<gchristensen>
`the` is +o'd to handle spam waves fyi
the has quit [Remote host closed the connection]
the has joined #nixos-dev
the has quit [Changing host]
the has joined #nixos-dev
taktoa has quit [Remote host closed the connection]
lassulus has quit [Read error: Connection reset by peer]
lassulus has joined #nixos-dev
ma27 has joined #nixos-dev
zybell has joined #nixos-dev
jtojnar has quit [Read error: Connection reset by peer]
jtojnar has joined #nixos-dev
ma27 has quit [Ping timeout: 256 seconds]
<Mic92>
globin: fpletz: I am on Tuesday in Munich at 11:00 and flight goes at 17:00. Do we want to meet for lunch/coffee break?
<globin>
Mic92: you can just drop by at our office anytime and hack from there too if you want to
<globin>
Mic92: I'll try to be in the office at ~11 then :)
<Mic92>
globin: no hurry, I will have to take the tram to the city centre.
mbrgm has quit [Read error: Connection reset by peer]
<globin>
Mic92: will be up rather early anyway so it's not a problem
mbrgm has joined #nixos-dev
JosW has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
s33se has joined #nixos-dev
txp284 has joined #nixos-dev
zybell has quit [Ping timeout: 240 seconds]
txp284 has quit [Quit: Yaaic - Yet another Android IRC client - http://www.yaaic.org]
lassulus has quit [Changing host]
lassulus has joined #nixos-dev
lassulus has quit [Quit: WeeChat 2.0]
lassulus has joined #nixos-dev
zybell_ has joined #nixos-dev
the has quit [Ping timeout: 276 seconds]
lassulus has quit [Quit: WeeChat 2.0]
lassulus has joined #nixos-dev
<globin>
niksnut: ping, some channels have not been updating for ~4 days
zybell_ has quit [Ping timeout: 248 seconds]
zybell_ has joined #nixos-dev
JosW has joined #nixos-dev
lassulus has quit [Quit: WeeChat 2.0]
lassulus has joined #nixos-dev
pie___ has joined #nixos-dev
pie__ has quit [Ping timeout: 264 seconds]
JosW has quit [Ping timeout: 264 seconds]
vcunat has joined #nixos-dev
<Mic92>
vcunat: my build patch is required (This message has been postponed on 2018-04-01 15:03:29.)
<thoughtpolice>
JDK updates pushed to `master`, 18.03 ports coming soon hopefully... I rebuilt locally with Nox and everything seemed OK, I'll monitor Hydra in the next few hours as well.
<vcunat>
sounds great
orivej has quit [Ping timeout: 256 seconds]
<gchristensen>
way to go vcunat, on cloudflare using knot
<vcunat>
Yes, I know :-D
<clever>
gchristensen: have you had a chance to look at my make-system-tarball PR again lately?
<vcunat>
The downside is that it's more work for me.
<gchristensen>
well I hear NixOS is the best way to run Knot *looks at cloudflare ;))
<vcunat>
:-D I haven't tried to suggest NixOS to them. Perhaps it's too late now when it's running. (Well I didn't really know in advance about the public resolver.)
<vcunat>
Conquest for world domination continues, both on Nix* and Knot* front.
<gchristensen>
I should probably run my own DNS
<vcunat>
gchristensen: you can also buy our routers that have knot-resolver inside ;-)
<vcunat>
(and they self-update!)
<gchristensen>
:) I already have my router running nixos, though if I were in the market I'd be interested
<vcunat>
Yeah, you will probably be better off with NixOS.
<gchristensen>
I don't quite know why cloudflare is doing this, though
<vcunat>
It could be just publicity.
<vcunat>
Funny how 9.9.9.9 and 1.1.1.1 started soon after each other.
<gchristensen>
isn't 9.9.9.9 a surveilance thing?
<vcunat>
Offering a free service to monitor its users? I've heard no such news about them.
<MichaelRaskin>
Isn't 1.1.1.1 also?
<gchristensen>
MichaelRaskin: who do you like for DNS?
<MichaelRaskin>
Recursive caching on localhost…
<vcunat>
(iterating directly and not forwarding anywhere, I assume)
<MichaelRaskin>
Yes. Ideally it should also cross-correlate with VPS, of course, but I am lazy.
<vcunat>
I understand that for people with bad connections that way is slower, but otherwise it feels good to have this more under control.
<MichaelRaskin>
Well, for bad connections I guess recursive + aggressive caching is the way to go…
<vcunat>
By aggressive you mean rfc8198, going over TTL when unable to contact upstream, or something else?
<MichaelRaskin>
Try to connect first, check TTL later.
<vcunat>
We've been just now hurrying with exactly your approach for 1.1.1.1
<zybell_>
as long as TLS is used, no damage. But when you connect to another host unencrypted because of that damage is possible,example revealing password or handing e-mail over.
<MichaelRaskin>
_passwords_ without encryption has been a horrible practice for quite long time now…
<MichaelRaskin>
HTTP header leak — yes, that's a risk
<zybell_>
even simple SMTP :mail A thinks delivered :mail B thinks SPAM
* gchristensen
updates dhcp to broadcast a local kresd for dns
* vcunat
looks forward to bug reports
<MichaelRaskin>
If you have a flaky local connection, ideally you TLS-deliver the mail to a reasonably-connected mail server (which obviously authenticates you)
davidlt_ has joined #nixos-dev
<gchristensen>
"One example is statistics module that can stream live metrics on the website, or publish metrics on request for Prometheus scraper" :o
davidlt has quit [Ping timeout: 256 seconds]
<zybell_>
Yeah, says I:Use TLS whenever you aggressively cache DNS, or you *will* encounter bugs!
<shlevy>
thoughtpolice: This is more preference than policy, but IMO it's better to rebase than add a fixup for stuff like the tarball URL... Kind of academic in the status quo but ideally all commits on master would be valid individually
<vcunat>
Uh, well, I wouldn't cache longer than day(s) over TTL. And in that case it (IMHO) seems unlikely to run into real problems.
<vcunat>
(that you wouldn't hit without the caching)
<thoughtpolice>
shlevy: Ah yeah, I normally do so but just didn't think about it -- sorry
<shlevy>
No worries :)
<shlevy>
Thanks for bumping jdk!
JosW has joined #nixos-dev
goibhniu has quit [Ping timeout: 260 seconds]
vcunat has quit [Quit: Leaving.]
JosW has quit [Quit: Konversation terminated!]
<zybell_>
vcunat: If a sysadmin changes IP, a carefully orchestrated dance of TTL begins in preparation of a carefully planned point in time when the actual switch is done and *sametime* the DNS delivers the new data. Usually the tolerance is 2 minutes the timeout of a TCP-Sync.
<Profpatsch>
gchristensen: Can I interest you in a meta-checker example?