<OriansJ>nckx: well the 2 opcodes that I found where run from superuser space and are now listed as official errata for the i3 chips in question. Based on the encoding, I wonder if it was a RISC core debug instruction that isn't supposed to be passed unmodified to the core.
<mbakke>jlicht: Have you had any luck with later nodejs versions? The current is failing for me on 'core-updates' due to libuv being too new.
***tg` is now known as tg
<j3kyl_>gitlab have been receiving a lot of neat features that now I can say I dont miss github
***rekado_ is now known as rekado
<ngz>Hello. Where do you insert lines like "export SSL CERT DIR=..." when using Guix on top of another distro? I used to have them in ".profile" but, for some reason, I can no longer start Gnome (GDM is fine though). I have to rename ".profile" to ".profile.bak" so I can start it, but obviously, I don't have any configuration loaded.
<mange>I load mine in .profile, and I used to be able to log in with GNOME (I no longer use GNOME, but I assume it still works).
<mange>What specific things are you trying to add to .profile? Can you put them in a paste?
<ngz>I only export environment variables and source $HOME/.guix-profile/etc/profile
<ngz>I can try to paste it, but it's not going to be easy since I'm on a terminal right now (no Gnome)
<mange>I have found that sometimes exporting particular variables can cause problems for programs, like GNOME. I've had particular problems with XDG_DATA_DIRS.
<mange>I make sure to put something like this before I source my profile:
<mange>if [ -z "$XDG_DATA_DIRS" ]; then export XDG_DATA_DIRS="/usr/local/share/:/usr/share/" fi
<mange>That just sets it to the default value that programs are meant to use if it's not set. That way if my Guix profile tries to add to it the base will still be the default.
<ngz>I don't export XDG_DATA_DIRS in my .profile but $HOME/.guix-profile/etc/profile might. Let me check.
<dustyweb>jonsger: that could be useful... though I seem to remember that ppc64's instruction set is a bit hairier than RISC-V because it's aiming for ease of porting some x86 things... do I remember right?
<dustyweb>still, useful for the libre hardware design stuff
<jonsger>I guess that riscv has a "cleaner" instruction set, as ppc64 has already some history :P
<rekado>dustyweb: what are your thoughts on SELinux?
<jonsger>rekado: what do you think about apparmor compared to selinux?
<rekado>jonsger: I only really know SELinux, and even there “know” is a bit of a strong word.
<rekado>searching around I see that apparmor labels the file path, whereas SELinux labels the inode.
<rekado>I think the arguments for/against SELinux/Apparmor that rely on how easy/difficult these things are to set up don’t really apply in a system like Guix, where I assume it to be easier to compose and abstract over policies.
<dustyweb>rekado: iirc from what I've read of SELinux, it's the wrong approach
<dustyweb>yes, for those who don't know, Shill is a shell using Capsicum capabilities
<dustyweb>RBAC has more fine grained ACL but it's still taking a "perimeter security" approach
<dustyweb>E in a Walnut has something to say about that
<dustyweb>> With tools like access control lists and firewalls, we engage in "perimeter defense", which is more correctly described as "eggshell defense". It is like an eggshell for the following reason: while an eggshell may seem pretty tough when you tap on it, if you can get a single pinhole anywhere in the surface, you can suck out the entire yoke.
<dustyweb>the right approach instead is to go full principle of least authority: only hand the capabilities necessary for an operation to happen to the program in question
<rain1>what do you think about openbsd pledge and unveil dustyweb?
<rekado>(I totally misunderstood the term “eggshell defense”, because eggshells are a really good defense against slugs in a garden)
<vagrantc>oh yeah, i also tried building it with only 1 core, which helped a lot ... but still ran out of ram in the end
<ecbrown>nckx: not sure if berlin would be faster -- unfortunately it was a system init with custom kernel and i didn't want to interrupt it. i always have good luck with https://hydra.gnu.org though i wonder if i'm being naughty by not using mirror.
<lfam>In my experience, berlin.guixsd.org is fast and has substitutes available very quickly, so it could help you
<ecbrown>i'm still trying to figure out strategies for making sure that i'm not having to compile e.g. webkit and qt on my machines... is berlin faster than the official server at having up to date binaries and what not?
<lfam>Yes, in my experience substitutes are available surprisingly quickly from berlin.guixsd.org
<efraim>I have some notes for when I try to port guix to powerpc 32 bit, I'll see if I can dig up something later to work with the OOM linking problem
<lfam>I don't know off the top of my head if berlin.guixsd.org is part of the default set of substitute-urls.
<efraim>Only on aarch64 in the install script IIRC
<ecbrown>i'm trying to figure out if i should just have a fat tank compile machine on amazon
<nckx>Is there a hardware porn post for berlin. somewhere? It does seem blazingly fast. Or I was too used to hydra.