gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
drakonis has quit [Quit: WeeChat 2.8]
aleph- has quit [Read error: Connection reset by peer]
aleph- has joined #nixos-chat
slack1256 has quit [Remote host closed the connection]
aleph- has quit [Client Quit]
hoverbear has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
<colemickens> arahael2: it seems like a technical limitation. I was told I could port my number out of Fi, and then back into Google Voice.
<arahael2> colemickens: yeah i have little patience for that sort of crap - its not usually a technical limitation, but an accepted tradeoff.
<colemickens> arahael2: its been like this the whole time as a user too. constant jerking around. There's no context when it happens either it just says "your account is ineligible". Might as well just insult me afterward :s
<colemickens> at this point I'd rather port my number to twilio and DIY, etc. not sure how much work that will be for voice though, I think bridging SMS to Matrix would be easy
<arahael2> Hmm, Twilio looks intriguing.
<arahael2> Weird, you pay to *recieve* SMS's on their platform - I guess that's for using the service to query it.
drakonis has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
<colemickens> Bandwidth is another provider I've just learned about. Cheaper, seems to maybe support telephony via webrtc. But it also is very "contact sales for an account" and I really can't stand doing business like that.
aleph- has joined #nixos-chat
cjpbirkbeck has joined #nixos-chat
<arahael2> Hmm, perhaps Twillio is indeed appropriate in your use case, for a business. For me, as an individual, it's too much.
<gchristensen> samueldr does something like this
<samueldr> hm?
<samueldr> ah, yeah, my main phone number is at a voip provider
<samueldr> though their SMS gateway is not good
<arahael2> In my country, being able to port your number is part of law, I think.
<samueldr> in many countries it is
<arahael2> Why not in colemickens's country?
<samueldr> though there's a catch in Canada, if it hasn't changed, where it is not required for residential phone numbers
<arahael2> Since it's Fi, I assume it's America? Oh, curiosu "catch" in Canada.
<samueldr> (this is seriously out of date information though, I haven't checked and I'm not sure even how to check)
<samueldr> residential as in plain old telephone system
<arahael2> Ah, here, teh "catch", then, is that it's only Mobiles that have that portability.
<arahael2> I don't know if landlines can be ported like that, I assume business numbers can.
<lovesegfault> Surprised no one has packaged the hey desktop app yet
<samueldr> we're still waiting on our 30% cut
<lovesegfault> lol
<lovesegfault> samueldr++
<{^_^}> samueldr's karma got increased to 242
<samueldr> I don't know if I should be concerned or not
<samueldr> but *something* flaked in my network
<samueldr> and it caused AFAICT all machines connected hard-wired to do weird stuff
<samueldr> [ 8104.038228] NETDEV WATCHDOG: enp3s0 (r8169): transmit queue 0 timed out
<samueldr> [6850875.179959] NETDEV WATCHDOG: enp0s10 (forcedeth): transmit queue 0 timed out
<samueldr> same error, different drivers
<samueldr> (woah, I think this one needs a reboot at some point?)
<samueldr> [1280758.305649] NETDEV WATCHDOG: enp0s20u1u4 (r8152): transmit queue 0 timed out
<samueldr> though on that last one, it's a usb interface, it started resetting spuriously
<samueldr> it being the usb interface
<samueldr> to the best of my ability it looks like the router was in a bad state :/
<samueldr> it's not exactly clear from a quick search online what that netdev watchdog error can mean
<samueldr> maybe if that trash website could show me the answer https://access.redhat.com/solutions/4126461
drakonis has joined #nixos-chat
<elvishjerricco> Four and a half hours later, my aarch64 emulation experiment hasn't even built stdenv yet :P
<elvishjerricco> Once this is done I should try the same experiment for x86 to see just how bad emulation is
<samueldr> x86 with qemu-user on x86?
<samueldr> I wonder if it'll implicitly try to KVM
<elvishjerricco> samueldr: I just set `boot.binfmt.emulatedSystems = ["aarch64-linux"];` and ran a `nix build` to build an aarch64 NixOS config
<samueldr> you said "the same experiment for x86"
<elvishjerricco> Oh
<samueldr> oh, running on an aarch64 host?
<samueldr> I wonder how qemu-user acts for x86 on x86
<elvishjerricco> Nah, I was wanting to compare emulating aarch64 over x86 against a native x86 build
<elvishjerricco> just to see how much worse it is to emulate stuff compared to running natively
<samueldr> oh, but then it's cheating, you don't get all the context switches tacked on the emulation!
<samueldr> but I see what you mean now
<elvishjerricco> Oh yea, it's a terrible benchmark. But still kinda fun to see the results :P
betawaffle has quit [Ping timeout: 264 seconds]
<elvishjerricco> `configurePhase` takes so damn long in these emulated builds...
<elvishjerricco> Probably like an order of magnitude worse than native
<elvishjerricco> Once it starts to parallelize in `buildPhase`, the 32 thread threadripper I've got makes it a lot more tolerable. But even `installPhase` is excruciatingly slow
betawaffle has joined #nixos-chat
<samueldr> any tips to deleting all files into a git repo, while keeping the .git repo file? I want to import a vendor kernel into git myself, from tar files
<samueldr> and it needs to be applied on top of a commit, not a new root
<energizer> there is a trick
<samueldr> wow, sick new twist on .tar.gz
<samueldr> .tar .zip
<energizer> GIT_WORK_TREE=/var/empty git commit -am'Delete everything'
<samueldr> oh, and amending?
<samueldr> hm, I still would have all the files around
<samueldr> though nothing a git clean can't fix
<energizer> alternatively just move the .git into another directory
<samueldr> hm, yeah
<samueldr> anyone knows a way to check if a site exists inside of the great firewall of china?
<samueldr> no, I'm not deep into investigating something, you are
<samueldr> wow, bing gives me relevant results to my query, while google assures me there is nothing on the internet about what I'm searching
<samueldr> thanks, bing, thbing
<drakonis> that's the weirdest thing i've read all day
<samueldr> more and more I find the long tail doesn't exist on google, which is a bit spooky considering that means google acts as if a chunk of the web doesn't exist
<drakonis> yeah google does that
<samueldr> is that chunk gone from the main results too?
<drakonis> try duckduckgo
<samueldr> duckduckgo is bing's results + more tooling
<drakonis> google hides results to appease china from what i'm aware of
<samueldr> that's probably unrelated
<samueldr> though I say duckduckgo is bing's index, it looks like for this particular result bing.com is the winner hands down
<samueldr> I was able from bing.com to gather that “ginreen” is probably an ODM that cellphone OEMs turn to for a base phone design
<samueldr> meizu, motorola and asus each have at least one phone with traces of that name
<samueldr> oh, and the annoying part from google: if I search more specific names found from the bing search, suddently there are results!
<drakonis> are you looking up phone stuff?
<samueldr> yes
<samueldr> why?
<drakonis> zte has a phone with that name too
<samueldr> oh, forgot to name it
<samueldr> that's what sparked the search
<samueldr> that one you found has traces in an asus kernel dump
<samueldr> blade x3, but with some codename
<drakonis> there's also a company with that name?
<samueldr> I couldn't definitively prove it
<drakonis> so weird.
<samueldr> ODMs are a weird beast
<samueldr> ginreen.com is their domain name, most likely, and it's registered, but serves A
<samueldr> though it has MX records to some ali dns
<samueldr> uh, ali service
<samueldr> so most likely hosted mail either google-like or amazon-like
<samueldr> I was curious if there is a presence in china
waleee-cl has quit [Quit: Connection closed for inactivity]
<samueldr> it's entirely plausible they can be found by using whatever the name tranliterates to in whatever script being used by them
endformationage has quit [Quit: WeeChat 2.6]
<drakonis> saltynethack anyone?
jrobeson has joined #nixos-chat
rajivr has joined #nixos-chat
leah2 has quit [Ping timeout: 260 seconds]
<lovesegfault> Do any of y'all know how to add a python package in an overlay?
<lovesegfault> Like, create a fully new pypkg
leah2 has joined #nixos-chat
waleee-cl has joined #nixos-chat
drakonis has quit [Quit: WeeChat 2.8]
<energizer> lovesegfault: yes
<energizer> you can't assign into python3Packages?
<energizer> anyway i'd use poetry2nix instead of doing that
<arahael2> energizer: For a project that avoids making you write nix packages, that's an astonishingly bad readme!
<energizer> file an issue?
<arahael2> energizer: I haven't used it, and what would the issue say? "That's an astonishingly bad readme!"
<arahael2> Oh damn, just realised I forgot my second, and third, coffees today. :(
<energizer> arahael2: what is bad about it?
<arahael2> energizer: It basically doesn't tell you anything about the project, other than it's something to do with Poetry, and it means you dn't actually have to write Nix expressions.
<arahael2> energizer: And yet... Every single example shows a nix expression that, presumeably, you'd have to write or at least copy.
<arahael2> No actual examples of poetry, itself...
<energizer> it's not the readme for poetry
<arahael2> energizer: A simple example would probably suffice.
<arahael2> energizer: It's already confusing that you still need to write a nix expression.
<arahael2> I mean, why do you even have to look at "See ./pkgs/poetry/default.nix for a working example.", if there is no need to actually write Nix expressions?
<energizer> you need to write a nix expression for the thing you're packaging. you dont have to write one for each of the dependencies, like you would otherwise have to do
<energizer> moreover, the whole expression is `poetry2nix.mkPoetryPackage {projectDir=./.;}`
<arahael2> energizer: Hmm, I'm not sure I'm making my point clear, but I've a headache coming on so I think I'll leave it.
<energizer> you can submit a pr to change "without the need to actually write Nix expressions" to "without the need to actually write Nix expressions for dependencies" if you want
<energizer> (not that i'm the maintainer..)
<arahael2> I'm not teh user either! And I don't particularly feel like submitting a PR for a random package I've never used.
<arahael2> A much better readme, imho, is the one for cabal2nix. There, it's very very clear how you get a nix expression from cabal.
<arahael2> I appreciate that poetry2nix tries to do this "on the fly", so probably requires a nix file, but there's no reason it could'nt be done with say, `poetry2nix --init` or something.
<energizer> that command would literally generate `poetry2nix.mkPoetryPackage {projectDir=./.;}`
<energizer> i dont think anybody would use it
cransom has quit [Ping timeout: 260 seconds]
cransom has joined #nixos-chat
<ldlework> fwiw, i was pretty confused on how to use poetry2nix as well recently
<ldlework> but after energizer explained to me how to use it, i went back and re-read the readme and wondered how i failed to understand the first time through :(
<ldlework> lol
waleee-cl has quit [Quit: Connection closed for inactivity]
parsley936 has joined #nixos-chat
__monty__ has joined #nixos-chat
<philipp[m]> lol, this is not the right PR to nixpkgs-review today in my room. https://github.com/NixOS/nixpkgs/pull/91712
<{^_^}> #91712 (by pstn, 13 minutes ago, open): linux: do not depend on utillinuxMinimal
<arahael2> ldlework: It's one of those readme's where you have to know nix and sort of understand how it shoudl work *before* you read the readme. There is a lot of assumed knowledge in it.
<ldlework> arahael2: I think I was just so over-primed for a cli to generate some deps.nix or something that on first read through all the information just passed through me.
<ldlework> I remember asking energizer "but I don't have a poetry2nix command!" lol
<arahael2> Heh, right, a readme should be *very* simple, at least in the intro.
<arahael2> I'd never heard of poetry, either, which didn't help. I'm a python dev (though I have pretty much left that area), and wondered: What does this give me over regular old pip or minicondo?
<arahael2> But that's a separate topic :)
<ldlework> I'm pretty happy that poetry exists as I have always hated setup.py and requirements.txt
<arahael2> Yeah - I did notice that poetry seems to automatically setup the virtualenv. THat's fantastic, already.
<__monty__> I wish more build tools would steal nix's ideas though. Like cabal's nix-style builds. Don't even need sandboxes anymore.
<arahael2> I wish the world would reject npm.
<__monty__> Hmm, ELI5, can't we use relative paths for everything in the store pointing to things in the store? That way the store would be position-independent.
<philipp[m]> arahael2: You don't like it when people suddenly ship binaries and dynamic libraries
<philipp[m]> with their js code?
<arahael2> philipp[m]: Actually, that's not so bad. I don't like it when a specific app pulls in no fewer than FOUR versions of jquery.
<philipp[m]> My SO tried to fix some SCSS in a project. They compile it to ~100 lines of CSS. When you run the npm command for that it warns you that you just fetched about 1000 security issues in libraries on your system.
<arahael2> Oh, nice, that.
<philipp[m]> And that thing with binaries and dynamic libraries happened to me a few years ago when I tried to fix sth for an arduino project.
<arahael2> philipp[m]: That's no good. :(
<srk> philipp[m]: getting hot in here as well, done compiling for today :D
* arahael2 has just turned the heaters on.
arahael2 is now known as Arahael
<philipp[m]> arahael2: Yeah, number one reason for me not to do drive-by-commits is "project is using npm and I'm in such a good mood right now" theese days.
<Arahael> Sours that mood too qiuckly when you find that you have to keep doign tricks in order to get your .node_modules in a halfway decent state. :/
<joepie91> philipp[m]: the `npm audit` output is pretty worthless, fwiw.
<joepie91> it fails both ways; it presents "list of known vulnerable library versions" as "audited security issues" (even though that is obviously nowhere near a full audit of anything....), and it complains about any library anywhere in your tree that has *any* kind of vulnerability without checking whether it affects you, which means that very obscure and unlikely-to-be-exploited issues also get reported as a "security issue"
<joepie91> so all you're left with is meaningless scary numbers claiming to be an "audit" :|
<philipp[m]> Yeah, I kinda expected both behaviours. Still, even 1k non-security issues to compile 100 LoC is pretty bad.
<philipp[m]> I mean, those issues probably all don't apply to people compiling their code on their own machines, but the magnitude of dependencies alone to make that possible is quite baffling.
<Arahael> It does make for a pretty crappy situation for dev laptops, though.
<joepie91> node-sass doesn't pull in that many dependencies, though
<joepie91> so this was probably coming from elsewhwere
<joepie91> elsewhere*
<joepie91> Arahael: ?
<Arahael> joepie91: Developers pull all those dependencies in, run the test cases with unknown security issues, and ultimately compile it.
<joepie91> philipp[m]: also latest `node-sass`, even with shitty npm audit, produces 0 vulns here
<joepie91> Arahael: "compile"?
<philipp[m]> They didn't just use node-sass in that project. I forgot what exactly though.
<Arahael> joepie91: "build", I'm tired and didn't drink enough coffee today. I think it's clear what I meant.
<joepie91> Arahael: I still don't understand what you mean. we're talking about SCSS, no?
<Arahael> joepie91: Ah - no, I'm ranting about npm :/
<joepie91> philipp[m]: if I had to take a guess, it probably involves gulp
<joepie91> which is super poorly maintained and violates the principle of single-responsibility dependencies in many places, which means it pulls in way too much complexity
<joepie91> which in turn results in huge known-vuln counts
<joepie91> Arahael: right, but "build" is not a thing that necessarily... happens? with JS?
<joepie91> like, do you mean bundling?
<Arahael> joepie91: In many node projects, there is a "build" step, which, sure, can include bundling, transipilation, babel, clojure compiler, whatever.
<joepie91> Arahael: okay, but then I don't understand how you're seeing a problem specifically with build steps
<joepie91> re: vulnerabilities
<joepie91> it's not like the data on which dependencies are used gets lost
<Arahael> joepie91: You're running basically unknown code on your developer system.
<joepie91> Arahael: I feel like you're confusing malicious code and vulnerable code
<joepie91> the `npm audit` results are about vulnerable code; that has no bearing on developer systems, it's about the libraries themselves that can be exploited at runtime (often in very narrow circumstances)
<Arahael> joepie91: I'm more concerned about malicious code, but are you saying that npm never has malicious code?
<joepie91> malicious code just gets thrown off npm when found
<joepie91> Arahael: of course it does, like every other open package registry does, this isn't specific to JS
<Arahael> Ah - yeah, that makes npm audit even more pointless.
<joepie91> but the solution to that is reviewing dependencies, which approximately noone does, not in JS and not elsewhere
<Arahael> joepie91: Yeah, a bit unfortunate, that. Sometimes I wonder if we made packages too easy.
<joepie91> we didn't
<joepie91> it's a culture problem
<joepie91> and the problem isn't "packages"
<Arahael> I don't know of a solution to that, though. :(
<colemickens> it's sort of a problem of delegation of trust no?
<joepie91> assuming single-responsibility packages, every package you use instead of rolling your own implementation is a net win in terms of time and energy, even taking into account reviewing that package
<colemickens> do people bumping pkg versions in nixpkgs have an obligation to review the commits in that bump diff?
<joepie91> because reviewing a solution to a problem is faster than reinventing it from first principles
<joepie91> (unless an implementation is unreadable, in which case it should be yeeted on that basis)
<joepie91> so having a lot of packages is not actually a problem, neither from a security nor a business perspective
<Arahael> Perhaps projects should absolutely run their own package systems, then, to gate those dependencies.
<Arahael> Erm, not package systems - but package repositories.
<Arahael> But I think very few do.
<joepie91> but the "hey you should actually look at what you add to your project" step was forgotten, because it's *even cheaper* to just add dependencies and assume they work correctly
<Arahael> Right.
<joepie91> Arahael: you don't need a custom repository for that, at least in JS
<joepie91> anyway this is ultimately a problem of economics
<joepie91> the more attractive option is to just add stuff and assume it works and clean things up later when it doesn't
<joepie91> goes hand-in-hand with the general approach to security of most organizations, which is completely reactive
<__monty__> joepie91: Did you mean vetted or "yeeted?" Definitions I'm finding for the latter don't seem to make sense to me.
<Arahael> Indeed, it's absolutely reactive.
<joepie91> and this is ultimately not a new problem either; people did the same thing N years ago with stackoverflow, before npm came around
<joepie91> just back then your dependencies were unmanaged because they were copypasted, which is even worse
<Arahael> __monty__: He means "erased", I think.
<Arahael> __monty__: Ejected.
<joepie91> __monty__: yeeted as in thrown out
<joepie91> that is, "I cannot understand this code" is IMO sufficient reason to throw out a dependency
<Arahael> Yeah, I agree with that.
<joepie91> Arahael: but yeah, I actually professionally do dependency review for a company, and the process there doesn't use a custom registry either; it's lockfile analysis of PRs
<Arahael> joepie91: You're ahead of the curve, even then, then. :(
<joepie91> yeah :/
<joepie91> a long-term project is to build a proper collaborative review system
<joepie91> review tooling is rather... missing right now
<Arahael> joepie91: I like bitbucket's version.
<joepie91> because companies don't care, generally, and companies decide where the money goes
<Arahael> Right. :(
<joepie91> Arahael: anyway, putting on my professional-dependency-reviewier hat for a moment, the dependencies that I *love* reviewing are those made up of a ton of tiny transitive dependencies
<joepie91> because it means that all of the dependencies are well-scoped, single-purpose, it's clear what their intention is, little to no weird internals
<__monty__> Interactions are hard to review though.
<joepie91> and this is also why I object to people complaining about a large amount of packages; a "package" is just a packaging unit in JS, it doesn't have a cost in and of itself, and the more granularly it is packaged, the easier it becomes to audit, replace, etc.
<joepie91> __monty__: not really
<Arahael> joepie91: That's actually quite good to know. My problem is that programmers seem eager to get "big" libraries, which in turn have big trasnitive packages.
<Arahael> joepie91: I really have seen situations where there's multiple versions of said big packages, too.
<Arahael> (Eg, jquery versions)
<joepie91> __monty__: in single-responsibility code like this, it's easy to identify edge cases, and that's where the interaction risks are; in most cases, the edgecase ceases to exist one level of dependencies up
<joepie91> this only works if they are proper loosely-coupled abstractions of course, but quite a lot of things are in JS
<joepie91> Arahael: in my experience that is, ironically, usually the result of people trying to 'avoid dependencies' and complaining about 'thousands of dependencies' :D
<joepie91> because then they try to find a few big ones.... and those are probably designed by people with the same mindset... so those use a few big ones as well... etc.
<joepie91> lodash and jquery are typical examples
<__monty__> I'm talking from a theoretical point of view. Contrary to what most people think modularizing doesn't make proving properties of a system any easier.
<Arahael> joepie91: Heh, well, I'd definitely prefer many tiny dependencies over a couple of huge dependnecies that we no-longer have control over. But there are some industries where frameworks with big stuff is preferred.
<joepie91> if you see those in the dependency list, you know it's gonna be pain
<__monty__> Note that I'm not using this as an argumant against small deps. Monolithic dependencies have the same problem.
<Arahael> joepie91: One I've used recently had both lodash, and *four* versions of jquery.
<joepie91> fun...
<joepie91> I also hate Lodash's """modular""" builds
<joepie91> which sounds great on the surface, but actually just means that each 10-line function is packaged separately with 200 lines of shared core logic vendored in :|
<joepie91> so you end up re-auditing the same damn core logic many times over, one for each """modular""" Lodash dep
<joepie91> very irritating
<joepie91> Arahael: anyway, when working in JS, I can recommend keeping an eye on sindresorhus' modules in particular (in a positive sense). guy has a lot of well-written single-responsibility modules
<Arahael> joepie91: When you're reviewing the dependencies, any tools you use, or do you just bring up your favorite text editor and read the lock files?
<joepie91> Arahael: said company has some internal tooling for tracking reviewed dependencies etc., but the main tool is VS Code's git diff view
<Arahael> Ah, that's cool.
<joepie91> turns out that creating a dummy git repo, committing the old version of a library as one big commiet, and then overlaying the new one in the working tree, is a great way to review the differences
<joepie91> as VS Code has a very good diff implementation
<joepie91> s/commiet/commit/
<Arahael> Oh? I really must check it out.
<Arahael> Some people are fans of just committing all that to the repo.
<joepie91> example
<joepie91> you can't easily make VS Code diff two directories in the same way, so the dummy repo is a workaround to get the same effect
<joepie91> Arahael: for most of my personal projects, my review is more limited (lower security requirements), and I mainly just give top-level dependencies a cursory read before adding them, and occasionally spot-check some stuff from node_modules
<joepie91> (in practice, malicious code on the registry is rare, and vulnerable code is not exploitable most of the time, and when there's a widespread issue I'll probably hear of it quickly)
<Arahael> joepie91: Frankly, I'm much the same there, but at work, I do wish people paid a LOT more attention.
<Arahael> joepie91: Good to know!
<joepie91> yeah, for a lot of companies, there's not really an excuse not to have someone check over the deps
<joepie91> it's not like it takes a ton of time, when you stick with single-responsibility stuff
<joepie91> same with the deps I review for $customer, it's always the "I don't need no stinkin' deps" zero-dependencies crap that takes forever to review
<Arahael> Trouble is a lot try to have a team produce the app, and they do *everything* there. Checking deps becomes low on the priorities when managers are screaming for features X, Y, Z, to be done TOMORROW.
<joepie91> sure, but that is a broader cultural problem
<joepie91> reality is X, Y and Z don't actually need to be done tomorrow
<joepie91> haven't read it yet, but the excerpts I've seen from it are great: https://basecamp.com/books/calm
<Arahael> joepie91: X, Y, and Z are "on the sprint", though.
<Arahael> And Scrum is definitely a cultural problem, except where it's done right.
<joepie91> I'm sure they are :)
<joepie91> which is nowhere, if I can believe the people I've talked to
<Arahael> I've been in good scrum teams.
<joepie91> was it actually stress-free, though
<Arahael> It only works with mature teams, I think, and where management doesn't get into the nitty gritty of the scrum.
<Arahael> Yes, though there were questions about why some sprints "failed". Uh...? Because they did? What was your question?
<Arahael> joepie91: That book you suggested looks pretty good, though in my case, I "switch-on" at 10am, annoying some peers, and "switch-off" at 6pm. :)
<joepie91> heh
<Arahael> The "excessive collaboration" rings true, and companies never, ever, ever seem to acknowledge conway's law. :(
tokudan has quit [Remote host closed the connection]
tokudan has joined #nixos-chat
<MichaelRaskin> At least not in themselves
<Arahael> Indeed.
<MichaelRaskin> Speaking of excessive collaboration, I have been well acquainted with a team where the counterparty (a huge mess of multiple large organisations) managed to apply Conway's law the excessive collaboration: most of the server capacity was apparently spent on interoperation.
<Arahael> Ha.
<MichaelRaskin> The team had a running joke that their single-VM backend in PHP will never be load-tested, because there are multiple layers of multi-balanced Infrastructure in front of it, and each layer will fold under lower load than the backend
<Arahael> Sad, isn't it.
<MichaelRaskin> Nah, the sad part is that all this is to implement functionality yet another person had working on a different server in Perl and actually holding up to any realistic load in this situation. But not integrated with enough things.
<Arahael> Business as usual!
LnL has quit [Quit: exit 1]
<MichaelRaskin> Worse, there is some amount of public sector involved, too. And affiliated business, sure (some of it shockingly bad at maintaining basic data consistency)
<joepie91> MichaelRaskin: I think this is called "microservices" nowadays :P
<MichaelRaskin> Nope, microservices at least pretend to have kind of defined interfaces in-between
<joepie91> true
<joepie91> MichaelRaskin: also, you do realize that the obvious next step is that someone's gonna suggest "blockchain" as a solution to all your problems, right?
<MichaelRaskin> I mean, the only problem I would recognise as _mine_ there was that we were only allowed to /dev/null data from the counterparties who fail basic data consistency in the same way for months, not publically announce… suspension of the interoperation.
<MichaelRaskin> I think blockchain is not really a solution to _that_ problem
<joepie91> MichaelRaskin: oh, it isn't, but someone is gonna claim it is. there was an interesting observation a few years back, on why companies jumped onto blockchains so much - stuff things into a blockchain *mandates* that you normalize your data formats and storage as a side-effect, and so in organizations with a messy structure like you are describing, blockchains look appealing; not because of the actual blockchain features,
<joepie91> but because it unintentionally solves the data format issue
<joepie91> stuffing*
<MichaelRaskin> See, we could not force these counterparties to follow the format descriptions _they themselves_ provided
<Arahael> MichaelRaskin: Who?
<joepie91> somewhat ironically, microservices are popular for a very similar reason; microservices make it pretty much necessary to loosely couple your code... which is just an unintended side effect of microservices and something you could've done without microservices, yet the benefits of loosely coupled code now get ascribed to microservices specifically
<MichaelRaskin> Arahael: you are inside EU, right? Let me just promise you you will not have to work with these specific people
<Arahael> MichaelRaskin: It's not a problem unique to the EU.
<Arahael> MichaelRaskin: It's a pretty global problem.
<joepie91> MichaelRaskin: the reason blockchains "work" is because your shit will outright fail to work if you don't follow the format
<MichaelRaskin> Arahael: erm, I think you misunderstand my message. They are indeed outside EU.
<Arahael> MichaelRaskin: The same problems are also in companies in the EU as well.
<MichaelRaskin> joepie91: you underestimate how good these people are at denying even the completely obvious and unambiguous failures
<MichaelRaskin> Arahael: sure, I know. The answer to the question «who» won't tell you anything, though.
<Arahael> MichaelRaskin: It as a rhetorical question.
<Arahael> MichaelRaskin: But feel free to answer it :D
<MichaelRaskin> Nah, I don't want to be too specific in a logged channel
<Arahael> Fair enough.
<Arahael> I was mainly agreeing with joepie91 that the "problem" is generally more with politics than technicalities.
<MichaelRaskin> joepie91: microservices is when you admit that Conway
<MichaelRaskin> 's law does apply to your hundred of teams not allowed to communicate
<joepie91> nah, you can do that without microservices :P
<MichaelRaskin> joepie91: you could in principle write code in assembly that never corrupts memory, but without enforcement and with more than one person involved…
<MichaelRaskin> Arahael: as I said, my real complaint was not about incompetence but about not being allowed to interoperate with the most broken parts of their systems
<MichaelRaskin> So sure, it is about politics, not technical part.
<joepie91> MichaelRaskin: what I am suggesting is that you can actually *reasonably* do that without microservices. but it was a mistake to start a discussion about this on a sunday :)
<MichaelRaskin> I mean, when I was developing a large system, it was a monolith, but leaf parts were just Not Supposed To™ interact
<MichaelRaskin> But at no point was the system code touched by more than three people
<MichaelRaskin> Well, not really large, medium-sized
slack1256 has joined #nixos-chat
Guest80019 has joined #nixos-chat
Guest80019 is now known as LnL
<bqv> I keep getting so much dmarc spam
<gchristensen> eh?
<bqv> Emails with no body, some mechanical subject with "dmarc report" in it, and a .xml.gz attachment
<bqv> It seems to have ramped up recently
<bqv> Not sure how to turn it off
<immae> bqv: remove the dns entry that asks for those reports?
<bqv> Is that all dmarc does?
<gchristensen> dmarc is so you can monitor rule violations
<immae> the rua / ruf entry is to send a report
<gchristensen> well, the rua/ruf - yeah
<immae> the rest of the values are useful
<bqv> Hm
<bqv> Ok
<gchristensen> I use dmarcian as the receiver of thos ereprots
<immae> (I would rather recommend that you parse them though, there are tools to do that)
<bqv> I was just gonna filter them out of my inbox tbh
<immae> (I have a small script to parse, store in bdd and show them in a nice table if you want)
<bqv> Yeah fair enough, ill just stick them in a folder for otherwise parsing
<ar> bqv: if you'll get these if you (or someone using your domains) sending emails to mailing lists, for example
<bqv> I'm not sure who'd be doing that, except me, heh
<gchristensen> that is what the monitoring is for :)
<ldlework> i don't know why, but laser speckle is wonderous to me
<__monty__> Sunlight speckle looks a lot more interesting imo.
waleee-cl has joined #nixos-chat
<ldlework> k
<bqv> Has anyone here used waymonad?
<bqv> Interested in a comparison to xmonad
<srk> bqv: managed to build it?
<bqv> Not even tried yet :p I'm wondering if it's worth it
<bqv> If it is missing too much from xmonad I won't bother
<bqv> Otherwise ill give it a try
rajivr has quit [Quit: Connection closed for inactivity]
<gchristensen> "All names in Pony, such as type names, method names, and variable names may contain only ASCII characters." boring :(
<joepie91> not even 🐎?
<ldlework> gchristensen: can you kick Miratta from #nixos-emacs for sex/dating spam
<joepie91> lame
<ldlework> nevermind they're gone
<sphalerite> Does ip6tables have a nice way to match addresses "in the local network" or "with the same n-length prefix as me"? I want to write some rules that allow some things from the home wifi while disallowing some things from the internet, on a host that doesn't have a fixed IPv6 prefix (home internet connection).
drakonis has joined #nixos-chat
<drakonis> a real competitor to unity
<ldlework> eh
<ldlework> Does Godot one-button compile to basically every device?
<aleph-> ^
<aleph-> Oh that's fun, seems teleport is broken... hmm
<ldlework> I'm very excited about Godot, don't get me wrong. Not sure if it is actually competitive yet.
<ldlework> They move at a blistering pace though!
<aleph-> Guess I need to add bash to my system path for my teleport service...
<drakonis> they're working on it
<aleph-> Eyep
<aleph-> Be interesting to see how that goes
<aleph-> Hopefully it doesn't affect Unity too much (from a work perspective)
<drakonis> likely it will
<drakonis> as it grows, it'll begin to threaten unity's stranglehold
<cransom> sphalerite: re, local ipv6. that that i'm aware of. though if you are desparate, and aren't slaac only, you could add a dhcpcd run hook that could modify a rule or an ipset based on that address.
<aleph-> drakonis: Aye, I'm just hoping it won't for a year or two
<aleph-> We're getting a ton of clients/money from unity now
<aleph-> Helped us get our best quarter yet. Which is nice from the perspective of not worrying about my job
<gchristensen> aleph-: fix the closure? :)
<aleph-> Hmm?
<gchristensen> "Guess I need to add bash to my system path for my teleport service..."
<aleph-> Heh, still looking for where closure comes in. Apologies, bit out of it.
<gchristensen> the closure of teleport, I sammue
<gchristensen> assume*
<aleph-> Ah. Maybe
<aleph-> It's odd, directly invoking `teleport start` works and I can ssh in
<aleph-> That was by sudo admittedly...
<aleph-> Can't be that stupid an issue...
<aleph-> So via root it'll no doubt work, and there's some perm I need to give my service then.
<elvishjerricco> Aw my stupid aarch64 emulation experiment failed. Something about the tes suite in coreutils failed for some reason
<ldlework> drakonis: I hope the effect is lighting a fire under Unity's add to take care of some of the glaring problems
<aleph-> ^
<ldlework> some of these things have gone on for literaly yearrrrrsssssss
<aleph-> Also that, because then more money for us :D
<drakonis> heh
<sphalerite> cransom: hm, that doesn't sound ideal >_<
endformationage has joined #nixos-chat
cole-h has joined #nixos-chat
parsley936 has quit [Remote host closed the connection]
parsley936 has joined #nixos-chat
<energizer> what is this format? https://bpa.st/53RQ
<ashkitten> colemickens: by the way i was looking at wxrc and went to see if you'd put it in nixpkgs-wayland, but it seems it got pushed aside from lack of testers? i'll be receiving a valve index this week, would be happy to test if you're interested in reviving that effort
<joepie91> energizer: looks like a CSS derivative. maybe Qt's thing?
<energizer> good idea
<joepie91> so yeah, custom format derived from CSS
<energizer> cool
waleee-cl has quit [Quit: Connection closed for inactivity]
<eyJhb> Anyone who knows what `Sandbox: /tmp/.X11-unix/X0 is inaccessible (No such file or directory); can't isolate network namespace in content processes` means? Like, would it be better for.. Isolation to provide the file?
<aleph-> Howdy joepie91
<aleph-> How goes?
<sphalerite> eyJhb: when running what?
<eyJhb> sphalerite: anything using X11
<eyJhb> Basically forwarding it into a container
<eyJhb> (nsjail/chroot in this case)
cole-h has quit [Quit: Goodbye]
<ashkitten> ugh i can't wait for my vr headset
<aleph-> Nice, whatcha getting?
<ashkitten> valve index
<ashkitten> it's so tantalizingly close after waiting 2.5 months to ship
<ashkitten> 3 more days....
<aleph-> Heheh
<aleph-> Reminds me of my wait for my NAS
<aleph-> Been waiting... almost 6 months now
<aleph-> And got about a month, month and a half to go
<ashkitten> and then there's my headphones and phone...
<ashkitten> idk when those will ship because the companies are being shits
<ashkitten> i got an email saying that my headphones will be delayed a month because they're a "custom order" which makes no sense to me
<ashkitten> i told them i would be more than happy with the ps4 compatible version of the headphones, i only ordered the xbox one because it was in stock
<ashkitten> so waiting for their reply after weekend
<gchristensen> nice!!
<abathur> :]
<joepie91> aleph-: ohai
* joepie91 is working on https://validatem.cryto.net/ and his query builder project today
dadada_ has quit [Ping timeout: 240 seconds]
dadada_ has joined #nixos-chat
<sphalerite> aleph-: helios64?
<aleph-> sphalerite: Ya
<aleph-> Heh
<samueldr> you're not alone
<aleph-> Indeed I am not
<aleph-> Hmm, anyone have any idea what capabilities I can give to a user to have it effectively be root?
<aleph-> Or at least as far as exec privs go.
<sphalerite> aleph-: trusted user in nix? :p
<aleph-> Oh didn't realize I could set that
<aleph-> And heh, not sure that would fly upstream :p
<sphalerite> what's this about?
<aleph-> Wrote a module for the teleport clustered ssh daemon
<aleph-> Running into issues with running it as a seperate teleport user since it needs to be able to fork/exec shells for users
slack1256 has quit [Remote host closed the connection]
waleee-cl has joined #nixos-chat
<sphalerite> aleph-: run it with CAP_SETUID?
<aleph-> Nada
<sphalerite> in AmbientCapabilities?
<aleph-> Oh no, I used CapabilitiesBoundingSet
<aleph-> Or whatever it was
<sphalerite> yeah I think that's only useful for restricting capabilities
<sphalerite> try AmbientCapabilities
<aleph-> Alright SETUID didn't work
<sphalerite> aww ok
<aleph-> Lemme try the others then
<aleph-> There we go.
<aleph-> It was SETUID and SETGID
<aleph-> Thanks for the help sphalerite
<sphalerite> aaah :)
<sphalerite> make sure the user sessions started by it don't have the capability anymore
<sphalerite> (e.g. try `su` in one of them)
<aleph-> Still asks for a pass
<sphalerite> ok, that's promising I guess
<gchristensen> abathur: this is amazing
<aleph-> Now I just need to go extend the service so I can set everything via exp lang
<sphalerite> aleph-: actually, capsh --print to be sure
<sphalerite> aleph-: aah, it remains in the ambient set
<sphalerite> that's not good
<sphalerite> that's still root-equivalent access AFAIK
<aleph-> Ugh
<aleph-> Lemme see the way to drop caps
<sphalerite> so you'd need teleport to remove it
<sphalerite> if you can provide a "command wrapper" for teleport you can use capsh for it
<aleph-> So define command wrapper? I can't just run `capsh --drop=foo` after starting the daemon in ExecStart.
<sphalerite> yeah but if teleport's config allows wrapping the user shell or whatever (I don't know what teleport actually does :p )
<aleph-> Got it, it does not afaik
<aleph-> Guess I'll have to run it as root then.
<aleph-> Hmm sphalerite do you know what package provides capsh?
<infinisil> ,locate bin capsh
<{^_^}> Found in packages: libcap_progs
<aleph-> Ugh always forget about locate command
<infinisil> ,locate
<{^_^}> Use ,locate <filename> to find packages containing such a file. Powered by nix-index (local installation recommended) https://github.com/bennofs/nix-index
<infinisil> Or nix-locate locally :)
<sphalerite> aleph-: or submit a patch to teleport to have _it_ drop the caps :)
<sphalerite> though if it has root-equivalent access anyway, might as well run it as root I guess
<aleph-> Yeah might as well it seems... sigh
<aleph-> Curious how the sshd package does it...
<aleph-> Since it doesn't do anything special in defining it's sshd user that I don't.
<abathur> gchristensen: :)
<aleph-> Hmm can I run a command as the default value of an option?
<aleph-> Something like `default = "${pkgs.hostname}/bin/hostname"`
<sphalerite> aleph-: you can't
<sphalerite> aleph-: you can set an option to config.networking.hostName though.
<aleph-> Ugh, doy. Right
<sphalerite> hm. The choice of characters in the base32 representation in nix hasn't succeeded at preventing one of my store paths beginning with "anal". There's just no winning.
<sphalerite> That said, "analy5i5" would be a possible prefix which would be kind of nice.
<ashkitten> sphalerite: is that a problem for you?
<gchristensen> ashkitten: the character set was specifically chosen to avoid spelling (bad) words
<gchristensen> so it is a bit of a joke going back to the thesis I think
<ashkitten> i see
<sphalerite> yes
<sphalerite> imagine what a different world it would have been if base64 had been used :o
<gchristensen> :)
<ashkitten> well then you could spell things like damn or hell
<samueldr> finally I would have f***ing things in my store!
<samueldr> FLAMING
<samueldr> get your mind out of the gutter now
<ashkitten> mind? in *my* gutter?
<aleph-> lol
<sphalerite> Farting things? heehee
<abathur> I suppose there've gotta be some word-based parental content filters that object to roughly random stuff in ids/hashes
<samueldr> yes, the scunthorpe problem
<samueldr> I especially like the picture on that page
<abathur> ha
<ashkitten> The word or string "ass" may be replaced by "butt", resulting in "clbuttic" for "classic" and "buttbuttinate" for "assassinate"
<ashkitten> buttbuttinate is my new favorite thing
<samueldr> sounds like what a bee does
__monty__ has quit [Quit: leaving]
<abathur> <3 ashkitten I was just about to say the same thing :D
<{^_^}> ashkitten's karma got increased to 17
<samueldr> derp, just realised, that it doesn't make sense in english https://en.wiktionary.org/wiki/butiner
<joepie91> processor(?) reverse-engineering stream: https://www.twitch.tv/peterbjornx2
<c74d> samueldr: it makes sense in English, just different sense: bees are known for attacking with their posteriors
parsley936 has quit [Remote host closed the connection]