<drakonis>
hmm, we need a big picture talk for nix con
<cole-h>
I do like not having to hit `-` anymore...
<cole-h>
One thing I'm missing from nix(1)'s shell and develop is the ability to point it to stdenv and get access to `gcc` and the special env vars like `NIX_CC` and stuff
<infinisil>
andi-: Damnit, I need to sleep
<cole-h>
As opposed to using `nix-shell -p stdenv` (or even just `nix-shell -p`)
<infinisil>
andi-: Stop giving me problems to think about!
<cole-h>
Go to sleep and you'll stop thinking about them ;^)
<infinisil>
If it only were that easy!
<andi->
infinisil: haha, I've the next appointment in 7h... this week has been rough. Not sure I've ever been in that many meetings in a week..
LnL has quit [Quit: exit 1]
LnL has joined #nixos-chat
LnL- has joined #nixos-chat
LnL- has quit [Changing host]
LnL- has joined #nixos-chat
LnL has quit [Ping timeout: 256 seconds]
parsley936 has quit [Remote host closed the connection]
xd1le has quit [Remote host closed the connection]
tilpner_ has joined #nixos-chat
rajivr has joined #nixos-chat
tilpner has quit [Ping timeout: 260 seconds]
tilpner_ is now known as tilpner
<samueldr>
how many cables going across the whole room does it require to be legally classified as an act of hacking?
<samueldr>
because with my setup to re-install an OS on the workstation (that doesn't live in this room normally) it might look like I am hacking the gibson or something
<gchristensen>
hehe
<samueldr>
and relatedly, how can we tolerate RJ45 connectors?
<gchristensen>
vs rj11?
<samueldr>
the plastic bit that is required to have it stay put correctly is really bad
<samueldr>
well, either have the same issue
<samueldr>
though I feel in my life I have moved RJ45 connections many more times, and to me its connector has that fatal flaw for any use cases which are not practically speaking permanently instaleld
<gchristensen>
I think quality cables are really really good, but the cheap ones are brutally bad
<samueldr>
often it's side-stepped by having molding around the bit that breaks
<samueldr>
so it's often, to my experience, not the quality of the cable, but the quality of the connectors
<samueldr>
but yeah
<samueldr>
though still, you get some with plastic/rubber that can't be pressed easily
<cransom>
those are the worst.
<samueldr>
it's a toss-up between broken peg and unpressable cables
<cransom>
and sometimes the rubber is under neath the hook in a way you can't see, you can squeeze and squeeze and it doesn't release.
<gchristensen>
yeaaaaaah that one
<cransom>
i didn't often have to swap out 48 port line cards in a fully populated cisco 6509, but when i did, i wanted to murder people.
<samueldr>
an HDMI or USB-like friction fit would have been better for the "last mile" to the computer side
<samueldr>
and a screwed-in connector like VGA or DVI (but maybe only one screw) would have been nice as an option for infrastructure
<samueldr>
(but the same connector)
<samueldr>
sure, you'd have to unscrew 48 connectors there... but that's much easier than pressing the tabs
<samueldr>
and can even be done in an automated manner!
<cransom>
it'd be a hard sell for adoption. there's only so much physical space you can fit connectors in. adding in screws/etc, you coudln't make them the same size
<cransom>
ahh 13w3. i had to hunt all over to find one to plug into a sun machine
<samueldr>
one thing that's nice
<samueldr>
since I have the same state ($HOME) as previously, and the same config
<samueldr>
I'm only trading cpu cycles into getting the same exact setup
<samueldr>
oh, oops, I have to re-do some of it
<samueldr>
forgot to (1) partition the disk and (2) make an ESP
<samueldr>
oh no, (3) forgot to set passwords
<samueldr>
it's not a big deal, until you remember this is kind of like servers, where POST is slow
<ashkitten>
samueldr: we've got some cat7 cable with really nice sturdy connectors
<ashkitten>
but generally i think ethernet cables are just fine because they're really good at being easy to have just a spool of cat5e and a handful of ends and crimp them on to make your cable
<drakonis>
if i understand correctly, i wont have to redownload tons of data
<cole-h>
If *I* understand correctly, Hydra will be faster to do its thang
<drakonis>
yes
<drakonis>
that too
<drakonis>
it means that the storage now takes less space too
clever_ has joined #nixos-chat
clever_ has quit [Changing host]
clever_ is now known as clever
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixos-chat
<ashkitten>
fun fact: xfs turned out to be faster than f2fs anyway
<cole-h>
Nice.
<cole-h>
Are you running it with LVM?
<ashkitten>
no
<ashkitten>
idk why i would want to, tbqh
<ashkitten>
just makes my life a little harder
<ashkitten>
plus i don't think xfs can be shrunk, can it?
<ashkitten>
so no point in using lvm if it's taking up the whole disk anyway
<samueldr>
I was wondering why I was so hot
<samueldr>
then I remembered the workstation is building literally right next to me
<ashkitten>
space heater
andi- has quit [Ping timeout: 244 seconds]
<cole-h>
Oh, XFS can't be shrunk? Huh.
<samueldr>
yes, one of the reasons for sending it in the kitchen, especially during summer
<samueldr>
dining room rather
<ashkitten>
samueldr: i thought that was in response to cole-h for a second
<cole-h>
Hahaha
<cole-h>
Me too :D
<samueldr>
neat, finished rebuilding the system, might as well upgrade to 20.09 since I've been forced to break my workflow
<cole-h>
Oh?
<samueldr>
*something* broke on my workstation... and the raid array stayed in degraded mode
<samueldr>
weirdly enough, SMART on the disk tells me everything's fine
<cole-h>
Huh
<samueldr>
and I've been running tests on it and it seems fine too
LnL- has quit [Quit: exit 1]
<samueldr>
it *could* be the cable, but still, using the same cable and directly addressing the drive seemed fine :/
LnL has joined #nixos-chat
LnL has joined #nixos-chat
LnL has quit [Changing host]
evanjs has quit [Read error: Connection reset by peer]
andi- has joined #nixos-chat
evanjs has joined #nixos-chat
LnL has joined #nixos-chat
LnL has joined #nixos-chat
LnL has quit [Changing host]
LnL- has joined #nixos-chat
LnL- has joined #nixos-chat
LnL- has quit [Changing host]
LnL has quit [Ping timeout: 272 seconds]
<ashkitten>
so what's the main limiter for ssd random write performance?
<ashkitten>
is it latency?
<drakonis>
parallelism
<drakonis>
you need m2 to make it go faster
<drakonis>
nvme to do a lot of tasks in parallel
<ashkitten>
i've got a M.2 NVMe ssd
<drakonis>
sata only goes up to 500MB/s
<drakonis>
huh i see
<ashkitten>
and only get about 200MB/s writes unless it's huge sequential writes
<drakonis>
well, actually
<drakonis>
weird, really.
<ashkitten>
goes up to about 2GB/s when i dd with 1GB bs :p
<drakonis>
if you're writing a ton of small files in parallel, it'll lose speed
<drakonis>
it has to start and stop
<ashkitten>
but dd with even bs=4M is only 600MB/s or so
<drakonis>
hmm
<ashkitten>
so i think it might be latency
<ashkitten>
especially since reads are always closer to 2GB/s
<ashkitten>
i kinda want a faster drive but now that i have an ssd i can't justify that purchase :/
<ashkitten>
since i just bought it
<ashkitten>
if it actually gave the advertised write speeds in any reasonable situation i'd be happy
<ashkitten>
maybe i can return it
LnL has joined #nixos-chat
<drakonis>
which brand?
<drakonis>
or manufacturer even
<ashkitten>
kingston
<drakonis>
oh
<drakonis>
return it and get something like crucial or samsung
<ashkitten>
lol
<ashkitten>
returning it would be annoying though
<ashkitten>
is kingston really that bad?
<drakonis>
its not the optimal choice
<ashkitten>
it was cheaper
<ashkitten>
clearly i got what i paid for though
<drakonis>
pretty much
<ashkitten>
well when it's time to upgrade again...
<drakonis>
it'll soon be time to upgrade again
<ashkitten>
i'll probably upgrade my whole zpool to a set of bigger ssds
<ashkitten>
eh, idk about that
<ashkitten>
i'm still happy with this, it's way better performance than my zpool
<drakonis>
oh yeah
<drakonis>
ssds are great
<ashkitten>
soon is relative anyways. maybe in a year or two 4TB ssds will be affordable
<drakonis>
undeniably one of the best upgrades you can get
<ashkitten>
for cold booting and heavy io yeah
<ashkitten>
read performance gain is honestly kinda negligible because i have 32GB ram and zfs does a fairly good job of arc prefetching
<drakonis>
can't wait to have money to afford having a new machine
<drakonis>
gonna go wild with the upgrade
<ashkitten>
but the other day steam was updating a game and i literally couldn't launch any programs for 10 minutes because writes tank my disks so hard
<drakonis>
that's the worst
<drakonis>
i have two hdds besides my ssd now and it feels great to shunt writes to the hdds without tanking perf
<ashkitten>
but other than that i honestly don't notice that much difference with things launching that much faster
<ashkitten>
especially after things are in arc
<ashkitten>
but today i installed final fantasy xiv in 10 minutes flat :p
<drakonis>
beautiful
<aleph->
Neat
<ashkitten>
(thanks to xivlauncher, which downloads patch files in parallel)
<aleph->
Interesting.
<drakonis>
i wish i could afford to play xiv
<drakonis>
kinda costly right now
<ashkitten>
understandable
<drakonis>
perhas in the future
<drakonis>
perhaps
<aleph->
drakonis: I mean if you haven't started it's free up to expansion 1/level60 iirc
<ashkitten>
oh true
<aleph->
Planning to start playing again once I get my laptop back from the shop
<ashkitten>
i forgot they expanded the free trial
<aleph->
Which annoyingly they weren't able to reproduce my issues with it failing to boot... grumble grumble grumble
<aleph->
Eyep
<aleph->
Smart move to do it to exp 1 where the story gets gud
<ashkitten>
now they just have to allow cross-datacenter world visiting...
<aleph->
ashkitten: How well does that quick launcher work in wine? Well?
<aleph->
ashkitten: If only, if only.
<drakonis>
is it safe to start using CA nix atm?
<drakonis>
i want to shrink my store
<ashkitten>
aleph-: great! better than the official launcher, and most of the mods work flawlessly too
<ashkitten>
i'm not gonna talk more about modding in a public channel though
<drakonis>
modding huh
<drakonis>
say what now
endformationage has quit [Quit: WeeChat 2.9]
<drakonis>
hmm, i have enabled every experimental features on my nix install
<drakonis>
time to pray that it doesnt nuke anything
<ashkitten>
who was it that had their nix store annihilated by a typo?
<drakonis>
lmao pls dont scare me
<ashkitten>
was it joepie91?
<ashkitten>
it was bqv
ninjin_ has quit [Ping timeout: 240 seconds]
ninjin_ has joined #nixos-chat
cjpbirkbeck has quit [Ping timeout: 256 seconds]
waleee-cl has quit [Quit: Connection closed for inactivity]
cole-h has quit [Quit: Goodbye]
<eyJhb>
ashkitten: and made it seem like a somewhat normal occurance
<ashkitten>
augh why do i sometimes have two instances of steam running
<eyJhb>
ashkitten: had a long time where I would have two games open at once
<ashkitten>
sometimes steam will open another instance of itself instead of just opening a new window
<eyJhb>
Ahh, that does seem rather annyoing
<ashkitten>
yeah
<ashkitten>
especially since then steam integration breaks
<eyJhb>
Ouch
<eyJhb>
The steam integration in NixOS is generally very brittle, right?
<srk>
what?
<srk>
best out there
<srk>
never had any issues with it and it even comes with steam-run for non-steam stuff :)
<ashkitten>
what even, i'm getting io errors on my new ssd
<ashkitten>
that really pisses me off
<srk>
oO what ssd is that? sata/nvme?
<ashkitten>
nvme
<ashkitten>
like... idk, it could potentially be the drive controller?
<srk>
yup
<srk>
we've seen one brand new supermicro server fail horribly after a while due to controller firmware
<ashkitten>
i know my motherboard's xhci controller is flaky and dies a lot
<ashkitten>
but i'm already pissed at this ssd
<srk>
like the combination of kernel + firmware can cause issues, try updating / changing
<srk>
the worst thing was that we've got IO errors after like few months of it running in production
<ashkitten>
actually wait, it's m.2 nvme
<ashkitten>
so the drive controller is on the ssd
<ashkitten>
so if it's flaky then it's the ssd's fault
<ashkitten>
no matter what
<ashkitten>
i'm already pissed off at this drive
<ashkitten>
so i'm gonna get a different one and return this
<ashkitten>
i should really get a new motherboard
<ashkitten>
i hate dealing with flaky hardware
<srk>
+1 :)
<srk>
today ethernet died on my armv7 laptop with 'MDIO timeout' and it can't recover w/o reboot :D /o\
<srk>
and I can't reboot as it's compiling ghc for like 20 hours now
<eyJhb>
srk: maybe I should try that on Matlab and see what I get from that
<eyJhb>
So tired of random VMs.. And apparantly I have a exam in Matlab this semester
<srk>
I've managed to convert two math students to Octave at uni and they both liked it
<eyJhb>
srk: If you can make my teacher convert to it as well then
<eyJhb>
I fucking hate it
<srk>
but if you need some stuff on top of matlab you're out of luck
<gchristensen>
btw srhb does morph support managing its own node?
<gchristensen>
or yes if going over ssh to localhost
<srhb>
gchristensen: I've never thought about it, but yes, ssh to localhost should work I think
<srhb>
It's a pretty simple wrapper over ye olde nix copy stuff :)
<gchristensen>
cool
<gchristensen>
nixos is cool
<Mic92>
nix copy is great for benchmarks
<Mic92>
if you have multiple nodes
<Mic92>
It is super simple to deploy tools to multiple nodes in a script
<gchristensen>
oh, yeah!
ajs124 has quit [Ping timeout: 260 seconds]
ajs124 has joined #nixos-chat
__monty__ has joined #nixos-chat
waleee-cl has joined #nixos-chat
<lejonet>
gchristensen: one of the most awesome things I like about nixos is the fact that if I'm going to replace a machine, I can get a "identical" machine as the one it replaced, as a norm from the whole declarative approach
<lejonet>
and I don't even have to sweat it
<eyJhb>
,locate ns3
<{^_^}>
Found in packages: ns-3
<lejonet>
I've used that to migrate machines from VMs -> physical and vice versa, in like 5-6 mins
<gchristensen>
yup!
<gchristensen>
it is so easy
<eyJhb>
lejonet: do you run with tmpfs/zfs rollback as well then? Or just really good at managing state?
<gchristensen>
nixos is so boring and cool at the same time
<eyJhb>
Are there still office hours on fridays gchristensen ?
<eyJhb>
Never boring, always amazing
<gchristensen>
we haven't done office hours since covid started :(
<lejonet>
eyJhb: currently, I haven't conjured up any way to handle state, I've ensured I have as little state as I can on those machines and I really should solve the state part, soon, but I've just not gotten to it
<eyJhb>
But whyyyy, it is virtual :( Miss it the few times I have joined in!
<lejonet>
eyJhb: indeed, I have solved most of the infrastructural dilemmas that I needed to solve to be able to see about solving that dilemma, but I just haven't gotten to it yet
<eyJhb>
I love that, holy hell
<eyJhb>
Will a system not work if /tmp is NOEXEC?
<eyJhb>
lejonet: yeah, time is always sparse :(
<eyJhb>
Also...
<lejonet>
eyJhb: nah, NOEXEC on /tmp shouldn't break a system, if it does, its doing something very shady lol
<lejonet>
it was a while since I poked around with that, but I do believe that you can do noexec,nosuid on /tmp without any problem
<eyJhb>
Regarding COVID-19, my friend is doing a LAN party this weekend, where participants have to show a COVID-19 negative test and if they have bought tickets long before the current situation and do not feel comportable they can get a full refund. HOWEVER! One of the parents have asked if they can do the LAN party virtual
<eyJhb>
I virtual LAN party is basically what these kids would do any other day of the week
<lejonet>
Hehe yeah
<eyJhb>
I should do the NOSETUID and NOEXEC
<eyJhb>
Holy hell, I can show my security friends that. TAKE THAT!
<gchristensen>
I don't have a specila mount for /tmp and thus it is noexec, nosuid already
<eyJhb>
:D
<lejonet>
I would actually argue that doing noexec at least on /tmp should be a standard measure taken, many malwares download their toolbox to /tmp with a hope that it'll get help from the OS to throw it away on a reboot and then just redownload it to there
<eyJhb>
I guess you could have NOEXEC in $HOME as well, and basically on everything except /nix if you REALLY want to?
<lejonet>
Yeah, all depends on if you do stupid shit like me, that have all kinds of scripts in $HOME that I use fairly regularly :P
<eyJhb>
HM? :p
<lejonet>
or do development and need to execute binaries in $HOME now and then
<eyJhb>
I have a lot of Go development I do not use Nix to build
<lejonet>
Actually not, I haven't gotten to HM weirdly enough
<lejonet>
yeah
<eyJhb>
If you build everything with Nix, then it should work fine
<eyJhb>
But also, most things do not work on nix anyway, I guess
<eyJhb>
Not sure how well malware will fair
<lejonet>
Very much depends on the nature of the malware
<eyJhb>
Hoping someone will take a metric shit ton of malware, and dump on a NixOS box some day
<lejonet>
if its of the more insidious type, it'll just use process hollowing and stuff like that instead, and ensure its binaries are put in normal places, where binaries are expected and so
<lejonet>
oh, I have a hope of doing something like that one day :P
<eyJhb>
Yet, there are only 24 hours in a day...
<eyJhb>
gchristensen: is there any hope it might return ? Office Hours
<eyJhb>
*chaos* NOEXEC on /nix <3
<gchristensen>
eyJhb: now that I have a child .... whew.
<eyJhb>
Ohh right! Children in general can take some time, or at least so I imagine. Everything going well so far?
<eyJhb>
And a lot of sleep deprevation I guess?
<gchristensen>
very yes
<gchristensen>
I'm happy if I can take 30 minutes to read
<eyJhb>
I can imagine that! But hoping you are happy in general!
<eyJhb>
Remember to teach your child the way of Nix
<Taneb>
(have a second child, raise them in the same way, and check they're bit-for-bit identical...)
<sphalerite>
I wonder if nix-aware malware would be a good thing or a bad thing. :p
<sphalerite>
(my answer is: both)
<eyJhb>
sphalerite: Malware build using NixOS !
<eyJhb>
I would guess mostly bad
<sphalerite>
bad because it's malware. good because it shows that nix is something (A) popular and (B) that malware authors need to take into account.
<eyJhb>
Well I guess that ~ is NOEXEC as well, except for the few dirs I keep state in. Lets see how much breaks. I am guessing a lot
<gchristensen>
that is a bit too far for me
<gchristensen>
I do still need to get work done :P
<eyJhb>
It was a accident, soo :p
<eyJhb>
And I can still exec in ~/projects, so I guess most will still work :p
<gchristensen>
nice
<gchristensen>
I have a spewing of scripts in ~ that I want to work
<eyJhb>
I have put most into my HM config, so I am guessing that explans why most things work
<eyJhb>
I am more afraid of stuff like gradle, apktool, etc. which has .jar files in ~
<andi->
I have the feeling ~/projects or ~/dev or whatever it is on your machine should *not* be exectuable as that is the place where you *download random stuff from the internet (github)* and execute it.
<eyJhb>
That is the place I develop my own projects :p
<eyJhb>
As well as download code.. But I have mostly placed it in /tmp when I have random code
<gchristensen>
yeah
<gchristensen>
I mean, I'm going to execute some stuff
<gchristensen>
I'd rather work towards isolating those things, like running each shell in its own namespace or something, with limited access to my system
<eyJhb>
Same
<eyJhb>
ALSO! Anyone planning on getting windows defender thing to work on Nix? :p
<andi->
totally not
<eyJhb>
:p I would have tought as much
<cransom>
i'm annoyed enough when someone implements selenium and chrome headless tests and all of a sudden, there's a chrome-driver in a dot file in my directory because javascript downloaded one for me.
<andi->
I should write an anti-virus plugin for Nix that scans all downloaded and unpacked files..
<gchristensen>
what if there was a direnv-like thing which automatically put you in to a namespace where you can't see outside of your project
rajivr has quit [Quit: Connection closed for inactivity]
* andi-
wipes NixOS and switches to the weird side
<gchristensen>
freenixsd?
<andi->
FreeBSD is able to run linux applications, wasn't there some way? I could probably just run the Linux user space (minus systemd?) on FreeBSD then
<gchristensen>
illumos with linux flavored zones?
<samueldr>
andi-: I mean... what's stopping you from experimenting? :)
<andi->
sigh... motivation to deal with computers?
<andi->
Is that a valid response?
<gchristensen>
from experience ,yes
<andi->
I can't play games anymore, without having hands that hurt for a few days. I do not have open private infra topics. I've huge ideological differences with communities that I used to be active in... So just chatting and doing RL stuff for now
<drakonis>
andi-: it certainly does, but the emulation only applies to a subset of bits
<drakonis>
of kernel things
<gchristensen>
andi-: those hand feelings. yep. *sucks*. I once made a custom keyboard so I could play with my feet... it was hard. :(
<__monty__>
Do controllers help?
<samueldr>
when I had pains (AFAIK different than RSI) coming from helping with moving, no, controllers were worse for me
<samueldr>
well, different than the common RSI pains
<gchristensen>
no
ldlework has quit [Ping timeout: 246 seconds]
<infinisil>
> (throw "nope" // { x = 0; }).x
<{^_^}>
nope
<infinisil>
What if this worked
<samueldr>
what if what worked and how is that useful?
<infinisil>
It would make Nix more lazy, potentially allowing it to be faster in many cases
<samueldr>
I still don't understand what I'm looking at
<samueldr>
that accessing a merged set's attribute goes "from right to left" ignoring any other merge operations if possible?
<samueldr>
so (1 // {x = 0;}).x would also work?
<infinisil>
Yeah something like that
<infinisil>
So I guess `(A // B).C` would be turned into `B.C or A.C`
<samueldr>
I don't like the concept that "leftwards" part of the merge could be non-sets in situations
<infinisil>
> { x = 0; }.x or (throw "nope").x
<{^_^}>
0
<infinisil>
That actually sounds like a very simple transformation
<infinisil>
I'm usure if this would cause any purity problems
<samueldr>
not sure about purity, but this would cause surprise in situation where assumed-sets are not sets
<infinisil>
samueldr: Why would it be surprising?
<samueldr>
like `let x = 1 /* should have been a set */; set = x // { a = 1; }; in set.a;` assuming that things are coming from a less contrived example
<infinisil>
I guess if somebody expects evaluating `A // B` to immediately throw an error when not both are attribute sets
<samueldr>
it could mask issues in the code of the developer
<samueldr>
yeah, that
<samueldr>
I'm not saying it's bad outright, but that's something to consider
<infinisil>
Yeah
<infinisil>
I think it might actually be fine, because Nix already doesn't throw errors for lazily evaluated things
<infinisil>
And this would be just another case of this
<drakonis>
wow, nice, there's more rfcs now
ldlework has joined #nixos-chat
cole-h has quit [Quit: Goodbye]
maxdevjs has joined #nixos-chat
<sphalerite>
"Even if the gramatics was not your favorite subject, you probably have a spell check in the browser, you should not neglect it."
<sphalerite>
lol
<__monty__>
infinisil: Stop making nix even less strictly typed! >: o