<Irenes[m]>
it looks like somebody @'d me in scrollback but I'm having trouble finding it
<V>
<ashkitten> Irenes[m]: interested in your take on this
<V>
<ashkitten> nothing in the article makes me suspect it's going to be anything special besides just "tpms in consumer devices either don't exist or are broken in various ways and standardizing the implementation will allow us to update the firmware via usual update channels"
<Irenes[m]>
oh, found it
<Irenes[m]>
thanks!
<Irenes[m]>
it's hard to have much of an opinion without technical details
<Irenes[m]>
I wouldn't call it a bad article, but it's not an article for a technical audience
<Irenes[m]>
I don't like PKCS #11, it's very limited
<Irenes[m]>
I mean it does what it's supposed to but very few of the security properties I would want to build can benefit from it
<Irenes[m]>
Intel CPUs already have fundamental security issues, and so does every other widely-used ISA
<Irenes[m]>
I actually still have a problem with the Microsoft UEFI thing, but my wife needs something, so maybe later
<Irenes[m]>
but I agree that it's fine on x86
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-chat
iqubic has left #nixos-chat ["ERC (IRC client for Emacs 28.0.50)"]
bqv has quit [Ping timeout: 260 seconds]
bqv has joined #nixos-chat
<Irenes[m]>
so my issue with UEFI is actually that the spec requires that on x86, users be able to swap out the platform key. on ARM, it requires that users not be able to do that. of course, this is academic because ARM platforms don't use UEFI.
<Irenes[m]>
so it's an entirely theoretical issue
<Irenes[m]>
but it's hard to understand that provision as anything other than a reflection of the antitrust landscape at the time the spec was written
Dotz0cat has quit [Ping timeout: 265 seconds]
<samueldr>
Irenes[m]: that's the microsoft spec for the windows sticker
<samueldr>
and that's not true for aarch64 IIRC
<samueldr>
it was true for "tablet windows on arm"
<samueldr>
and yes, extremely hard to find actual information about that
<samueldr>
but let's not make microsoft's desires a general problem :)
<gchristensen>
arm platforms don't use UEFI?
<gchristensen>
isn't UEFI part of SBBR?
<samueldr>
I think here the meaning is "when they use UEFI"
<gchristensen>
ah
<samueldr>
and UEFI is mandated by SBBR, but not defined by SBBR
<gchristensen>
ah
<samueldr>
windows on ARM, as in windows 8 on arm used UEFI, just like windows for phone as in windows 8 for phone does
<samueldr>
gchristensen: recent qualcomm android phones boot using UEFI
<samueldr>
up to abl, which is the bit that loads the kernel
<samueldr>
the windows on arm laptops (as in windows 10, those recent laptops) also use UEFI to boot
<samueldr>
I don't have a source stating it's mandated to allow setting the platform key, but for the time being, they do allow disabling secure boot, and AFAIUI also setting keys as desired
<samueldr>
but the document from the microsoft website about secure boot on ARM **is** targeting the phone/tablet segment that they left
<samueldr>
so I don't have any proof for or against that part, but again, that's for microsoft's desires and the windows sticker
* gchristensen
wanders off to reinstall nixos after "accidentally"ing it
<samueldr>
don't reduce partition size before reducing the filesystem size
<samueldr>
(it was too late that other day for me to warn you)
<gchristensen>
zfs can't have its size shrunk
<samueldr>
oh
<gchristensen>
so I was hoping to cheat it and sneak by it with only semi-serious complaints
<samueldr>
it can't be shrunk?
<samueldr>
that's... pretty terrible imo
<gchristensen>
a zpool can't be, no
<gchristensen>
or maybe a zpool can, but a single vdev can't
<gchristensen>
I could have easily made a new zpool in memory, sent the filesystem to the new zpool, and then deleted it and sent it back but
rajivr has joined #nixos-chat
<__red__>
I didn't know you could accidentally a NixOS system
<__red__>
good work?
<gchristensen>
thanks
<samueldr>
it generally requires external "input" :)
<gchristensen>
I sharnk its partition while the system was running, created a new zpool, and tried to send the data over ... the sending part is when zfs got upset :)
<samueldr>
so, samsung devices is why people think you *need* to poweroff a device to get to fastboot I guess
<samueldr>
since to go in odin mode you do need to have it powered off
<samueldr>
with all my qualcomm devices I just need to hold the proper volume key while it's (re)booting
<Irenes[m]>
@samueldr oh! the windows sticker. I see. I guess I misunderstood that... ten years ago, or whenever this all happens. I appreciate being corrected.
<samueldr>
I guess it's not been made crystal clear by anyone :)
<samueldr>
since I doubted myself, I also tried to find it in the spec, nothing close to the search terms "platform key" describes limits about allowing/disallowing to change them
<samueldr>
uefi definitely isn't perfect, but it's way better than the previous state [on x86]
<samueldr>
I'd say the same for ARM, but ARM never had a "previous state", only a constellation of misc. methods to boot AFAIK
<Irenes[m]>
well, thank you for investing the time to check that
<Irenes[m]>
I do think UEFI is very solid technically, and much better than the MBR mechanism
<Irenes[m]>
or whatever the best way to refer to the BIOS+MBR thing is
<Irenes[m]>
and I guess the proper target of my feelings is Microsoft, not the spec
<samueldr>
I like using "legacy boot", but you have to understand it's in the x86 context
<Irenes[m]>
I wish oppressive megacorps would just not ;)
<Irenes[m]>
ah, yeah
<samueldr>
even then, microsoft probably did good in the end by mandating OEMs to allow enrolling PKs
<samueldr>
if only because that ensured no terrible implementation didn't allow changing PKs
<Irenes[m]>
yeah, I can't complain about the actual outcome
<samueldr>
I'm wondering if it's because they, themselves, internally wanted to always be able to use different PKs, on whatever devices
<samueldr>
or maybe to better support "enterprise" deployments?
<samueldr>
just like how on pixel devices you can enroll your own certs because (AFAIUI) google themselves use the features internally
<Irenes[m]>
I don't think it's saying anything particularly sensitive to say that Google certainly does use the Android enterprise management features, if that's what you meant
<samueldr>
you can re-lock the bootloader with custom keys
<samueldr>
which is different
<samueldr>
I'm not saying that's a wide development, but as I was lead to understand, it's useful internally at google
<samueldr>
I definitely could be wrong... all the time!
<Irenes[m]>
ah! okay
<Irenes[m]>
I don't actually know the answer to that anyway ;)
<Irenes[m]>
so I don't have to worry about whether it would be okay to confirm or deny, lol
<samueldr>
it could be for their development teams anyway
<Irenes[m]>
yeah
<samueldr>
I just know that it's really convenient and I would hope all OEMs would do the same
<samueldr>
and not do dumb things like "trip knox" or "YOUR WARRANTY IS VOID" (which is illegal in at least the two northernmost country of north america)
<Irenes[m]>
indeed....
<Irenes[m]>
I love the message that's screenprinted on the Keyboardio circuit board
<Irenes[m]>
it's something along the lines of: if you can read this, you voided your warranty. congrats and happy hacking!
<samueldr>
even then, your warranty probably isn't void
<Irenes[m]>
heh, fair!
<samueldr>
at least for where I'm from, the manufacturer has to prove that your (mis)usage was the cause of the fault
<samueldr>
but since they can easily bully a consumer away, they de facto are right in saying "it voids your warranty"
<Irenes[m]>
ah! yeah
<Irenes[m]>
good to know
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-chat
endformationage has quit [Quit: WeeChat 2.9]
waleee-cl has quit [Quit: Connection closed for inactivity]
<eyJhb>
`The link is in previous paragraph. Your choice is traditional Linux and Docker! Yes, you’ll have the same deterministic and secure result and even more more with less pain and and much pleasure.`
<insep_>
i think he missed the point of nixos
<insep_>
it's not for containerization, it's for being able to supply a config describing your system and getting it
<V>
I don't understand half of the points here b/c the grammar is so bad
<insep_>
also i thought it's possible to run nixos in docker?
<V>
I also don't think they understand what determinism is
<insep_>
although with some magic
<V>
If they actually knew what they were talking about, they'd know that NixOS indeed is not actually deterministic, but have a real technical argument to back it up with
<V>
but this is just fluff
<V>
other than the documentation argument
<eyJhb>
insep_: Nix in Docker, not NixOS sadly. Or at least it is hard, since we use Systemd
<eyJhb>
V: Yeah the documentation was the thing, where he really got us :(
<insep_>
why you shouldn't use nixos (my version): 1) glibc 2) systemd
cole-h has quit [Ping timeout: 264 seconds]
dadada_ has quit [Ping timeout: 246 seconds]
<etu>
Very cool to have a ranty article without dates
dadada_ has joined #nixos-chat
<etu>
It may be posted 2 years ago, based on release number mentions. But it also links to a 4 year old post on reddit.
<insep_>
boots fast, small, can be booted from ram, has kodi, has neovim
<eyJhb>
Only need a webbrowser + adblocker to have a Youtube playlist going :D
<eyJhb>
ALso, what is some things that you (all) would tell a person, that has just gotten food poisoning from taking chicken out of the freezer letting it unfreeze, and then putting the rest back. And then doing that 10-20 times?
<LinuxHackerman>
eyJhb: or mpv :p
<eyJhb>
We have told her not to put metal in the microwave, not to touch the stove/oven. Not sure what else there is
<LinuxHackerman>
eyJhb: "don't"
<eyJhb>
LinuxHackerman: Well, I will not be controlling it with SSH/Keyboard afterwards :p It will be some shared playlist
<eyJhb>
LinuxHackerman: Basically what we told her
<LinuxHackerman>
eyJhb: don't put eggs in the microwave
FRidh has joined #nixos-chat
<LinuxHackerman>
eyJhb: don't put pets in the microwave to dry after bathing them
Jackneill has quit [Ping timeout: 240 seconds]
<eyJhb>
LinuxHackerman: Luckily no pets :p
<eyJhb>
Only harming herself atm.
<insep_>
eyJhb: how old is that person?
<eyJhb>
22
<eyJhb>
First time living "alone"
<insep_>
tell her to get some friends to share food with :D
<eyJhb>
:| Are you trying to kill us all insep_ ?! :p
<sphalerite>
eyJhb: cook together with her lots, pay attention to what she does, and tell her if she does anything that will make her ill or injure her :)
<eyJhb>
Yeah, we should probably also tell her not to touch raw meat and ... generally other stuff
<insep_>
eyJhb: no, i want her food to disappear before it goes rotten
<eyJhb>
insep_: That is true.
<eyJhb>
We also need to take all her medicin :p Because it is taken at random
<eyJhb>
The phrase "I took some medicin" is scary
<insep_>
wait she also drinks random pills?
dadada_ has quit [Ping timeout: 240 seconds]
<insep_>
she probably gets bored, get her a pc and maybe some simple games like rhythm games
Jackneill has joined #nixos-chat
dadada_ has joined #nixos-chat
<eyJhb>
insep_: It is mostly, I feel sick, so therefore I took this pill that might help :p
<eyJhb>
e.g. ibuprofen on a empty stomach because her stomach was hurting because of food poisoning
<V>
christ
<V>
ibuprofen can cause ulcers
<V>
empty stomach is the last time you want to take it
<eyJhb>
Yes, also why we forced her to eat something..
<V>
definitely get her to avoid meat
<V>
if she has to eat meat, beef is probably her best bet
<sphalerite>
note to self: if I ever have kids, get them to join in when I cook!
<eyJhb>
V: Yeah the difficult part, is that she enjoys chichken the most I assume...
<eyJhb>
sphalerite: 10/10 idea :D I thought such things were common
<ma27[m]>
sphalerite: that's pretty reasoable, when I moved away from home, I managed to trigger the smoke detector while cooking in the first week away from home :D
<ma27[m]>
but it got better pretty fast though ;)
FRidh has quit [Ping timeout: 265 seconds]
<sphalerite>
eyJhb: yeah in the end I got really lucky with my family, and that's far too easy to take for granted.
__monty__ has joined #nixos-chat
<sphalerite>
is anyone aware of a tool for renormalising filenames? I have a mix of NFC and NFD filenames and want them all to be in NFC
<ajs124>
sphalerite: apparently convmv is a thing that exists and is in nixpkgs
<gchristensen>
zfs set normalization=formC
<sphalerite>
gchristensen: nope. That doesn't normalise filenames when saving.
<sphalerite>
Only sets how they're compared
<ajs124>
top 10 things I don't want my filesystem to do: utf-8 normalisation
<gchristensen>
hehe
<ajs124>
also: case insensitivity
<sphalerite>
ajs124: omg this is amazing, how did you find it so quickly?
<ajs124>
does zfs do that? iirc ext4 can do that now
<ajs124>
sphalerite: with the power of duckduckgo and stackoverflow :D
<sphalerite>
My "ideal" filesystem would just reject any filenames that aren't lowercase or contain non-ascii, non-printable or whitespace characters :p
<sphalerite>
ajs124: huh. Apparently you're better at coming up with search terms than I am.
__monty_1 has joined #nixos-chat
<ajs124>
as someone with an ä in his lastname you can pry unicode in everything everywhere including e.g. filenames and domains from my cold dead hands
<V>
can we just do away with filenames as addressing
<V>
and get rid of the stupid naming restrictions
__monty__ has quit [Ping timeout: 240 seconds]
thibm has joined #nixos-chat
<sphalerite>
ajs124: really? You want someone to be able to register your surname with a different normalisation as a domain name? :p
<ajs124>
sphalerite: Sure ^^ you can already use ä, ä and ӓ which are three different things, if I didn't mess up
<sphalerite>
ajs124: whoa, what's the last one?
<gchristensen>
the last one makes the ' ' sound more like a following ' ' or semi-' '
<sphalerite>
oh, the last one is Russian a with combining diaeresis
<sphalerite>
s/Russian/Cyrillic/
<sphalerite>
diæresis
<ajs124>
yep. cyrillic lооkalike characters are always fun
<insep_>
аВсеНКМпорТху
<insep_>
i tried to write english alphabet using russian letters
<sphalerite>
hacker!
<insep_>
НасКег
Jackneill has quit [Read error: Connection reset by peer]
Jackneill has joined #nixos-chat
<philipp[m]>
Ψ∀ℂ×∃ℝ!
<gchristensen>
anyone, by chance, have opencl setup and could run hashcat for a bit for me? :)
<insep_>
sure
<insep_>
if i haven't deleted hashcat yet
waleee-cl has joined #nixos-chat
__monty_1 has quit [Quit: leaving]
Dotz0cat has quit [Ping timeout: 240 seconds]
FRidh has joined #nixos-chat
spudly1 has quit [Ping timeout: 240 seconds]
spudly1 has joined #nixos-chat
kalbasit has joined #nixos-chat
kalbasit has quit [Ping timeout: 240 seconds]
cole-h has joined #nixos-chat
avn has quit [Ping timeout: 260 seconds]
<eyJhb>
Argh... Not sure if I should get the OnePlus Nord N10 :(
avn has joined #nixos-chat
<V>
the Nord looks p. nice
<V>
it's probably what I'd get if I needed a new phone right about now
kalbasit has joined #nixos-chat
<eyJhb>
V: I'm thinking it is time, the OnePlus One seems to have done its service
<eyJhb>
Actually the only real thing that is annoying me, is that the jackstick doesn't pick up on the mic
avn has quit [Read error: Connection reset by peer]
avn has joined #nixos-chat
rajivr has quit [Quit: Connection closed for inactivity]
<eyJhb>
V: Nevermind. Just cleaned out the charging port + headset port, and now everything works
<eyJhb>
Just need a new backcover, as the current one is semi-broken, so the antenna pads/places are broken off. Hence, bad signal
<eyJhb>
I thought I had broken the jackstick port, because I put a metal object down there to clean it. Apparantly I just pushed junk into it, which made the jackstick not have contact with the microphone "pad"/ring
<samueldr>
fluff and dust, the true evil
<eyJhb>
Yeah
tilpner has quit [Quit: tilpner]
<eyJhb>
There was SOOOO much. I kinda want to take a carride, to see if my charger now works out there
<samueldr>
if you use something like a pin, somehow have the tip be just a bit bent so it can hook fluff and dust
<eyJhb>
But I am trying to find a rear cover for it...
<eyJhb>
Ohhh. yeah of coures
<samueldr>
the tiniest of bends though
<eyJhb>
course* I however hav a suspicion that it is sticky as well...
<samueldr>
what's sticky?
<samueldr>
something long and brown?
neeasade has joined #nixos-chat
<eyJhb>
I think the stuff in the jackstick port is sticky, something sugary maybe
<eyJhb>
So it doesn't want to come out that easily
<eyJhb>
But I would like to try the hook thingy
<samueldr>
yummy, amalgamation of years of *everything* shoved into that port :)
<eyJhb>
Tshhh....
<eyJhb>
Only 6 years worth samueldr
<samueldr>
see if the jack is on a separate board
<eyJhb>
It is not :(
<samueldr>
if it is you might be able to get it changed at the same time you get the back changed
<eyJhb>
I have checked
<samueldr>
oh :(
<eyJhb>
It is on the logic board
<eyJhb>
I cannot find a rear panel/cover for it
thibm has quit [Quit: WeeChat 2.6]
andi- has quit [Ping timeout: 272 seconds]
andi- has joined #nixos-chat
nckx is now known as jorts
jorts is now known as nckx
<gchristensen>
what the heck, my dental insurance company sent me a gift of a sonic tooth brush as a thank you for going to the dentist
<energizer>
gchristensen: may i ask which company? i'm a little interested in dental insurance facts
<philipp[m]>
Tell me when they gift away sonic screwdrivers.
<gchristensen>
Delta Dental
<energizer>
huh
<gchristensen>
for the people in civilized countries, in the US health insurance doesn't cover eyes or teeth
FRidh has quit [Quit: Konversation terminated!]
<samueldr>
gchristensen: same in many countries with socialized health care
<gchristensen>
impressive
<samueldr>
mouth bones and glasses aren't covered
<gchristensen>
what about more serious eye things?
<samueldr>
I don't know
<samueldr>
note that here it's not necessarily a country-wide thing, as the details of health insurances are left to provinces
<gchristensen>
ah
<samueldr>
(but AFAIK it's pretty much the same everywhere)
<samueldr>
so anything "Canada X" for health care can be seen as over-generalizing
<joepie91>
frankly it's fucking ridiculous that dental isn't covered
<samueldr>
yes
<joepie91>
oh, it's only your apparatus for ingesting nutrients that's fucked! doesn't need to be covered, clearly!
<joepie91>
not important!
* joepie91
grumble grumble
* colemickens
alt-tabs in sad American dejection
<gchristensen>
heh
<joepie91>
this was actually a complaint about NL where this is the case too
<gchristensen>
at least accessibility laws mean you're not at all inconvenienced if untreated eye problems leave you blind
JJJollyjim has joined #nixos-chat
<JJJollyjim>
yeah same in new zealand
<JJJollyjim>
or there is free dental, but only for children
<cransom>
it's well known that eyes and teeth are pre-existing conditions
<samueldr>
similar, children, those using "wellfare" (not actually the right translation)
<JJJollyjim>
if you grow new teeth after signing up, those are covered :P
<gchristensen>
if only
<eyJhb>
Same in Denmark, you are covered for dental untill you turn 18. Then you can apparantly pay all the thousands of DKK it costs.
<eyJhb>
But if it is the jaw, then it is something else
<eyJhb>
And if you have some sickness, then you can get stuff and things for your eyes, but not glasses
<eyJhb>
God forbid you can see anything
<colemickens>
I'm wondering why it's so common?
<eyJhb>
No clue. The thing is, I do not really trust dentists, they seem sketchy
<samueldr>
dental, I would guess because in my grandparent's living time it was still common to just get them all out at the first issue
<eyJhb>
But get me to a hospital, and I will trust whatever they do.
<eyJhb>
But yeah, I know people that have to choose between food or dental, and that is just weird to see in Denmark...
<eyJhb>
Also know some that hide some dental issues, as their family cannot really afford to do it... So they don't want to preassure their family
tilpner has joined #nixos-chat
<abathur>
a bot that crawls SO to discover general tags (maybe any that see significant use alongside N+ language tags), keeps any that have 0 overlap with the bash, and uses a neural network to generate [x] in bash projects, and then promotes them?
<abathur>
the bash, yeesh
<samueldr>
bash in bash when?
<tilpner>
Hey gchristensen, if I remember correctly that you were talking about exclusively-unified cgroups: which display/login manager do you use?
<tilpner>
I just had sddm hang/crash, after deciding I would try your kernelParams, hoping that it might help IO accounting. I only knew about that breaking Docker though, which I don't use
<tilpner>
(Things froze after logging into sddm, i3 was started but not displayed. sddm is the most likely suspect because nothing else should fiddle with cgroups, but I wasn't able to verify this)
<abathur>
samueldr: pure bash reimplementation of Selenium?
<samueldr>
abathur: run that on bash-in-bash
<abathur>
ByBy
<samueldr>
baba
<tilpner>
gchristensen: I really should know better... your configuration is on GH, and I know you have precautions to keep your checkout clean. It's either lightdm or sway+none. Sorry for the noise.
<tilpner>
(Though I am curious about if you ever got that IO accounting to work...)
<JJJollyjim>
ugh, it's annoying how wrapped binaries break killall
<energizer>
killing the outer executable doesn't kill the inner?
<tilpner>
There is no outer executable after exec ./.inner-wrapper
<tilpner>
(Well, the executable doesn't go away, but we both meant the outer process)
<gchristensen>
I run exec by hand tilpner :)
<tilpner>
gchristensen: s/exec/sway/?
<gchristensen>
exec systemd-run --user --scope --setenv WLR_DRM_NO_MODIFIERS=1 sway -c /etc/sway/config -d > sway.log 2>&1 is what I run
<tilpner>
Ohh
<gchristensen>
(you don't want to not run exec)
<tilpner>
So no login manager. But did you get the unified cgroups and IO accounting working?
<gchristensen>
IO accounting for some units but not all
<tilpner>
I only get io.pressure, but you also get io.stat?
<tilpner>
Any pattern for which units you do/don't get io.stat?
<{^_^}>
#104094 (by flokli, 2 days ago, open): systemd: switch to unified cgroup hierarchy by default
<adisbladis>
flokli: <3
<adisbladis>
flokli: This is exactly what motivated my work on Podman, but never got to this point :)
<cole-h>
JJJollyjim: I feel the same way. However, IIRC, `pkill -f [name]` works? Not the best solution since it could match unrelated processes with coincidental naming
<flokli>
adisbladis: cri-o just worked, but the podman tests seem to fail currently