<vikanezrimaya>
Well, well, well. I ask of you, those NixOS users who use Chromium, what day it is? (It's a rhethorical question tho)
<vikanezrimaya>
It's March 18, three days since the day that Google marked as the doom of Chromium API keys for distribution maintainers.
<samueldr>
it's a day that ends in day
<vikanezrimaya>
Yet the keys still seem to work. I wonder why? Did Google backed out of their promise of inevitable doom?
<vikanezrimaya>
Did they chicken out in fear of uprising of Chromium maintainers?
<gchristensen>
they probably just scheduled it for the next sprint
<vikanezrimaya>
It's not good to break a schedule they promised.
<vikanezrimaya>
>.<
<supersandro2000>
I loaded bash_completion afterwards which broke it!
<vikanezrimaya>
on the note of API keys, does anyone have a way of somehow extracting keys from Google Chrome binary itself? I'm pretty sure it has some sort of golden key sealed inside which won't be revoked any time soon...
<vikanezrimaya>
Is this even legal to discuss in this chat
<vikanezrimaya>
well I want to make my NixOS work so I guess it's at least somewhat on-topic?
<samueldr>
fixing your nixos is off-topic for the off-topic chat ;)
<samueldr>
I guess there must be a way to dump the API keys, but uh... maybe left for more "courageous" locations to chat on?
<samueldr>
wouldn't be great to have the big G breathing down the neck of this channel
<vikanezrimaya>
The debug logging allows to dump API keys, but it's disabled in production builds with seemingly no way to enable it
<samueldr>
I guess if you're vague enough it's not an issue? but I'm like totally not a law guy
<vikanezrimaya>
Well yeah I don't want to bring doom upon all of us
<samueldr>
maybe run `strings` on the binary and find strings matching the expected length?
<samueldr>
assuming their golden keys are of the same shape as the public ones?
<supersandro2000>
vikanezrimaya: "seemingly no way"
<supersandro2000>
like all those other unbreakable things
<supersandro2000>
If google cares you can't find it with strings
<samueldr>
well, if it's been compiled without the line of codes to do the debug logging... that's quite strongly unbreakable :)
<samueldr>
(I was responding about the debug logging)
<samueldr>
that's it, if google cares
<vikanezrimaya>
samueldr: you're correct, it's compiled out
<supersandro2000>
people can break denuvo
<supersandro2000>
if someone cares enough they can break this, too
<vikanezrimaya>
and I couldn't determine for sure if Google cares or not, let's see if I care more about my browser working?
<samueldr>
sure, but they won't make the debug log that's not present in the build happen
<vikanezrimaya>
Probably won't, but that means I can't show those API keys to anyone or they'll get stolen
<supersandro2000>
strings chromium | rg GOOGLE_ reaveals a bunch of envs for api keys
<vikanezrimaya>
strings result/share/google/chrome/chrome | rg apps.googleusercontent.com shows a client ID. Not sure where the client secret would be...
vikanezrimaya has quit [Quit: Connection closed]
vikanezrimaya has joined #nixos-chat
<samueldr>
I haven't validated they work, but I found likely values
<samueldr>
though note there are multiple API keys and client id/secrets for different services
mcint has quit [Ping timeout: 240 seconds]
<samueldr>
the most we should reveal here, probably, is that google search results will return hits likely confirming the likely find
<samueldr>
probably
<samueldr>
allegedly
<vikanezrimaya>
oddly specific
cole-h has quit [Ping timeout: 244 seconds]
vikanezrimaya has quit [Quit: Connection closed]
djwf has joined #nixos-chat
supersandro2000 has quit [Disconnected by services]
<colemickens>
if I run the mcfly-history-widget cmd manually it does pop up
<colemickens>
I feel like I've had weird issues with bindings in the past
<colemickens>
I kind of wish it worked with skim anyway tho
<colemickens>
just to have a standard fuzzy interface
Baughn has quit [Ping timeout: 260 seconds]
Baughn has joined #nixos-chat
endformationage has quit [Quit: WeeChat 2.9]
CodeKiwi has joined #nixos-chat
DigitalKiwi has quit [Ping timeout: 260 seconds]
<aaronjanse>
__monty__: I've started using fish, and I must admit that the completion is fantastic
<aaronjanse>
I think my bar for "best possible completion system" was wayyy too low. I was used to >100ms completions that at least worked most of the time
cole-h has joined #nixos-chat
<aaronjanse>
Fish shows completion both much faster and with documentation
<slack1256>
Fish is great. I came for the completion, I stayed for `set`.
waleee-cl has quit [Quit: Connection closed for inactivity]
<Ke>
bash completions are indeed in dire need of timeouts
<ar>
bash completions are in dire need of someone cleaning them up
<ar>
for example, they often mess up $_ after using them
<ar>
so if you do "foo ./something" and then "bar --opt<tab> $_", $_ might not contain ./something anymore
<aaronjanse>
Speaking of shell stuff, I'm looking for something like ripgrep but for searching for files that include two keywords, anywhere
<aaronjanse>
It would be super helpful for searching nixpkgs
<aaronjanse>
In terms of completion, I think fish's approach is pretty clean, which is encouraging
<Ke>
yes I guess bash should also run completions in a different context
<slack1256>
aaronjanse: I use `nix repl` and `builtins.match` regexes :-P .
<slack1256>
Useful for searching specific latex packages.
<Ke>
if you are writing complex expressions with things like subshells, completion frequently goes completely bonkers
<aaronjanse>
Yep
<aaronjanse>
Ooh thanks for the heads up slack1256
<aaronjanse>
I tried nushell for some time, but I rarely need something between a shell and a full programming language that's popular outside of scripting
<ar>
i want to try xonsh some day
<aaronjanse>
And fish works well even for my use-case of executing "cargo run" a bunch of times while doing general system administration
<aaronjanse>
Oh a friend of mine uses Xonsh as his default shell
<aaronjanse>
I'm currently using Xonsh-but-julia-instead-of-python as my default shell
<aaronjanse>
I really like that Xonsh lets you plug into the whole python ecosystem
<slack1256>
I want xonsh but for a ML/haskell style lang.
<aaronjanse>
I should probably learn Haskell eventually
<ar>
and elvish also seems somewhat interesting (https://elv.sh/)
<aaronjanse>
Oh I've tried elvish
<aaronjanse>
I really like its file manager and location switcher
<aaronjanse>
I was considering elvish for completions for my julia-shell repl thing, but I ended up using fish for completions
<slack1256>
I remember using elvish, but I was already good with `jq` already...
<aaronjanse>
I used elvish for about a month during an internship, then nushell for the month after that
<aaronjanse>
Yep
<aaronjanse>
And with something like xonsh, you'd get data processing along with lots of libraries etc
<colemickens>
hm, I have bzImage that qemu wont' boot
<colemickens>
/nix/store/3w61d99hfk3i07raqps5lwk4c9pjp9c6-fatxKernel/bzImage: Linux kernel x86 boot executable bzImage, version 2.4.25-xbox (root@Athlon) #13 Wed Apr 21 16:20:35 CEST 2004, RO-rootFS, root_dev 0x308, Normal VGA
<colemickens>
the fatx patches didn't get much love
<colemickens>
anyway, for some reason if i drop -nographic it boots
Jackneill has joined #nixos-chat
slack1256 has quit [Remote host closed the connection]
spudly has quit [Remote host closed the connection]
spudly has joined #nixos-chat
cole-h has quit [Ping timeout: 245 seconds]
<patagonicus>
<3 modules are great. I'm finally moving my home-manager config into my custom nixos modules, which also means that I have a single config option that enables all the stuff I want (only) on desktops, for both nixos and home-manager.
<Ke>
btw. people often ask me what is great about nixos and I can't really explain it, do other people have this issue
<Ke>
it's like you can put nixos to git, but this you can do with some setup tool like ansible and debian eg.
<Ke>
or you can have generations, but you can also have snapshots
<Ke>
though nixos has more controlled state, especially if you use tmpfs rootfs
<Ke>
but this is difficult to explicate
<Ke>
or does not really convey the idea
<Ke>
my nixos configs actually live in the same repo as old debian and gentoo configs and use the same files even
<Ke>
just my setup scripts for gentoo and debian were more hacky
<lovesegfault>
I think it's just hard to explain
<lovesegfault>
because it's radically different from most other tools
<lovesegfault>
I've had the same issue
<lovesegfault>
like, you can say something fancy like "uhhhh purely functional package management!"
<lovesegfault>
but that also doesn't mean anything
<lovesegfault>
You have to try Nix to get Nix at this point
<lovesegfault>
which is a big problem since our beginner experience is 💩
<lovesegfault>
it's getting better though
<Ke>
I would not be using nixos, if I had not had to learn it at work
<Ke>
I even thought it was a crazy idea and could never work in practise
<Ke>
though there has been insane amount of work put into mutilating all the packages into nixos
<Ke>
so I guess I just underestimated the amount of work people are ready to do
<aaronjanse>
"which is a big problem since our beginner experience is 💩 " yeah I have no clue why I tried Nix
<lovesegfault>
same here, had to learn nix for work and feel in love with it
<aaronjanse>
It was painful
<aaronjanse>
But now I use it 24/7
<lovesegfault>
Right, but I'm sure our retention is extremely low
<lovesegfault>
case in point at work we were an all-nix company
<aaronjanse>
It looks like it works similar to `nix bundle`
<aaronjanse>
> Each compiler "shard" is packaged separately
<{^_^}>
undefined variable 'Each' at (string):489:1
<patagonicus>
I don't quite remember why I started using Nix. I must have heard about it somewhere and liked the idea of "one config for the whole system", but Nix(OS) is so much better than just "oh, you get nice, easy rollbacks" which was what drew me in.
<patagonicus>
I used to use Gentoo, so getting into the details of a Linux system didn't scare me, but Gentoo took too much time after I stopped being a student. NixOS looked like it could give the control I wanted with less hassle (and it totally did).
<Ke>
yes, gentoo went insane with the correctness enforcement
<Ke>
it was easy while you could let your system to be slightly broken
<Ke>
I guess people like me gave too many invalid bug reports
<ar>
the issue that drove me away from gentoo, is that i had nearly identical system on desktop and laptop, and there were some packages that didn't compile on my laptop, but did on the desktop
<Ke>
though I must admit that nixos would be even more insane with the correctness enforcement, if I was not fine with the defaults
<Ke>
I am patching radeonsi mesa driver and, if I did not use a hack it would be a lot of recompiles for me
<ar>
huh. what hack?
<Ke>
like probably the by now hundreds of different webkit variants that live on every system
<Ke>
hardware.opengl.package
Synthetica has joined #nixos-chat
<patagonicus>
I also find it much easier to modify the system itself in NixOS compared to Gentoo. Stuff like overlays you can just throw into your config and it'll just keep applying them automatically to new versions of nixpkgs. Or overriding some low level stuff for modules. (For example I modified the borgbackup job systemd services to run sequentially
<patagonicus>
instead of guessing start times that are far enough apart and/or using high lock timeouts in borg itself)
<LinuxHackerman>
Huh, it's super easy to edit stuff in /usr! :p
<LinuxHackerman>
(let's not talk about dealing with the consequences)
<aaronjanse>
I actually wanna figure out how get NixOS to let me fully modify root, enough to install a second package manager
<aaronjanse>
I want full purity of deployment servers, but I want more room for ugly stuff on my laptop
<Ke>
yes I am also interested in constructing some fallback
<aaronjanse>
"This library is only intended to be used in containers! Do not use on NixOS hosts!" I wonder how bad it would be to try this on my NixOS host 👀. I'll take a look at the source code first
<supersandro2000>
bbigras: could you script mcfly to use any command as input? also I think it is slower than fzf
<supersandro2000>
do I need to pay a small fortune to get the lsb details from iso?
<patagonicus>
What do you mean by "lsb details from iso"?
vikanezrimaya has joined #nixos-chat
<vikanezrimaya>
Oh well, I think I might've had a heart attack by now, I feel like a zombie process
<vikanezrimaya>
My mom's computer had two RAM sticks out of four go faulty, halving the RAM capacity and scaring the heck out of my mom with random reboots and hangs
<vikanezrimaya>
Her laptop is stuck installing a Windows 10 update
<vikanezrimaya>
And the only working computer in the household is my NixOS laptop. NixOS saves the day!
<vikanezrimaya>
I wrote a quick config patch to make a separate user with a browser, a PDF reader and a VPN for work and took the glitchy computer as a quick replacement workstation for the rest of the day
<vikanezrimaya>
NixOS is awesome
<infinisil>
Nice
<vikanezrimaya>
also using SFTP to pull files from my /home to work with
<pie_>
supersandro2000: they probably didnt realize you meant the standards organization
<patagonicus>
Ah, I didn't know it was an actual ISO standard, thought you were talking about installer CD images. Yeah, ISO is not … great in that regard.
<pie_>
haha
<srk>
fhs standard is fun, everything is optional
<patagonicus>
At least the FHS standard should be free, right?
<supersandro2000>
ISO be like: "yOuR oS nEeDs tO uNdErStAnD rPm"
<pie_>
on the upside, i hope this takes rust towards being compatible with weird architectures, and not towards linux being incompatible with weird architectures
aei has joined #nixos-chat
rj_ has joined #nixos-chat
<aei>
good morning, jumping in ... alacritty, that is rust too, it is not every day you change terminal, very comfortable with it, like
<aei>
also, reading back, reasons for liking nixos, i ended up writing long emails to some friends trying to explain just that
<aei>
you go through the list of advantages, its being declarative is a big one not just for installation but basic configuration, all the way down to being able to switch esc and caps locks up front, or ... my bloody printer, things i needed to get back to after initial installation of debian ...
<aei>
some big advantage there ... also its being so different, and unexpectedly working so well, (unexpected in the sense of, well, who would have thought of all this; and how could there be such a large project that is so underground to the uninitiated) ... i did hear a few murmurs about it at debconf 2018 (and guix as a debian developer was very into that)
<sphalerite>
Why is the PWM frequency on microwave ovens so low?
<aei>
anyhow, the email was a lot longer and touched on many other things (frequently touted) ... but a conclusion was that doing it makes doing some stuff fun, i mean once you have done it you have it (to a greater degree)
<aei>
but am much further along with basic configuration being ok, than any kind of heavy lifting, packaging etc. and for the most part that is what i would want to do, use it
<aei>
supersandro2000 is it off topic to ask about #115265 here? if possible i would rather that went through than try to leapfrog it with another PR; i do have some small cleanups in my local branch that i can post afterwards, but primary interest is in having the compilers working ... you are welcome to /query me if such a suggestion is not out of line and, i do see that you get very busy (also, i have not followed the procedure long
<aei>
to know how discretion is exercised (my personal inclination would be multiple small incremental improvements) or who does what, could anyone merge? is it usually left to the person who has taken the initiative to review it? are additional reviews mandatory?) ... so, when might that go through, are there things that need to be done and by whom, and would smaller PRs make more sense and ... the like
<aei>
kindof, sortof ... or is that more understanding?
<aei>
just messing now, dealing with other things, mostly far from keyboard and screen
<supersandro2000>
aei: depends.. I don't know anything about D but if all the updates are required to get it working it can be done in one PR. more important is that it not one commit across all packages.
<supersandro2000>
nix wise it looks fine except the two things I noted but I never used dlang so I can't tell if it breaks the compiler or something
<aei>
ah, lucky i look ...
<aei>
well, compiler wise nothing is currently working, and this starts to get stuff working
<adisbladis>
aei: Discussions about merges and reviews don't belong in -chat :)
<aei>
seems i catch breakage early because i use it more or less daily
<adisbladis>
aei: Nixpkgs master gang!
<adisbladis>
I've been running my personal systems straight off master for years
<aei>
but most of what needs to be said has been, guess i need to look at the two things, but i was hoping they could be fixed subsequently whatever they might be because right now everything must be broken
<aei>
adisbladis point taken, though ... i guess some issue fine tuning might be? and i thing supersandro2000 did invite a ping on irc
<LinuxHackerman>
those pings go in #nixos ;)
<supersandro2000>
aei: are you the author of the PR? if so just append the two other changes in two commits
<aei>
don't wish the submit a new pr leapfrogging someone else's and ... well, let me refresh my memory later on what the two things are, but i recall them being off the tool chain
<aei>
thanks in future they will, think it is the first question i asked, this whole thread
<aei>
next time LinuxHackerman
<supersandro2000>
you can always create a PR after the current one is merged
<pie_>
whats some common nix expression issues that would be good to cover in an article?
rajivr has quit [Quit: Connection closed for inactivity]
<colemickens>
I might have to give up on nix/xbox adventures. I either have to figure out why qemu can't boot this ancient 2.4 kernel with nographic, or build it from scratch and hope qemu is then happy.
<colemickens>
(nice, love when Element Web looks caught up, then i send a message, then it flashes and refreshes and fills in hours of backscroll.)
<{^_^}>
jtojnar/nixpkgs-hammering#1 (by jtojnar, 30 weeks ago, open): Implement the rest of the checks
Ox4A6F has quit [Quit: authenticating]
Ox4A6F has joined #nixos-chat
<aaronjanse>
supersandro2000: I wish the shell were moved to a different character so we can use > for quotes
<samueldr>
'>' was chosen because it's used in other communities (I don't remember why) by the bot author, for similar uses
<samueldr>
I don't remember which*
<aaronjanse>
Ah got it
jess has quit [Quit: update innit]
* cole-h
just changed his prompt to begin with `:` and end with `;`
<cole-h>
this way even if I copy-paste the whole line (including prompt) nothing bad will happen :D
j has joined #nixos-chat
<aaronjanse>
Ooh
j is now known as jess
<Synthetica>
I love nixpkgs' monorepo so much
<Synthetica>
Oh, something broke, let me just grab a drink while git bisect finds the exact commit that broke it
danderso1 is now known as danderson
<NinjaTrappeur>
<3
<lovesegfault>
monorepo is the only way to repo
<abathur>
all of you lurking elf/symtab wozards are off the hook for now, I think; I got a pretty sensible answer to my question about why `nm` reports undefined glibc symbols that weren't visible in the hexdump: https://reverseengineering.stackexchange.com/a/27267/36085
<pie_>
tell eelco :P<Synthetica> I love nixpkgs' monorepo so much
<pie_>
abathur: TIL
<abathur>
really good answer I think
<pie_>
how did you end up using yara
<pie_>
"Igor Skochinsky
<pie_>
I work at Hex-Rays, developing IDA disassembler and Hex-Rays decompiler. I like reverse engineering, embedded devices and other low-level stuff."
<pie_>
that explains why the name was familiar
<abathur>
well
<abathur>
YARA is just a tool I stumbled on trying to figure out approaches to the basic need, but I want to figure out whether/how well it can handle this corner of the issue because I anticipate needing to apply the same basic concept to some fraction of executable scripts and such
rj_ has quit [Remote host closed the connection]
<abathur>
and with the libmagic add-in, it at least might support tackling that with less bespoke stuff
<abathur>
though that answer will pose a problem for using yara to do it
<abathur>
idk
<abathur>
why, are you particularly familiar? I hadn't encountered it before
<supersandro2000>
> I will continue to use > for quotes
<{^_^}>
undefined variable 'for' at (string):489:26
<pie_>
not really familiar with it but i dabble in infosec and have infosec friends
<pie_>
yara is used a lot (i think originally intended for even?) malware signatures
<abathur>
yes
<abathur>
I'm a little off-label
<pie_>
i think virustotal for example uses it to querying their historical database for samples for example
<abathur>
I'm not entirely decided, but I've been wondering how miserable it is to write some little modules for it
<abathur>
ostensibly I can skin my present cat the other way around--add a module that is directly exposing the undefined symbols for rule conditions instead of trying to match the string with nul before/after
<abathur>
if the module is slower, I could still use that as a fallback to a naive string match
<pie_>
"ostensibly I can skin my present cat the other way around--add a module that is directly exposing the undefined symbols" overly amused by this combinationof phrases
<abathur>
er, not a fallback, but only use it to verify
<abathur>
so it's just testing a hodgepodge of things for execve with grep, a little rust cmd I found (ief), nm + grep, and YARA
<abathur>
not the syscall, just the wrapper
<abathur>
and recording each, and then outputting counts at the end, because for now I'm just trying to understand when they do/don't agree and figure out how/why
<abathur>
which is roughly how I got here; ief and nm agree that there are 33 matches in the set; yara missed 2 of those: sudo, and sudoedit
<pie_>
a...ha
<pie_>
maybe i should register for stackexchange one of these days instead of just putting stuff on th eissue tracker :PP
<abathur>
I'm probably being a little hard on SE; I think I tend to post to SE when obsessive research fails me; it would probably go better, on average, if I asked questions after a reasonable-but-not-exhastive search :)