| 22 Apr 2025 |
 helle (just a stray cat girl) | what is the specific failure mode? | 13:21:51 |
 K900 | SSH connection is established, but SOMETHING else is executed instead of the thing we asked for | 13:22:21 |
| helle (just a stray cat girl) | which is more likely then you think in our experience | 13:23:13 |
| K900 | But then we end up in a situation where we can't actually check that | 13:23:53 |
| K900 | In a way that's generic enough | 13:24:03 |
| K900 | And there's a billion other failure modes we don't check for | 13:24:14 |
| K900 | For example, if your shell just ends up running sleep 1000 or whatever, we'll never catch it | 13:24:35 |
| K900 | Because we're waiting for a line of stdout | 13:24:43 |
| helle (just a stray cat girl) | mmm | 13:24:49 |
| K900 | Like there is absolutely a failure mode this does catch | 13:26:38 |
| K900 | But there's also a billion others that it doesn't | 13:26:46 |
| K900 | And it introduces more potential failures | 13:26:54 |
| K900 | So is it worth it? | 13:27:00 |
| K900 | I don't actually have a good answer | 13:27:05 |
| K900 | We don't have enough data to know | 13:27:19 |
| K900 | And I don't have a good enough intuition to guess | 13:27:30 |
| K900 | Something I like about removing it is that it basically removes the remote shell from the equation | 13:28:04 |
| helle (just a stray cat girl) | so uh, can we somewhat strongly propose we migrate away from --stdio and instead start using the socket forwarding, although idk if the unix socket for the nix daemon should ever be in a non-standard location ie, not in /nix/var/nix/daemon-socket/socket
ssh -N would then just be enough, no shell or starting nix-daemon involved, idk if there are any odd cases
and migrating this to libssh is also iirc possible | 13:28:22 |
| K900 | There is only one requirement - be able to run nix-store | 13:28:29 |
| helle (just a stray cat girl) | trying to think if there is some edge case we are forgetting to allow for this | 13:28:49 |
| K900 | In reply to @helle:tacobelllabs.net
so uh, can we somewhat strongly propose we migrate away from --stdio and instead start using the socket forwarding, although idk if the unix socket for the nix daemon should ever be in a non-standard location ie, not in /nix/var/nix/daemon-socket/socket
ssh -N would then just be enough, no shell or starting nix-daemon involved, idk if there are any odd cases
and migrating this to libssh is also iirc possible That would require a third remote protocol | 13:28:53 |
| K900 | But yes probably doable | 13:29:01 |
| helle (just a stray cat girl) | we thought that what nix-daemon --stdio did was the same as what was communicated over the unix pipe? | 13:29:30 |
| K900 | At least for some cases | 13:29:34 |
| helle (just a stray cat girl) | (only briefly read the code) | 13:29:40 |
| K900 | In reply to @helle:tacobelllabs.net
we thought that what nix-daemon --stdio did was the same as what was communicated over the unix pipe? Yes but we can't replace the existing protocols with "just talk to the daemon" because there may be no daemon | 13:30:00 |
| helle (just a stray cat girl) | ah, true | 13:30:07 |
| K900 | Or the daemon may be pointed at a different store | 13:30:10 |
| K900 | etc etc | 13:30:12 |
| K900 | So we can't just have that | 13:30:17 |
