<samueldr>
>> Meanwhile, Reduced security mode provides more flexibility by allowing users to disable System Integrity Protection and run any version of macOS, including those that are no longer signed by Apple.
<sphalerite>
"no longer signed" I'm not sure that's how signatures work.
<samueldr>
actually
<elvishjerricco>
sphalerite: Apple does it weird
<samueldr>
iOS works that way
<elvishjerricco>
They distribute new signatures for everyone who downloads the next OS
<samueldr>
when you use DFU to load an OS from iTunes, you get a signature for your system × the os
<samueldr>
so I guess something similar when you just boot it
<elvishjerricco>
It's a clever way to prevent downgrade attacks
<sphalerite>
uuuuh
<sphalerite>
ok I'm confused
<sphalerite>
but maybe I just need to go to bed.
<elvishjerricco>
samueldr: I found a completely not credible commenter on macrumors saying you can boot unsigned OSes
<samueldr>
I follow a mac fan on twitter that _would_ have shared it if it was credible and found :/
<samueldr>
that doesn't mean anything, but yeah
<elvishjerricco>
sphalerite: Basically Apple doesn't distribute the OS on its own. When you download it, they also produce a signature the combination of the OS and your hardware's ID. This is the signature that secure boot verifies
<elvishjerricco>
I guess even if you CAN boot Linux on them, that GPU is gonna need a whole custom driver
<samueldr>
yeah, one step at a time :)
<samueldr>
as I said in previous discussions (about similar topic) I rather have the ability to boot into a useless OS due to lack of support than being completely blocked
<elvishjerricco>
samueldr: Do you expect we'll be able to get Nix working on these machines?
<samueldr>
I think there's been work already
<elvishjerricco>
Orly?
<samueldr>
I don't really know more about the status
<samueldr>
but my guess is: yes, with the same caveats as secured big sur on x86_64
<cole-h>
gchristensen: srhb: The only issue I have with SSH is that it doesn't like my GPG auth subkey; a normal, `ssh-keygen`'d ed25519 key works just fine.
<elvishjerricco>
I'm surprised there's someone with a dtk that's into nix :P
<gchristensen>
I'm saying goodbye to gpg in 2021, and don't know what you mean cole-h
<elvishjerricco>
Man I wish I could give up gpg. It's so bad
<srhb>
cole-h: I didn't try without gpg-agent, so yeah, probably same problem here.
<gchristensen>
it turns out you can just say goodbye to it
<elvishjerricco>
gchristensen: But my password-store :(
<cole-h>
^
<samueldr>
ROT13 did nothing wrong to me
<cole-h>
lol
<gchristensen>
maybe you could use `vault` instead
<srhb>
Gpg is great. I only wish it didn't suck.
<gchristensen>
or patch `pass` to use age instead
<srhb>
If vault had a slight declarative setup I'd hate it less.
<gchristensen>
I'd show you my declarative version but I'm not sure it is a good idea
<srhb>
:P
<srhb>
I'd love to see it if it becomes a good idea sometime. For now, bedtime though. o/
<elvishjerricco>
samueldr: He did mention hypervisors though
<samueldr>
all built around their API I presumed
<elvishjerricco>
So I guess we might get hypervisors?
<samueldr>
though, what a bad precedent if only "golden chosen partners" get to ship full blown hypervisors :/
supersandro2000 has quit [Ping timeout: 264 seconds]
__monty__ has quit [Quit: leaving]
<lovesegfault>
Wait, they changed the name from pijul to anu
<lovesegfault>
and then they changed it back because anu was offensive?
<lovesegfault>
why is anu offensive?
<infinisil>
lovesegfault: Not offensive, but it's close to anus
<infinisil>
But it really doesn't matter much, it's just a name. It seems like the author just tried anu for a bit, then decided to not go for it after all
<energizer>
it's even closer in spanish
<infinisil>
I feel like too many people get hung up on the name, which kind of totally distracts from what pijul does
<energizer>
they should use a better name
<energizer>
if a lot of people in your target audience don't know how to pronounce the name, it's a bad name
<infinisil>
It really doesn't matter that much
<infinisil>
Nobody knows how to pronounce git either, yet here we are lol
<energizer>
who doesnt know how to pronounce git
<infinisil>
(well, people do know how to pronounce it, there's just two different ways)
<energizer>
it's an english word with a standard pronunciation
<infinisil>
It's not
<infinisil>
There's different ways to pronounce it
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-chat
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-chat
<pie_>
my actually unfounded guess 8s an installer
<pie_>
is
<samueldr>
NOEL, NixOS Entreprise Linux
<samueldr>
where you're running software from 10 years ago, today!
<danderson>
"Your software is old, and we have the receipts to prove it!"
<samueldr>
(no I don't really expect that)
<pie_>
ohahaha
<ajs124>
samueldr: I'll only buy it if it comes with a 2.6.x kernel
<samueldr>
how else would you know it's stable?
<ajs124>
reminds me of makefu's slides on why you should deploy Windows 2000. my favourite feature was "low malware compatibility".
<danderson>
2.6? Look at mr modern over there
<danderson>
2.4 or bust
<samueldr>
2.4 -> 2.6 is IIRC a pretty big deal, no?
<danderson>
... I remember when 2.4 was the exciting new hotness :(
artturin has joined #nixos-chat
<gchristensen>
NOEL? sounds good.
<danderson>
2.2 -> 2.4 was "you have iptables now", 2.4 -> 2.6 was "we kinda forgot to release for a long time, have ALL THE NEW THINGS"
<samueldr>
oh, gchristensen, didn't even think about the snowflakes thematically matching
<samueldr>
gchristensen: I can hire you to work full time on that, for exposure (to the cold)
<gchristensen>
I'll package up NixOS 14.12 with a nice cover and bill $100k/yr for it
<pie_>
NOEL turnon the lights
<danderson>
wow, 2.4 was actually kind of a big deal: ISA Plug and Play, USB support, Bluetooth, LVM, RAID, ext3
<pie_>
im sorry dave im afraid i cant do that
<danderson>
then 2.6 was "all the things, and more". Filesystems, 32-bit PIDs, preemptible kernel, SELinux, ...
<ajs124>
gchristensen: I have this snippet somewhere that pulls icedtea web from... 15.09, I think, because newer versions don't talk to the IPMI I need it for.
<ajs124>
iDRAC actually, not IPMI
<danderson>
ugh idrac
<danderson>
SHUN
<danderson>
I have the same problem, although mostly I solve it by not using that server any more
<ajs124>
beats driving there for a few hours
<ajs124>
it's sadly semi-critical infrastructure
<gchristensen>
ughhh I used to have a winxp laptop just for idrac
spudly1 has joined #nixos-chat
<ajs124>
I once reverse engineered one of those a bit. I think that wasn't iDRAC but IBM IMM2 and that runs Linux 2.6, I think. Maybe 2.4? It had some very cool and good shell and php code in there.
<danderson>
I remember the struggle to get the idrac KVM connection to work right. It's a thing I lost when I switched from Arch to NixOS.
<danderson>
at one point I got annoyed enough that I started disassembling the java payload to try and reverse-engineer the protocol
<danderson>
as in, it's easier to just implement a client from scratch than get the right combo of java nonsense
<ajs124>
just checked my notes: nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/release-15.09.tar.gz -p icedtea7_web
<danderson>
but then I switched to all Supermicro servers. They have their quirks, but the KVM is all pure HTML5 that works.