2019-06-04
04:17
<
clever >
that sounds likely
03:55
<
clever >
this is where it comes into play, is the DDT based on the hash of the plaintext, or the hash of the ciphertext?
03:54
<
clever >
court order to dropbox, who has the file with hash X!
03:54
<
clever >
then somebody realized, if they try to upload an illegal file, and it doesnt have to upload, somebody is in trouble :P
03:53
<
clever >
skip the upload!
03:53
<
clever >
pie__: originally, you sent the hash of a file to the server, and if dropbox already had a copy, its instantly added to your box
03:53
<
clever >
pie__: dropbox had a related exploit
03:50
<
clever >
simpler to just use luks
03:50
<
clever >
pie__: then dont make any datasets called illegal-porn and youll be safe :P
03:25
<
clever >
[clever@system76:~]$ diff -u --color=always <(gunzip -c /nix/store/msrcfzv0i9k1dgj9dbpqkm9gnks1q7xy-zfs-user-0.8.0/share/man/man8/zfs.8.gz) <(gunzip -c /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz)
03:24
<
clever >
what if you just ungzip it, and diff the raw txt?
03:21
<
clever >
less -R, is doing more then just plain tty
03:21
<
clever >
and |less just makes a total mess
03:21
<
clever >
but | less -R, does bolg them
03:21
<
clever >
this doesnt bold things
03:20
<
clever >
[clever@system76:~]$ diff -u --color=always <(man /nix/store/msrcfzv0i9k1dgj9dbpqkm9gnks1q7xy-zfs-user-0.8.0/share/man/man8/zfs.8.gz) <(man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz)
03:20
<
clever >
ok, thats STRANGE
03:20
<
clever >
yeah, now it looks like crap :P
03:20
<
clever >
[clever@system76:~]$ diff -u --color=always <(man /nix/store/msrcfzv0i9k1dgj9dbpqkm9gnks1q7xy-zfs-user-0.8.0/share/man/man8/zfs.8.gz) <(man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz) | less
03:20
<
clever >
`less -R` will allow ansii control codes to work
03:19
<
clever >
and diff didnt see any differences on that line, so it was even hidden
03:19
<
clever >
so my terminal renders it properly
03:19
<
clever >
ah, i wasnt piping the diff output into anything
03:19
<
clever >
00000110 0a 0a 4e 08 4e 41 08 41 4d 08 4d 45 08 45 0a 20 |..N.NA.AM.ME.E. |
03:17
<
clever >
are you on bash?
03:17
<
clever >
this lacks bold for me
03:17
<
clever >
[clever@system76:~]$ diff -u --color=always <(man /nix/store/msrcfzv0i9k1dgj9dbpqkm9gnks1q7xy-zfs-user-0.8.0/share/man/man8/zfs.8.gz) <(man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz)
03:17
<
clever >
specitically, the istty() function
03:16
<
clever >
samueldr: i think its | that unbolds it
03:15
<
clever >
ZFS(8) System Manager's Manual ZFS(8)
03:15
<
clever >
[clever@system76:~]$ man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz | head
03:14
<
clever >
no bolt in sight on my end
03:14
<
clever >
# zfs create pool/project/production
03:14
<
clever >
[clever@system76:~]$ man /nix/store/pf10i5lvzqgg3b1jy00giz84zv05lplf-zfs-user-0.7.13/share/man/man8/zfs.8.gz | grep 'zfs create'
03:13
<
clever >
samueldr: what happens if you just pipe it thru cat?
03:11
<
clever >
the trick, is that you already did all of the nix expr stuff, so anybody can just download those 2 versions, and diff them
03:10
<
clever >
pie__: run `nix-store` on both the paths samueldr gave
02:19
<
clever >
no expensive lookup, no hashtable to power it
02:19
<
clever >
but with nopwrite, your overwritting block X, and can just compare the checksum on-disk, to the checksum(newcontent) to see if it actually changed
02:18
<
clever >
for dedup, you have a massive hash table, to see if a block with hash(content) exists, and where it is
02:18
<
clever >
nopwrite is similar but much cheaper then dedup
02:17
<
clever >
the other one is just a hashing algo, which can then be used as the checksum for all blocks in the dataset
02:17
<
clever >
`This feature enables the use of the Edon-R hash algorithm for checksum, including for nopwrite`
02:17
<
clever >
good point, that could maybe update that flag
02:16
<
clever >
and only knows that the entire dataset has become suspect
02:16
<
clever >
pie__: zfs may not be able to track how many "bad things" remain
02:14
<
clever >
and destroying the entire dataset to de-activate
02:14
<
clever >
pie__: so this flag requires changing properties to non-default values, to activate
02:14
<
clever >
will return to being enabled once all filesystems that have ever contained a dnode larger than 512B are destroyed
02:13
<
clever >
This feature becomes active once a dataset contains an object with a dnode larger than 512B, which occurs as a result of setting the dnodesize dataset property to a value other than legacy.
02:13
<
clever >
The large_dnode feature allows the size of dnodes in a dataset to be set larger than 512B.
02:13
<
clever >
pie__: my desktop has 2 other features not yet enabled
02:13
<
clever >
amd feature@edonr disabled local
02:12
<
clever >
amd feature@large_dnode disabled local
02:08
<
clever >
pie__: assertions = [ { assertion = pkgs.zfsUnstable.name == "zfs-user-0.8.0"; message = "zfs version is trying to change"; } ];
02:06
<
clever >
and nixos will list all of the failures, rather then just the first one
02:06
<
clever >
it takes a list of bool+msg pairs
02:05
<
clever >
infinisil: there is also the assertions "nixos option"
02:04
<
clever >
but linux doesnt support that
02:04
<
clever >
multi_vdev_crash_dump is basically where the kernel will coredump when it panics
02:03
<
clever >
but under linux, it will never transisition to active
02:03
<
clever >
multi_vdev_crash_dump can be enabled on linux, and you can import pools where it is active
02:02
<
clever >
async_destroy is read-only compatible, so you can import such a pool read-only, even if you dont know how to handle the flag
02:02
<
clever >
pie__: oh, each feature also has a "read only compatible" flag
02:01
<
clever >
pie__: so in the case of async_destroy, once any destroy operations are done, you can just turn it back off
02:00
<
clever >
o1lo01ol1o: use haskell.packages.ghc844 instead of haskellPackages
02:00
<
clever >
`This feature is only active while freeing is non-zero.`
01:59
<
clever >
and it will just import and keep going like nothing is different
01:59
<
clever >
with async_destroy on, it returns immediately, and you can `zpool get freeing` to see how much is pending
01:59
<
clever >
causing it to take potentially hours to boot :P
01:59
<
clever >
and if you reboot in the middle of such a GC, `zpool import` will block until fully GC'd
01:58
<
clever >
without it, `zfs destroy` will block until the dataset is fully GC'd
01:58
<
clever >
async_destroy for example
01:57
<
clever >
the man page says when it will switch from enabled->active and active->enabled
01:57
<
clever >
active means you must do something before you can disable it (if you can at all)
01:56
<
clever >
enabled means the feature is on, but can be disabled easily
01:56
<
clever >
amd feature@multi_vdev_crash_dump disabled local
01:56
<
clever >
amd feature@empty_bpobj active local
01:56
<
clever >
amd feature@async_destroy enabled local
01:55
<
clever >
since you have the entire dataset, and just need to know what time to cut it at, to make it fit the remote copy
01:54
<
clever >
and then you can do an incremental `zfs send`
01:54
<
clever >
bookmarks are to remember what the remote box has, so you can find the differences between bookmark-1 and snapshot-2
01:53
<
clever >
bookmarks store only the tx#
01:53
<
clever >
snapshots store both the tx#, and act as a gc-root, so you cant delete its children
01:53
<
clever >
zfs diff, and snapshots, use that to see if a given dir has been modified before or after a set time, and if it should recurse into it
01:53
<
clever >
and all blocks and files have a birth-tx, that defines what transaction it was made in
01:52
<
clever >
behind the scenes, zfs has a transaction# on every chunk of things it commits to disk
01:52
<
clever >
[root@amd-nixos:~]# zpool get all | grep feature
01:51
<
clever >
`man zpool-features`
01:51
<
clever >
depends on the feature i believe
01:51
<
clever >
rsync would still solve it
01:50
<
clever >
and send | recv may preserve that metadata...
01:50
<
clever >
so it depneds on the feature
01:49
<
clever >
the man page says some features can be turned off, but may require destroying any dataset that had used them
01:16
<
clever >
but the original in /nix/store is still world-readable
01:15
<
clever >
freshee: all files in /nix/store must be world readable
01:11
<
clever >
gyroninja__: its more about escaping it from bash when calling substitute, rather then / and \ and others being special to sed
00:20
<
clever >
tobiasBora: the weechat wrapper does similar
00:18
<
clever >
tobiasBora: and you can test it with just nix-build alone
00:17
<
clever >
tobiasBora: more that it can work without nixos
00:17
<
clever >
tobiasBora: whatever you put in binary, will get passed to screen, so you could also sneak screen flags in via binary = "-something ${weechat}/bin/weechat"; lol
00:16
<
clever >
either cat <<EOF, or just cp some writeText's
00:16
<
clever >
tobiasBora: you can also just make your own derivation, that generates the files however you want
00:16
<
clever >
> runCommand "name" {} ''mkdir $out ; create $out/things''
00:13
<
clever >
> let thing = writeText "name" "contents"; in "${thing}"
00:13
<
clever >
and returns the path it wrote to
00:13
<
clever >
tobiasBora: writeText always writes to /nix/store/
00:01
<
clever >
tobiasBora: you would usually run weechat with a cmdline arg to change the alias.conf path, and point it to a pkgs.writeText
2019-06-03
23:59
<
clever >
tobiasBora: services.weechat.binary
23:17
<
clever >
bendlas: ah, thats not really possible with the current parser
23:14
<
clever >
bendlas: this lets you import a .so file, and have it return a native nix value, which can optionally contain primops
23:11
<
clever >
it would have to re-eval the nix every time it fixes something
22:56
<
clever >
tobiasBora2: sure
22:38
<
clever >
exarkun: the missing part, is services to auto-dump the ram
22:38
<
clever >
exarkun: that will reserve a set amount of ram, and then in the event of a major kernel failure, it will basically reboot, and limit itself to the reserved ram
22:37
<
clever >
exarkun: the crash kernel does partially work in nixos
22:35
<
clever >
exarkun: so it may be fully working over ssh
22:34
<
clever >
exarkun: its possible that only the gpu drivers are crashing
22:34
<
clever >
exarkun: do you have a 2nd machine and the ability to ssh into the problem one?
22:23
<
clever >
nix-build '<nixpkgs/nixos>' -A vm -I nixos-config=./configuration.nix
22:22
<
clever >
infinisil: nixos-rebuild build-vm -I nixos-config=./configuration.nix
22:14
<
clever >
o1lo01ol1o: and it runs inside the shell that nix-shell gives to you, so it can create bash aliases
22:13
<
clever >
o1lo01ol1o: shellHook runs as your current user, without any sandboxing
22:12
<
clever >
o1lo01ol1o: yep
22:07
<
clever >
try dontCheck, like infinisil said
22:05
<
clever >
cant think of anything else to check then
22:05
<
clever >
iqubic: is that the contents of dist/test/chessIO-0.3.1.1-perft.log ?
22:03
<
clever >
iqubic: that looks like the wrong pastebin, read line 37
22:03
<
clever >
iqubic: just read it, look for the cause of the error
22:00
<
clever >
iqubic: in that dir, run `find -name dist`
21:45
<
clever >
in the directory --keep-failed printed at the end
21:41
<
clever >
iqubic: --keep-failed
21:40
<
clever >
iqubic: we need to read dist/test/chessIO-0.3.1.1-perft.log
21:35
<
clever >
iqubic: how are the tests failing?
21:35
<
clever >
.extend can extend an extended set, so you can compose many of them together
21:35
<
clever >
and .override doesnt compose well when you .override twice
21:34
<
clever >
iqubic: just replace purescript in the above example with o-clock
21:32
<
clever >
simon_weber: exactly the same as when using nixos
21:32
<
clever >
simon_weber: when using nixops, it has to be set at nixpkgs.config and nixpkgs.overlays, within the machine config
21:31
<
clever >
who said haskell overlays are hard? lol
21:31
<
clever >
nix run nixpkgs.yarn nixpkgs.haskellPackages.purescript --arg config '{ allowBroken = true; packageOverrides = pkgs: { haskellPackages = pkgs.haskellPackages.extend (self: super: { purescript = pkgs.haskell.lib.doJailbreak super.purescript; }); }; }'
07:10
<
clever >
then you will need to wait for gchristensen
07:09
<
clever >
hyper_ch2: the peer units likely need to be improved, to auto-run on bootup
07:06
<
clever >
typetetris: lib.cleanSource can also be used to clean the src up
07:00
<
clever >
hyper_ch2: sounds like the peer units just need more wantedby flags, which would be a bug
06:58
<
clever >
and i agree
06:57
<
clever >
didnt copy the whole thing, oops
06:57
<
clever >
systemctl restart wireguard-wg_ons-peer-enDIyyZaperJVAk-GxsTEHx-VlxCEZ9PM1uCvoO-Km8\x3d.service
06:57
<
clever >
systemctl restart wireguard-wg_ons-peer-enDIyyZaperJVAk-GxsTEHx-VlxCEZ9PM1uCvoO-Km8
06:57
<
clever >
the peer unit, not that one
06:56
<
clever >
have you tried restarting the peer unit?
06:53
<
clever >
try to manually start that .service?
06:53
<
clever >
hyper_ch2: and there is your 2 missing commands
06:49
<
clever >
hyper_ch2: and the execstart on that one?
06:48
<
clever >
hyper_ch2: wireguard-wg_ons-peer-enDIyyZaperJVAk-GxsTEHx-VlxCEZ9PM1uCvoO-Km8\x3d.service
06:47
<
clever >
what does that one do, for the client side on the broken ones?
06:47
<
clever >
yeah, there is a -peer for each peer, on each interface
06:46
<
clever >
hyper_ch2: both the client and server should have 2 unit files now
06:44
<
clever >
hyper_ch2: what wireguard related files are in /etc/systemd/system/ ?
06:44
<
clever >
there is no real difference between client and server in wireguard
06:43
<
clever >
you need to check more files to see the whole picture
06:42
<
clever >
also, this now makes a seperate systemd service for each peer
06:42
<
clever >
yeah, you confirmed that at the end, its not making routes
06:42
<
clever >
hyper_ch2: what about `ip route` ?
06:39
<
clever >
hyper_ch2: how is it broken?
05:23
<
clever >
or copy it somewhere if not
05:23
<
clever >
but it would be better to compile that ruby code (if possible)
05:20
<
clever >
that will generate a shell script, that runs bundle, and then put the path of the script into ExecStart
05:18
<
clever >
emptyflask: ah, .path is a nixos option, not a home-manager option, adjusting it...
05:15
<
clever >
emptyflask: but you probably want to build the ruby package properly, with nix-build, and then import that expression
05:13
<
clever >
edited it again, refresh
05:04
<
clever >
emptyflask: and then what exactly you do with that, depends on what the default.nix contains
05:02
<
clever >
import ./foo/default.nix
05:02
<
clever >
emptyflask: you give import the path to a nix file, and it returns whatever value is inside that file
04:53
<
clever >
emptyflask: import
04:52
<
clever >
emptyflask: and dont run nix-shell or nix-build in ExecStart, just run bundle directly
04:51
<
clever >
emptyflask: just put the right things into systemd.services.foo.path
03:40
<
clever >
o1lo01ol1o: yeah
03:26
<
clever >
o1lo01ol1o: add FOO = "${thing}/foo"; to the attrset of mkDerivation
02:04
<
clever >
o1lo01ol1o: overrideCabal (callCabal2nix "foo" ./foo {}) (drv: { buildInputs = drv.buildInputs ++ []; })
02:02
<
clever >
o1lo01ol1o: overrideCabal
01:24
<
clever >
just derivation1
01:23
<
clever >
if the binaries are in $out/bin/, and you then add it to buildInputs, it will be added to PATH at build time
01:22
<
clever >
just copy the files over, in the derivation that is unpacking them
01:21
<
clever >
o1lo01ol1o: you could just have them in your $out, or you could make a split output derivation
00:49
<
clever >
each bootloader has its own shell script for copying kernels to /boot
00:49
<
clever >
oh, and grub may behave differently with boot.loader.efi.efiSysMountPoint = "/boot/EFI";
00:49
<
clever >
i just avoid systemd-boot, and always use grub
00:41
<
clever >
i may be mis-remembering what effect that has
00:39
<
clever >
i may be mis-remembering some bits, id need to experiment in qemu to confirm
00:38
<
clever >
nh2: that matches up with how it worked for me
2019-06-02
23:58
<
clever >
on the same fs*
23:58
<
clever >
and if /boot is the same as as /nix, the bootloader config will just be full storepaths, nothing gets copied
23:57
<
clever >
/boot can now be anything, even just a dir on /
23:57
<
clever >
nh2: then put the ESP at that path
23:57
<
clever >
boot.loader.efi.efiSysMountPoint = "/boot/EFI";
23:57
<
clever >
nh2: the kernels dont have to be on the esp
22:55
<
clever >
you want { config.allowBroken = true; }
22:54
<
clever >
the {} tells it to load ~/.nixpkgs/config.nix
22:54
<
clever >
unstable doesnt obey nixpkgs.config
22:54
<
clever >
unstable = import <nixos-unstable> {};
22:53
<
clever >
this is where it was marked as broken
22:53
<
clever >
commit c406a7287db2273015ecb6fc18cfd98e5d6864fe
22:53
<
clever >
Date: Thu Mar 28 09:33:32 2019 +0100
22:51
<
clever >
it doesnt say why
22:51
<
clever >
it was marked as broken in this commit
22:51
<
clever >
Date: Wed May 8 18:31:04 2019 +0200
22:51
<
clever >
commit 03edc1e5c5b6cb2f10fdeed2b2686c9bf3217d62
22:49
<
clever >
now you can nixos-rebuild, without --upgrade
22:48
<
clever >
it only downloads 2 small tar files
22:47
<
clever >
you want `nix-channel --update` which updates all channels
22:47
<
clever >
which only updates the nixos channel
22:47
<
clever >
yeah, it looks like youve been using nixos-rebuild --upgrade
22:46
<
clever >
the output shouldnt look like that
22:45
<
clever >
iqubic: did you run the exact command i gave, in bash?
22:43
<
clever >
iqubic: ls -l /nix/var/nix/profiles/per-user/root/channels-*/nixos-unstable
22:41
<
clever >
iqubic: ls -l /nix/var/nix/profiles/per-user/root
22:41
<
clever >
did you add a / at the end?
22:40
<
clever >
iqubic: ls -l /nix/var/nix/profiles/per-user/root/channels
22:37
<
clever >
what does the above print?
22:37
<
clever >
iqubic: nix-instantiate --find-file nixos-unstable
22:35
<
clever >
its definitely in nixos-unstable
22:35
<
clever >
it was added to nixpkgs 2 days after it was created on github, lol
22:34
<
clever >
Date: Thu Mar 28 11:28:13 2019 +0100
22:34
<
clever >
commit e76f30e5a2cb13ef48185524eaddf761ff12df57
22:33
<
clever >
use nixos-unstable
22:32
<
clever >
19.03 was forked in early march
22:32
<
clever >
chessIO was made in late march
22:31
<
clever >
iqubic: chessIO isnt in that version of nixpkgs
22:29
<
clever >
iqubic: nix eval nixpkgs.lib.version ?
22:25
<
clever >
iqubic: can you pastebin both your nix file, and the full error with --show-trace?
22:24
<
clever >
case matters
22:23
<
clever >
iqubic: haskellPackages.chessIO
22:20
<
clever >
iqubic: if it has binaries, sure
21:15
<
clever >
inquisitiv3: if it accepts a `--config /path/to/foo.txt` then you can just use pkgs.writeText to generate the cfg, and pass it the path
19:47
<
clever >
while the wrapped ones have a bash wrapper, that enables plugins like java/flash/widevine
19:47
<
clever >
unwrapped is just the raw firefox
19:47
<
clever >
leotaku: non-bin is built from source
19:46
<
clever >
leotaku: bin is the official upstream builds, with patchelf applied to "fix" them
19:23
<
clever >
root3: probably to use the cachix server
19:20
<
clever >
root3: if you set that option in nix.conf, it overrides the default, so cache.nixos.org gets turned off
19:08
<
clever >
there is a lot of overhead from sandboxing, and the sqlite does enforce waiting on the RPM of the drives
19:07
<
clever >
nh2: weird
19:05
<
clever >
nh2: -j5 may help
18:54
<
clever >
Guest88: when adding something to buildInputs, nix will get the dev version foryou
18:51
<
clever >
nh2: systemctl list-timers
18:50
<
clever >
nh2: there is a fun back&forth between kernel and userland to load firmware files, i once implemented it in bash
18:50
<
clever >
nh2: the next thing your missing then, is firmware loading, either run udev, or re-implement it
18:49
<
clever >
you must have seen haskell-init then?
18:44
<
clever >
that would solve your problem until somebody plugs in a 2nd cable
18:44
<
clever >
nh2: something else ive wanted in nixos, is to just give an ip to the 1st link to be online
18:43
<
clever >
nh2: does `ip link` only show one IF as being up?
18:40
<
clever >
nh2: gist updated with more wifi examples
18:38
<
clever >
oh, let me add wifi to my gist
18:37
<
clever >
nh2: the simplest thing i can think of, is to just boot nixos, and use the rescue console to fix it, lol
18:35
<
clever >
nh2: the pattern is fairly obvious, except for the enp vs ens part
18:32
<
clever >
nh2: ah, how do they appear in lspci?
18:32
<
clever >
root3: try `find $HOME -mount -name nix.conf`
18:32
<
clever >
nh2: let me compile more examples...
18:31
<
clever >
nh2: bus 3, slot 0
18:31
<
clever >
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
18:31
<
clever >
03:00.0 Ethernet controller: Intel Corporation 82583V Gigabit Network Connection
18:31
<
clever >
nh2: you could also turn predictable names off in nixos too
18:30
<
clever >
root3: yeah, you have cache.nixos.org turned off!, youll want to add it back in your nix.conf file
18:29
<
clever >
root3: what if you grep for substituters instead?
18:29
<
clever >
root3: i dont see a substituters=
18:28
<
clever >
root3: `nix show-config | grep cache`
18:28
<
clever >
root3: it is
18:27
<
clever >
root3: is the binary cache enabled?
18:25
<
clever >
root3: it should just fetch it from the binary cache
18:23
<
clever >
root3: try both
18:20
<
clever >
root3: what does this do?