<pie_>
hyperfekt: mfw i search for "thousand" in the issue tracker
<ajs124>
so, I just found out today that apparently games like left 4 dead 2 don't run on linux if you have a filesystem with 64bit inodes. which is just amazing.
<ajs124>
why is technology like this? why does closed source software exist?
<pie_>
hyperfekt: f***, that issue does not look goo
<pie_>
*good
<pie_>
hyperfekt: im starting to think we have to write our own browser (addons :P) if we want things to work at our scale :P
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-chat
rajivr has joined #nixos-chat
<gchristensen>
sigh... I'm worried it needs to be more than an empty disk...
LnL has quit [Quit: exit 1]
LnL has joined #nixos-chat
LnL has quit [Ping timeout: 256 seconds]
LnL has joined #nixos-chat
tokudan has quit [Quit: Dunno.]
tokudan has joined #nixos-chat
tokudan has quit [Remote host closed the connection]
tokudan has joined #nixos-chat
tokudan has quit [Quit: Dunno.]
tokudan has joined #nixos-chat
<abathur>
a browser extension that recognizes avatars with faces in them and rotates them all to have the same head-tilt angle
<gchristensen>
a browser extension to make volth's avatar freak me out less
<abathur>
true
<abathur>
a browser extension to make volth's avatar very subtly rotate
<hyperfekt>
pie_: i tried to use both Tab Session Manager and Session Sync to back up my tabs in case one of them fails but they both tend to fail together because firefox likes to corrupt its IndexedDBs only a bit less than its sessionstore.
<colemickens>
one the pre-eminent Golang cli libs can't return the right exit error code in some circumstances and the fix is blocked on a PR that is >20 months old.
<colemickens>
that's cool.
<colemickens>
Also, it seems like if I hoist an $out into an env var in a bash script (X.sh), then start a new process, it somehow prevents me from being able to then call nix-store --delete in X.sh.
<colemickens>
If I stuff the path into a file and use $(cat /tmp/out) then it avoids the issue
<aleph->
colemickens: That's pretty good. Gotta love waiting for PR's to get merged
<abathur>
h4x
<lovesegfault>
matthewcroughan_: We use jenkins at work and it's trash
<matthewcroughan_>
yeah, at work we have our own CI system
<lovesegfault>
So I'm happy to just use a better tool
<matthewcroughan_>
it is just dockerfiles lol
<matthewcroughan_>
we just say "run this container, use its artifacts", nothing simpler
<matthewcroughan_>
that of course means you need to handle your own secrets in your own way
<matthewcroughan_>
but it means you don't have to engineer your Dockerfile to be GH actions specific, it's just a Dockerfile that produces some output
<lovesegfault>
We use Nix at work too, we could just be doing something better
<matthewcroughan_>
and as we know, using Nix to generate Dockerfiles is a very valid thing
<lovesegfault>
but we're slow as molasses
<abathur>
everything's trash, software is dead, long live software? :)
<matthewcroughan_>
lovesegfault: omg, is Nixus what I think it is?
<matthewcroughan_>
GH Actions actually updates your devices "in the field" ?
<matthewcroughan_>
So I could have 3 raspberry pi's update to the latest state of my GH Repo
<lovesegfault>
matthewcroughan_: it could, I haven't done that yet
<matthewcroughan_>
I want that so badly
<lovesegfault>
I'm a simple action away from that
<matthewcroughan_>
I've used Balena a lot and almost worked for them
<lovesegfault>
With my setup doing that is:
<lovesegfault>
1. Creating a new SSH key
<matthewcroughan_>
but I just don't think Docker is the right thing for this
<lovesegfault>
2. Adding to the machines
<lovesegfault>
3. adding as a GH action secret
<lovesegfault>
4. writing an action that does `nix-build -A deploy.$machine | bash`
<lovesegfault>
that's it
<matthewcroughan_>
what then happens on the machines? lovesegfault
<lovesegfault>
What do you mean
<matthewcroughan_>
what is it that the machines see/do?
<matthewcroughan_>
e.g my pi that's sitting on my desk, expecting an update
<lovesegfault>
tl;dr is a binary runs on the machine that runs `switch` and checks that it can still talk to the deployer. if it can't, it then reverts the switch
<lovesegfault>
infinisil is the author
<matthewcroughan_>
lol, amazing that everyone's in IRC
<matthewcroughan_>
that's how you know the software is alive :D
* lovesegfault
nods
<matthewcroughan_>
wait so who does the building?
<lovesegfault>
the deployer
<matthewcroughan_>
so github actions, aka their servers, are building your systems? Lol
<lovesegfault>
yup
<matthewcroughan_>
mental
<lovesegfault>
and then I use cachix to store the binary artifacts
<lovesegfault>
I have a shared nix substituter for all my systems
<matthewcroughan_>
this is probably highly insecure, let's be honest
<lovesegfault>
and I almost never build a package, GH does most of it
<lovesegfault>
what part of it is insecure?
<matthewcroughan_>
untrusted worker, gh, making your binaries
* lovesegfault
shrugs
<matthewcroughan_>
this would make a gentoo user scream :D
<lovesegfault>
I was a gentoo user before I moved to NixOS
<matthewcroughan_>
A system you do not control, cannot verify, creating your binaries.
<matthewcroughan_>
It's obviously better than accepting a random binary from a random distribution, but, still insecure compared to compiling it on your own workers/systems.
<lovesegfault>
I question the "cannot verify". I rebuild it locally every once in a while with `--check`
<matthewcroughan_>
hmm, then maybe it's alright
<matthewcroughan_>
not perfect, but nothing is.
cole-h has quit [Ping timeout: 240 seconds]
* lovesegfault
nods
<matthewcroughan_>
better yet, you're auditing github when you do that :P
<lovesegfault>
I... had never thought of it that way :P
<matthewcroughan_>
you could have a little Pi, call it auditnix, which literally just audits the result of these builds.
<matthewcroughan_>
and if they fail, alerts you via email, or something.
<lovesegfault>
to audit it'd have to build them, no?
<matthewcroughan_>
yes, but over the course of a week, you could get positives
<matthewcroughan_>
hardware doesn't have to be fast, as a result
<matthewcroughan_>
it will find out, over the course of that timespan
<lovesegfault>
I have a home server I could run this on, actually
<lovesegfault>
with a beefy ryzen
<matthewcroughan_>
if you were doing multi-arch, you'd have to audit each architecture though
<lovesegfault>
it sits by idle 99% of the time anyway
<lovesegfault>
I have some aarch64 systems and some x86_64
<matthewcroughan_>
lol, imagine your face when the builds sometimes fail
<lovesegfault>
Yeah, maybe I don't want to know, lol
<matthewcroughan_>
if this is anything less than 100% negative, you're going to be like -> :O
<lovesegfault>
I mean, there _are_ spurious build failures
<lovesegfault>
but spurious lack of reproducibility idk
<lovesegfault>
conditionally adds my user to certain groups
<matthewcroughan_>
what's the condition?
<lovesegfault>
++ = list append
<lovesegfault>
optionals = fn with two args a condition and a list
<matthewcroughan_>
when is it triggered though?
<lovesegfault>
config.... is the condition
FRidh has joined #nixos-chat
<lovesegfault>
[] is the list
<pie_>
siiiiiigh ;_; <hyperfekt> pie_: i tried to use both Tab Session Manager and Session Sync to back up my tabs in case one of them fails but they both tend to fail together because firefox likes to corrupt its IndexedDBs only a bit less than its sessionstore.
<pie_>
really neeed to start a cron job to just copy the directory periodically or something
<lovesegfault>
so `++ optionals config.sound.enable [ "audio" ]` -> "if config.sound.enable == true, then add [ "audio" ] to whatever list came before this statement"
<pie_>
ahahaha <gchristensen> a browser extension to make volth's avatar freak me out less
<pie_>
so its not just me
<matthewcroughan_>
Oh ok, so where is config.sound.enable == true placed?
<matthewcroughan_>
lovesegfault:
<lovesegfault>
matthewcroughan_: condition == true and condition are equivalent statements
<pie_>
a browser extension that makes volth's avatar blink, but only very rarely so you start gaslighting yourself
<lovesegfault>
I'm just omitting the `== true` b/c it's redundant
<matthewcroughan_>
so it's true by default
<lovesegfault>
No
<lovesegfault>
Well, it might be, depends on the attribute I'm referencing
<matthewcroughan_>
where is the determiner located then?
<matthewcroughan_>
where do I, in your config, put config.sound.enable = false
<lovesegfault>
optionals foo ["bar"] === if foo then ["bar"] else []
<lovesegfault>
matthewcroughan_: anywhere
<matthewcroughan_>
Well do you not have a big booleans.nix ? Lol
<pie_>
hyperfekt: i miss the old session manager, ffs the webextensions situation remains a travesty :C
<lovesegfault>
it will take precedence over the unqualified `= true= in the other file
<matthewcroughan_>
what happens if sound.enable had that
<matthewcroughan_>
two things with mkForce, error?
<lovesegfault>
You'll get a conflict at build time
<lovesegfault>
you can then use `mkOverride` with a huge number
<lovesegfault>
BUT
<lovesegfault>
odds are if someone went through the trouble of mkForcing something, you probably shouldn't undo it
<matthewcroughan_>
right, so the only way to enforce precedence with nix is via builtins, not by the folder structure or anything like that?
<lovesegfault>
unless you're really certain of what you're up to
<lovesegfault>
These aren't builtins AFAIK, just stdlib functions
<lovesegfault>
builtins are in the builtins namespace, these are in lib
<matthewcroughan_>
alright, via stdlib functions then, that's what I mean
* lovesegfault
nods
<matthewcroughan_>
folder structure means nothing to nix then?
<lovesegfault>
Yup
<matthewcroughan_>
other than default.nix, and entering folders
<lovesegfault>
Exactly
<lovesegfault>
It exists just for my own organization
<lovesegfault>
does nothing to evaluation order or precedence
<matthewcroughan_>
Just as it means nothing to the compiler?
<lovesegfault>
that's all within the language
<lovesegfault>
yeah
<matthewcroughan_>
I mean, is this really identical to the way gcc works then?
<matthewcroughan_>
or any compiler
<lovesegfault>
I don't want to say identical b/c it's a strong statement
<matthewcroughan_>
IDK much about compilers, but I don't expect gcc to care about where it gets the C file from
<lovesegfault>
but there's no magic around dir structure going on here
<lovesegfault>
it's a simple import system (kind of)
<matthewcroughan_>
and importing C is literally the same as importing Nix, in the sense that it spits the file out on top of the current nix file
<lovesegfault>
there's some magic around conditional imports
<lovesegfault>
and them not working :D
<lovesegfault>
Not sure on an implementation POV what `imports =` does
<lovesegfault>
I don't think it's just a simple text replacement pre-eval
<lovesegfault>
there's some stuff going on for sure
<matthewcroughan_>
that would be unfortunate
<lovesegfault>
maybe andi- might know
<matthewcroughan_>
wouldn't it be amazing if everything was as simple as C?
<lovesegfault>
or flokli, or gchristensen
<lovesegfault>
No
<lovesegfault>
That would actually be horrible, IMHO
<lovesegfault>
C is faux-simple
* lovesegfault
glances at ISO/IEC 9899
<matthewcroughan_>
it's simple in the sense that all header files do is spit contents out on top of the thing that includes it.
red[evilred] has joined #nixos-chat
<red[evilred]>
C is cross-platform assembly
<matthewcroughan_>
you know this, and the implementation doesn't matter, because it's so simple, right?
<lovesegfault>
red[evilred]: you joined just to say that? :D
<matthewcroughan_>
now if the nix stuff isn't that simple, then I really don't know what to think, that would seem more complex than it needs to be, right?
<red[evilred]>
maybe ;-)
<lovesegfault>
Well, requiring header files is not an insignificant amount of overhead
<lovesegfault>
Others will be able to elucidate why and how the import system is the way it is
<red[evilred]>
I mean - it works very well for what it was designed for a 48 year old language
<lovesegfault>
I'm not that familiar with it, I just use it
<red[evilred]>
they designed the languaeg so they didn't have to keep writing UNIX for different processors
<red[evilred]>
(in a nutshell)
<red[evilred]>
so - pretty cool in that regard
<lovesegfault>
And I know that you shouldn't do conditional imports b/c they don't work as you expect them to, or at all
<red[evilred]>
its use has grown in scope
<red[evilred]>
a little
<lovesegfault>
You can do some mkMerge nonsense to get around that IIRC
<sphalerite>
What I like about the header model, from a building perspective, is that it separates the interface and its implementation, making reasoning about rebuilds easier.
<sphalerite>
I don't know of any (compiled) languages other than C and C++ where you can change the implementation of a function without having to recompile the things that use it
<sphalerite>
I mean, of course other languages support dynamic loading and stuff, but that usually involves something header-like and isn't standard practice for all use of the language.
<red[evilred]>
sphalerite (IRC): nothing from SR yet I guess?
<patagonicus>
I've been using Go as my main language for the last few years and it's really not a problem. Go builds so fast that you just don't care if it rebuilds everything or not, but I'm fairly certain it at least only rebuilds dependencies if you change something.
<matthewcroughan_>
patagonicus: do you think there are philosophical similarities and in fact even complete matches between how go works and how nix works?
<matthewcroughan_>
regarding dependency management, too
<patagonicus>
Not really, no. It doesn't do immutable stuff for building AFAIK and it's not even great at making you use immutable data (though the channels are somewhat in that direction, since they copy, but you can always send pointers if you want to).
<matthewcroughan_>
patagonicus: Well I found it interesting that if a gomodule is not available on gh, it'll use a cached source from google
<matthewcroughan_>
in drvs, I see a lot of "trying"s, with fallbacks, on the nix user repository stuff too
<matthewcroughan_>
unsure about these details, no idea whether my terminology is correct, too new
<patagonicus>
I guess with the modules you can cache them since it's based on the commit hash, but I think that being based on the content is just a side effect for Go. They just care about it always being the same for one commit - it would probably work just as well with SVN's sequential numbering.
FRidh has quit [Ping timeout: 264 seconds]
FRidh has joined #nixos-chat
tbech has joined #nixos-chat
<sphalerite>
174730 store paths deleted, 385953.34 MiB freed — can I now join the fairly-large-GCs club?
<patagonicus>
sphalerite: I have some ARM systems running off of SD cards (and it's 32-bit, so it doesn't get caches, builds everything locally), those barely have enough space for two generations with different package versions. :D
<patagonicus>
And for my systems I pretty much always use LVM and keep root at a reasonable size. 50G for my desktop, which is already quite big, I think.
<sphalerite>
same with a couple of ARM systems, but they're all just for testing stuff.
<sphalerite>
the most space-constrained "important" systems are a couple of hetzner cloud servers
<sphalerite>
and I have everything on zfs, so all the filesystems share the same space
FRidh has quit [Ping timeout: 260 seconds]
FRidh has joined #nixos-chat
tbech has quit [Quit: WeeChat 2.9]
__monty__ has joined #nixos-chat
red[evilred] has quit [Quit: Idle timeout reached: 10800s]
FRidh has quit [Quit: Konversation terminated!]
lukegb has quit [Quit: ~~lukegb out~~]
lukegb has joined #nixos-chat
FRidh has joined #nixos-chat
cole-h has joined #nixos-chat
waleee-cl has joined #nixos-chat
<cirno-999>
anybody used wacom on nixos?
<cirno-999>
nvm its easy to set up :P
<sphalerite>
cirno-999: you
<adisbladis>
patagonicus: "but I think that being based on the content is just a side effect for Go. They just care about it always being the same for one commit - it would probably work just as well with SVN's sequential numbering." Huh?
<cirno-999>
or maybe not, I'm getting some incompatible qt library versions? :D
<{^_^}>
#104384 (by poscat0x04, 2 days ago, open): kcm-wacomtablet not working
<cirno-999>
:C
<patagonicus>
adisbladis: I'm not super familiar with how Go modules work internally. I know it stores the commit hashes of the version you're adding, but I'm not sure they do that to verify the content. I think that's just to make sure that, if it's not cached/vendored, the same version will be downloaded again later. And that doesn't need content hashing, just
<patagonicus>
ids that don't change.
<adisbladis>
They do verify the directory contents
<adisbladis>
The h1:somehash thing you see in go.sum is a content hash
<adisbladis>
h1: indicates "use hashing scheme 1", which is a sha256 over the contents
<pie_>
cirno-999: is there some sorf of config gui? i was only able to use mine to the extent of plugging it in and using the default config
<pie_>
it worked th
<pie_>
tho
<__monty__>
joepie91: You may not remember this, it's from a while back. I finally heard back from the person researching Russian internet policy. The HTTPS undermining they'd talked about wasn't Russia's but Kazakhstan's attempt https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_attack Though Russia is trying to gain control of all relevant ISPs operating in its territory afaict.
<__monty__>
Also, China's "New IP" is scary af.
<pie_>
__monty__: chinas new ip?
endformationage has joined #nixos-chat
<__monty__>
pie_: They want to replace TCP/IP with a protocol that'd allow topdown censorship control.
<pie_>
uh.uh. wonderful
<__monty__>
This is not very new news btw. Just only found out about it recently.
<pie_>
well they probably have enough developers to make their own entire stack for it right? :p
<__monty__>
Supposedly Huawei's already installing infrastructure using this new protocol in developing countries.
<__monty__>
I don't know how much of that is speculation though.
<pie_>
oh now thats just wonderful
<pie_>
time to vpn all the things
<pie_>
that only gets you so far though
<__monty__>
That probably wouldn't work if you're in such a network. They could just decide to censor VPN providers.
<pie_>
hence "that only gets you so far"
<pie_>
well youd want to proxy through a vps or something
<pie_>
but yeah that raises the bar for most people
<__monty__>
If that were widespread behavior they'd probably censor those VPS providers.
<pie_>
couldnt you sell a service where you on demand spin up a personal proxy? youd have to sufficiently prefent fingrprinting though
<pie_>
are they gonna censor all of aws and azure and whatever?
<__monty__>
Russia has repeatedly blocked all of GitHub iirc? So I wouldn't put China above such things. Especially in developing countries. And I'm assuming they have their own alternatives anyway?
<__monty__>
Some Baidu cloud or something.
<pie_>
yeah probably
<pie_>
ah well, I hope the US lasts long enough so that china doesnt get hegemony
<pie_>
does not inspire confidence
<MichaelRaskin>
__monty__: they are definitely trying to declare control. Getting control takes allocating someone able to take control to the project, which is not what happens in Russia with all that
<insep_>
__monty__: eh? i've don't remember them ever blocking github, but if they did, that probably was while trying to block telegram (and they gave up on that idea lol)
<gchristensen>
github and telegram aren't cohosted
<gchristensen>
but I think github had some content which went against russian propaganda that they blocked gh for temporarily
<insep_>
gchristensen: they blocked entire ip ranges belonging to s3, google cloud, azure etc
<insep_>
or is it s6?
<insep_>
i don't remember
<gchristensen>
yeah and github doesn't use those
<insep_>
github uses amazon for sure
<gchristensen>
no
<gchristensen>
they use their own IP block
<pie_>
(now what was I doing before i got sidetracked?)
<insep_>
gchristensen: they did at a time though (~2 or 3 years ago)
<gchristensen>
surely they also use amazon / azure / etc. but the github.com interfac ehas always gone through their own owned IP block
<insep_>
¯\_(ツ)_/¯
rajivr has quit [Quit: Connection closed for inactivity]
<insep_>
so i did a quick google search and russia did block github after all, one for some shady repo 6 years ago (and my memory isn't good enough to remember this :D) and 4 years while trying to block telegram
<joepie91>
__monty__: ah yeah, I'm familiar with the kazakhstan case, but that was a case of "hi citizen, install our root cert or else" rather than a protocol break afaik :P
<__monty__>
Yes, breaking the protocol never came up.
<MichaelRaskin>
Russia blocked basically everything at least once, but it's a question of for how long
<andi->
Garr commit messages.. how can people always forget about them /o\ Have they never had to debug a system?
<__monty__>
Such a shame, I've written commit essays, never to be read by another human being...
<joepie91>
__monty__: ah I might have misremembered the discussion then
<pie_>
its because people dont keep logbooks as they go
<pie_>
as ifthere werent 20 other reasons but yknow
<MichaelRaskin>
I do not believe commit messages, I believe diffs
<MichaelRaskin>
Comments in the code… maybe
<andi->
MichaelRaskin: commit messages can still have the motivation... that is mostly what i am asking for..
<andi->
details should be in the code
<andi->
especially if you put something for review. why should anyone consider this change? any change is good?
<supersandro2000>
MichaelRaskin: if you are going to search through 2000 commits good commit messages can help you a lot
<supersandro2000>
eg search for darwin in the last commits and see if anything relates to your problem on darwin
<supersandro2000>
and bingo. faster than even generating blame for 2000 commits
sorear has quit [Ping timeout: 260 seconds]
waleee-cl has quit [Ping timeout: 260 seconds]
sorear has joined #nixos-chat
waleee-cl has joined #nixos-chat
<MichaelRaskin>
The first thing I would do is prune w.r.t. derivation hash changes…
<MichaelRaskin>
Slower than grepping, but I believe hashes more.
<supersandro2000>
rg is almost instant
<supersandro2000>
my brain can't work well with hashes. Mabye yours does.
<sphalerite>
supersandro2000: the idea is to let the computer worry about the hashes so your brain can worry about the changes :)
<sphalerite>
__monty__: you should contribute to the kernel. People will appreciate your commit messages there :p
<__monty__>
I'm not at that level yet.
bridge[evilred] has quit [*.net *.split]
pinpox has quit [*.net *.split]
pinpox has joined #nixos-chat
bridge[evilred] has joined #nixos-chat
tilpner_ has joined #nixos-chat
tilpner has quit [Ping timeout: 260 seconds]
tilpner_ is now known as tilpner
aleph- has quit [Ping timeout: 240 seconds]
<abathur>
oof
<abathur>
one of the more horrifying sentences I can recall reading
<abathur>
"mkdir -p -m is broken, since the mode is only applied to the last directory in the path you type."
<samueldr>
thanks, definitely don't like this
<__monty__>
BSD mkdir is very clear about the permissions on intermediate directories created.
<abathur>
from the most-convincing answer: "to get around this we can use a subshell: `( umask 000 && mkdir -p yodirectory/yostuff/mastuffinyostuff )`"
<abathur>
__monty__: fine, we'll try again :P "install -d -m is broken the same way."
<abathur>
not that I agree with the use of "broken" there
<abathur>
it's more of a "surprise"
<MichaelRaskin>
Underspecified
<abathur>
:)
<__monty__>
My point was BSD mkdir was not underspecified. I haven't given a value judgement about the behavior at all.
<abathur>
__monty__: nod, it's very clear, a bit surprised I hadn't noticed it before