| 25 Oct 2021 |
 David Arnold (blaggacao) | Well, I'd at least conclude: we should not investigate the secrets-management category further for nix, since "secrets-management" is a fundamentally outdated answer to the identity problem. | 18:51:59 |
| David Arnold (blaggacao) | Everything else are just work-arounds. | 18:52:08 |
 @timdeh:matrix.org | even if that's true, there are legacy reasons to improve the "secrets management" usecase | 18:52:45 |
| David Arnold (blaggacao) | The root solution is: different answer. | 18:52:55 |
| David Arnold (blaggacao) | * The root solution is: a different answer. | 18:53:08 |
| @timdeh:matrix.org | your solution sounds fancy but also complicated, so I'm having a hard time imagining it in every case | 18:53:21 |
| @timdeh:matrix.org | maybe a concrete example would help? | 18:53:35 |
| David Arnold (blaggacao) | I think there is one fundamental realization to it, namely that knowledge is an inefficient proxy for proving an identity. | 18:54:22 |
| David Arnold (blaggacao) | And it has always been. | 18:54:35 |
| @timdeh:matrix.org | you don't think knowledge of my DNA could help prove who I am? | 18:54:53 |
| David Arnold (blaggacao) | Because knowledge is fundamentally fungible. | 18:55:06 |
| David Arnold (blaggacao) | Observable attributes are not. | 18:55:34 |
| @timdeh:matrix.org | well I guess it depends on what you mean by knowledge, because kernel hashes of running processes still fall into the category of knowledge to my mind | 18:55:42 |
| David Arnold (blaggacao) | Those would be trustes, observable, attributes. After having got past the problem of boostrapping trust. | 18:56:19 |
| David Arnold (blaggacao) | * Those would be trusted, observable attributes. After having got past the problem of boostrapping trust. | 18:56:36 |
| David Arnold (blaggacao) | And the quality of the trust anchor remains, as always, no constant. | 18:57:10 |
| David Arnold (blaggacao) | If the kernal is compromised, then... | 18:57:21 |
| David Arnold (blaggacao) | * If the kernal is compromised, so is trust. | 18:57:33 |
| David Arnold (blaggacao) | * If the kernel is compromised, so is trust. | 18:57:48 |
| David Arnold (blaggacao) | If the attestor is compromised, so is trust. | 18:57:59 |
| David Arnold (blaggacao) | A short lived certificate is only fungible during its TTL. | 18:58:58 |
| David Arnold (blaggacao) | I think all this kind of shows: keeping high frust levels about an identity is primarily a runtime concern. | 19:05:31 |
| David Arnold (blaggacao) | * I think all this kind of shows: keeping high trust levels about an identity is primarily a runtime concern. | 19:05:41 |
| David Arnold (blaggacao) | * I think all this kind of shows: keeping high trust levels about an identity is primarily a runtime concern. Since it's at runtime that intruders operate. | 19:05:57 |
| David Arnold (blaggacao) | I can imagine scenarios where fungible yet long lasting identities is actually what is desired, for example a crypto wallet's private key. | 19:10:17 |
 @teutat3s:pub.solar | In reply to @teutat3s:pub.solar
❯ nixos-option -I nixpkgs=/nix/store/37gmnpdbgcfhfd577ijm1b0yxaxp2pwk-source/lib/compat boot.loader
terminate called after throwing an instance of 'nix::EvalError'
what(): cannot import '/nix/store/bc0cqsq1fklw4k61y5v3xinalshrfz8k-6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source/flake.nix', since path '/nix/store/bc0cqsq1fklw4k61y5v3xinalshrfz8k-6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source' is not valid, at /nix/store/0n6nqnb6b6cs3hjqprq9k10a1nc2rgiy-source/default.nix:134:19
zsh: abort (core dumped) nixos-option -I -I boot.loader
Any ideas how I could make nixos-option work again after the garbage collector struck? (I'm stuck in this state, altough I applied the fixing commit) | 22:43:59 |
| @teutat3s:pub.solar | In reply to @teutat3s:pub.solar
❯ nixos-option -I nixpkgs=/nix/store/37gmnpdbgcfhfd577ijm1b0yxaxp2pwk-source/lib/compat boot.loader
terminate called after throwing an instance of 'nix::EvalError'
what(): cannot import '/nix/store/bc0cqsq1fklw4k61y5v3xinalshrfz8k-6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source/flake.nix', since path '/nix/store/bc0cqsq1fklw4k61y5v3xinalshrfz8k-6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source' is not valid, at /nix/store/0n6nqnb6b6cs3hjqprq9k10a1nc2rgiy-source/default.nix:134:19
zsh: abort (core dumped) nixos-option -I -I boot.loader
* Any ideas how I could make nixos-option work again after the garbage collector struck? (I'm stuck in this state, although I applied the fixing commit) | 22:44:14 |
| @timdeh:matrix.org | forget about nixos-option, we should remove our old hack | 22:46:03 |
| @timdeh:matrix.org | just enter a repl and load the flake with :lf . | 22:46:12 |
| @timdeh:matrix.org | then you can see all the declared options from nixosConfigurations.yourSystem.config | 22:46:32 |
