/c zsh tried to clobber it by moving zsh_history.new into zsh_history
<lovesegfault> So I just changed HISTFILE to be $XDG_DATA_DIR/zsh/history and I bind mount the full zsh dir
<lovesegfault> did the same for bash
<lovesegfault> gchristensen: You were right, doing this whole thing gives the computer an incredible "new computer smell"
<JJJollyjim> Lmao
<etu> Yeah, it's nice to reboot and know that there's no garbage state that you didn't want it expected :)
<etu> s/it e/or e/
<lovesegfault> Yeah, it's super nice
cole-h has quit [Quit: Goodbye]
<sphalerite> Why am I considering buying an LTO drive :|
<samueldr> oops, just cleaned for ~55GiB of left-over gc roots I don't really need or want
<sphalerite> what's oops about that?
<samueldr> oops I was wasting 55GiB
<samueldr> out of ~225 for the drive with the store
waleee-cl has quit [Quit: Connection closed for inactivity]
<lovesegfault> sphalerite: What's an LTO?
<ar> lovesegfault: tape
<lovesegfault> OH
<lovesegfault> those like hundreds of TB in a single tape things?
<ar> not hundreds
<sphalerite> but yeah 12TB on a tape
<sphalerite> for the latest version that is
<ar> but everything beyond lto6 is prohibitively expensive
<sphalerite> it's also annoying how they assume compression for the size shown on the label :|
<sphalerite> but yeah 25eur for a 2.5TB tape cassette isn't bad
<lovesegfault> How slow is it?
<JJJollyjim> Wut
<JJJollyjim> How does that work
<JJJollyjim> How compressible is my data?
<lovesegfault> ar: How expensive?
<ar> lovesegfault: a few thousands of usd for the drive
<sphalerite> speed is comparable to hard drives
<sphalerite> at least for linear write. Random access isn't much fun on tapes :p
<lovesegfault> ncie
<lovesegfault> I wonder if it works on Linux
<ar> they typically do
<lovesegfault> wow, lto-8
<ashkitten> ugh, my cosmo hasn't been locked yet but planet's last announcement would seem to state that all contributions should be?
<samueldr> ashkitten: get in touch with them right now
<ashkitten> already sent them an email yesterday, they havent responded
<sphalerite> locked?
<ashkitten> i dont have enough of a brain
<sphalerite> what?
<sphalerite> lovesegfault: you planning on getting one now? :p
<lovesegfault> sphalerite: You tempted me
<lovesegfault> Whether or not I buy something is an eternal struggle between what people here tempt me with and how ridiculous my wife will think I am if I actually buy it
<sphalerite> ahaha
<sphalerite> I don't think I'd recommend actually getting a tape drive
<sphalerite> afaik you also need to store the tape in controlled conditions for the data to last
<lovesegfault> I could get a fridge
<ashkitten> samueldr: is it reasonable to email them additionally to hello@planetcom.co.uk despite having already sent a message on indiogogo
<samueldr> not unreasonable, that's for sure
<ashkitten> ok
<sphalerite> what is this announcement?
<JJJollyjim> Anyone seen anything about running nixos on a Planet device btw? Would love to have something other than a hacked-together old debian on my Gemini
<JJJollyjim> Though tbh the battery life is so much better on android, it might not be worth it :/
<ashkitten> planning to port to the cosmo when i get it
<ashkitten> really annoyed rn with planet not having locked my contribution
<JJJollyjim> Awesome
<JJJollyjim> Yeah that's annoying :/
<ashkitten> idk if theyll reply to my email over the weekend
<ashkitten> but at least they have that in 2 places now
<ashkitten> gonna be really annoyed if the damn thing doesnt arrive before i move
<lovesegfault> What did y'all get from indie gogo?
FRidh has joined #nixos-chat
<lovesegfault> talyz: o/
<talyz> lovesegfault: \o
<talyz> lovesegfault: to reproduce the issue all you have to do is move the real file out of the way and reboot
<talyz> lovesegfault: that creates an empty file in place of the real one, as expected, but systemd doesn't like that
<lovesegfault> talyz: Oh, I see
<talyz> lovesegfault: and I would expect that behaviour to be quite common, which means file bind mounts aren't going to work very well with uninitialised state :/
<lovesegfault> Interesting
<lovesegfault> I wonder if the right behavior would be to issue an error during activation saying the source doesn't exist?
<lovesegfault> this then allows the file to be created by $whatever and the user can move it to the state dir
<lovesegfault> Another alternative is to fallback to symlinking, but not sure how that could be impl'd
<talyz> I think the solution, sadly, is sticking with symlinking, since the works fine in the majority of cases for files. Bind mounting is still viable and makes a great difference to directories.
<lovesegfault> You might be right :/
<adisbladis> JJJollyjim: I've been running NixOS on a gemini
<adisbladis> It's still a hella lot of work to be done before it's usable though
<JJJollyjim> oh awesome!
<JJJollyjim> usable like the debian image, or actually usable :P
<adisbladis> No UI running (needs fully working libhybris)
<adisbladis> Basically, it boots up and you can use the serial console
<JJJollyjim> ah yeah
<JJJollyjim> is that with a mainline kernel or the provided 3.18?
<adisbladis> 3.18
<JJJollyjim> right
<JJJollyjim> i think you can get about that far on mainline too
<JJJollyjim> but no further :P
<adisbladis> Ahh, that wasn't the case when I was hacking on this
<JJJollyjim> oh hm maybe not, just a vague memory
rycee has quit [Ping timeout: 256 seconds]
rycee has joined #nixos-chat
hax404 has quit [*.net *.split]
hax404 has joined #nixos-chat
Valodim has joined #nixos-chat
<eyJhb> lovesegfault: it is 4 AM
<eyJhb> Go go
__monty__ has joined #nixos-chat
parsley936 has joined #nixos-chat
hax404 has quit [Quit: WeeChat 2.7.1]
hax404 has joined #nixos-chat
<__monty__> Risk of Rickroll too high.
<eyJhb> `How Crash Bandicoot Hacked The Original Playstation | War Stories | Ars Technica`
<eyJhb> Update {^_^} to inclue links
<eyJhb> youtube*
<__monty__> Oh, yeah, pretty cool how they managed to pack that onto a single disc.
<eyJhb> Not much the disk, more the memory limitations :D But prop also the disc after they figured this out
viric has joined #nixos-chat
evanjs has quit [Read error: Connection reset by peer]
evanjs has joined #nixos-chat
<eyJhb> I love theese war stories WAAAY too much
<eyJhb> Same with all the hacking videos of the old consoles
<viric> Yesterday I knew about bitmessage.
<viric> so many years and only yesterday I knew it
<__monty__> Heh, I read about it yesterday too.
<__monty__> Not the most efficient distribution strategy.
bqv has quit [Quit: WeeChat 2.8]
<viric> bah, it's not for video
<eyJhb> I have used it before, but forgot about it
<viric> anonymising and hiding metadata is never efficient
<eyJhb> Also, marked broken...
<__monty__> It's more an email replacement than anything else.
<viric> email or not, it depends on the threshold of PoW
<__monty__> Had a compromising bug in a recent version.
<eyJhb> `A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2.`
<eyJhb> GG
<__monty__> viric: Yeah, to combat spam.
<viric> in use - great. Practical results.
<eyJhb> How the F do you get RCE in Python?
<eyJhb> You have to write some really bad code for that
<viric> haha
<gchristensen> is there a trivial CLI program to spawn a gui prompt with two buttons: "yes please" and "nah", and then the caller knows what was picked?
<viric> It has some 'crypto' in C I guess
<gchristensen> eyJhb: it is super easy!
<gchristensen> `pickle.load`
<eyJhb> Like, I have done it on purpose, but if you read just a LITTLE when you use subprocess etc. you won't
<eyJhb> True
<eyJhb> But no clue where the RCE was
<viric> why is that pickle so bad?
<eyJhb> What the ...
<gchristensen> viric it calls arbitrary functions and passes arbitrary data
<viric> eval. :D
<viric> eval is better than that
<eyJhb> That is just stupid
<viric> well, more than practicity, I liked the broadcast mechanism
<viric> Tox lacks the public channels thing
<__monty__> It does?
<viric> or BBS, if want want
<__monty__> The problem with Bitmessage's broadcast is there's no way to restrict who's listening.
<viric> crypto should make it irrelevant
<__monty__> Subscriber anonymity cuts both ways.
<viric> __monty__: what is that?
<__monty__> Does Tox have channels much like IRC does? Why doesn't that count as broadcast?
<viric> tox doesn't, does it?
<__monty__> Pretty sure it does.
<viric> ah I thought it only had group chats with invitations
<__monty__> Might be an auto-invite thing. But I'm pretty sure their dev channel is hosted on the tox network.
<viric> Ah, maybe they have bots that accept all friends and invite people there on request?
<viric> hm I read "New DHT-based groupchats"
<__monty__> viric: Afaiui bitmessage's broadcast works by distributing an address. Anyone with that address can decrypt the messages. That's great if you're a company and you want to allow people to subscribe to a newsletter anonymously. It's extremely error-prone if you want to share things among a group of friends. As soon as the address travels over an insecure channel it could be compromised and there's no
<__monty__> way of detecting that.
<viric> bitmessage doesn't have any PFS or anything similar either.
<eyJhb> This also meaaans, holy hell, that if you have logged all messages I guess you can now decrypt them because of the RCE `Bitmessage developer Peter Šurda's Bitmessage addresses are to be considered compromised.`
<eyJhb> Someone should make a pimessage
<eyJhb> :D
<viric> broadcast and no PFS, that's bad
<__monty__> viric: Probably lacks repudiation as well?
<viric> well, once the original message can be decrypted & authenticated at any future time...
<__monty__> All of this and it still manages to be kind of better than PGP >.<
<viric> do you think tox group chats can do deniabilitY?
<viric> often in tox all goes about unknown people not able to link private key with dht key
<viric> but friends know the link
<manveru> is there an easy wrapper for applying resource limits and sandboxing to a single executable?
<gchristensen> is systemd-run a thing that could work?
<manveru> hm, possibly
<manveru> would be nice to have it independent of systemd though :)
<gchristensen> maybe firejail can do it
<viric> manveru: nsjail?
<manveru> that sounds cool, yeah :)
<manveru> i'm just writing a wrapper for hashicorp nomad
<manveru> their normal sandboxing relies on predefined chroot paths in the worker... and they hardlink them all, can't really do that with the nix store
<manveru> well, you can, but only if you have infinite time :P
<manveru> now i just have to figure out what's different between nsjail and firefail
<viric> manveru: doesn't a bind mount work in chroot?
<manveru> they don't offer an option for that
<manveru> i think because you cannot do bind mounts on macos or something
<__monty__> viric: Oh, based on a clique though so I doubt it scales.
<viric> __monty__: that's all end-to-end, isn't it? What is a clique?
<viric> ah yes, that, a clique.
<manveru> was just gonna use chpst, but i kinda like the idea of limiting CPU and bandwidth too :)
<viric> __monty__: for what I remember from OTR between A and B, deniability meant that only B tell that a message comes from A because B knows they didn't write it. But an observer cannot tell whether it comes from A or B.
<viric> is that repudiability?
<viric> (I'm reading about it)
<viric> so, in short, I thought that axolotl and all those group chat things may be implemented *over bitmessage* flood communication.
<viric> but maybe freenet would be a more clever option than bitmessage, for transport
<viric> for that kind of transport
<__monty__> Repudiability is the ability to come out and say you didn't write a mesasge.
<viric> and who would believe that? an outsider to the chat or an insider?
<viric> I'm trying to look for high-latency anonymizing networks/overlays and all that comes out is "low latency" :)
<viric> (attempts)
<sphalerite> manveru: don't bother with firejail, last I checked it was a hot mess
<sphalerite> manveru: idk about nsjail though
<manveru> yeah, already found that out :)
<__monty__> They could be the same thing. I'm familiar with the repudiation terminology, not deniability so I can't really say they're exactly the same thing.
<sphalerite> __monty__: I think what you're referring to is usually called deniability
<manveru> i really didn't feel like making an nsjail config generator right now, so going with systemd-run and systemd-nspawn instead... i assume they mostly do the same under the hood anyway and i can replace it later
<sphalerite> eh nah I should just shut up I don't _really_ know what I'm talking about when it comes to cryptography
<__monty__> My crypto classes used the repudiation terminology so that's what I'm comfortable using.
<eyJhb> manveru, sphalerite Michael something something uses nsjail
neeasade has joined #nixos-chat
<sphalerite> eyJhb: Michael something something?
<pie_> viric: idk the details, there was pond but idk what happened to that
<eyJhb> sphalerite: cannot remember the nick :p
<eyJhb> `MichaelRaskin`
<gchristensen> can nix-store create a gc root for a .drv?
<sphalerite> gchristensen: I don't think so, but you can create it manually or with nix-instantiate?
<__monty__> pie_: Didn't pond suffer from debilitating DHT vulnerabilities?
<__monty__> viric: Have you looked at GNUnet?
<gchristensen> sphalerite: I'm creating one with nix-instantiate, and then I want to create another to the same drv with a new name without evaluating again
<gchristensen> I guess that means I should create it by hand
<eyJhb> Anyone that is awesome with MLE? https://i.imgur.com/zwPdiyR.png :D
<pie_> __monty__: i have no idea
waleee-cl has joined #nixos-chat
evanjs has quit [Read error: Connection reset by peer]
evanjs has joined #nixos-chat
<lovesegfault> eyJhb: I was already asleep :P
<viric> pie_: yes I used pond too
<viric> __monty__: gnunet is stagnating since decades I'd say
<viric> __monty__: it's beyond state of the art
<pie_> viric: ping me if you find anything good :P
<pie_> im startng to think its an usolvable problem :p
<viric> I'm looking for a "low hanging fruit"
<viric> like stacking layers and get something going :)
endformationage has joined #nixos-chat
<gchristensen> cool, I have a hacky v0 of https://twitter.com/grhmc/status/1269461472452775939
<eyJhb> lovesegfault: Soo early!
<eyJhb> lovesegfault: did you ever finish 2.b?
rajivr has quit [Quit: Connection closed for inactivity]
<lovesegfault> eyJhb: Yeah :)
<lovesegfault> the answer is in the doc though
<manveru> phew...
drakonis has joined #nixos-chat
<manveru> finally got that sandbox going, that was confusing as hell
FRidh has quit [Quit: Konversation terminated!]
<eyJhb> lovesegfault: yes :p It is my notes, so it should be
<eyJhb> I have another if you want to hate life
<eyJhb> If you didn't see it lovesegfault https://i.imgur.com/zwPdiyR.png
<lovesegfault> eyJhb: that one is nasty
<eyJhb> lovesegfault: my teacher is annoying regarding this
<eyJhb> Her solutions are just matlab
<eyJhb> Without comments or any explanation
cole-h has joined #nixos-chat
<pie_> 11/10
waleee-cl has quit [Quit: Connection closed for inactivity]
waleee-cl has joined #nixos-chat
Jackneill has quit [Ping timeout: 260 seconds]
<eyJhb> Hate it... Use python god damn it
<eyJhb> I haven't found any reason to use Matlab in a very long time
<viric> __monty__: I read that textsecure also uses the clique for the update of ratchet keys
<eyJhb> I love how if a want to play the next song, and use my media keys, some random tab in chromium will start the next video, but I CAN go to the previous song without any issues
<eyJhb> Also, play/pause are random. Spotify it times, youtube other times
<drakonis> https://github.com/azure-rtos/guix rip guix seo
<drakonis> microsoft did a thing
<eyJhb> 10/10
<pie_> ah hell
<pie_> thats bs
<JJJollyjim> Ugh they did the same with GVFS
<pie_> *tinfoil on* i guess they didnt feel threatened enough by nixos
<pie_> well, namespaces are kind of limited anyway..
<pie_> something something word of mouth
<drakonis> this is something microsoft brought from another company
<drakonis> it belonged to express logic
<drakonis> so its not a thing microsoft did themselves
<drakonis> last year
<drakonis> i found out that it existed before guix did
<gchristensen> heh
<gchristensen> I wonder if that puts guix in to a dicey territory
<eyJhb> Renames it to guix-the-original
<eyJhb> GUIX Origin
<drakonis> gnu guix is a month older
<drakonis> and no trademark
<DigitalKiwi> gchristensen: lol do you use dwm?
<gchristensen> I don't
<DigitalKiwi> oh
<gchristensen> should I?
<DigitalKiwi> your C window manager tweets made me think you might use dwm
<DigitalKiwi> no, no definitely not, you should use xmonad ;P
<viric> I use dwm.
<viric> what's bad about dwm?
<gchristensen> nobody said anything bad
<viric> little brain here for wm. Anything beyond dwm complexity I can't handle.
<ldlework> Is there a Nix testing framework or something?
<DigitalKiwi> https://twitter.com/grhmc/status/1269632296400846848?s=20 these are the tweets for the lost
<eyJhb> gchristensen: what are you writing?
<{^_^}> swaywm/sway#5430 (by grahamc, 5 hours ago, open): swaynag: allow specifying more buttons which execute and dismiss
<DigitalKiwi> according to the tweets; CVEs
<eyJhb> Spotted two RCEs. which is impressive!
<eyJhb> \s
<gchristensen> lmao
<DigitalKiwi> there was only one line of code!
<eyJhb> I want to find SOMETHING wrong now, but there is simply too little code
<eyJhb> More gchristensen :p
<eyJhb> Throw in some eval
parsley9366 has joined #nixos-chat
<iqubic> I have question that might be polarizing: My mother has a an old IPhone 8 she's no longer using that she wants to give to me, for free. If I take this, I'd be switching from an old Alcatel One Touch Evolve Android phone to an IPhone 8. Should I take the IPhone?
<gchristensen> I don't write C if I can avoid it
<gchristensen> iqubic: if you like it, sure :)
<eyJhb> gchristensen: join the CVE side!
<iqubic> But don't you worry about IPhones not being open source?
<eyJhb> Only if you worry about it iqubic
<DigitalKiwi> the only android i like more than iphones are my blackberry keyone and that's not because of android that's because of the keyboard
<gchristensen> eyJhb: no thanks
<gchristensen> eyJhb: I already had to take a shower after that patch
parsley936 has quit [Ping timeout: 256 seconds]
<DigitalKiwi> and the headphone jack...
<samueldr> iqubic: you do you
<samueldr> iqubic: your alcatel phone is "not open source" if you haven't actually gone and verified you can have the sources
<samueldr> and alcatel, in my experience, sometimes don't provide the sources as legally required
<eyJhb> gchristensen: I have a PR in some IPMI tool
<samueldr> then, that's only about the open source ideals
<samueldr> think about security and security updates
<samueldr> did your old one touch even get updates? when was it the last time?
<samueldr> compare with the updates cycle and security of iphones, and I mean it, *you* compare those, and make up your mind
<DigitalKiwi> my keyone is stuck on 7 :(
<samueldr> any decisions, make them with knowledge and understanding of your own
<samueldr> DigitalKiwi: I need to verify, I'm not sure the keyone was or wasn't made by the same OEM as alcatel
<samueldr> the later android blackberry devices were made by TCL
<samueldr> yep
<samueldr> TCL
<samueldr> though AFAIUI with the software from blackberry, including their secure (AFAIK) boot
<risson> DigitalKiwi: about the NixOS artwork you did for gchristensen, are you willing to do something as spectacular as this for me?
<samueldr> quick search confirms it
<DigitalKiwi> risson: quite possibly! maybe even more better lol
<DigitalKiwi> now i have *experience*
<risson> DigitalWiki++
<samueldr> fruit, not quick
<risson> Man I don't know how to type
<samueldr> :)
<risson> DigitalKiwi++
<{^_^}> DigitalKiwi's karma got increased to 11
<DigitalKiwi> i don't quite have an encylopedia of knowledge
<risson> That explains it
<risson> Well, let me know if you're interested for another project :D
<samueldr> >> Cunningham came up with the name WikiWikiWeb because he remembered a Honolulu International Airport counter employee who told him to take the Wiki Wiki Shuttle, a shuttle bus line that runs between the airport's terminals
<iqubic> I'm going to be switching to IPhone 8.
<gchristensen> iqubic: a fine choice :)
<sphalerite> gchristensen: woof?
<gchristensen> sphalerite: rough
<iqubic> I'm just glad that the custom keyboard I use (MessageEase) will still work on Apple.
<gchristensen> iqubic: messageease looks cool
<ldlework> Does anyone want a unit-test framework for Nix?
<gchristensen> I made a tiny one, once. it'd be cool to have one for real
<ldlework> Did you publish it?
<gchristensen> hrm. maybe as a gist? I don't even re
<gchristensen> member what project it was in
<ldlework> One problem I've run into is that when my test files go to import the local code they want to test, I get things like: error: getting status of '/nix/store/src/options.nix': No such file or directory
<ldlework> I'm not sure how I'm finding my way into the store lol
<sphalerite> gchristensen: ooooooooooh. lol
<pie_> <ldlework> Does anyone want a unit-test framework for Nix?
<pie_> ldlework: yes i even started making a bad one
<ldlework> I created #nixos-nixt
<ldlework> come help
<pie_> well gee sounds like people keep reinventing this
<ldlework> unless you wanna publish yours
<ldlework> i'd rather just use something
<pie_> i dont think a serious implementation can exist until we have tryEval and better notions of equality
<pie_> but what do i know
<pie_> tryeval is currently useless
<pie_> well * pure nix
<ldlework> I just need something to help with the development of Styx
<ldlework> I'm not looking for idealism
<ldlework> nice
<pie_> let me see if i can remember putting it anywhere
<pie_> i dont remember if this even does anything useful
<ldlework> I am mostly ok with not even catching errors
<ldlework> and just having the tests crash with a traceback
<ldlework> fixing those, and then tests ensuring the right thing is output for the inputs, ie logic errors
<ldlework> i think that will do for now
<pie_> i wanted to be testing structural transformaitons and oculdnt because of no way to check function equality
<pie_> by which i mean i only wanted something like (f == f) is true
<pie_> well anyway thats a rant for another time
<pie_> note all the commented out stuff :p
<pie_> in hindsight i wonder if i could have used some uniquely generated strings or something and implement my own crappy identity checking
<pie_> ldlework: i dont remember how to run this
<pie_> whatever gchristensen has is probably better
<energizer> i have a /root/.ssh/id_rsa that's encrypted with a passphrase, but i can't remember what i was thinking when i created it or what it could be useful for, since nearly everything that would use a root ssh key is non-interactive. i think i should delete it and recreate one that's not passphrase-encrypted. am i missing something?
<cransom> you can remove passphrases.
<energizer> ah that's a good tip
<energizer> is there some reason to have a root key that's passphrased?
<samueldr> root is just another user :)
<samueldr> it would be weird to enforce or suggest not passphrasing on an arbitrary user
<cransom> the keys that i spread around the world,they have pass phrases attached. if it's an automated process, there's no passphrase but it's also only for the machines that need it.
<cransom> meaning, the public keys i send out that i, as a human, have a local private passphrase.
<energizer> samueldr: the nix daemon can't unlock it
<samueldr> sure, and you're right that passphrases on keys for automation is not useful
<samueldr> I don't know enough about ssh, ssh agents and nix, but I guess there must be a way to make it ask
<energizer> related: i'm thinking about setting up a CA for my personal computers, wondering how much of a hassle it is and if it's worthwhile.
<energizer> to replace authorized_keys
<energizer> any opinions?
<__monty__> Think gchristensen has such a setup.
<ldlework> A really cool thing would be to be able to create simple CLI applications with Nix
<energizer> ldlework: what is the advantage of doing it in nix vs a general-purpose programming languaeg plus nix for the packaging?
<ldlework> like, my nixt unit testing thing will be mostly nix
<ldlework> it would be cool do have some kind of way to declare the cli app to go with it
<ldlework> what commands it has, their args, a little bash snippet or something for the body, i dunno probably a stupid idea
<pie_> ldlework: idk ask profpatsch
<pie_> ldlework: does my thing look like its going to help any
<energizer> i guess if you're gonna write software in nix, you need a test runner, and that test runner might be best written in nix?
<ldlework> energizer: yeah and then with a cli tool ontop
<pie_> ldlework: or you could enable .exec lol
<ldlework> written in bash...? :(
<ldlework> pie_: what's that?
<energizer> ldlework: i have no idea :)
<pie_> ,exec
<{^_^}> builtins.exec i̢s a ͡h͞ìd̢d́e̢n͡ ̕u̢n̢safe̷ i̛m͠pu̴r̡e ̶Nix ̴2̛.0 ̡f̀ea͡t͜ure to ͢e̷x̧ecut͏e ̧ar̴b͟itŕary ̷c͡omm̨and̴s d̵u͟ri͡ng҉ ͡Ni҉x e̢val̶u͜a͞ti͞on̡. Doņ'̕t̕ use̸ it̴!͟ E̴n̵ab͠l̛e ̕wi̶t͏h̛ ̛` `--option allow-unsafe-native-code-during-evaluation true`,͜ M̡o͝re͡ ͜inf͜ò: https://github.com/NixOS/nix/commit/0bb8db25
<pie_> its kind of screwy to use though
<pie_> because the output it takes actually gets evaluated as nix code
<ldlework> use it for what?
<pie_> idk, the cli stuff
<pie_> i didnt really think through this
<ldlework> i was thinking along the lines of
<ldlework> a nixlang api where you can describe a cli interface
<ldlework> and then it would generate some bash
<energizer> what's with languages having unsafe functions built in and with short names
<ldlework> but like, it would be annoying to then have to switch to bash for the function implementations or whatever
<joepie91> random idea: a "Things you can do with NixOS" blog post, that just shows a bunch of neat things you can do under NixOS, that would appear completely impossible / pie-in-the-sky to someone not familiar with Nix... like wrapping some part of your system in a container by moving a few lines, or having containers with a shared Nix store, or rolling back on boot
<pie_> energizer: well technically its not exposed by default, thats what the --option is for
<pie_> joepie91: that would be cool
<pie_> though ive never done the whole trust fall thing
<ldlework> if only Nix were Lisp and I could have a chance at converting some basic forms to bash
<ldlework> :P
<pie_> mumble mumble infinisi-l something something
<infinisil> o/
<joepie91> energizer: I've had to spend a not-insignificant amount of my remaining lifespan trying to kill the proposal in Node.js to call the unsafe, uninitialized-memory-leaking Buffer allocation method `.fastAlloc` or such
<ldlework> Heh what if cli subcommands were actually pure nix
<joepie91> energizer: it is now called `.unsafeAlloc`
<pie_> nix has so many weird hacks i wish the BDFL would acknowledge it as a proper language
<pie_> and stop neglecting the interpreter
<energizer> joepie91++
<{^_^}> joepie91's karma got increased to 14
<ldlework> and the actual wrapper just ran nix repl or something
<joepie91> as it turns out, a SIGNIFICANT chunk of people do not even recognize that naming matters where safety is concerned
<joepie91> and will downplay it when told this
<pie_> joepie91: "but its fast!"
<pie_> &thred
<ldlework> I guess an actual Nix backed CLI wouldn't be able to interact with anything
<ldlework> Besides with activation scripts then you're back to bash
<ldlework> damn!
<joepie91> energizer: unfortunately the `child_process` module is from before my time, and so it has a `.exec` that is vulnerable to shell injection and an `.execFile` that is not...
<pie_> joepie91: id jsut say dont take those people seriously but thats not how any of this works ;_;
<joepie91> these damn things are everywhere
<joepie91> pie_: unfortunately they are all too often the people working on language cores
<infinisil> ldlework: Oh btw: https://github.com/infinisil/nix-rts
<ldlework> a language specifically for writing shell scripts would be nice
<ldlework> something with shell-language elements but not arcane with contemporary sensibilities
<pie_> yeah thats why i mumble mumble infinisil :P
<pie_> but i imagine ldlework meant guix
<joepie91> anyway yeah this is a real issue, very few communities / core teams recognize the importance of naming
<joepie91> and more generally, ergonomics and how they influence behaviour
<pie_> i wish i had more entries for https://discourse.nixos.org/t/cursed-nix-koans/4648 and not just trying to transplant puck's stuff sometimes
<ldlework> infinisil: could this read/write directly from the current working directory instead of going through the store, etc?
<joepie91> and once it's in core, it ain't never coming out again
<ldlework> the problem with nix cli stuff is you can't do any real work
<ldlework> i wish i was smart enough to understand parsing and compilation and all that and make a toy language
<pie_> ldlework: nix only puts stuff in the store afaict
<joepie91> pie_: re: trust fall, I have repeatedly rescued my system via GRUB rollback :P
<pie_> you only get symlinks on the outside
<energizer> "20.09pre226148.0f5ce2fac0c (Nightingale)" what is "226148"?
<joepie91> including a remote server once
<pie_> joepie91: that was an overly veiled joke at pie in the sky :p
<infinisil> ldlework: Nix can already read directories without going through the store
<joepie91> lol
<ldlework> Yeah but you can't do any work
<joepie91> right :P
<joepie91> ldlework: parsing is surprisingly easy
<joepie91> compilation is trickier, especially optimization-wise
<__monty__> ldlework: Since you like lisp just read the wizard book.
<joepie91> you can pretty much think of parsing as a while(true) loop that consumes byte by byte and updates internal state based on a combination of the currently-parsed byte + previous state
<infinisil> ldlework: The nix-rts thing can do stuff by calling builtins.exec :P
<ldlework> When can I train a transformer model on a few examples and get what I want.
<joepie91> depending on the parsing model it may backtrack, keep a stack of stuff, etc.
jtojnar has quit [*.net *.split]
CRTified[m] has quit [*.net *.split]
CRTified[m] has joined #nixos-chat
jtojnar has joined #nixos-chat
zimbatm has quit [*.net *.split]
Taneb has quit [*.net *.split]
obadz has quit [*.net *.split]
colemickens has quit [*.net *.split]
ldlework has quit [*.net *.split]
johanot has quit [*.net *.split]
savanni has quit [*.net *.split]
raboof has quit [*.net *.split]
davidtwco has quit [*.net *.split]
liszt has quit [*.net *.split]
emilazy has quit [*.net *.split]
Taneb has joined #nixos-chat
zimbatm has joined #nixos-chat
savanni has joined #nixos-chat
raboof has joined #nixos-chat
ldlework has joined #nixos-chat
davidtwco has joined #nixos-chat
johanot has joined #nixos-chat
obadz has joined #nixos-chat
emilazy has joined #nixos-chat
liszt has joined #nixos-chat
mutantmell has quit [*.net *.split]
lovesegfault has quit [*.net *.split]
jD91mZM2 has quit [*.net *.split]
infinisil has quit [*.net *.split]
bridge[evilred] has quit [*.net *.split]
clever has quit [*.net *.split]
makefu has quit [*.net *.split]
lukegb has quit [*.net *.split]
aszlig has quit [*.net *.split]
clever has joined #nixos-chat
bridge[evilred] has joined #nixos-chat
infinisil has joined #nixos-chat
jD91mZM2 has joined #nixos-chat
lovesegfault has joined #nixos-chat
mutantmell has joined #nixos-chat
aszlig has joined #nixos-chat
makefu has joined #nixos-chat
lukegb has joined #nixos-chat
<__monty__> I'm not so sure I agree parsing's easy. People use parser compilers for a reason : )
ky0ko has quit [*.net *.split]
leonardp has quit [*.net *.split]
hexa- has quit [*.net *.split]
thefloweringash has quit [*.net *.split]
thefloweringash has joined #nixos-chat
hexa- has joined #nixos-chat
leonardp has joined #nixos-chat
ky0ko has joined #nixos-chat
hexa- has quit [Max SendQ exceeded]
Shados has quit [*.net *.split]
balsoft has quit [*.net *.split]
tokudan[m] has quit [*.net *.split]
danielrf[m] has quit [*.net *.split]
leons has quit [*.net *.split]
emily has quit [*.net *.split]
aranea has quit [*.net *.split]
JJJollyjim has quit [Ping timeout: 244 seconds]
metheflea has quit [Ping timeout: 244 seconds]
davidtwco has quit [Ping timeout: 246 seconds]
CRTified[m] has quit [Ping timeout: 244 seconds]
* ldlework puts his hands in the air
leonardp has quit [Ping timeout: 252 seconds]
thefloweringash has quit [Ping timeout: 252 seconds]
<ldlework> Wheeeeee!
liszt has quit [Ping timeout: 246 seconds]
Irenes[m] has quit [Ping timeout: 260 seconds]
jtojnar has quit [Ping timeout: 244 seconds]
pistache has quit [*.net *.split]
monsieurp has quit [*.net *.split]
ajs124 has quit [*.net *.split]
qyliss has quit [*.net *.split]
leah2 has quit [*.net *.split]
sphalerite has quit [*.net *.split]
talyz has quit [*.net *.split]
leah2 has joined #nixos-chat
ajs124 has joined #nixos-chat
qyliss has joined #nixos-chat
monsieurp has joined #nixos-chat
pistache has joined #nixos-chat
talyz has joined #nixos-chat
sphalerite has joined #nixos-chat
leah2 has quit [Max SendQ exceeded]
Shados has joined #nixos-chat
eyJhb has quit [*.net *.split]
betawaffle has quit [*.net *.split]
mog has quit [*.net *.split]
nckx has quit [*.net *.split]
aleph- has quit [*.net *.split]
genevino has quit [*.net *.split]
liszt has joined #nixos-chat
aleph- has joined #nixos-chat
mog has joined #nixos-chat
nckx has joined #nixos-chat
betawaffle has joined #nixos-chat
eyJhb has joined #nixos-chat
aranea has joined #nixos-chat
yegortimoshenko has quit [Ping timeout: 244 seconds]
nocent has quit [Ping timeout: 244 seconds]
aterius has quit [Ping timeout: 244 seconds]
davidtwco has joined #nixos-chat
puzzlewolf has quit [Ping timeout: 244 seconds]
aanderse has quit [Ping timeout: 244 seconds]
vaibhavsagar has quit [Ping timeout: 244 seconds]
betawaffle has quit [Max SendQ exceeded]
raboof has quit [Ping timeout: 246 seconds]
liszt has quit [Changing host]
davidtwco has joined #nixos-chat
liszt has joined #nixos-chat
davidtwco has quit [Changing host]
genevino has joined #nixos-chat
hexa- has joined #nixos-chat
ohhaimark[m] has quit [Ping timeout: 260 seconds]
arcnmx has quit [Ping timeout: 260 seconds]
raboof has joined #nixos-chat
betawaffle has joined #nixos-chat
worldofpeace has quit [Ping timeout: 260 seconds]
rycee has quit [Ping timeout: 260 seconds]
leah2 has joined #nixos-chat
<samueldr> ah, I have join/parts hidden, so I didn't really understand until I read the global notice
<ldlework> hehe
yegortimoshenko has joined #nixos-chat
puzzlewolf has joined #nixos-chat
aanderse has joined #nixos-chat
ohhaimark[m] has joined #nixos-chat
arcnmx has joined #nixos-chat
worldofpeace has joined #nixos-chat
rycee has joined #nixos-chat
__monty__ has quit [Quit: leaving]
CRTified[m] has joined #nixos-chat
colemickens has joined #nixos-chat
aterius has joined #nixos-chat
leons has joined #nixos-chat
leonardp has joined #nixos-chat
JJJollyjim has joined #nixos-chat
vaibhavsagar has joined #nixos-chat
thefloweringash has joined #nixos-chat
danielrf[m] has joined #nixos-chat
tokudan[m] has joined #nixos-chat
emily has joined #nixos-chat
metheflea has joined #nixos-chat
Irenes[m] has joined #nixos-chat
jtojnar has joined #nixos-chat
balsoft has joined #nixos-chat
nocent has joined #nixos-chat
<energizer> `--builders ssh://foo` says "Copying /nix/store/... from ..." but when i look at my system bandwidth i see 18Kb/s Rx. if i manually pipe data over ssh from that host it's in the MB/s. what could be going wrong?
<samueldr> something better suited to the on-topic channels of nix/nixos
<energizer> ok
parsley9366 has quit [Remote host closed the connection]
slack1256 has joined #nixos-chat