<lovesegfault>
the website is pretty rough on a big screen
<lovesegfault>
This thing is older than me
<V>
mmh
<makefu>
i am sure they are scared of going 1.0 because people would assume that hurd can actually be used
<gchristensen>
at least they presumably review patches before applying them to the "stable" release
<andi->
gchristensen: I kinda mean it. It must have a reason none of the software I am running on this box right now is written in a language that isn't C or C++ without me trying to avoid others...
<gchristensen>
hubris :)
<gchristensen>
we can't keep it all in our head to do it
<gchristensen>
it'd be cool to publish a guide on securing nix-daemon as a public thing
<cole-h>
"as a public thing" -> ?
<cole-h>
Like, public document, or public nix-daemon? :P
<gchristensen>
like a shared nix-daemon
<cole-h>
:o
<gchristensen>
there are a lot of these, more than you might think
<gchristensen>
buildkite / ci things, for example
<gchristensen>
ofborg
<cole-h>
How shared? Around-the-world-shared, or between-users-shared?
<lovesegfault>
Huh, the pypy build seems to have frozen
<lovesegfault>
I don't see it in nix-top but it hasn't failed
<andi->
wait :-)
<lovesegfault>
there's a nix-daemon process pinning a core, maybe that's it
<samueldr>
if it's a remote build, maybe compressing the output
<samueldr>
to send
<lovesegfault>
it is a remote build, but the build doesn't seem completed
<lovesegfault>
just frozen at 78%
<samueldr>
odd
<lovesegfault>
yeah, idk what's going on
<lovesegfault>
tempted to ctrl-c it
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-chat
rajivr has joined #nixos-chat
risson has quit [Excess Flood]
cole-h has quit [Ping timeout: 260 seconds]
risson has joined #nixos-chat
<gchristensen>
my computer battery is apparently 105% full
<samueldr>
about to burst?
<gchristensen>
not swelling yet....
<V>
forbidden pillow
<gchristensen>
spicy tea bag
<samueldr>
nothing better than knowing how many spicy pillows there must be in residential units around you
<samueldr>
(if you live in a flat or something like that)
<V>
There's a pillow at my house that has a battery print on it
<V>
it's highly cursed
<samueldr>
a pillow that's made to look like those foil pouch batteries?
<samueldr>
with a name such as xkbcommon my instinct was that it would be deeply entangled with X
<samueldr>
at this point systemd should rename tmpfiles.d to filesystemeditor.d
<nicolas[m]>
random question: why is it that my computer fails to hibernate when memory usage is above 50% with 100% of the swap available? (with the swap being 2x the amount of ram)
<samueldr>
hibernation works?
<samueldr>
;)
<samueldr>
big word of caution: the bootloader, and stage-1, is not aware of the generation it hibernated from
bqv has quit [Quit: WeeChat 2.9]
<nicolas[m]>
It works if my system uses less than 50% of my system memory
kalbasit has quit [Ping timeout: 240 seconds]
<samueldr>
(joking aside, I really don't know)
<samueldr>
dmesg has anything useful?
<samueldr>
can you trivially test it, e.g. a program that reserves a set amount of memory?
<nicolas[m]>
that was the next step I wanted to try
bqv has joined #nixos-chat
<samueldr>
or even the full system journal, rather than only dmesg
<energizer>
shouldnt it be serverless tho, with each build being a lambda?
<gchristensen>
I would prefer that yes
<abathur>
*grumble intensifies*
<samueldr>
hm?
<samueldr>
I was curious, and looking at desciptions of lambda... doesn't seem plausible
<samueldr>
>> execution time from 1 to 900 seconds
<samueldr>
in addition to 128-3008 MB of RAM limits
<samueldr>
not sure if it is different than what is listed there, in wikipedia, though
<energizer>
i thought there was another aws serverless product with higher limits
<samueldr>
I'm really not hip with amazon's offerings, so maybe there is!
<abathur>
I'll probably have to wait for Alanis to show up with the right metaphor for how much it's getting under my skin that the commands that run in 10-80ms are all lacking at least one piece of information I need, while the only command with it all in one place takes like a full second
<energizer>
fargate
bqv has quit [Quit: WeeChat 2.9]
bqv has joined #nixos-chat
<abathur>
for reference: largest config: 4 vCPU, Min. 8GB and Max. 30GB, in 1GB increments
<samueldr>
abathur: all you really want, you oghta know, is perfect
<samueldr>
oh wow
<samueldr>
I shot way too fast
<abathur>
> spongebobify "Pricing is per second with a 1-minute minimum. Duration is calculated from the time you start to download your container image (docker pull) until the Task terminates, rounded up to the nearest second."
<{^_^}>
value is a function while a set was expected, at (string):291:66
<abathur>
oh oops
<abathur>
I'm too tired to figure out how I broke it
<abathur>
*too tired to _want_ to
<samueldr>
abathur: [Excuses] for [Big Sur]? [Incomplete] [Still]?
<samueldr>
uh
<samueldr>
wrong first word, somehow I didn't write what I wanted
<patagonicus>
Soo. After verifying that I have the original charger for it the Dell support gave me a master password for my bios - but it doesn't work.
<patagonicus>
Also there's some really weird spelling and typing mistakes in the messages. No way is that a native German speaker doing the support, but I'm more surprised they are not just copy and pasting phrases.
<gchristensen>
about 100 lines of python and 300 lines of terraform
<joepie91>
is there a NixOS wiki page yet with an exhaustive answer to "I have installed this thing, I want a newer version than is in nixpkgs, now what"? that's really written from the perspective of answering that question for different scenarios (simple source tarball patch, needing different build instructions / deps, a module being involved...)
<sphalerite>
Is there a tool that can analyse a shell history file and suggest aliases?
<infinisil>
sphalerite: Oh that would be neat
<gchristensen>
I think I've seen something like that come across lobsters in the past few years
<gchristensen>
but if you don't mind trivialness sort and uniq -c
<sphalerite>
yeah I've done that before, but wasn't really satisfied with the results
<sphalerite>
I've been thinking maybe I should implement a compression algorithm, with relevant debug prints
<gchristensen>
maybe abathur could point you in the dircetion to using oil's parser to create an AST of your history and find similar trees
<infinisil>
This is a command I got from lobste.rs :)
__monty__ has quit [Ping timeout: 265 seconds]
<gchristensen>
hrm. it seems aws is too cowardly to take my scaling group to 0
__monty__ has joined #nixos-chat
<gchristensen>
anyone doing a monorepo thing but with a set of packages which are kept private?
hax404 has quit [Remote host closed the connection]
hax404 has joined #nixos-chat
hax404 has quit [Client Quit]
hax404 has joined #nixos-chat
<andi->
I have a few of those repos that are private and that qualify as monorepo.
<andi->
not sure what you are asking
pie_ has quit [Ping timeout: 256 seconds]
pie_ has joined #nixos-chat
<andi->
I guess I missed the sweatspot to buy the Logitech BRIO *again*. It spiked up to 200€ again
<gchristensen>
ouch
<__monty__>
In preparation for black friday maybe?
<gchristensen>
to make it look cheaper?
<__monty__>
To give a "black friday discount" that isn't really a discount at all.
<sphalerite>
pretty sure that's not allowed in a number of countries
<__monty__>
That doesn't always stop people though.
<joepie91>
not like anyone does anything against it when it happens though
<__monty__>
Maybe they can work around such limitations by saying this was a limited time discount and the next one's a limited time discount too?
FRidh has joined #nixos-chat
<abathur>
sphalerite: I've had a similar curiosity, though I don't actually use many aliases so I haven't tried to make anything really happen there
<abathur>
though I have been databasing my history for a while, which I see as a helpful precursor to all sorts of fun
<sphalerite>
abathur: I don't use many either, but I feel like there are a lot of things that I _should_ use aliases or similar for
<abathur>
I guess if you broke the commands down into ngrams, the counts of those might be useful; maybe some way to distinguish between ngrams that start with a command first-word and those that don't (parser would help with that (but other parsers, like the one driving shfmt, may be fine--I'm using Oil's parser because it's aspiring to handle nearly all of bash correctly...)
<abathur>
oh sure, yeah
<abathur>
I just queried my database for my top 50 commands and there are quite a few that probably wouldn't make a bad alias
<abathur>
my memory isn't amazing, so attaching new terse and likely non-semantic names to common commands just doesn't strike me as something that will be a non-trivial improvement for me
<__monty__>
I'm not big on aliases because it'll be like typing dvorak, whenever you need to do something at another machine you look like you don't even computer.
<abathur>
part of the reason I'm databasing the commands though is that I have been thinking I'd like 1) some sort of contextual "show me the things I run here, I've forgotten one" command; and 2) to identify common *sequences of commands* and propose a shell function or script wrapping them (semantically!)
<__monty__>
That would be cool. Added a git subcommand recently because I found I was doing repetitive things.
<__monty__>
Fish's directory-based history takes care of the first part mostly though.
<abathur>
I mean ~here on a few different axes and in a few different ways, but yeah, directory gets part of it
mzumquadrat has left #nixos-chat ["WeeChat 2.8"]
<__monty__>
Like, not suggesting git commands unless you're in a git repo?
<abathur>
yes, or like, suggesting commands that very often get run next after your previous command, etc.
<__monty__>
Hmm, I find the mental model of a mostly static history stack useful often. "Up 3 times gets me that command again; type another command; ok now it's up 4 times." If history gets too smart you have to check each time you press up.
<__monty__>
Bit of an uncanny valley.
<abathur>
yeah
<__monty__>
If it's only the current suggestion and history isn't mucked with too much that wouldn't be a factor though.
<abathur>
I roughly agree so I'd probably use a separate command or only sit on a specific bind or something
<abathur>
haven't thought that far :)
<sphalerite>
I do use reverse-i-search a ridiculous amount
<__monty__>
I like fish's implementation of that, you're doing a reverse search as soon as you enter anything and press up.
<sphalerite>
tried it, wasn't such a fan
<sphalerite>
though maybe I just didn't give it enough time
FRidh has quit [Ping timeout: 260 seconds]
<insep_>
i love fish, use it on everything including my phone
<sphalerite>
I love fish. I had the tastiest salmon the other day.
<patagonicus>
The only slightly annoying thing for me is that I either have to rewrite stuff before sharing it with coworkers or add a comment saying that it's fish syntax. But that's well worth it.
<patagonicus>
And my bash skills are still good enough to rewrite stuff without running into any of the pitfalls. :D
kalbasit has joined #nixos-chat
FRidh has joined #nixos-chat
endformationage has joined #nixos-chat
cole-h has joined #nixos-chat
ajs124 has quit [Quit: killed]
das_j has quit [Quit: killed]
das_j has joined #nixos-chat
ajs124 has joined #nixos-chat
das_j has quit [Remote host closed the connection]
ajs124 has quit [Remote host closed the connection]
das_j has joined #nixos-chat
ajs124 has joined #nixos-chat
dadada_ has quit [Ping timeout: 264 seconds]
Dotz0cat_ has quit [Ping timeout: 265 seconds]
dadada_ has joined #nixos-chat
dadada_ has quit [Ping timeout: 256 seconds]
dadada_ has joined #nixos-chat
<lovesegfault>
So, what do I do if I have a pkg that, for aarch64-linux, takes like 4h to build? Isn't hydra going to time out the build every time?
<lovesegfault>
(The culprit is pypy)
<lovesegfault>
(It's a single-threaded build the whole way)
<lovesegfault>
(cc. andi- )
<hexa->
set meta.timeout
<hexa->
not sure if that is the knob
<andi->
hydra has a bit of an issue with build timeouts. If you have a build target that has a timeout of 1 second and that depends on pypy then pypy will time out after 1 second.
<lovesegfault>
O.O
<gchristensen>
wow
<cole-h>
uh
<andi->
look at 1464a412ff08e30469767d13f5295504a4b6ef07
<andi->
why does bash go full escape me on me? Is that revenge for yesterday?
<gchristensen>
have you considered going outside?
<andi->
I was thinking about taking a walk in the sun a few hours ago..
<cole-h>
heh
<andi->
now the sun is gone.
<andi->
printf debugging also know as bash.
<gchristensen>
maybe try it with osh
<gchristensen>
its -x output is different
<andi->
I wonder if a setup hook is aware of it's place in the store after travelling through our gigantic stdenv setup...
<andi->
the cacerts derivation has great potential for microptimisation
FRidh has quit [Ping timeout: 264 seconds]
FRidh has joined #nixos-chat
<eyJhb>
I know this is easy, but our teachers have used 1 so many times for the variance, that we never noticed that our functions need the standard deviation. So 20 courses, where no one really saw it, not even them. An example of if it works it works, but not really
rajivr has quit [Quit: Connection closed for inactivity]
supersandro2000 has joined #nixos-chat
FRidh has quit [Ping timeout: 240 seconds]
FRidh has joined #nixos-chat
<abathur>
andi-: I don't know why it does that escaping thing, but it doesn't affect matching that I've noticed
<abathur>
(and I have noticed it previously)
<andi->
yeah, it was an unrelated issue (the store path containing a nix-support folder that contained the folder again and thus they'd always be different)
das_j has quit [Quit: killed]
ajs124 has quit [Quit: killed]
das_j has joined #nixos-chat
ajs124 has joined #nixos-chat
<samueldr>
>> 2b) Some firmwares change how they behave, exporting a different DSDT to the OS dependending on if EFI/Boot/bootx64.efi is signed or not (even with secure boot disabled) and their behavior is totally broken when it is not signed. I will post another rant ^W blogpost about this soon. For now lets just say that you should use workaround 1. from above since it simply is a better workaround.
<samueldr>
and people look at me like I'm wrong when I tell them you should be able to replace the boot firmware of your systems with whatever you want
<LinuxHackerman>
gchristensen: how is babbbbbbbbby formed
<LinuxHackerman>
(I know you already explained to, but I can't just pass on a stupid joke like that when the opportunity presents itself)
<gchristensen>
:D
<drakonis>
how is babby formed
<drakonis>
this one's old
<drakonis>
oldie but goodie
FRidh has quit [Quit: Konversation terminated!]
neeasade has joined #nixos-chat
neeasade has quit []
iqubic has joined #nixos-chat
risson has quit [Ping timeout: 260 seconds]
JJJollyjim has quit [Ping timeout: 260 seconds]
crazazy[m] has quit [Ping timeout: 260 seconds]
manveru[m] has quit [Ping timeout: 260 seconds]
risson has joined #nixos-chat
crazazy[m] has joined #nixos-chat
manveru[m] has joined #nixos-chat
cjpbirkbeck has joined #nixos-chat
avn has quit [Ping timeout: 265 seconds]
__monty__ has quit [Quit: leaving]
avn has joined #nixos-chat
<colemickens>
I'm ****ing done with Discord.
<colemickens>
Tired of it changing my input device and leaking my asdlfkjalsing audio when my headset is muted.
* colemickens
closed source software, not even once.
cirno-999 has quit [Ping timeout: 260 seconds]
<colemickens>
Actually, I am willing to go to great lengths to prevent this. Maybe I can permanently hobble the input from this device.
cirno-999 has joined #nixos-chat
ldlework has quit [Remote host closed the connection]
ldlework has joined #nixos-chat
danielrf[m] has quit [Ping timeout: 240 seconds]
crazazy[m] has quit [Ping timeout: 240 seconds]
<makefu>
Richard Stallman would approve colemickens' message.
<samueldr>
it's really unclear how pluton actually does anything from what I've read
<makefu>
ashkitten: that was not supposed to be the message but yeah, you are right
<samueldr>
at the time it can either be good for everyone, us included, to terrible to everyone, everyone included
<pie_>
aha
<ajs124>
ashkitten: makefu: I can recommend rms.sexy, if you just want pictures of rms. he's enough of a meme without any text.
<gchristensen>
just an TPM in the cpu
<samueldr>
"just" a TPM, maybe not
<pie_>
what, sgx and whatever wasnt good enough? :P
<samueldr>
from what I've gathered, it could be used for DRM too
<ashkitten>
i don't want to look at rms or be aware of his existence in general honestly
<gchristensen>
“We provide the same APIs as TPM today, so the idea is that anything that can use a TPM could use this.”
<samueldr>
or it could be extremely tied to microsoft things
<ashkitten>
rms fucking sucks
<ashkitten>
sorry, language
<makefu>
ajs124: i am sure i went through all of rms.sexy more than once
<samueldr>
yeah, even the quote gchristensen quoted really doesn't mean anything :)
<samueldr>
but if it really is _only_ a TPM, but in your CPU, and the same in all CPUs
<samueldr>
then it's a win
<pie_>
drm is literally given as an example
<colemickens>
I suspect/hope that chip is about enabling a "reboot into xbox mode" for windows 10 to fix cheating on PC.
<samueldr>
yeah
<samueldr>
that's the main problem imo, the next step is loss of control to boot anything you like
<ashkitten>
it seems like the article is saying that's what it is, just a universal tpm implementation that can be updated
<pie_>
its the microsoft uefi debacle all over again?
<pie_>
ashkitten: from the cloud~~ (wtf does that even mean? i hope it doesnt mean it automatically tries to update its code using management engine infra :P)
<ashkitten>
it said windows update
<samueldr>
the microsoft uefi debacle was, imo, never a thing
<samueldr>
because it always included the verbiage about requiring it to be able to be disabled by the end-user
<ajs124>
I'm still not secure booting, but at least I can still boot third party OSs
<samueldr>
but yeah, at the very worst we'll have to waddle through layers of FUD
<pie_>
samueldr: right
<samueldr>
and you're even able to secure boot third party OSes!
<ajs124>
yeah, but it's effort
<pie_>
from what i hear uefi is still pretty garbage though
<samueldr>
sure
<samueldr>
well
<ajs124>
also, didn't they suspend something weird recently?
<samueldr>
no
<samueldr>
it's implementations that are
<pie_>
aha
<ashkitten>
nothing in the article makes me suspect it's going to be anything special besides just "tpms in consumer devices either don't exist or are broken in various ways and standardizing the implementation will allow us to update the firmware via usual update channels"
<ajs124>
so it's just like RSA samueldr? :P
<ashkitten>
Irenes[m]: interested in your take on this
<colemickens>
I mean, let's remember, the Internet told us for a decade that UEFI was Microsoft's way to kill Linux. And I still don't buy that.
<colemickens>
And I don't buy that this chip is about stopping Linux either.
<samueldr>
yeah, from the details _known_, I'm not too concerned, but there is space for concern
<samueldr>
because not all details are obvious
<samueldr>
yeah, UEFI has been depicted as many things, but it certainly not a microsoft thing
<samueldr>
UEFI in itself is not perfect, but is not bad
<samueldr>
implementations can be and are terrible
<ashkitten>
there's always space for concern, and i think there's valid concerns about even the basic act of trying to make all devices use one tpm implementation. but the fact is i've been told that tpms built into consumer devices are usually insecure and untrustworthy anyway
<pie_>
ashkitten: i was *just* thinking whats it going to take them to not make a bad implementation anyway
<samueldr>
pie_: courage
<pie_>
to be fair this is a bit facetious but these people gave us spectre meltdown and sgx
<pie_>
(maybe they even learned from it)
Dotz0cat has joined #nixos-chat
<pie_>
ok im going to be quiet now and wait to see what this brings
<pie_>
im such a downer :p
<ajs124>
they also brought us x86 in 4g modems in iphones. which isn't relevant, just kind of weird.
<ashkitten>
i just want my ps5 controller to work good ;-;
<pie_>
samueldr: well...
<samueldr>
lol, there's not much that can be done at this point
<pie_>
tbf we have all this amazing technology around us
<pie_>
but something is always a bit off with the taste...
<samueldr>
and it's not like _that_ is the only thing they need to stop third party OSes
<pie_>
(maybe i should stop chewing on FR4)
<samueldr>
they could just... lock secure boot to microsoft's certs and be done with that
<pie_>
like cmoooon lets just build stuff that isnt constantly user hostile FFS
<pie_>
would be nice if github could take down the RIAA but hollywood is a strategic cultural interest so :P
<gchristensen>
I'm of the opinion that encryption and trustable platform modules are good for the user
<colemickens>
pie_: if it doesn't limit my freedom, Pluon seems like a win to the desires that I have from my PC (I want to be able to optionally use it for secure gaming)
<gchristensen>
I'm really glad microsoft requires manufactures to include a tpm
<samueldr>
gchristensen: when the user is given acces to it
<gchristensen>
yea
<samueldr>
really, everything hardware should follow the lead of the chromeos hardware team
* samueldr
will go through that an n'th time it seems
<samueldr>
nah I won't, but basically go read on how the firmware (e.g. bios) is user-replaceable in a trustable manner
<gchristensen>
:D
<colemickens>
Can you enroll your own keys in a chromebook though? My Pixel 3 (supposedly) lets me enroll my own keys and gives a softer warning on boot.
<samueldr>
colemickens: yes, since you can change the whole firmware with whatever you want
<makefu>
colemickens: with the latest version of android you however lose safetynet attestation ...
<samueldr>
colemickens: but not directly through the default firmware
<colemickens>
hm! neat!
<samueldr>
colemickens: you could build depthcharge with your own keys
<samueldr>
colemickens: or build tianocore for the best UEFI experience
<samueldr>
colemickens: or anything else coreboot does, since it's all built on coreboot
<samueldr>
colemickens: replacing the firmware is even "safe"!
<samueldr>
colemickens: there is a bit of "scary" trust you need to give to a chip that you cannot update, but you can observe its alleged firmware source
<samueldr>
colemickens: and if the firmware doesn't work, that chip still allows you to update it
<samueldr>
[in recent chromeos devices]
<colemickens>
I guess I had kind of known some of this, I had flashed SeaBIOS on one once to boot Linux|Win10.
<samueldr>
at that point in time it was less safe, probably, if you flashed SeaBIOS
<samueldr>
but same idea, complete control by the end-user
<colemickens>
actually it was the newer uefi payload mrchromebox made, but I guess I didn't realize that was replacing depthcharge.
<samueldr>
the "safe" part requires Cr50, which is "relatively new"
<samueldr>
or uh, you can still open the device and clip on the chip I guess
<colemickens>
oh yeah I've not heard of any of this. but wait, they allow disabling write protecting without opening the case? I thought that was the whole point?
<colemickens>
maybe you have to do something special to enable "closed-case debugging". anyway, thanks for the rundown again, I do enjoy thinking about this verified booty stuff.
<samueldr>
a new process that attests ownership in a safe manner
<samueldr>
it still requires presence, and some kind of authority on the hardware _if_ the machine was secure e.g. if it's running the original software
<samueldr>
you need to be logged-in as the owner, and run commands in dev mode to do so, those commands use the power button, which is attached directly to the Cr50 as a proof of presence