<ashkitten>
i want the next release which will support playlists in syncplay groups
<lovesegfault>
what does that do?
<lovesegfault>
uhhhh, what port does this thing run on?
<ashkitten>
dunno
<lovesegfault>
there's no webui?
<cole-h>
there is
<cole-h>
1s
<lovesegfault>
it's 8096 apparently?
<cole-h>
8096
<lovesegfault>
:D
* lovesegfault
goes open it in the firewall
<bbigras>
jellyfin-mpv-shim allow to view jellyfin content with mpv
<cole-h>
Basically: chromecast to your local mpv player
<cole-h>
:P
<bbigras>
is mpv more efficient than the browser for videos?
<ashkitten>
syncplay lets you watch something with other people
<bbigras>
syncplay sounds nice
<cole-h>
idk I just like it so I can browse while watching :P
<ashkitten>
not to be confused with syncplay, the software that lets you watch something with other people
<ashkitten>
:/
<samueldr>
bbigras: maybe not, but it doesn't have a garbage-made website around
<bbigras>
samueldr: you are talking about jellyfin's web page?
<samueldr>
and *that* website may (will) affect the playing of the media
<samueldr>
nah, mpv vs. browser
<bbigras>
ah gotcha
<samueldr>
I was thinking youtube-style
<bbigras>
yeah
<samueldr>
it didn't click that the question was about mpv *and jellyfin*
<ashkitten>
is futex2 the new wine synchronization primitive thing
<bbigras>
no worries. haha for a moment I thought you were saying that jellyfin was shit.
<samueldr>
no clue about jellyfin, never used it :)
<bbigras>
cole-h: chrome and firefox also have pip mode for videos now. it's great. I use it all day.
<cole-h>
indeed they do
<cole-h>
but they die when I close the browser or the browser crashes :P
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-chat
danderson has joined #nixos-chat
rajivr has joined #nixos-chat
<pie_>
has anyone ever been unable to get thunderbird to connect to gmail...Ive enabled the allow less secure apps thing but it still wont work and I use the same password to log in via the web client...
<cole-h>
Don't you have to use an app password too?
iqubic has left #nixos-chat ["ERC (IRC client for Emacs 28.0.50)"]
<aleph->
^
<pie_>
n...o?
<pie_>
I have another email that works...
<ashkitten>
anyone know where i can find the futex2 kernel patches or if they're in linux-zen?
<cole-h>
pie_: Does the email that doesn't work have 2FA? Back when I used tbird + gmail for 1 day (and had 2FA enabled), I was required to use an app password.
<samueldr>
ashkitten: finding the patchwork thread usually helps to find the patches
<samueldr>
here I searched on a search engine: patchwork futex2
<samueldr>
the "Related" row with a "show" link will show you the distinct patches
<samueldr>
the names shown there should (except for the [tag name]) be the commit name if present in a kernel tree
<pie_>
"They seem to have gotten rid of the "App Password" option. – Wildcard Sep 4 '18 at 19:14"
<samueldr>
ashkitten: for consuming patches, imo patchwork is the place to go, but not necessarily the best to read the *threads*... though responses to a specific patch are all there
<pie_>
Apparently now I got blocked by the suspicious activity filter
<pie_>
I said i was me now it still wont let me in
<pie_>
It turned less secure back off again..or failed to register it. Got it to work now...
<ashkitten>
darn, doesn't apply..
<samueldr>
ashkitten: using git am? tried patch?
<samueldr>
ashkitten: because `git am` is more stringent than `patch` to apply stuff
<samueldr>
(applies too to git apply, more stringent than patch in my experience)
<aleph->
Well maybe cut down on some hypothetical attack vector?
<aleph->
Now I'm curious to see if it'll bug out though
<colemickens>
aleph-: yeah, if I had secrets in the store or something and the container was compromised...
<colemickens>
infinisil: thanks for that, i've never seen that before, didn't know that was a thing.
<aleph->
Nod
hexa- has quit [Quit: WeeChat 2.9]
hexa- has joined #nixos-chat
<energizer>
colemickens: i dont see why programs should be able to read/execute random stuff in the store
<energizer>
regardless of secrets there's the privacy thing. for example Zoom reads off /proc/*/{stat,cmdline}
<energizer>
which isnt the store but is still ridiculous
<Ashy>
energizer: wat the f
<gchristensen>
I'm really liking this pattern of provisioning servers with terraform, importing their nix expressions in to the repository, and then deploying to them
<energizer>
Ashy: see for yourself, strace -f zoom 2>&1 | egrep -o '/proc\S+'
<energizer>
i tried to get zoom running in a jail but couldn't, i dont know enough about x11/xauth
slack1256 has quit [Remote host closed the connection]
<Ashy>
haha zoom crashes for me when i try to run it: INTERPRETER PANIC - Unable to load font -*-helvetica-medium-r-*-*-14-*-*-*-*-*-*-* or fall back to 8x13 (PC = #0)
<Ashy>
i guess this is another reason to only ever use zoom in the browser
<energizer>
are you just running it raw, or in some kind of container/jail thing?
<energizer>
you can use something like `systemd-id128 machine-id --app-specific myapp`
<samueldr>
which in turn is just reading it with more steps
<samueldr>
btw, I'm not saying it's not "confidential", it is, just as an identifier for a specific machine is
<samueldr>
but software reading it AFAIUI does not equate to being untrustworthy
<energizer>
i guess it depends how you look at it. cccccclkjkljdevhrvtfjtilnrddvnkjnbdtiffrhgtt from my yubikey is just reading the hardware private key with more steps
<samueldr>
and that to generate the derived application×machine-id, it needs to be read
<energizer>
just like the private key from the yubikey needs to be read, no?
<samueldr>
I don't know if I'm being ultra-dense
<samueldr>
but that's totally not the same thing
<energizer>
pulse doesn't need to read it directly, it can ask systemd to do it
<samueldr>
wat?
<samueldr>
systemd-id128 is just a wrapper around sd_id128_get_machine_app_specific
<samueldr>
and sd_id128_get_machine_app_specific is just reading the file with teh appropriate derivation
<energizer>
running `systemd-id128 machine-id --app-specific`, has some similarities with asking the yubikey to generate you a value
<samueldr>
I don't know
<samueldr>
I don't think so, unless it's supposed to be secure
<samueldr>
`systemd-id128` literally onlt calls sd_id128_get_machine_app_specific for you as a convenience, most likely for when you don't have a C binding for it
<samueldr>
(and other convenient wrapping on similar IDs)
<energizer>
yeah i get what you're saying, i just think that is a strange setup for a confidential value
<colemickens>
if it talked to systemd over dbus or something?
<colemickens>
or a socket even
<energizer>
/etc-machine-id should be unreadable and you should have to say who you are when asking for a derived version
<colemickens>
not sure how systemd would authenticate the caller though to validate the app id
<samueldr>
what I think the issue is, is that we have different understanding of "confidential" here
<samueldr>
it's confidential as in you don't want to use this value to track a user outside of the machine
<samueldr>
as it would allow different bit of software to correlate this particular machine, if they were networked and independent
<energizer>
hmm maybe the machine-id functions can be replaced with a call to my actual yubikey
<samueldr>
note that it must stay unique per install, and constant throught the lifetime of an install
<energizer>
in order for journald to consider them the same machine yeah that's true
<energizer>
not sure what other parts of the system would care tho
<samueldr>
not exclusively journald
<samueldr>
other software could use it as an identifier (though that is a bit stateful)
<samueldr>
I think zfs does
<samueldr>
I could be misremembering something
LnL has quit [Ping timeout: 272 seconds]
<hexa->
yes, zfs does.
* samueldr
looks it up
<energizer>
rg machine.id zfs/ doesnt show anything
LnL has joined #nixos-chat
LnL has joined #nixos-chat
LnL has quit [Changing host]
<samueldr>
ah, it's cargo-culted knowledge for networking.hostId
<samueldr>
but still, I think the word "confidential" here can be interpreted in overblown manners
<samueldr>
I assume it was chosen to hammer the fact that the cleartext value shouldn't be used
<energizer>
sure, there are other ways for a program to find out what computer it's on, like looking at the mac address
<samueldr>
derive a value from it, this way different unrelated software wouldn't end up using the same identifier for the same machine
<energizer>
but imo those ways should be reduced
<samueldr>
that's another subject, and yes
<samueldr>
I was coming from it assuming you want a machine id
<energizer>
so basically i agree with the literal statement of "If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly."
<energizer>
(from the man page)
<samueldr>
that's the "if" that matters
<samueldr>
and yes, it's better not to track a machine if you don't need to (as a software developer)
<energizer>
'erase your darlings' is really a stop-gap since it only prevents reading changed values across boots. a purer setup would prevent simultaneously running programs from reading each other's changes
<energizer>
or reading any persistent values except whitelisted ones
sorear has quit [Read error: Connection reset by peer]
sorear has joined #nixos-chat
Guest88372 has quit [Read error: Connection reset by peer]
Guest88372_ has joined #nixos-chat
<energizer>
that is a purely functional linux distribution :)
<clever>
samueldr: i need to find that initrd patchelf thing you linked a while back, manually patchelfing things is getting to be messy
Guest88372_ has quit [*.net *.split]
hexa- has quit [*.net *.split]
waleee-cl has quit [*.net *.split]
mog has quit [*.net *.split]
Taneb has quit [*.net *.split]
das_j has quit [*.net *.split]
Dotz0cat has quit [*.net *.split]
NinjaTrappeur has quit [*.net *.split]
Ashy has quit [*.net *.split]
tokudan has quit [*.net *.split]
dadada_ has quit [*.net *.split]
ece3 has quit [*.net *.split]
AMG has quit [*.net *.split]
genevino has quit [*.net *.split]
energizer has quit [*.net *.split]
mog has joined #nixos-chat
hexa- has joined #nixos-chat
waleee-cl has joined #nixos-chat
Guest88372_ has joined #nixos-chat
das_j has joined #nixos-chat
Dotz0cat has joined #nixos-chat
NinjaTrappeur has joined #nixos-chat
Taneb has joined #nixos-chat
genevino has joined #nixos-chat
AMG has joined #nixos-chat
dadada_ has joined #nixos-chat
ece3 has joined #nixos-chat
tokudan has joined #nixos-chat
Ashy has joined #nixos-chat
energizer has joined #nixos-chat
AMG has quit [Max SendQ exceeded]
hexa- has quit [Max SendQ exceeded]
<clever>
[86] Jan 01 00:03:25 Login attempt for nonexistent user from 192.168.2.15:54282
<clever>
hmmm, dropbear is refusing to admit that root exists in passwd...
<clever>
[pid 91] openat(AT_FDCWD, "/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-glibc-2.27-armv6l-unknown-linux-gnueabihf/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
<clever>
yep, same issue as with sshd and avahi-daemon
AMG has joined #nixos-chat
mirage[m] has quit [Ping timeout: 240 seconds]
nckx has quit [Ping timeout: 264 seconds]
jtojnar has quit [Ping timeout: 246 seconds]
Ke has quit [Ping timeout: 260 seconds]
Irenes[m] has quit [Ping timeout: 260 seconds]
bbigras has quit [Ping timeout: 260 seconds]
puzzlewolf has quit [Ping timeout: 260 seconds]
awaxa has quit [Ping timeout: 260 seconds]
nicolas[m] has quit [Ping timeout: 265 seconds]
aaronjanse has quit [Ping timeout: 265 seconds]
nckx has joined #nixos-chat
ma27[m] has quit [Ping timeout: 246 seconds]
kalbasit[m] has quit [Ping timeout: 240 seconds]
worldofpeace has quit [Ping timeout: 260 seconds]
LinuxHackerman has quit [Ping timeout: 260 seconds]
thefloweringash has quit [Ping timeout: 244 seconds]
veleiro has quit [Ping timeout: 244 seconds]
hexa- has joined #nixos-chat
kraem[m] has quit [Ping timeout: 265 seconds]
mjlbach has quit [Ping timeout: 240 seconds]
ili has quit [Ping timeout: 240 seconds]
manveru[m] has quit [Ping timeout: 240 seconds]
danielrf[m] has quit [Ping timeout: 260 seconds]
colemickens has quit [Ping timeout: 260 seconds]
chr0ma[m]1 has quit [Ping timeout: 244 seconds]
noneucat has quit [Ping timeout: 244 seconds]
crazazy[m] has quit [Ping timeout: 265 seconds]
pinage404[m]1 has quit [Ping timeout: 265 seconds]
rycee has quit [Ping timeout: 265 seconds]
leonardp has quit [Ping timeout: 240 seconds]
dtz has quit [Ping timeout: 265 seconds]
DavHau[m] has quit [Ping timeout: 246 seconds]
chvp has quit [Ping timeout: 246 seconds]
rmcgibbo[m] has quit [Ping timeout: 240 seconds]
aanderse has quit [Ping timeout: 240 seconds]
immae has quit [Ping timeout: 240 seconds]
artturin has quit [Ping timeout: 268 seconds]
philipp[m]1 has quit [Ping timeout: 268 seconds]
leons has quit [Ping timeout: 268 seconds]
siraben has quit [Ping timeout: 268 seconds]
emily has quit [Ping timeout: 268 seconds]
Ox4A6F has quit [Ping timeout: 268 seconds]
worldofpeace has joined #nixos-chat
bbigras has joined #nixos-chat
LinuxHackerman has joined #nixos-chat
puzzlewolf has joined #nixos-chat
Irenes[m] has joined #nixos-chat
danielrf[m] has joined #nixos-chat
Ke has joined #nixos-chat
colemickens has joined #nixos-chat
awaxa has joined #nixos-chat
noneucat has joined #nixos-chat
jtojnar has joined #nixos-chat
nicolas[m] has joined #nixos-chat
ili has joined #nixos-chat
crazazy[m] has joined #nixos-chat
manveru[m] has joined #nixos-chat
rycee has joined #nixos-chat
kraem[m] has joined #nixos-chat
veleiro has joined #nixos-chat
thefloweringash has joined #nixos-chat
kalbasit[m] has joined #nixos-chat
pinage404[m]1 has joined #nixos-chat
mirage[m] has joined #nixos-chat
chr0ma[m]1 has joined #nixos-chat
aaronjanse has joined #nixos-chat
ma27[m] has joined #nixos-chat
mjlbach has joined #nixos-chat
siraben has joined #nixos-chat
leonardp has joined #nixos-chat
dtz has joined #nixos-chat
rmcgibbo[m] has joined #nixos-chat
aanderse has joined #nixos-chat
philipp[m]1 has joined #nixos-chat
artturin has joined #nixos-chat
leons has joined #nixos-chat
immae has joined #nixos-chat
emily has joined #nixos-chat
Ox4A6F has joined #nixos-chat
DavHau[m] has joined #nixos-chat
chvp has joined #nixos-chat
<clever>
[95] Jan 01 00:01:03 User 'root' has invalid shell, rejected
<clever>
progress
<clever>
PTY allocation request failed on channel 0
<Ashy>
i wonder if it could be combined with nix-bundle or something similar and build a big chunk of nixpkgs as fat binaries that run effectively anywhere
<ashkitten>
wait, i saw that a while back but i thought it was a joke
<ashkitten>
apparently this project is whole-ass serious
<ashkitten>
idk how i feel about that
<Ashy>
it's pretty amazing
<ashkitten>
the thought of people actually using that binary format in prod sketches me out so bad
<Ashy>
prod is where good intentions go to die
waleee-cl has quit [Quit: Connection closed for inactivity]
nckx has quit [Ping timeout: 276 seconds]
nckx[2] has joined #nixos-chat
nckx[2] is now known as nckx
danderson has quit [Remote host closed the connection]
danderson has joined #nixos-chat
cole-h has joined #nixos-chat
cole-h has quit [Ping timeout: 256 seconds]
mog has quit [Ping timeout: 258 seconds]
mog has joined #nixos-chat
__monty__ has joined #nixos-chat
cosimone has joined #nixos-chat
<siraben>
anyone have a NixOS/home-manager config with sway + screensharing working?
<etu>
siraben: But I don't start it from home manager configs, but I use home manager as well.
<siraben>
etu: thanks
<siraben>
yeah I'm unsure of how much to put in configuration.nix and how much to put in home.nix when it comes to sway config
<ldlework>
siraben: think about what you want to happen on first boot i guess
<ldlework>
though, i don't see any reason why your home-manager stuff can't be in place by then
<siraben>
right, since I'd have to bootstrap my home-manage config
<siraben>
well can't I put HM stuff in configuration.nix?
<siraben>
I recall it being a module
<ldlework>
doesn't that make you profile switch each time you rebuild it?
<etu>
siraben: you can import it as a module and set home manager things from configuration.nix
<etu>
ldlework: yes it does
<siraben>
also, in terms of flakes references, should I prefer `github:NixOS/nixpkgs/nixos-20.09` or `nixpkgs/release-20.09`? IIUC, the latter reference has to be matched against an registry entry whereas the former is "absolute" in some sense?
<siraben>
yeah that'd be a way to putting HM and system config in lock step
<siraben>
I guess flake.lock file resolves that
rosariopulella[m has joined #nixos-chat
waleee-cl has joined #nixos-chat
AuctusDK has joined #nixos-chat
AuctusDK has quit [Connection closed]
VoidWhispererRS has joined #nixos-chat
VoidWhispererRS has quit [Connection closed]
the_madman has joined #nixos-chat
<the_madman>
/!\ this channel has moved to ##hamradio /!\
the_madman has quit [Remote host closed the connection]
<gchristensen>
lol
jimbeammGZ has joined #nixos-chat
bairdmichzW has joined #nixos-chat
<jimbeammGZ>
/!\ this channel has moved to #nyymit /!\
jimbeammGZ has quit [Remote host closed the connection]
<bairdmichzW>
/!\ this channel has moved to #nyymit /!\
bairdmichzW has quit [Remote host closed the connection]
loeken has joined #nixos-chat
<loeken>
/!\ this channel has moved to #nyymit /!\
Sigyn has joined #nixos-chat
<Sigyn>
** Warning: if there is any bot in #nixos-chat which should be exempted from Sigyn, contact staffers before it gets caught **
loeken has quit [Remote host closed the connection]
cloeYC has joined #nixos-chat
<cloeYC>
/!\ this channel has moved to #nyymit /!\
cloeYC has quit [Killed (Sigyn (Spam is off topic on freenode.))]
<sphalerite>
gchristensen: seems decent, though I don't have enough experience iwth other config management to know if setting up e.g. a nextcloud instance with TLS and stuff is as painless with other such tools as it is with nixos
disasm has quit [Quit: WeeChat 2.0]
disasm has joined #nixos-chat
aleph- has joined #nixos-chat
endformationage has joined #nixos-chat
NinjaTrappeur has joined #nixos-chat
lunc has quit []
lunc has joined #nixos-chat
aleph- has quit [Quit: WeeChat info:version]
aleph- has joined #nixos-chat
aleph- has quit [Quit: WeeChat info:version]
aleph- has joined #nixos-chat
<philipp[m]1>
If you need to punish yourself because you drown kitten for fun or something, I suggest you look into adding a jibri module to nixpkgs.
<pie_>
on february 11, 2020, an unexplained mass of kitten drownings was observed
rajivr has quit [Quit: Connection closed for inactivity]
<philipp[m]1>
You don't know what jibri is, do you?
<philipp[m]1>
It's the official recording solution for jitsi. It's a java app that starts a chromium into a xorg with selenium and ffmpegs the framebuffer.
<pie_>
well that explains why it sounds like jitsi
<pie_>
philipp[m]1: oh god wtf ffmpegs the framebuffer? isnt that super unperformant
<pie_>
and like, double encoding
<pie_>
hm i guess its simpler than doing some kind of backend rendering for the UI
<pie_>
hmhm
<philipp[m]1>
pie_: Oh, performance is not a problem. You only have a single X, so you need to spool up another vm anyway if you want to record more than one room at a time.
<pie_>
Well I was comparing to "cant you just save the video stream to disk or somethin"
cole-h has joined #nixos-chat
<gchristensen>
do EFI modules run in ring0, or ring-1?
<energizer>
the projectA/projectB thing is solved by jails. nix solves dependency isolation but not filesystem isolation. jails solve isolation but not transparency/reproducibility. need both imo.
<gchristensen>
oh I was reading Unified Extensible Firmware Specification version 2.0 instead
<gchristensen>
energizer: only half-solved by jails
<samueldr>
just one I found online, yours maybe has more details
<samueldr>
but maybe you need the updated PI Spec
<gchristensen>
energizer: if you get a bit creative with your imagination you can imagine a single project which has conflicting dependencies
<gchristensen>
(this is not contrived)
<energizer>
gchristensen: i dont need to get creative for that unfortunately :P
<gchristensen>
:P
<energizer>
i do think it would be nice to have some repos with some nsjail/minijail policies for lots of apps
<energizer>
that could supersede `impermanence` since it would prevent simultanously running programs from interfering with each other, not just programs separated by a reboot
<energizer>
i think id want more sandboxing still since a program could still read /proc, or maybe even exec into a more-privileged program and start messing around in ~/.mozilla
<energizer>
(those are two separate ideas)
<gchristensen>
hmm... can lz4 be used as a streaming compression algorithm?
aleph- has quit [Quit: WeeChat info:version]
aleph- has joined #nixos-chat
aleph- has quit [Client Quit]
<eyJhb>
energizer: I have a nsjail module somewhere
<energizer>
firejail has some configs but i landed on nsjail/minijail over firejail for some reason. maybe it's possible to convert the firejail configs
<drakonis>
there's rumours about amd doing arm chips
<eyJhb>
Yeah, but you can learn a lot from firejail from their configs
<eyJhb>
energizer: what you said :D
aleph- has joined #nixos-chat
aleph- has quit [Read error: Connection reset by peer]
aleph- has joined #nixos-chat
red[evilred] has joined #nixos-chat
<red[evilred]>
Btw, since we're talking about this subject
<red[evilred]>
what is the currently most "supported" isolation for services on servers in NixOS?
<red[evilred]>
containers? vms? etc etc
<red[evilred]>
ie - if I wanted to take an existing server that I had with lots of diffeernt services on it and wanted to have some kind of separation
<red[evilred]>
(or is there even a preference)?
<__monty__>
Wouldn't it be a mistake for Intel and AMD not to be doing ARM chips rn?
<etu>
__monty__: AMD is looking into ARM
<samueldr>
AMD always has had some ARM going on on the backburner
<samueldr>
and IIRC there's been, for a good while, an ARM CPU on your AMD CPU, running for its trustzone implementation