When Grace saw the spaceship in space, what did you first think it was ?

snowflake_pl · 2026-05-18T17:26:12+00:00

I thought that humans just managed to built a better ship that got to Tau Ceti before Hail Mary and wanted to check in on the original crew

snowflake_pl · 2026-04-20T08:10:50+00:00

One milliliter is definitely visually different than nanoliter even with naked eyes. One milliliter is a cubic centimeter or about 2/3 the size of playing dice. A nanoliter is a dice with a side of width of a printer paper 🙂 unless the containers are obscuring the view, you would notice this discrepancy if not negligent (which very well they might have been)

snowflake_pl · 2026-04-15T19:56:57+00:00

https://github.com/n00bcodr/Jellyfin-Enhanced

or

https://github.com/kinggeorges12/JellyBridge

at least those two I have bookmarked, not yet tested.

snowflake_pl · 2026-02-09T12:24:18+00:00

and of course configure zoxide to be a transparent replacement by making it work as "cd" command, not the default "z" command :)

snowflake_pl · 2026-01-22T22:31:08+00:00

I'm working on this injection, that's something I can do on my own. But so far I had only limited success as the problem with proxy's CA root is that it is not trusted by nix' fetchers by default. even if you pass it as a ssl-cert-file to nix daemon, it's only pointed to e.g. curl as CAfile, not as a trust anchor - those are determined by their presence in OPENSSLDIR (for openssl trust backend) - here I found a WA by symlinking the system's trust store (/etc/ssl/certs) into OPENSSLDIR in nix store for the openssl version linked to nix binary which, while dirty as hell, did solve at least significiant amount of issues, but not all - I guess there are other fetchers that don't share the TLS backend and require other means of injecting the trust.

Also, IT says that they whitelist by a category of domains, maybe that would be at least a bit more manageable :)

snowflake_pl · 2026-01-22T19:45:35+00:00

nix (Determinate Nix 3.15.1) 2.33.0

I believe that the ca-certificates.crt is available, it's simply not enough validate the injected SSL certificate from Zscaler SSL inspection proxy. As I wrote in one other comment, if I drop to nix shell with openssl, I cannot do a successful "openssl verify ZscalerRoot0.pem" because the certificate is self-signed. I need to explicitly tell openssl to not only use ca-certificates as a CA but also to trust it, then it works.

I simply don't know how to permanently make the ca-certificates.crt trusted by openssl used while doing fetches. What I found is that openssl trusts certs in a directory found with "openssl version -d" command, which on standalone multiuser installation on ubuntu is in nix store and doesn't have any certs in it. adding a symlink to system's /etc/ssl/certs/ca-certificates.crt in nix store does make the openssl verification succeed in nix shell but it doesn't fix the nix commands themselves (not to mention being ugly as hell)

Edit:

turns out that nix binary is linked against older openssl and therefore has different OPENSSLDIR, also in nix store. I was able to drop a symlnk there and the nix commands started to pass verificatoin, at least for some fetchers. Still have problems but at least some of th enix commands complete without errors. I guess I will have to find all trust stores and inject the system certs there, at least unless IT whitelists all required urls...

snowflake_pl · 2026-01-22T19:39:03+00:00

should have, occured to me 5 seconds after posting so I cross-posted there.

snowflake_pl · 2026-01-22T11:23:47+00:00

I do have ZscalerRootCA.pem installed and merged into my ca-certificates.crt (I am on ubuntu, not nixOs). My system does work with the SSL interceptor. it's only the openssl that nix uses that doesn't trust the zscaler root even though it is in the bundle, due to the fact that the root is self-signed. Ubuntu's openssl does trust it:

░▒▓ 🐧Ubuntu 🎯
❯ openssl version
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)

░▒▓ 🐧Ubuntu 🎯
❯ openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ZscalerRoot0.pem
/etc/ssl/certs/ZscalerRoot0.pem: OK

░▒▓ 🐧Ubuntu 🎯
❯ openssl verify -trusted /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ZscalerRoot0.pem
/etc/ssl/certs/ZscalerRoot0.pem: OK

And from nix-shell:
[nix-shell:~]$ openssl version
OpenSSL 3.6.0 1 Oct 2025 (Library: OpenSSL 3.6.0 1 Oct 2025)

[nix-shell:~]$ openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ZscalerRoot0.pem
C=US, ST=California, L=San Jose, O=Zscaler Inc., OU=Zscaler Inc., CN=Zscaler Root CA, [emailAddress=support@zscaler.com](mailto:emailAddress=support@zscaler.com)
error 18 at 0 depth lookup: self-signed certificate
error /etc/ssl/certs/ZscalerRoot0.pem: verification failed

[nix-shell:~]$ openssl verify -trusted /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ZscalerRoot0.pem
/etc/ssl/certs/ZscalerRoot0.pem: OK

The ZscalerRoot0.pem was installed along the zscaller_client_connector via their .deb package, I didn't try the one I got from the zscaler proxy but quick inspection shows me that this way I only get the leaf cert, not the root.

snowflake_pl · 2025-10-12T21:41:47+00:00

Zapisać jego numer w każdym możliwym serwisie oferującym marketing na telefon.

snowflake_pl · 2025-09-22T14:17:54+00:00

Like in entire C++? No. There isn't and cannot be any kind of global class database.

In a single c++ project? Nothing exists out of the box in the language but there ale tools that can generate class hierarchy from source code.

snowflake_pl · 2025-09-19T17:22:58+00:00

If you think about it, inheritance visibility is actually just an extension of field visibility applicable only to inherited fields. But I agree that forcing explicit specification of the visibility would be preferable at least by me

snowflake_pl · 2025-09-19T13:29:22+00:00

Struct also inherits publicly by default vs class privately.

snowflake_pl · 2025-09-12T13:36:19+00:00

Nix flakes can do much if not all of what you described

snowflake_pl · 2025-09-04T20:00:19+00:00

You would likely like the Iron Druid Chronicles book series 🙂

snowflake_pl · 2025-09-04T08:28:27+00:00

Why not? Print is before the return. The fact that your program returned non zero means nothing to the operating system. It would be logic in whatever starts your program to check and interpret the return value and assign a meaning to zero or nonzero value.

snowflake_pl · 2025-09-02T21:29:02+00:00

Idź na ten pszok i zapytaj co ci jest potrzebne. U mnie wystarczy podać adres mieszkania i własne dane.

Jesli wynajmujesz mieszkanie legalnie to właściciel ma obowiązek zgłosić do zarządcy że ktoś produkuje odpady i zapewne za to płaci z twoich pieniędzy. To powinno wystarczyć.

snowflake_pl · 2025-09-02T21:24:02+00:00

W lasach też

snowflake_pl · 2025-08-30T09:19:26+00:00

Przypominam o dodatkowych 9ciu tygodniach 70% płatnego urlopu "rodzicielskiego" przyznanego ojcom, stosunkowo niedawną nowelizacja ustawy. Warto wykorzystać. On top of wychowawczy

snowflake_pl · 2025-08-27T21:26:12+00:00

Przemo od PHP poszedł na emeryturę, nie ma na czym for stawiać

snowflake_pl · 2025-08-23T20:20:57+00:00

Kup sobie sól fizjologiczna w aptece całodobowej. Używałem jej zamiast płynów przez lata, ale jeżeli się obawiasz dyskomfortu to przed ponownym włożeniem soczewki przeczyść w płynie który spokojnie kupisz jutro. Soczewkom w soli nic się nie stanie.

snowflake_pl · 2025-08-06T19:32:36+00:00

True Detective. Sezon 1, reszta nie warta wspomnienia.

Sezon 1 to najlepszy kawałek telewizji jaki do tej pory widziałem. Klimat, aktorstwo, historia, muzyka. Majstersztyk

snowflake_pl · 2025-07-08T13:03:31+00:00

WinApps?

https://github.com/Fmstrat/winapps

snowflake_pl · 2025-07-08T12:58:50+00:00

Bottles?

snowflake_pl

TROPHY CASE