| 24 Feb 2026 |
 piegames | But also, how are you dealing with sandboxing and executing untrusted code? | 13:52:46 |
 goldstein | probably! I didn’t know this project exists lol
one of the conclusions of my post was going to be “we should probably do more of this as a community”, and I’m excited to see someone is actually doing that | 13:53:14 |
| piegames | CC @commentator2.0:elia.garden | 13:53:38 |
| goldstein | the whole run was on a dedicated VPS that has nothing of value on it. every run was also in a dedicated rootless podman container, but the main security feature is a dedicated VPS lol | 13:54:06 |
| goldstein | I toyed with running jobs in firecracker, but just isolating the whole setup was easier and I had a lot more problems to solve
I might return to this idea later | 13:54:52 |
| goldstein | I took a look and I’m not sure what kind of help is wanted there
feel free to ping me if I can help with something though | 14:23:15 |
| goldstein | I think the main non-obvious thing about evaluating this much flakes is that you need really aggressive HTTP caching, which I implemented in https://codeberg.org/goldstein/sona-poki-http
this was only possible due to ~95% cache hit rate, otherwise github ratelimiting and soft ratelimiting ground everything to a halt | 14:29:54 |
| piegames | In reply to @goldstein:tty5.dev
I took a look and I’m not sure what kind of help is wanted there
feel free to ping me if I can help with something though I'll ping you some time when I get back to this, are you on Zulip? | 14:34:10 |
| goldstein | on, like, Lix Zulip? I wasn’t aware of its existence, but I can join | 14:34:34 |
| goldstein | happy to chat on some messenger that is not matrix | 14:34:55 |
| goldstein | now I am, https://zulip.lix.systems/#user/89 / root@goldstein.rs / max | 14:36:33 |
| goldstein | * now I am, https://zulip.lix.systems/#user/89 / root@goldstein.rs / goldstein | 14:37:54 |
| piegames | In reply to @goldstein:tty5.dev
happy to chat on some messenger that is not matrix Glad we agree | 14:43:10 |
|  @lunalina:catgirl.cloud left the room. | 18:28:23 |
 emily | enjoy
shion:~
❭ nix run nixpkgs/nixpkgs-25.05-darwin#lixPackageSets.lix_2_93.lix -- repl
Lix 2.93.3
Type :? for help.
nix-repl> builtins.fromJSON ''"\u0000"'' == ""
true
shion:~
❭ nix run nixpkgs/nixpkgs-25.11-darwin#lixPackageSets.lix_2_94.lix -- repl
Lix 2.94.0
Type :? for help.
nix-repl> builtins.fromJSON ''"\u0000"'' == ""
false
unfortunately this does result in an abort with newer Nix versions, so you still need to e.g. if builtins.substring (builtins.stringLength builtins.nixVersion - 4) (-1) builtins.nixVersion == "-lix" then builtins.fromJSON ''"\u0000"'' != "" else false.
but the Lix versions are at least distinguishable without looking at builtins.nixVersion, so I don't think the argument for not having feature detection for this holds.
another thing you can do is define an attrset with every non-NUL-containing single-byte string, and then do stringContainsNul = s: lib.any (char: !(everythingButNul ? ${char})) (lib.stringToCharacters s).
IMO if computations with NUL bytes were not meant to sneak in to having effects on derivation hashes then it was a mistake to start allowing them… if they're going to be allowed, at least a builtins.stringContainsNulByte or (_: false) seems reasonable so that library code can work correctly with all strings that could be passed to a library function on a given implementation without such contortions. (but of course you can always sniff builtins ? stringContainsNulByte for a strong correlate of how that builtins.fromJSON call will behave if you really want.)
| 19:18:57 |
 sterni | autoconf.nix | 21:11:29 |
| 25 Feb 2026 |
|  igorramazanov joined the room. | 00:47:58 |
|  stolenducks joined the room. | 01:03:37 |
 Liyua | I have decided that nix isn't nerdy enough so I added lix into the mix (no pun intended) | 04:54:31 |
| Liyua | It does evaluate slightly faster :D | 04:54:46 |
| Liyua | Had some weird stuff happen tho with the build in which I migrated from nix. Suddenly pipe operators were no good anymore. But that fixed itself afterwards | 04:55:29 |
 whispers [& it/fae] | lix and nix name their pipe operator experimental feature differently, which is probably what you hit | 04:59:31 |
| whispers [& it/fae] | lix calls it pipe-operator, nix calls it pipe-operators | 04:59:40 |
| Liyua | In reply to @whispers:catgirl.cloud
lix calls it pipe-operator, nix calls it pipe-operators Oh. That's why. I didn't even notice that cuz I removed it from nix.settings and in the trouble of adding it back in I didn't realize the name changed. | 05:12:02 |
| Liyua | At least I now know it'll work fine when I update my other devices because now I have the correct options set for lix. In the last nix build it'll use pipe-operators and after that it'll have pipe-operator in the nix.conf | 05:13:31 |
 Sofie 🏳️⚧️ (she/her) | Hoe do I move my matrix account from Matrix.org to Catgirl.clouf? | 07:09:12 |
| Sofie 🏳️⚧️ (she/her) | * | 07:09:19 |
| Sofie 🏳️⚧️ (she/her) | * | 07:10:02 |
| Sofie 🏳️⚧️ (she/her) | Was there a migration service | 07:16:18 |
| Sofie 🏳️⚧️ (she/her) | oh | 07:18:18 |
