<clever>
samueldr: thats the websocket upgrading from http to packet based streams
<clever>
it doesn open a websocket
<clever>
nothing happens when i type in it
<clever>
gchristensen: is the terminal supposed to work?
<clever>
gchristensen: lol
<clever>
hodapp: not sure exactly, been a few years
<clever>
but he had uid 0, and we tried to swapon, but that failed!
<clever>
joepie91: ive helped a friend on something close to opencv before, and he didnt have enough ram to do basic operations
<clever>
that post explains how to actually use kvm itself
<clever>
"Most introduction of KVM I found are actually introducing either libvirt or qemu, lack of how to utilize KVM by hand, that's why I have this post."
<clever>
sondr3: i also have my entire filesystem on zfs, which is on an NVME device
<clever>
sondr3: the rest is standard nixos stuff for any gpu, like 32bit dri, 32bit pulse libs
<clever>
sondr3: the desktop config isnt on github, but the only special line is the one i gave above
<clever>
sondr3: on the nixos-unstable channel, default kernel for that channel
<clever>
Linux amd-nixos 4.19.15 #1-NixOS SMP Sun Jan 13 08:51:11 UTC 2019 x86_64 GNU/Linux
<clever>
sondr3: with that card, and that nixos config, i have 3 monitors running, 3d accel, no 2d issues anymore, and a number of "windows only" games work in steam
<clever>
jevonearth: then you can nix-env -iA uniquename.postman
<clever>
jevonearth: since nixpkgs-unstable is being held behind by darwin, you may want to add nixos-unstable as another channel, giving it a unique name
<clever>
infinisil: i used to do that, but have since trasitioned to a public github repo
<clever>
iddt: packet.net also has nixos as an install option, and it will auto-generate a configuration.nix file at install time, then just ssh in, edit as needed, and nixos-rebuild
<clever>
iddt: aws has AMI images with nixos pre-installed, and nixops can fully automate creating machines and deploying changes
<clever>
iddt: and the FHS sandbox nix provides, allows that to just work
<clever>
iddt: when you try to install a windows game, steam will also download the pre-built ELF files for proton
<clever>
sphalerite: have i really been using nixos that long? lol
<clever>
iddt: but some still fail
<clever>
iddt: steam now has proton support (a fork of wine) and a number of "windows only" games just work on nixos now
<clever>
sphalerite: it may have changed since i last looked
<clever>
iddt: my main nixos desktop is still dual-boot, because a few steam games are windows-only
<clever>
ingenieroariel_: nixos disables ping by default, you have to allow that with an option
<clever>
if no users exist in the db, it may just reject you immediately
<clever>
so you have to run the samba commands to add/edit users within it
<clever>
ldlework: line 29, it will use a password database specific to samba
<clever>
ldlework: line 32 may be partially to blame?
<clever>
ldlework: line 39, its not allowing guests, so you must authenticate somehow
<clever>
ldlework: thats why all of my samba shares are world readable
<clever>
ldlework: auth issues
<clever>
ldlework: then you lack permissions at the server end
<clever>
jomik: you need to use a different ghc version, haskell.packages.ghcxxx.purescript
<clever>
wedens: i typically just do something like `nix eval nixpkgs.lib.version` to get the current rev my channel is at, and then use that to pin whatever project i'm starting
<clever>
wedens: only revs that are in a channel will be garanteed to have good coverage in the cache
2019-01-30
<clever>
so you can still fix it by setting sendmail_path in php.ini
<clever>
that default then acts as the fallback, for when you dont set it in php.ini
<clever>
also, this is merely the default path, DEFAULT_SENDMAIL_PATH
<clever>
infinisil: the fact that we are not seeing /usr/sbin in the error, means that PHP_PROG_SENDMAIL is defined, yet empty
<clever>
infinisil: if PHP_PROG_SENDMAIL is defined, it will use that, if its not defined, it will be hard-coded to # define DEFAULT_SENDMAIL_PATH "/usr/sbin/sendmail -t -i"
<clever>
it sounds like somebody defined it to "" ?
<clever>
ah, thats inside a #ifdef PHP_PROG_SENDMAIL
<clever>
infinisil: so it relies on PHP_PROG_SENDMAIL being set right at compile time? feels like a nixpkgs bug
<clever>
petersjt014: so you could simply do imports = [ ./netboot_server.nix ]; and then set netboot_server.network = { wan = "wlpsomething"; lan = "eth0"; };
<clever>
petersjt014: in this module, i define my own options for the wan card (your wifi) and lan card (your ethernet)
<clever>
petersjt014: the nat does the bulk of the work, and the dhcp/bind config automate configuring the devices on the ethernet side
<clever>
noonien: one option is to just make a package override, to create pkgs.unstable
<clever>
noonien: the nixpkgs-channels repo on github
2019-01-29
<clever>
dmj`: so your program winds up being an x86-64 macos binary
<clever>
dmj`: the simulator is just an x86 library that opens a normal desktop gui, and implements the same API as the mobile system libraries
<clever>
dmj`: ios-simulator64 will never run on a phone
<clever>
when unset, it will obey what dhcp tells it to use
<clever>
networking.nameservers
<clever>
yeah
<clever>
aleph-: what does /etc/resolv.conf say the dns server is?
<clever>
aleph-: try again
<clever>
aleph-: your dns is offline
<clever>
rl: (6) Could not resolve host: abbradar.net
<clever>
yeah, master is the simplest way to confirm if nixpkgs has fixed it
<clever>
aleph-: 404, upstream has deleted the tar, you will need to try a newer nixpkgs, if nixpkgs has already been fixed
<clever>
aleph-: dns failure? hash failure? connection timeout?
<clever>
aleph-: what does `nix-build '<nixpkgs>' -A steam` say?
<clever>
then the 21st piece assembles them all, and boom, bricks all the illegal CAM's
<clever>
shipping out firmware updates in 20 pieces, that all look harmless on their own
<clever>
elvishjerricco: ive even heard stories of hacker level tricks being pulled by sat companies
<clever>
in the case of satelite systems, the CAM is on a smartcard
<clever>
that bytesteam can then do anything, from just giving it the protected key, to giving the CAM firmware updates
<clever>
mpegts crypto, involves the sending a black-box bytestream to the CAM, which will then spit out the current 16bit key
<clever>
and the upstream source can be rotating the key as often as every 5 seconds if they wanted to
<clever>
the problem, is that the lookup could take up to 3 minutes (with "modern" hardware at the time of the paper)
<clever>
and because the key is only 16bits, you can then lookup the key, using a rainbow table
<clever>
the paper i found, says that you can just search the mpegts stream, for 2 blocks with identical ciphertext
<clever>
elvishjerricco: it doesnt use a nonce, and h264 has a lot of padding in the form of nulls
<clever>
elvishjerricco: after a bit of research, i discovered a flaw in mpegts crypto
<clever>
elvishjerricco: oh, that reminds me of the days when i was trying to get tv capture working on my hdtv setup
<clever>
elvishjerricco: go over the libsodium docs and try playing with their functions
<clever>
so you have no way to undo it, and no way to relate the keys from 2 blocks
<clever>
concat, not add
<clever>
one simple (but probably not the safest) way to do such a thing, is just sha256(realkey+block#)
<clever>
elvishjerricco: so the real encryption key, is a combination of the masterkey, and the block#
<clever>
elvishjerricco: i suspect it uses the block# as a nonce
<clever>
Myrl-saki: yep
<clever>
elvishjerricco: yeah, at that point, your better off just making a new luks device, and copying the contents over
<clever>
the normal commands for changing a pw, just change the keyslot that protects the master key, to enrypt it with a new pw
<clever>
and you can potentially have multiple copies of the same master key, encrypted by different passwords
<clever>
that master key, is then encrypted with your password, to fill a keyslot
<clever>
luks has a single master key, used for all disk encryption, that can never change (enless you want to re-encrypt the entire disk)
<clever>
elvishjerricco: no
<clever>
Myrl-saki: yes
<clever>
Myrl-saki: there are backup and restore commands
<clever>
Myrl-saki: yeah, if you have a copy of the old header, you can undo a password change
<clever>
elvishjerricco: ive seen people quote old storepaths in nix expressions
<clever>
and it wont be counted as an input, so anything down the road also wont get it at buildtime
<clever>
but the sandbox will also not provide a copy at buildtime
<clever>
nope
<clever>
Myrl-saki: nix requires that it be part of your input closure
<clever>
Myrl-saki: yeah, as the stdenv processes every buildInputs entry, it checks the nix-support on them, and can recursively follow the propagated ones
<clever>
nix checks for deps, by serializing the entire $out (via nix-store --dump $out), and then just doing a dumb string search for the hash from every input
<clever>
compression is the only thing that easily breaks the dep chain
<clever>
Myrl-saki: thats common, not easy to disable
<clever>
Myrl-saki: in the case of zfs, all blocks on disk are immutable, so pre-allocating null blocks with fallocate is pointless, since your doing to be getting even more blocks when you have real contents
<clever>
on darwin, its identical to fallocate :P
<clever>
so its basically instant, on FS's that support space files
<clever>
truncate just sets the size, without allocating any blocks
<clever>
fallocate doesnt mean much on zfs
<clever>
try truncate, rather then fallocate
<clever>
Myrl-saki: what about the preVM script?
<clever>
Myrl-saki: cant you check the size at bash time, and adjust it there?
<clever>
Myrl-saki: why do you need file length in nix?
<clever>
Myrl-saki: du recurses for you, omit the * and change --max=
<clever>
wedens: cant really thing of anything
<clever>
wedens: i have switched my nas and router from nixos-rebuild to nixops
<clever>
wedens: it will switch over to whatever nixops provides, and if you get some bits like fileSystems or boot.loader wrong, it may not boot right, but it should still work with the old generations in the bootloader
<clever>
wedens: as long as you have ssh to root, yeah
<clever>
so you can basically ignore nix-channel
<clever>
it also changes the search path of <nixpkgs> to match whatever nixops used
<clever>
so you cant break the machine by accident
<clever>
it changes the search path for configuration.nix, to break nixos-rebuild
<clever>
wedens: this is something i use in combination with my nixops machines