2019-06-04

<clever> that sounds likely
<clever> yeah
<clever> this is where it comes into play, is the DDT based on the hash of the plaintext, or the hash of the ciphertext?
<clever> court order to dropbox, who has the file with hash X!
<clever> then somebody realized, if they try to upload an illegal file, and it doesnt have to upload, somebody is in trouble :P
<clever> skip the upload!
<clever> pie__: originally, you sent the hash of a file to the server, and if dropbox already had a copy, its instantly added to your box
<clever> pie__: dropbox had a related exploit
<clever> simpler to just use luks
<clever> pie__: then dont make any datasets called illegal-porn and youll be safe :P
<clever> [clever@system76:~]$ diff -u --color=always <(gunzip -c /nix/store/msrcfzv0i9k1dgj9dbpqkm9gnks1q7xy-zfs-user-0.8.0/share/man/man8/zfs.8.gz) <(gunzip -c /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz)
<clever> what if you just ungzip it, and diff the raw txt?
<clever> less -R, is doing more then just plain tty
<clever> and |less just makes a total mess
<clever> but | less -R, does bolg them
<clever> this doesnt bold things
<clever> [clever@system76:~]$ diff -u --color=always <(man /nix/store/msrcfzv0i9k1dgj9dbpqkm9gnks1q7xy-zfs-user-0.8.0/share/man/man8/zfs.8.gz) <(man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz)
<clever> ok, thats STRANGE
<clever> yeah, now it looks like crap :P
<clever> [clever@system76:~]$ diff -u --color=always <(man /nix/store/msrcfzv0i9k1dgj9dbpqkm9gnks1q7xy-zfs-user-0.8.0/share/man/man8/zfs.8.gz) <(man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz) | less
<clever> `less -R` will allow ansii control codes to work
<clever> and diff didnt see any differences on that line, so it was even hidden
<clever> so my terminal renders it properly
<clever> ah, i wasnt piping the diff output into anything
<clever> 00000110 0a 0a 4e 08 4e 41 08 41 4d 08 4d 45 08 45 0a 20 |..N.NA.AM.ME.E. |
<clever> are you on bash?
<clever> this lacks bold for me
<clever> [clever@system76:~]$ diff -u --color=always <(man /nix/store/msrcfzv0i9k1dgj9dbpqkm9gnks1q7xy-zfs-user-0.8.0/share/man/man8/zfs.8.gz) <(man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz)
<clever> specitically, the istty() function
<clever> samueldr: i think its | that unbolds it
<clever> ZFS(8) System Manager's Manual ZFS(8)
<clever> [clever@system76:~]$ man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz | head
<clever> no bolt in sight on my end
<clever> # zfs create pool/project/production
<clever> [clever@system76:~]$ man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz | grep 'zfs create'
<clever> samueldr: what happens if you just pipe it thru cat?
<clever> the trick, is that you already did all of the nix expr stuff, so anybody can just download those 2 versions, and diff them
<clever> pie__: run `nix-store` on both the paths samueldr gave
<clever> no expensive lookup, no hashtable to power it
<clever> but with nopwrite, your overwritting block X, and can just compare the checksum on-disk, to the checksum(newcontent) to see if it actually changed
<clever> for dedup, you have a massive hash table, to see if a block with hash(content) exists, and where it is
<clever> nopwrite is similar but much cheaper then dedup
<clever> the other one is just a hashing algo, which can then be used as the checksum for all blocks in the dataset
<clever> `This feature enables the use of the Edon-R hash algorithm for checksum, including for nopwrite`
<clever> good point, that could maybe update that flag
<clever> and only knows that the entire dataset has become suspect
<clever> pie__: zfs may not be able to track how many "bad things" remain
<clever> and destroying the entire dataset to de-activate
<clever> pie__: so this flag requires changing properties to non-default values, to activate
<clever> will return to being enabled once all filesystems that have ever contained a dnode larger than 512B are destroyed
<clever> This feature becomes active once a dataset contains an object with a dnode larger than 512B, which occurs as a result of setting the dnodesize dataset property to a value other than legacy.
<clever> The large_dnode feature allows the size of dnodes in a dataset to be set larger than 512B.
<clever> pie__: my desktop has 2 other features not yet enabled
<clever> amd feature@edonr disabled local
<clever> amd feature@large_dnode disabled local
<clever> pie__: assertions = [ { assertion = pkgs.zfsUnstable.name == "zfs-user-0.8.0"; message = "zfs version is trying to change"; } ];
<clever> and nixos will list all of the failures, rather then just the first one
<clever> it takes a list of bool+msg pairs
<clever> infinisil: there is also the assertions "nixos option"
<clever> but linux doesnt support that
<clever> multi_vdev_crash_dump is basically where the kernel will coredump when it panics
<clever> but under linux, it will never transisition to active
<clever> multi_vdev_crash_dump can be enabled on linux, and you can import pools where it is active
<clever> async_destroy is read-only compatible, so you can import such a pool read-only, even if you dont know how to handle the flag
<clever> pie__: oh, each feature also has a "read only compatible" flag
<clever> pie__: so in the case of async_destroy, once any destroy operations are done, you can just turn it back off
<clever> o1lo01ol1o: use haskell.packages.ghc844 instead of haskellPackages
<clever> `This feature is only active while freeing is non-zero.`
<clever> and it will just import and keep going like nothing is different
<clever> with async_destroy on, it returns immediately, and you can `zpool get freeing` to see how much is pending
<clever> causing it to take potentially hours to boot :P
<clever> and if you reboot in the middle of such a GC, `zpool import` will block until fully GC'd
<clever> without it, `zfs destroy` will block until the dataset is fully GC'd
<clever> async_destroy for example
<clever> the man page says when it will switch from enabled->active and active->enabled
<clever> active means you must do something before you can disable it (if you can at all)
<clever> enabled means the feature is on, but can be disabled easily
<clever> amd feature@multi_vdev_crash_dump disabled local
<clever> amd feature@empty_bpobj active local
<clever> amd feature@async_destroy enabled local
<clever> since you have the entire dataset, and just need to know what time to cut it at, to make it fit the remote copy
<clever> and then you can do an incremental `zfs send`
<clever> bookmarks are to remember what the remote box has, so you can find the differences between bookmark-1 and snapshot-2
<clever> bookmarks store only the tx#
<clever> snapshots store both the tx#, and act as a gc-root, so you cant delete its children
<clever> zfs diff, and snapshots, use that to see if a given dir has been modified before or after a set time, and if it should recurse into it
<clever> and all blocks and files have a birth-tx, that defines what transaction it was made in
<clever> behind the scenes, zfs has a transaction# on every chunk of things it commits to disk
<clever> [root@amd-nixos:~]# zpool get all | grep feature
<clever> `man zpool-features`
<clever> depends on the feature i believe
<clever> rsync would still solve it
<clever> and send | recv may preserve that metadata...
<clever> so it depneds on the feature
<clever> the man page says some features can be turned off, but may require destroying any dataset that had used them
<clever> but the original in /nix/store is still world-readable
<clever> freshee: https://nixos.org/nixos/options.html#environment.etc. the .mode option will restrict the perms after its copied to /etc/
<clever> freshee: all files in /nix/store must be world readable
<clever> gyroninja__: its more about escaping it from bash when calling substitute, rather then / and \ and others being special to sed
<clever> tobiasBora: the weechat wrapper does similar
<clever> tobiasBora: and you can test it with just nix-build alone
<clever> tobiasBora: more that it can work without nixos
<clever> tobiasBora: whatever you put in binary, will get passed to screen, so you could also sneak screen flags in via binary = "-something ${weechat}/bin/weechat"; lol
<clever> either cat <<EOF, or just cp some writeText's
<clever> tobiasBora: you can also just make your own derivation, that generates the files however you want
<clever> > runCommand "name" {} ''mkdir $out ; create $out/things''
<clever> exactly
<clever> > let thing = writeText "name" "contents"; in "${thing}"
<clever> and returns the path it wrote to
<clever> tobiasBora: writeText always writes to /nix/store/
<clever> tobiasBora: you would usually run weechat with a cmdline arg to change the alias.conf path, and point it to a pkgs.writeText

2019-06-03

<clever> tobiasBora: services.weechat.binary
<clever> bendlas: ah, thats not really possible with the current parser
<clever> bendlas: this lets you import a .so file, and have it return a native nix value, which can optionally contain primops
<clever> yeah
<clever> it would have to re-eval the nix every time it fixes something
<clever> yeah
<clever> tobiasBora2: sure
<clever> exarkun: the missing part, is services to auto-dump the ram
<clever> exarkun: that will reserve a set amount of ram, and then in the event of a major kernel failure, it will basically reboot, and limit itself to the reserved ram
<clever> exarkun: the crash kernel does partially work in nixos
<clever> exarkun: so it may be fully working over ssh
<clever> exarkun: its possible that only the gpu drivers are crashing
<clever> exarkun: do you have a 2nd machine and the ability to ssh into the problem one?
<clever> nix-build '<nixpkgs/nixos>' -A vm -I nixos-config=./configuration.nix
<clever> infinisil: nixos-rebuild build-vm -I nixos-config=./configuration.nix
<clever> o1lo01ol1o: and it runs inside the shell that nix-shell gives to you, so it can create bash aliases
<clever> o1lo01ol1o: shellHook runs as your current user, without any sandboxing
<clever> o1lo01ol1o: yep
<clever> try dontCheck, like infinisil said
<clever> cant think of anything else to check then
<clever> iqubic: is that the contents of dist/test/chessIO-0.3.1.1-perft.log ?
<clever> iqubic: that looks like the wrong pastebin, read line 37
<clever> iqubic: just read it, look for the cause of the error
<clever> iqubic: in that dir, run `find -name dist`
<clever> in the directory --keep-failed printed at the end
<clever> iqubic: --keep-failed
<clever> iqubic: we need to read dist/test/chessIO-0.3.1.1-perft.log
<clever> iqubic: how are the tests failing?
<clever> .extend can extend an extended set, so you can compose many of them together
<clever> and .override doesnt compose well when you .override twice
<clever> yeah
<clever> iqubic: just replace purescript in the above example with o-clock
<clever> simon_weber: exactly the same as when using nixos
<clever> simon_weber: when using nixops, it has to be set at nixpkgs.config and nixpkgs.overlays, within the machine config
<clever> who said haskell overlays are hard? lol
<clever> nix run nixpkgs.yarn nixpkgs.haskellPackages.purescript --arg config '{ allowBroken = true; packageOverrides = pkgs: { haskellPackages = pkgs.haskellPackages.extend (self: super: { purescript = pkgs.haskell.lib.doJailbreak super.purescript; }); }; }'
<clever> then you will need to wait for gchristensen
<clever> hyper_ch2: the peer units likely need to be improved, to auto-run on bootup
<clever> typetetris: lib.cleanSource can also be used to clean the src up
<clever> hyper_ch2: sounds like the peer units just need more wantedby flags, which would be a bug
<clever> and i agree
<clever> try \\
<clever> didnt copy the whole thing, oops
<clever> systemctl restart wireguard-wg_ons-peer-enDIyyZaperJVAk-GxsTEHx-VlxCEZ9PM1uCvoO-Km8\x3d.service
<clever> systemctl restart wireguard-wg_ons-peer-enDIyyZaperJVAk-GxsTEHx-VlxCEZ9PM1uCvoO-Km8
<clever> the peer unit, not that one
<clever> have you tried restarting the peer unit?
<clever> try to manually start that .service?
<clever> hyper_ch2: and there is your 2 missing commands
<clever> hyper_ch2: and the execstart on that one?
<clever> hyper_ch2: wireguard-wg_ons-peer-enDIyyZaperJVAk-GxsTEHx-VlxCEZ9PM1uCvoO-Km8\x3d.service
<clever> what does that one do, for the client side on the broken ones?
<clever> yeah, there is a -peer for each peer, on each interface
<clever> hyper_ch2: both the client and server should have 2 unit files now
<clever> hyper_ch2: what wireguard related files are in /etc/systemd/system/ ?
<clever> there is no real difference between client and server in wireguard
<clever> you need to check more files to see the whole picture
<clever> also, this now makes a seperate systemd service for each peer
<clever> yeah, you confirmed that at the end, its not making routes
<clever> hyper_ch2: what about `ip route` ?
<clever> hyper_ch2: how is it broken?
<clever> yeah
<clever> or copy it somewhere if not
<clever> but it would be better to compile that ruby code (if possible)
<clever> that will generate a shell script, that runs bundle, and then put the path of the script into ExecStart
<clever> emptyflask: ah, .path is a nixos option, not a home-manager option, adjusting it...
<clever> emptyflask: but you probably want to build the ruby package properly, with nix-build, and then import that expression
<clever> edited it again, refresh
<clever> emptyflask: and then what exactly you do with that, depends on what the default.nix contains
<clever> import ./foo/default.nix
<clever> emptyflask: you give import the path to a nix file, and it returns whatever value is inside that file
<clever> emptyflask: import
<clever> emptyflask: and dont run nix-shell or nix-build in ExecStart, just run bundle directly
<clever> emptyflask: just put the right things into systemd.services.foo.path
<clever> o1lo01ol1o: yeah
<clever> o1lo01ol1o: add FOO = "${thing}/foo"; to the attrset of mkDerivation
<clever> ah wait
<clever> o1lo01ol1o: overrideCabal (callCabal2nix "foo" ./foo {}) (drv: { buildInputs = drv.buildInputs ++ []; })
<clever> o1lo01ol1o: overrideCabal
<clever> just derivation1
<clever> if the binaries are in $out/bin/, and you then add it to buildInputs, it will be added to PATH at build time
<clever> just copy the files over, in the derivation that is unpacking them
<clever> o1lo01ol1o: you could just have them in your $out, or you could make a split output derivation
<clever> each bootloader has its own shell script for copying kernels to /boot
<clever> oh, and grub may behave differently with boot.loader.efi.efiSysMountPoint = "/boot/EFI";
<clever> i just avoid systemd-boot, and always use grub
<clever> i may be mis-remembering what effect that has
<clever> i may be mis-remembering some bits, id need to experiment in qemu to confirm
<clever> nh2: that matches up with how it worked for me

2019-06-02

<clever> on the same fs*
<clever> and if /boot is the same as as /nix, the bootloader config will just be full storepaths, nothing gets copied
<clever> /boot can now be anything, even just a dir on /
<clever> nh2: then put the ESP at that path
<clever> boot.loader.efi.efiSysMountPoint = "/boot/EFI";
<clever> nh2: the kernels dont have to be on the esp
<clever> you want { config.allowBroken = true; }
<clever> the {} tells it to load ~/.nixpkgs/config.nix
<clever> unstable doesnt obey nixpkgs.config
<clever> unstable = import <nixos-unstable> {};
<clever> this is where it was marked as broken
<clever> commit c406a7287db2273015ecb6fc18cfd98e5d6864fe
<clever> Date: Thu Mar 28 09:33:32 2019 +0100
<clever> it doesnt say why
<clever> i think
<clever> it was marked as broken in this commit
<clever> Date: Wed May 8 18:31:04 2019 +0200
<clever> commit 03edc1e5c5b6cb2f10fdeed2b2686c9bf3217d62
<clever> try that
<clever> now you can nixos-rebuild, without --upgrade
<clever> it only downloads 2 small tar files
<clever> yes
<clever> you want `nix-channel --update` which updates all channels
<clever> which only updates the nixos channel
<clever> yeah, it looks like youve been using nixos-rebuild --upgrade
<clever> the output shouldnt look like that
<clever> iqubic: did you run the exact command i gave, in bash?
<clever> iqubic: ls -l /nix/var/nix/profiles/per-user/root/channels-*/nixos-unstable
<clever> iqubic: ls -l /nix/var/nix/profiles/per-user/root
<clever> did you add a / at the end?
<clever> iqubic: ls -l /nix/var/nix/profiles/per-user/root/channels
<clever> what does the above print?
<clever> iqubic: nix-instantiate --find-file nixos-unstable
<clever> its definitely in nixos-unstable
<clever> it was added to nixpkgs 2 days after it was created on github, lol
<clever> Date: Thu Mar 28 11:28:13 2019 +0100
<clever> commit e76f30e5a2cb13ef48185524eaddf761ff12df57
<clever> probably
<clever> use nixos-unstable
<clever> 19.03 was forked in early march
<clever> chessIO was made in late march
<clever> iqubic: chessIO isnt in that version of nixpkgs
<clever> iqubic: nix eval nixpkgs.lib.version ?
<clever> iqubic: can you pastebin both your nix file, and the full error with --show-trace?
<clever> case matters
<clever> iqubic: haskellPackages.chessIO
<clever> iqubic: if it has binaries, sure
<clever> inquisitiv3: if it accepts a `--config /path/to/foo.txt` then you can just use pkgs.writeText to generate the cfg, and pass it the path
<clever> while the wrapped ones have a bash wrapper, that enables plugins like java/flash/widevine
<clever> unwrapped is just the raw firefox
<clever> leotaku: non-bin is built from source
<clever> leotaku: bin is the official upstream builds, with patchelf applied to "fix" them
<clever> yeah
<clever> root3: probably to use the cachix server
<clever> root3: if you set that option in nix.conf, it overrides the default, so cache.nixos.org gets turned off
<clever> there is a lot of overhead from sandboxing, and the sqlite does enforce waiting on the RPM of the drives
<clever> nh2: weird
<clever> nh2: -j5 may help
<clever> Guest88: when adding something to buildInputs, nix will get the dev version foryou
<clever> fun!
<clever> nh2: systemctl list-timers
<clever> nh2: there is a fun back&forth between kernel and userland to load firmware files, i once implemented it in bash
<clever> nh2: the next thing your missing then, is firmware loading, either run udev, or re-implement it
<clever> you must have seen haskell-init then?
<clever> :D
<clever> that would solve your problem until somebody plugs in a 2nd cable
<clever> nh2: something else ive wanted in nixos, is to just give an ip to the 1st link to be online
<clever> nh2: does `ip link` only show one IF as being up?
<clever> nh2: gist updated with more wifi examples
<clever> oh, let me add wifi to my gist
<clever> nh2: the simplest thing i can think of, is to just boot nixos, and use the rescue console to fix it, lol
<clever> nh2: the pattern is fairly obvious, except for the enp vs ens part
<clever> nh2: ah, how do they appear in lspci?
<clever> root3: try `find $HOME -mount -name nix.conf`
<clever> nh2: let me compile more examples...
<clever> nh2: bus 3, slot 0
<clever> 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
<clever> 03:00.0 Ethernet controller: Intel Corporation 82583V Gigabit Network Connection
<clever> nh2: you could also turn predictable names off in nixos too
<clever> root3: yeah, you have cache.nixos.org turned off!, youll want to add it back in your nix.conf file
<clever> root3: what if you grep for substituters instead?
<clever> root3: i dont see a substituters=
<clever> root3: `nix show-config | grep cache`
<clever> root3: it is
<clever> root3: is the binary cache enabled?
<clever> root3: it should just fetch it from the binary cache
<clever> root3: try both
<clever> root3: what does this do?
<clever> nix-build https://github.com/nixos/nixpkgs/archive/a0b7a7913c4.tar.gz --arg config '{}' --arg overlays '[]' --argstr system i686-linux -A git