@sandro@c3d2.social avatar

sandro

@sandro@c3d2.social

Some lefti :AFD:, NixOS :nixos:, Linux :tux:, Chaos :fairydust:

Don't be afraid of colorful flags :progress_pride: 🏳️‍🌈🏳️‍⚧️🚩🏴

This profile is from a federated server and may be incomplete. Browse more on the original instance.

kernellogger, to linux
@kernellogger@fosstodon.org avatar

Annoyed by having to put in front on [1]?

Then use this instead[2]:

$ journalctl -k

It should work if the user executing this is a member of the groups "systemd-journal", "adm", or "wheel".

[1] which is the case if CONFIG_SECURITY_DMESG_RESTRICT is turned on in your 's .config – which recently switched on, something many other distros did already a while ago.

[2] works for the common case, for some fancier stuff you might still need dmesg

sandro,
@sandro@c3d2.social avatar

@kernellogger alias dmesg='journalctl -k'

pid_eins, to random
@pid_eins@mastodon.social avatar
sandro,
@sandro@c3d2.social avatar

@pid_eins I always read not breaking userspace as in compiled programs don't suddenly crash because of eg. removed syscalls.

hexa, to NixOS
@hexa@chaos.social avatar

24.05 branch-off happened. Snuck in a small reformat of the python packages at the last minute.

https://github.com/NixOS/nixpkgs/pull/313628

Currently, evaluations are running, nixos-24.05-small has already completed eval and is building.

https://hydra.nixos.org/jobset/nixos/release-24.05-small

It will be mostly cached from nixos-unstable-small anyway, so its channel should be available within the next two hours.

sandro,
@sandro@c3d2.social avatar

@hexa Which also created hundreds of merge conflicts and lots of extra work for contributors... 😮‍💨

sandro,
@sandro@c3d2.social avatar

@hexa We should have waited another 6 months. There are still glaring issues around lib.optional/s wild formatting.

clerie, to random German
@clerie@fem.social avatar
sandro,
@sandro@c3d2.social avatar

@clerie @leona Doing pretty much the same. I have basically a 15 line shell script which does eval, copies the drv over and then builds it local or remote abd does the activation.

scy, to random German
@scy@chaos.social avatar

Hätte jetzt nicht erwartet, dass die Frage "was ist der Default-Browser" unter Linux jetzt erst mal mehrere tausend Zeilen Shellscripte offenbart, die .desktop-Files auswerten, aber andererseits bin ich auch nicht unbedingt besonders überrascht.

sandro,
@sandro@c3d2.social avatar

@scy @schmittlauch There is only one solution to this: Airefox

maralorn, to random
@maralorn@chaos.social avatar

I am encountering too many bugs. I should stop testing my program …

sandro,
@sandro@c3d2.social avatar

@maralorn Me using any website or program: here is a bug, there is a big, bugs everywhere and I am not even trying to break stuff.

Maybe I should do professional QA testing

secana, to KDE
@secana@mastodon.social avatar

Wow, the upgrade from 5 to 6 on was smooth. Changed one line in the config and it works perfectly fine. Great experience.

sandro,
@sandro@c3d2.social avatar

@secana It works very well unless you have custom theming which all falls apart because of the major qt upgrade.

jwildeboer, (edited ) to opensource
@jwildeboer@social.wildeboer.net avatar

You know why I like @forgejo so much? I just did a "fly-by" patch on the documentation because I was annoyed with how complicated that one page was written. So I forked the repo, cleaned up that page and submitted a Pull Request. And guess what? No discussions, no back and forth, it just got merged! Now THAT is how you attract new contributors to your Open Source project. Thank you! My first contribution!

https://codeberg.org/forgejo/docs/commit/784e395e977c5a3d0ca6892501f7216939f3b955

#Forgejo #OpenSource #MergeFast #FirstContribution #FeelsGood

sandro,
@sandro@c3d2.social avatar

@doomsdayrs @jwildeboer @forgejo Because people have different ideas about how things should look and if you want to have somewhat coherent code/docs, not every other person can write a different style, tone and structure.

sandro,
@sandro@c3d2.social avatar

@jwildeboer I mean, it also just straight up copied from GitHub/GitLab

sandro,
@sandro@c3d2.social avatar

@fink @jwildeboer You shouldn't really give to much credit for good ideas if they are all straight up copied from somewhere else

chrism, to NixOS
@chrism@chattingdarkly.org avatar
sandro,
@sandro@c3d2.social avatar

@yisraeldov @chrism NixOS is not deeply embedded into GitHub. Many CI checks are just executing shell code in the end which can be early run locally and be adopted and everything specific to GitHub would need to find a replacement, like the labeler.

The main problem is scalability. Running your own infrastructure on that level of size, complexity and availability is a major undertaking and eg. Gitea couldn't even handle the amount of forks.

sandro, to random
@sandro@c3d2.social avatar

The entire nixfmt project recently has been a big disappointment for me. nixpkgs-fmt would have been a good starting point, having a balance between enforcing rules and allowing some freedom. While nixfmt initially started with outdated ideas like 80 line length and ill fitted tries to enforce that. Adding new lines before long strings like URLs, sometimes nudging people to split them with a + which makes greping for them unnecessarily hard. They didged that which is good.

sandro,
@sandro@c3d2.social avatar

But at the same time adding rules, especially around lib.optional*, which often results in ugly formatted code that has strange line breaks and the general placement of the entire structure feels wrong.

Also that just appending something to a list like structure can result in the reformat of the entire thing which can make a simple one line change be blown up in the diff to many more lines.
At least an issue for that exists after arguing with them for a bit.

sandro,
@sandro@c3d2.social avatar

Does it matter in the end? Probably not that much but it will create a lot of noise on the way and will make my live of cherry-picking specific changes from master to the stable branch probably a lot more miserable and with lots more merge conflicts to solve.

Usually people are very focused to reduce churn but looking at the formatting topic some people seem to completely thrown that mindset overboard.

sandro,
@sandro@c3d2.social avatar

Then that people are sprinting ahead and reformatting single packages in otherwise straight forward PRs is not improving the situation in any way and is just creating lots of noise. Most often those commits are also not added to the ignore refs file and clutter git blame.

Then also issues like mentioned above might still get fixed in the future which then could result in yet another round of formatting changes because of the now strictness of nixfmt.

kalikiana, to random
@kalikiana@mastodon.social avatar

Little reminder to check your screen lock settings before if you want to avoid people installing "sl" on your laptop when you aren't looking

sandro,
@sandro@c3d2.social avatar

@kalikiana already installed together with gti

Profpatsch, to NixOS
@Profpatsch@mastodon.xyz avatar

I want to congratulate the documentation team on breaking all the documentation links. Good job!

sandro,
@sandro@c3d2.social avatar

@Profpatsch Isn't that the path that's also on nixos.org?

sandro,
@sandro@c3d2.social avatar

@Profpatsch No but that link is also broken https://nixos.org/nix/manual

sandro,
@sandro@c3d2.social avatar
der_raDDler, to random German
@der_raDDler@dresden.network avatar

Den Rückbau des Zebrastreifens "begründet die Stadt Meißen mit einer Entscheidung der Unfallkommission, die dort eine Häufung von Kollisionen festgestellt hatte. Ausgelöst wurden diese vielfach durch Radfahrer, die stadteinwärts fahrend den Überweg rechtswidrig benutzen."

Warum nutzen so viele pöhse Radfahrende den Zebrastreifen wohl rechtswidrig? 🤔

https://www.saechsische.de/meissen/strassenbauamt-lenkt-ein-zebrastreifen-in-meissen-wurde-nun-doch-weggefraest-6000255.html

sandro,
@sandro@c3d2.social avatar

@der_raDDler
Bestimmt weil die Radfahrer der Stadt Meißen eins auswischen wollten. Gibt keine andere logische und sonnige Erklärung.

doomy, to NixOS
@doomy@mastodon.social avatar

anyone have a good resource for converting a binary to a service? I think i got pretty far with @readeck https://readeck.org/en/docs/deploy but i have no clue how to handle the /etc/ files it claims it needs and keep getting vague 203 errors.

sandro,
@sandro@c3d2.social avatar

@doomy @readeck I usually find a similar service and copy paste from that.

You place files in etc with environment.etc and then you bailsically construct the systemd service and maybe enable a few other bits it needs.

18+ leah, to random German
@leah@blahaj.social avatar

Pest
Cholera
Matrix Threads

sandro,
@sandro@c3d2.social avatar

@leah Es gibt jetzt endlich einen Übersichtstab für Threads, aber angeblich hab ich noch keine Threads und konnte bis jetzt nur die Fehlermeldung testen.

pimeys, to NixOS
@pimeys@social.nauk.io avatar

Thank you for the TPM2 article @jnsgruk. I decided to give it a go last weekend, and it was a bit longer process than 10 minutes. For anybody who struggle to get rid of the password prompt for the LUKS volume, this setting is essential:

boot.initrd.systemd.enable = true;

The initrd must have systemd installed, so the settings defined with systemd-cryptenroll are available during the boot. Alternative way is to use Clevis to encrypt the LUKS password using the TPM module, and invoke it during boot. This is not super complex either, but I kind of like the systemd approach more.

Also the article didn’t mention much about the different PCR ids you can use with TPM. These define the system state when a secret key can be accessed from the TPM module. If any of the policies trigger, the TPM module will not output any secrets and the user needs to enter the LUKS password. The article uses three policies:

  • 0: firmware updates
  • 2: extended ROMs from pluggable hardware (e.g. USB)
  • 7: secure boot disabled, or firmware certificates update

Additionally, one policy is needed to ensure an attacker cannot boot the system to a single user mode from the bootloader:

  • 12: kernel config change, e.g. changing the boot parameters.

It is important to wipe the old slots with systemd-cryptenroll when changing the PCRs. Changing them is additional, and doesn’t modify the existing policies.

Edit: and do not wipe the password slot! This will render your disk unbootable.

sandro,
@sandro@c3d2.social avatar

@jnsgruk @pimeys you can check the pcrs with systemd-analyze pcrs and on my systemd with lanzaboote register 12 is just blank

sandro, to NixOS
@sandro@c3d2.social avatar

The 24.05 update is going pretty well. All VMs are updated and just two physical hosts are missing.

The hairy part is fixing nox for mpv https://github.com/NixOS/nixpkgs/pull/314433 and gst https://github.com/NixOS/nixpkgs/pull/314428 which didn't get noticed over the last months.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • khanakhh
  • kavyap
  • thenastyranch
  • everett
  • tacticalgear
  • rosin
  • Durango
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • megavids
  • ethstaker
  • ngwrru68w68
  • cisconetworking
  • modclub
  • tester
  • osvaldo12
  • cubers
  • GTA5RPClips
  • normalnudes
  • Leos
  • provamag3
  • anitta
  • lostlight
  • All magazines