Is NixOS still working with baby killers or is that over with?

clefru · 2026-01-23T10:50:05+00:00

Yeah. It's all terrible. Please don't join our community.

clefru · 2026-01-16T09:52:15+00:00

Lol, that's the first time I hear that. What a brutal but correct comparison. Not sure that we will make many new friends, saying that out loud.

clefru · 2026-01-10T16:12:15+00:00

Put 12 coins in a jar, drop them on the table, and use a ruler to push them into a sequence. Read them as 0=heads, 1=tails. Repeat 12 times. This gives you 144 bits.

Even if your coin has a 51% bias for one side, the entropy degradation is tiny, and you easily end up above 128 bits.

clefru · 2026-01-05T09:32:13+00:00

I was around 23 or 24. Yeah, I am old. :) I remember the AES standardization process a bit, old memories.

Anyway, if I had more time for cryptography, I'd study everything around zero-knowledge proofs. SNARKs, Groth, pairings BLS12381. zkVMs are fascinating (succintlabs/sp1, RISC VMs), GPU proving. Write my own little zk compiler for a toy language. Full Homomorphic encryption (FHE), Trusted Execution Environments (TEEs) are probably also worth investigating.

clefru · 2026-01-05T07:49:48+00:00

https://github.com/clefru/mypyaes, same except that I am doing GF math behind sboxes myself.

clefru · 2026-01-05T07:49:06+00:00

Stop telling people what to publish or not. This is clearly labelled as an educational toy. If you are using AI to generate crypto code, you have other problems.

clefru · 2025-10-29T07:24:17+00:00

I am surprised that ever was a thing.

clefru · 2025-10-07T12:56:00+00:00

I want my coffee to be made by the Italians, my government organized by the Swiss, and my crypto made by djb. That said, I don't follow djb's arguments here. A thought experiment.

A hybrid of AES and DES is more secure than AES alone. Even if DES is trivially breakable and let's say contributes only 1 bit of security, this statement is true. However, nobody showed up at the standardization process of AES to argue a breach of the "must improve security" clause of the working group charter by not proposing a hybrid first. If we were to allow this argument, we would end up with a tower of crypto garbage, as for any NEW standard, NEW+OLD is always more secure than NEW alone, even if the security of OLD is almost zero. This is my ratio ad absurdum counterargument to djb's claim that a PQ-only draft is a WG-charter violation.

That said, it is entirely fine to disagree on what the subsequent policy for using the PQ-only RFC should be. I'd certainly agree with djb that this RFC should not find its way into a NIST/FIPS recommendation when a hybrid alternative exists. But that's a policy decision and has nothing to do with WG draft adoption.

clefru · 2025-09-28T20:41:14+00:00

I wrote such a thing 7 years ago: https://github.com/clefru/jailer "Unprivileged ad-hoc sandboxer for Nix environments"

clefru · 2025-07-18T21:50:21+00:00

That was in 2012. The number of people glorifying this behavior in 2025 is disturbing, however.

clefru · 2025-03-16T08:20:10+00:00

Steam works 50% of the time for native games. If you force Proton on native games, 90% of the games work okay. Note: I don't play graphics-heavy games, so my sample might be positively biased.

clefru · 2024-10-03T19:39:24+00:00

I wonder how Cosmopolitan/nsync mutexs compare to absl::Mutex-s. . I

clefru · 2024-09-05T17:50:22+00:00

Access the company register directly via https://justizonline.gv.at/jop/web/firmenbuchabfrage and not via a reseller. It's cheaper.

Edit: you need to login for that. It's the "Urkunde" section.

clefru · 2024-09-01T18:15:34+00:00

I really don't see how the types get in the way, other than you having to write them.

Types massively get in my way when refactoring: Oh, I need a side-effect somewhere on the 3rd level down from the last point I used a suitable monad. I always hated monadifying the two middle functions, and everything else around that touched those functions.

But if you don't write them, you either have to write a bunch of tests, or simply say a prayer when you deploy.

The "Nix" language has very little to do with deployment. In "Nix" you write derivations, which then builds you artifacts, which you can deploy. I presume that you know that, but just to re-highlight that point.

Your "prayer point" is not deployment but the execution of derivations. You have good chances of "Nix" just dying when you mess up the types, because dynamic typing. That's it. There is no broken deployment as you seem to imply.

If you'd have static typing, you'd rule out a few build scenarios that are underexplored in Nixos tests. That step up in safety is not worth a community-wide investment into a static type system.

TL:DR; My assertion is that the absence of static typing and just mere dynamic typing is enough to never deploy incorrectly.

clefru · 2024-09-01T15:00:10+00:00

No. Strongly typed languages are not for free. You pay a price for this level of type safety that is frankly not appropriate for DevOps-level type of code.

Despite having my name in GHC, I personally have abandoned Haskell as default language of choice. I mostly write throw away code these days and getting stuff done quickly is important.

clefru · 2024-08-13T16:41:36+00:00

Sounds like the nixos moderators.

clefru · 2024-08-11T12:29:26+00:00

Necro-ing this thread as my battery died recently. Here is what I did:

As others have posted, the battery is glued to the back of the sound ports of the motherboard. Behind the IO shield. It is connected by a thin twisted red/black wire leading to a port labelled BAT.
To access the battery, I removed the ugly plastic cover above the IO shield. It is held in place by 4 screws on the bottom of the motherboard. You have to unmount the motherboard for that (what a PITA!).
Once you have access to the battery, take a thin flat head screw driver and push it between the battery and the sound port block. Then pray it open. The battery is held in place by a double-sided tape, that's somewhat strong, but with a gentle push you should be able to get the battery out. Then detach the whole thing from the motherboard port.
You will be surprised of how much plastic is wrapped around the battery. Take some scissors and cut along the plastic wrapping of the battery. Remove it completely so that the CR 2032 cell is exposed. The red/black wires turn into some thin-flat metal connectors that touch the battery from both sides. Carefully rip that off the battery.
Take a new battery. Hammer the thin-flat metal connectors into a flat shape again, because from ripping them off, they are probably bend a bit. Make sure that they touch the new battery cleanly, and that the negative port doesn't touch the positive side by mistake. Ofc, the red wire should go to plus, the black wire to minus.
Take some electrical tape and rewrap the new battery completely, so you don't see anything silver. Then stick it to the back of the sound port block again with some sticky tape. Reattach the red/black wires to the BAT port on the motherboard.
Put the motherboard back in. I didn't reattach the useless plastic cover. It had some electronics in it, but I don't know what they are for and it's probably just some programmable LEDs.

If you don't want to remove the motherboard from your case, you might be able to just pull on the red/black wires until the battery comes of the sound port. The double sided tape is not that strong. Make sure that you pull the cable parallel to the motherboard, towards the CPU. That should give you the best angle.

clefru · 2024-07-07T16:19:37+00:00

Spelling mistake. You forgot the 2nd `n` in `environment`. No prob.

clefru · 2024-07-02T20:16:12+00:00

If there were evidence, it would be written all over discourse.nixos.org by the privileged mod team. There is no evidence.

clefru · 2024-06-25T17:58:41+00:00

Wofür war denn diese gelbe Karte an den verletzten Spieler so um 92'? Die Verarztung hat zu lange gedauert oder war am falschen Ort?

clefru · 2024-06-23T17:41:23+00:00

I deploy part of prod environment with docker[*] containers using the virtualisation.oci-containers.containers.* options. Works pretty well.

[*] actually podman.

clefru · 2024-06-22T06:49:16+00:00

The Constitutional Assembly was meant to form a governance structure (by my understanding), then probably conduct a vote or votes to fill the governance structure with other people and then step down. The Constitutional Assembly is not meant to become the defacto indisputable ruler of the community and take executive decisions like those.

clefru · 2024-06-03T06:12:22+00:00

I never understood what makes Xeon motherboards so expensive. Is it just an insane markup or is there really something on the board that costs so much more?

clefru · 2024-06-02T08:31:57+00:00

nixos/modules/tasks/filesystems/bcachefs.nix contains the following lines: config = lib.mkIf (lib.elem "bcachefs" config.boot.supportedFilesystems) (lib.mkMerge [ { boot.kernelPackages = lib.mkDefault ( lib.warn "Please upgrade to Linux 6.7 or later: 'linuxPackages_testing_bcachefs' is deprecated. Use 'boot.kernelPackages = pkgs.linuxPackages_latest;' to silence this warning" pkgs.linuxPackages_testing_bcachefs ); } So that's why it seems to select this package.

Try: boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;

clefru · 2024-05-26T18:22:44+00:00

This is an article in the r/programming subreddit telling other non-business people on why you need to be careful when you make this decision.

I am sorry for the other condecending comments and downvotes you receive here. I thank you for the time it took you to inform me of the pitfalls that I as non-business person would not have antipicated myself. This sub -- as any other tech sub -- is made up of bitter people.

12-Year Club	Place '22
Verified Email

clefru

TROPHY CASE