<clever>
zovt_: i think only things installed only in environment.systemPackages and nix-env (without sudo) show up in gnome
<clever>
adelbertc: and you have to disable a crap-ton of things to just allow one app
<clever>
adelbertc: funnily enough, apps like facebook messenger open a special popup window that allows multi-tasking, and android refuses to let me accept any security question while that is open
<clever>
and every touch has a near-touch before/after, so you basicaly have a keylogger, lol
<clever>
and it can be used by a background service
<clever>
basically, there is an api to let you detect near-touch events
<clever>
i know when things look phishy and just dont click them
<clever>
only the kind that is installed in my brain
<clever>
i just turn the confirmations off
<clever>
so even if firefox is the default, it doesnt think its the default, and will ask every time its started
<clever>
there are some minor problems with the paths because of how nixpkgs wraps things
<clever>
other.nix can now depend on foo in the exact same way that everything else in nixpkgs depends on other things
<clever>
Lisanna: line 5 and 6 then define 2 packages, foo and other
<clever>
Lisanna: line 1 of default.nix does the import of nixpkgs, line 3 then creates a new instance of callPackage, that will search self first, then nixpkgs
<clever>
sphalerite: try putting breakpoints on both read_directory and get_data, and see which runs first, and how much
<clever>
read_directory uses Py_BuildValue to set the file_offset, that get_data later reads
<clever>
t = Py_BuildValue("sHIIkHHI", path, compress, data_size,
<clever>
file_size, file_offset, time, date, crc);
<clever>
get_data doesnt initialize file_offset though
<clever>
and then 813 sets file_offset
<clever>
786 is a for loop
<clever>
716 of read_directory has a local file_offset variable, no initial value
<clever>
ah, it might be line 813
<clever>
something else must set those fields
<clever>
so you give it a python object pointer, and it reads internal fields you set earlier
<clever>
it appears to be a generic python function
<clever>
i think that just reads attributes from a set
<clever>
sphalerite: cant find any code in that file that actualy initializes file_offset
<clever>
line 605 defines the entire object type
<clever>
and the ZipImporter contains the file_offset
<clever>
line 569 ties a python method "get_data" to the c method "zipimporter_get_data", which will cast the PyObject* to a ZipImporter*
<clever>
sphalerite: just set a breakpoint on get_data
<clever>
sphalerite: even without -g, gdb can give a backtrace, which can still help
<clever>
and get_data is static, so the call must be inside this file
<clever>
i think toc_entry is a python attribute set being passed into this function
<clever>
and track down how it computes file_offset
<clever>
so we need to either add some print statements to the code, or build with -g and run it under gdb
<clever>
to improve buffering
<clever>
libc may have rounded the seek position down, so it could read data from before the target point
<clever>
its also possible that libc is cheating with the seek and read
<clever>
so it reads more (774 bytes) then what it asked for
<clever>
they did fread, so libc is buffering, exactly as you where expecting
<clever>
sphalerite: ah, thats why i dont see it reading 30 bytes (line 954)
<clever>
sphalerite: make it fail with -K and then double-check that its even a zip
<clever>
so it appears to just lock up for zero reason, in the middle of gameplay
<clever>
and if you get a random network error, it saves everything to disk before rendering a dialog saying it was a entwork error
<clever>
sphalerite: this leads to the game locking up solid for ~1.5 hours
<clever>
sphalerite: and samba flushes those bytes over the network, and waits 1 round trip per byte, including waiting for the samba server to flush to disk
<clever>
sphalerite: i also discovered one day, when running world of warcraft over samba to a linux hdd, that wow saves config 1 byte at a time
<clever>
which can manage a buffer within the struct FILE*
<clever>
only if you use something like fwrite
<clever>
haskell does that as well, it runs write over a list of characters with map
<clever>
sphalerite: for example, strace ./oil.ovm, and gist the last 20-30 lines
<clever>
sphalerite: strace, build with -g and gdb, patch the source
<clever>
sphalerite: fixupPhase handles binary patching after the install
<clever>
yay
<clever>
it has to download the cabal file for every single dependency, and then run cabal2nix on each
<clever>
yeah
<clever>
Wizek: under build-depends:
<clever>
Wizek: the cheap-fix, is to just add alex as a library level dep in your cabal file, and re-run stack2nix
<clever>
that doesnt include build-time tools
<clever>
Wizek: so only what `stack list-dependencies` lists will appear in the generated file
<clever>
Wizek: stack2nix overrides the haskellPackages in a special way, that prevents anything from the nixpkgs haskellPackages leaking in
<clever>
Wizek: thats a different problem, i ran into it with cpphs
<clever>
Wizek: self. lets you refer to other packages in the set, and give them more names
<clever>
Wizek: you can do that with gi-javascriptcore = self.gi-javascriptcore2;
<clever>
actually no, gi-javascriptcore_4_0_12 = self.gi-javascriptcore;
<clever>
Wizek: a second option is to undo these changes, and instead do gi-javascriptcore_4_0_12 = gi-javascriptcore; and use rec for the main {
<clever>
Wizek: and second, it continues to try to do that, even when you dont ask for gi-javascriptcore
<clever>
Wizek: so that override you pasted earlier is breaking it twice, the first way, it tries to give you gi-javascriptcore_4_0_12 when you asked for gi-javascriptcore (and gi-javascriptcore_4_0_12 doesnt exist)
<clever>
Wizek: you will need to add gi-javascriptcore to the arguments on line 1677, in addition to gi-javascriptcore2
<clever>
Wizek: nix is forcibly giving gi-webkit2 an extra parameter, that you arent expecting
<clever>
Wizek: everything refers to it as gi-javascriptcore in the gist, so i dont see whrere that 2nd version is coming from
<clever>
grantwu: got a link to the PR?
<clever>
grantwu: you can also make a change in the whitespace, git commit --ammend, and force-push to the PR branch
<clever>
grantwu: anybody with push access to the repo can restart the build
<clever>
Wizek: i think you need to manualy edit that to webkitgtk24x-gtk3
<clever>
to make a temporary sandbox
<clever>
srhb: i sometimes do HOME=/tmp/foo something
<clever>
srhb: you can also just change the value of $HOME
<clever>
Wizek: you can solve that with one of the following, "--no-out-link" (skips the result entirely), "-o ../result" (puts it somewhere else), or "cd .. ; nix-build project1 -A project1" (loads project1/default.nix, and leaves the result one directory up)
<clever>
Wizek: so project1 will never have a cache hit
<clever>
Wizek: so every time you sucessfully build the source, you also modify the source
<clever>
Wizek: one minor problem, is that the ./. for project1, will also include the result symlink nix-build creates
<clever>
Wizek: and if you perfectly undo the change, it can reuse 100% of it
<clever>
Wizek: in the case of nix based builds, it will save everything in /nix/store/
<clever>
heh
<clever>
that also works
<clever>
Wizek: another simpler solution is to just delete your .stack-work
<clever>
Wizek: in this case, it excludes any symlinks ending in .root, all .swp files (vim!), your .stack-work, all .nix files, and anything that lib.cleanSourceFilter excludes (.o's, ~'s, and .git)
<clever>
Wizek: you will need a second nix file, that imports the stack2nix one (line 24) and applies some overrides
<clever>
Wizek: and the definition of cleanSource2 on line 16
<clever>
Infinisil: and if you have root, you can run an arm build of linux (ubuntu or nixos!) under a chroot, and connect back to such an xorg
<clever>
Infinisil: i have seen an android xorg server, which you can then link to over tcp
<clever>
and it would only be able to update to a version i had signed
<clever>
so i could create updates freely
<clever>
when i recompiled it, i had to re-sign it with my own keypair
<clever>
so no data can be stolen
<clever>
if you are installing something signed by the "wrong" person, you must uninstall the old app (deleting any secrets it had), then install the new one
<clever>
the signature is only ever checked when upgrading
<clever>
but android apps are always signed with a certificate-less keypair
<clever>
they are signed
<clever>
in theory, i could further modify it to log your name/pw, upload to another site, and then post the app on the amazon app store
<clever>
what i realized then, is how easy it was to modify the android app
<clever>
lol
<clever>
decompile, delete map code, recompile, boom, it works!
<clever>
that is a system library in android, and it is only present on devices that google has approved
<clever>
i also discovered, my online banking app uses the google maps library to show where ATM's are
<clever>
but for that first year, i had to root it and jam in the google play app
<clever>
a year later, they unlocked canada, and it works fine now
<clever>
Infinisil: then i discovered, you must have an american billing address, even to install a free app
<clever>
Infinisil: they refused to ship it or sell it to canadians, so i had a friend in america buy it and ship it up
<clever>
Infinisil: i had a similar problem with the amazon kindle
<clever>
i think it also turns off all ad's
<clever>
Infinisil: my problem, is that they wont even let me pay, lol
<clever>
Infinisil: they refuse to take my money
<clever>
Infinisil: and of course, no dirty canadians allowed
<clever>
Infinisil: youtube red is a subscription thing that fixes that
<clever>
Infinisil: the android + ps3 youtube/netflix app work in an entirely different manner, the mobile device is a wifi remote, and can safely be turned off
<clever>
Infinisil: and it has no rewind
<clever>
Infinisil: and the ipad must remain on, and draining battery, for the entire length of the video
<clever>
Infinisil: so i am forced to use an apple device to stream youtube videos to the tv
<clever>
Infinisil: android has the identical app, it dont work
<clever>
Infinisil: and if you launch that app, i can see the cable box doing https requests to that domain
<clever>
Infinisil: there is a special iOS app that you must use to stream video to the cable boxes
<clever>
yep
<clever>
Infinisil: but the new router and IPTV system conflicts with it
<clever>
Infinisil: yeah
<clever>
try and ping it!
<clever>
adisbladis: also, look at the domain twonky.tv.fibreop.ca
<clever>
adisbladis: and the multicast traffic comes from a 10 ip
<clever>
adisbladis: the STB's access addresses in the 10 range constantly
<clever>
the 10.0.0.0/8 network is for the iptv service, and the rest is internet
<clever>
adisbladis: my ISP has 2 vlans (802.1q) on the modem, and the router must be specially configured for 2 uplinks over the same wire
<clever>
Infinisil: it took me a while to realize that was a private range
<clever>
Infinisil: but i could still vpn in, and it had an ip in 172.16.0.0/12
<clever>
Infinisil: i had a server in a datacenter, and it randomly just went offline at the designated public ip
<clever>
Infinisil: yeah, that one tripped me up a few months ago
<clever>
:O
<clever>
so i had to switch to 192.168.2.0/24
<clever>
i later discovered, the ISP has their own 10.0.0.0/8 for the tv service, and the router has been modified to not allow that for the LAN
<clever>
srhb: yeah, half, ~128
<clever>
and the UI would just claim to be changing, then do nothing
<clever>
when i upgraded to fiber, i tried setting the new router to the same subnet
<clever>
back when i was on dsl, i ran my LAN as 10.0.0.0/25
<clever>
LnL: i had a /25 before upgrading to fiber
<clever>
Infinisil: the 24 has to match up with the netmask on line 31
<clever>
every now and then people ask questions, and i gist fragments of my config
<clever>
its part of a nixcfg git repo that i havent gotten around to publishing
<clever>
stanibanani: full dhcp, dns, and nat, along with an ipv6 tunnel partialy configured
<clever>
thblt: thats what i read, but Infinisil thinks he had it working with suspend to ram
<clever>
i would expect randomEncryption to play nicely with suspend to ram, since the key stays in ram
<clever>
thblt: and once you have randomEncryption on, you are down to 1 luks device (the zfs pool), so you dont need gchristensen's second 3mb luks trick to unlock 2 things