1. 2

    Interesting work! What happens if I miss adding a dependency to inputs? Reading the comments implies that the main use case is to help problems when we don’t list them, but the blog post is silent on that.

    Also, it was really, really hard to read this page due to the dark background and small font. Switching to reader view in Firefox doesn’t help much, as examples get mangled :(

    1. 1

      What happens if I miss adding a dependency to inputs? … the blog post is silent on that.

      It’ll error and block the build. The repo has a runnable demo with output examples for immediate curiosity. I’m starting with a simple/clean case for the first post because I didn’t have anything this straightforward to point people at for the most-basic concepts. I intend to do a post (and maybe a stream/video?) on the ~process of packaging something (i.e., incremental, with mistakes, etc.) soon.

      Also, it was really, really hard to read this page due to the dark background and small font. Switching to reader view in Firefox doesn’t help much, as examples get mangled :(

      Thanks for mentioning this. I haven’t blogged in several years, and it’s my first new post since porting everything out of a number of Tumblr blogs. I’m still ironing things out. I’ll take a look at how the readers work and see if I can fix up the examples there–that’s hopefully an easier first fix.

    1. 1

      Nix has makeWrapper that should help with this. It creates wrapper that sets environment to correct values, so all subprograms would be executed using correct paths. Maybe that would be useful for you?

      1. 1

        Author here. Mostly echoing zimbatm, but: makeWrapper is great for simple executable scripts, especially those you wrote yourself, where you have strong knowledge about what they’ll run under what conditions.

        The case that motivated me, personally, is shell libraries, in particular some shell profile modules I’ve been working on. Since a shell library shares environment/state with anything that sources it, idiomatic PATH manipulation can obviously cause trouble, and you can (at least in theory) have issues mixing libraries that intend to use different sources for the same command (the resholve repo/CI has a contrived demo using openssl/libressl).

        It’s also, as zimbatm notes, useful when packaging complex scripts that you don’t know like the back of your hand. It’s easy to miss them when they’re off the obvious path (or even just beyond <command> --help). I’ve found undeclared dependencies in all 4 of the shell packages that I’ve identified in nixpkgs and started converting to use resholve.

        1. 1

          What zimbatm said. Concretely, this is really useful in cases where you’re writing scripts that execute in stage-1/stage-2 of boot, or other annoying-to-test places. Guaranteeing you have identified and included all your dependencies is very powerful, and can save an hour plus in cycle time for each problem it catches.

          1. 1

            They are sort of complementary.

            makeWrapper is used in a lot of places in nixpkgs and works as intended. It requires the packager to know all of the dependencies in advance and put them use wrapProgram to append them to the PATH.

            What happens in practice is that not all code paths are executed during manual testing and some hidden dependency is only found out later. Or the package gets upgraded and the reviewer doesn’t spot the additional dependency.

            As I understand it, resholve allows to scan the program and look ahead, increasing the likelihood that all the runtime dependencies are being found.

          1. 2

            Reminded me of https://xon.sh :)

            1. 3

              I wouldn’t have made the connection before now, but I guess there’s a sense in which this is like PR.

              In the abstract, PR is about identifying your organization’s various publics, researching those relationships and patterns to understand them, and managing those relationships.

              In reality, the organization’s imperatives will usually win any clash. Anyone who makes the mistake of understanding the user/client/customer/public is likely to be called on to manipulate them, sooner or later.

              1. 1

                The article’s been removed and reposted as https://rpeszek.github.io/posts/2021-01-17-maybe-overuse.html, apparently

                1. 20

                  You don’t need a blockchain for a verifiable voting process. Even though I’m a big fan of mathematically provable accuracy, much simpler changes in the US-voting process would already provide a huge overall improvement.

                  I am content with the voting procedures in Germany, where you don’t have huge counting facilities but break it down into small stations where only 200-400 votes each are counted, and every citizen allowed to vote is assigned to one station only. The process (voting and counting) is completely public and you can witness it as long as you don’t interfere in the process. If you place your vote your name is checked off on the list, greatly reducing the risk of double-voting. Mail-in-voting is also possible, but then you are not allowed to cast a vote in person and you must have applied for the mail-in-ballot weeks before the election.

                  Germany has 80 million inhabitants, but given these circumstances, you can easily validate an election with a relatively small number of poll watchers. I don’t know why the US is using counting machines, has no voter-ID and accumulates everything into huge counting facilities. If it’s not malfeasance, it’s incompetence at best.

                  1. 2

                    I you haven’t watched this documentary about how US elections work, I truly and strongly recommend you to do so. Such system doesn’t need “simple changes”, it needs to stop being used at all. And it’s not about a partisan discussion between company A or B favouring party X or Y, it’s a huge global concern.

                    The process (voting and counting) is completely public and you can witness it

                    That’s exactly what a blockchain allows you to do, in real time and also globally. Any external observer can audit and monitor the whole process, and not just one polling station.

                    Mail-in-voting is also possible

                    By using blockchain tools you don’t need mail voting in the first place, basically because you can vote from wherever you want. The key difference is that you can verify inclusion of your vote for yourself. In mail voting, you simply hope that it will reach the polling station on time (if at all), that it won’t be opened, disclosed, tampered with, dismissed, etc.

                    Blockchain will not be the solution for everything, but payments, notarization, contracts and governance are among the best use cases that you can find for it, as of today.

                    1. 26

                      That’s exactly what a blockchain allows you to do, in real time and also globally.

                      No it does not. It allows people with a certain depth of understanding of a complex technology to do that. Not the general public, which is what /u/FRIGN is talking about. As somebody who has counted votes in a German elections a few times I can tell you the system works and is understandable by anyone. Blockchains or even computers are def. not.

                      1. 5

                        Exactly. I’ve thought along similar lines (we could have mathematically secure elections, asset transfers, etc.) except that the layperson barely understands computers, let alone crytographic keychains, private keys, the necessity to keep said private key safe and accessible, etc.. All of these solutions take for granted there’s ubiquitous+secure cryptographic identities for everyone, which alone is a logistical nightmare. My parents certainly couldn’t understand it, and would certainly lose their keypair or have it stolen.

                        Paper is simple, universally understood, and difficult to make fraudulent at scale.

                        1. 4

                          This highlights the problems with pushing electronic voting now. Even if you have a perfectly accurate system, it can only be trusted by a limited amount of specialized individuals, and not the majority of the populace. For e-voting to be viable, you have to grow a new society that can understand how such processes work. That will take a very long time, I’d say 100 years at least. That doesn’t mean that it isn’t worth exploring e-voting now (to the contrary, I think that research in this area is very important for future trust), but I think that trying to push for utilization now is useless and even harmful for it.

                          1. 3

                            Right. Chase the magic out of the system.

                            I’ve daydreamed about whether there are some wins to be had by grafting cryptographic processes in on top of paper ballots (themselves, but also the whole chain of custody) in a way that actually helps chase more magic out of the system… (but taking care to avoid some pitfalls around making coercion easier)

                            Regardless of the crypto, though, at least one problem is designing a process that is resilient to the kinds of low-probability events that are likely to happen somewhere during larger elections.

                            1. 1

                              Personally I don’t really understand this “everyone must understand the process” argument. There are plenty of elements in a modern life where we need to act based on faith in the system.

                              I refuse to acknowledge that elections can’t be one of them, if an electoral process would be at least as convenient and safe as voting by mail.

                              The biggest issue by far, in my opinion, in today’s politics is that the public at large is mostly uninterested in casting their ballot, and that anything we can do to increase the number of people participating should be done without thinking twice. When presidents are being elected with the vote of one third of the population, that is a serious problem. When laws get passed by people elected by a legislative group that reached barely 20% of the population, that’s really, really bad.

                              An electronic system could even supplant a whole electoral college in my opinion. Having every citizen be able to cast their ballot in 5 minutes would lead to a truly democratic process, where no representative needs to be voted in office and squander public money.

                              It’s baffling to me that in today’s age people are clinging to these antiquated methods, and instead of trying to find viable solutions, the large majority hides behind the “vast amount” of literature speaking against using blockchain technology for voting.

                              1. 2

                                Personally I don’t really understand this “everyone must understand the process” argument. There are plenty of elements in a modern life where we need to act based on faith in the system. I refuse to acknowledge that elections can’t be one of them, if an electoral process would be at least as convenient and safe as voting by mail.

                                You are entitled to that opinion, but it is a very weak argument. You are basically saying that we should replace a working and trusted system with one that nobody can really understand just because we can and because other systems are opaque too? That makes no sense, sorry.

                                The biggest issue by far, in my opinion, in today’s politics is that the public at large is mostly uninterested in casting their ballot, and that anything we can do to increase the number of people participating should be done without thinking twice. When presidents are being elected with the vote of one third of the population, that is a serious problem. When laws get passed by people elected by a legislative group that reached barely 20% of the population, that’s really, really bad.

                                Sure, blockchains are not going to do any of that. Not one bit of it. These problems are completely orthogonal to the discussion of using blockchains for political elections. Do you think even one person from the non-voting part of the general public is going to the election because they use a blockchain? I am sorry, but you are living in a bubble if you honestly believe that.

                                It’s baffling to me that in today’s age people are clinging to these antiquated methods, and instead of trying to find viable solutions, the large majority hides behind the “vast amount” of literature speaking against using blockchain technology for voting.

                                You have not come up with one example where the blockchains solves anything that you list in the paragraph above this. Just because something is old, does not mean it is bad. The new and shiny normally comes with new problems. Understandability is one of them in this case that you just glance over. Why you do that is unclear, but I guss you just want blockchain b/c it is cool.

                                1. 1

                                  I’m not saying we should replace working system, like tomorrow. What I’m saying is that we should be working in finding alternatives that ensure a wider participation in the electoral process, and once they are proved to be fool proof then maybe yes we can replace the good old paper ballots.

                                  Also I’m not saying that the blockchain is the way to do it, like I mentioned in a different message in the thread, I don’t have any knowledge in that area. What I’m saying is that people hide behind the excuse that blockchain is not viable instead of trying to find alternatives.

                                  And the way you’re misinterpreting my words through your own bias is painful and offensive.

                        1. 1

                          I don’t have as much time as I’d like to unpack what I mean so I’ll risk being too pithy: I guess DRY may be (amusingly?) focused on the wrong abstraction layer?

                          It isn’t about the logistics of repetition; it’s about the semantics of it.

                          It isn’t that you shouldn’t repeat yourself–it’s that you shouldn’t rephrase yourself?

                          1. 3

                            Hopefully putting the cherry on a rework/reorg/rename of the flags and envs for a CLI tool I’ve been working on this year (roughly: it rewrites command invocations in shell scripts to absolute paths).

                            It has been a little tiring and hard to focus on for a few reasons:

                            • It’s in some of my personal weak/blind spots:
                              • I’m prone to analysis-paralysis
                              • I have a hard time categorizing things (maybe “separating” things?)
                              • My background is writing/editing (poetry, specifically); the part of me that ~needs to find The Right Word can be hard to disengage once it’s activated.
                            • Because shell, there are a fair number of patterns it has to treat as blocking errors until the user disambiguates how it should handle them. Most of these don’t have obvious names. Some were obvious early on (such as using a variable as a command, like $GIT_COMMAND) but a fair number just emerge from use. To avoid some of my weak/blind spots I just gave these hasty ad-hoc names during initial dev.
                            • There’s some pent-up demand, so I’m putting more pressure on myself than I usually would to rip the bandaid off, rather than iterate in public and repeatedly breaking existing uses.

                            Initially I was trying to iterate directly on the arg-parsing code, but I eventually settled on writing the manpage to stay focused on the concepts. I think I dragged my feet for long enough that the major patterns have all emerged.

                            Now, it’s ~time to actually implement the argument processing and do any related refactoring. :)

                            1. 1

                              I did better than I hoped :)

                              General rename of options, refactor of option code, and most related busywork done.

                            1. 6

                              I like it.

                              This general space (maybe “reheating cold context”?) has been interesting to me (read: my achilles’ heel?) for a while.

                              Things I already do or have done:

                              • open a terminal tab for a distinct project (sometimes more than one, for distinct sub-tasks/sub-projects)
                              • keep tabs around for ongoing but inactive projects, so that I can review what I was doing
                              • working on a project-oriented shell-history module to help sand down some rough edges for the above
                              • working on an ST3 extension to sand down some sharp edges around ST3 projects (group multiple to open/close them together; have a persistent list of these meta projects that won’t get scrolled off of the recent-project list each time I open a bunch of related work projects…)

                              I’ve also daydreamed about:

                              • some sort of editor plugin/extension that keeps a contextual log of what you’ve been touching
                              • some affordance for annotating shell history, and probably for grouping+annotating common command sequences (probably eventually part of or paired with the shell-history module) that (ideally) does things like:
                                • passively notice common patterns and prompt me to annotate them (I notice you run these 4 commands in this order a lot; would you like me to help you annotate it, create a shortcut (script? function? alias?) and remind you about it when I see you manually run the commands?)
                                • make it easy to see annotations + context (frequency, location, project, etc) by command/directory/project/etc.
                                • maybe notice when I’m fumbling around with a command (you probably don’t need two guesses :)
                                • maybe append/prepend/wrap/annotate the syntax help or manpage with my own invocations
                              1. 12

                                I am a bash history junkie somehow; I’d rather have one-liners in my history when I notice they are long but simple to come up with (e.g. find usages with several options). That means I don’t need to pollute $PATH with writable directories in order to reach these commands from the current working directory.

                                So, far from being an automated process, when I notice I will need to run my-lengthy-one-liner more than once over the next couple of hours, I annotate them like this:

                                : mnemonic ; my-lengthy-one-liner
                                

                                Then I can search for mnemonic on my shell history anytime I want to use that command.

                                1. 2

                                  Oh, wow, that’s brilliant, thanks for sharing!

                                2. 2

                                  maybe notice when I’m fumbling around with a command (you probably don’t need two guesses :)

                                  perhaps you want one or both of tldr and thefuck?

                                  brew install tldr

                                  https://github.com/nvbn/thefuck

                                  1. 2

                                    Some useful tips there. I also keep tabs around (browser and terminal).

                                    Terminal: it certainly helps being able to rename the title so context shows up in the tab. There is also a way to add colour to iTerm2 tabs for almost a tag system. 1

                                    Browser-wise I use Tree-Style Tabs which allows me to set a project “parent” tab, say the git repo, and then collapse it’s children when I’m not working on it.

                                    As for shell history, I often find myself doing things along the lines of

                                    % command -with weird -flags i -wont remember # some additional context here about what I’m doing so all my notes get written to my eternal shell history (which is also in git)
                                    
                                  1. 10

                                    For static website you can just S3 + cloudfront without needing a compute service. Probably a lot cheaper also

                                    1. 3

                                      Less effort and cheaper. Unless a Rube Goldberg award is your goal. ;)

                                      1. 3

                                        Well, learning is fun, but this tip reminds me that I should get my tech blog up running again. Using S3 & Cloudfront, probably.

                                        1. 3

                                          That’s the great thing about static websites: there are so many possible options for building and hosting them.

                                          On the subject of containers, I was pleasantly surprised by Netlify’s approach. It will happily spawn containers for you and let you run any custom script in them. The only fixed part is a TOML file where you tell it what to run and what directory to deploy. How the rest of the build process works is up to you.

                                          [build]
                                            publish = "build/"
                                            command = "./netlify.sh"
                                          

                                          The only annoying part is that it only offers a Ubuntu 16 image.

                                        2. 2

                                          You probably need Route53 as well.

                                          The monthly cost of one of my low traffic webpages is:

                                          • Domain name: 1,26$
                                          • AWS Route53: 0.5€
                                          • AWS S3: 0.01$
                                          • AWS Cloudfront: 0.01$

                                          Sum: 1,78$. Most of it is domain costs.

                                          I didn’t do much posting this year, so not much S3/Cloudfront costs arose. When I was posting more often, and had to invalidate cache multiple times because corrections/multiple publications in a spree/testing robots processing RSS feed, then sometimes the combined S3+Cloudfront cost reached over 0.1$!

                                          Also this setup scales basically infinitely (but then costs also rise), won’t be slashdotted, unlike nginx running on a potato tier VM.

                                          1. 2

                                            Or GitHub Pages/Netlify. Completely free.

                                            1. 2

                                              True. Both github and gitlab pages are free options that you can just slap a domain on top.

                                              1. 1

                                                And using existing workflows like peaceiris/actions-gh-pages makes that even easier.

                                                This is what I do for my own website, which is built off this template repository. Click the green button “Use this template”, and you got a static site up and running within a minute.

                                              2. 1

                                                If you’d like to row against Big *aaS but prefer the pricing model, I’ve been pretty happy with hosting many of my simple (static and dynamic) sites at nearlyfreespeech.net (for over a decade now, I guess!)

                                                (Not being a purist, here; I use Big *aaS in my personal infra where it makes sense.)

                                              1. 14

                                                Tired of Terminal UIs based on ncurses or blessed? With Fig, you can use modern web technologies like HTML, CSS and JavaScript instead.

                                                I suppose I’m not in the target audience as I really don’t see using web technologies as a feature over TUIs.

                                                1. 5

                                                  Eh, the idea seems brilliant to me, honestly; there are a few tools I just don’t use often enough to fully remember their CLIs, so having an ad hoc, simple GUI for those would be a huge boon, letting me stick with the CLI tool, but not (necessarily) have to read the man pages each time. Having that outside the terminal so I can see the command line being built also makes sense. But I’m with you that full-blown HTML for the UI seems a bit heavy to me.

                                                  1. 1

                                                    When I saw it, I thought of a co-worker who’s wondered about how to span the gulf between scripts/utilities we can readily write and run, and utilities that non-programmers doing video production can handle.

                                                1. 2

                                                  Wow, this is amazing! Despite working on a Unix shell since 2016, I’ve never seen this paper. [1]

                                                  The paper I think of when I think of Thompson’s shell is “The Unix Time-Sharing System”: https://dsf.berkeley.edu/cs262/unix.pdf

                                                  Section 6 talks about the shell. It talks about command lookup, redirections, pipelines, semicolon / ampersand, and subshells.

                                                  OK that is most of what this paper talks about, but it also has the minor detail of >> for append, the if statement, and goto (which are mentioned but not demonstrated in the former paper).

                                                  It also has the : no-op / null command .

                                                  And it talks about globs, but doesn’t demonstrate them.


                                                  Most importantly, it begins and ends with a “sermonette” on program design! Having only byte streams is a feature not a bug.

                                                  I probably have to write a blog post about this, but I noticed the top comment in this thread on “wishlist OS design” is in total opposition to that:

                                                  https://lobste.rs/s/jr4crd/what_should_new_os_have#c_3cjpzs

                                                  Files can have structure! And they do. But the kernel should not know about that structure. Higher levels of the OS can take care of that.

                                                  This is exactly the philosophy behind QSN [2] and QTSV. A QSN string is still a string. Similar to how all ASCII strings are UTF-8 strings (another Thompson design).


                                                  [1] And despite archiving some history here, including on Thompson’s regex, and Korn shell:

                                                  http://www.oilshell.org/archive/

                                                  [2] http://www.oilshell.org/release/latest/doc/qsn.html

                                                  1. 4

                                                    In your defense, this looks to be fairly hard to find…

                                                    Along with qmacro, I read the first paragraph and wanted to read more. I was too lazy to go pull this up on my desktop, but the image size and format was a bit tedious on my laptop, so I went hunting for a PDF.

                                                    For anyone more industrious and/or connected…

                                                    1. 2

                                                      Aha. @susam thankfully mooted my effort :)

                                                    2. 3

                                                      “Sermonette” - very appropriate and thank you for ensuring I focused on the first bit instead of just diving into the main body. I have read the first paragraph over and over again, I dunno whether it’s the coffee I’ve had but I find it to be beautifully constructed, playful, and yet laced with absolute seriousness. Here’s that paragraph in copy/pasteable form (the first sentence alone is, to me, very quoteworthy!):

                                                      A program is generally exponentially complicated by the number of notions that it invents for itself. To reduce this complication to a minimum, you have to make the number of notions zero or one, which are two numbers that can be raised to any power without disturbing this concept. Since you cannot achieve much with zero notions, it is my belief that you should base systems on a single notion.

                                                    1. 1

                                                      From the Wayback Machine link in this post:

                                                      The first ever paper that was published on the UNIX shell. This typed copy was published in Infotech State of the Art Report: Structured Programming.

                                                      Uploaded with permission from original author Ken Thompson.

                                                      Uploaded by wesleyneo on February 10, 2018

                                                      1. 4

                                                        Last night, I got Ken Thompson’s permission to combine the scanned images into a single PDF document and redistribute it on the Internet. The combined PDF is available here: github.com/susam/tucl.

                                                        1. 2

                                                          Thank you! I was finding the image format a bit tedious and burned a bit of time looking for any other copies.

                                                      1. 3

                                                        I would later learn that the more you buy into NixOS’s declarative model, the more utopian it becomes.

                                                        There’s a part of my experience with Nix that I haven’t formulated in a way that completely satisfies me:

                                                        • Nix wants to eat the world
                                                        • Nix is like ice-nine

                                                        I see imperative Nix as a misfeature, but since you can use it imperatively I should clarify that I mean something more woo like the essence of Nix–so “Nix” in these comparisons may function more like the adjective “pythonic” (gag).

                                                        I mean this in good/bad/neutral ways. It’s distinct enough (philosophically?) that the boundaries between it and anything that hasn’t been (or can’t be) nixified often seem untenable (roughly: awkward in some way that will inevitably lead you to nixify it or be frustrated by your inability or its impossibility). I see this as a long-term good, but in the short term it can create a frustrating cascade or treadmill of nixification until you aren’t in regular contact with awkward boundary zones.

                                                        1. 2

                                                          Stuff like this is why I find shell fun to monkey with (which is different from finding it fun to debug or do Big Things in). I can’t really defend the metaphor, but I think of it as like playing with clay or legos.

                                                          1. 4

                                                            I tried nix as an OS a while ago, but the biggest block for me was the total lack of doc.

                                                            Like, the only recommendation I got from every other NixOS user was “just look through people’s nix config files”.

                                                            No?

                                                            When I want to install and configure a package, I want to know what I can or cannot do in the configuration, and looking through someone who installs it themselves will only show me what can be done their way, nothing else.

                                                            Maybe, once NixOS and Nix will get a decent document I may try again.

                                                            1. 9

                                                              I disagree that “total lack of docs” is a fair characterization. I think its more subtle than that.

                                                              There’s huge manual, which explains everything: https://nixos.org/manual/nixos/stable/index.html. There’s also “API reference” documentation, in the form of Options Search.

                                                              The two things are lacking though:

                                                              • bite-sized guides explaining how to do a specific things (django guides or archi-linux wiki are prime examples). This is a bit of the ecosystem which I think is missing (but somewhat compensated for by an excellent discourse).
                                                              • source-level documentation on how to build modified version of each specific package (ie, how do I build foo, but using my own fork of source code). But this is basically “building from source” territory: I think most of the systems require looking at the source at this level of customization?
                                                              1. 3

                                                                I agree with this caveat, but in my experience GP is still basically correct that “try to find a config that has already solved this” is a critical skill/step before you’ve built up enough steam to efficiently solve most problems yourself.

                                                                Maybe I’m part of the problem, here, but if someone asks questions like “is there a package for X?” or “has anyone configured Y?” and I don’t have personal experience with it, my first stop is usually a code search. And, if I find something good, my response is usually a link to the code search itself, so that the asker can see how to build queries like this going forward.

                                                                1. 4

                                                                  Fully agree! I should’ve made clear that I disagree with a specific point rather than with overall conclusion. Though, for me personally the trick is “ask stupid question on discourse” rather than code search.

                                                                  1. 2

                                                                    I thought the trick has always been to say “x can’t do y” and everyone will jump in to “correct” you and you get your answer without looking dumb.

                                                                2. 1

                                                                  OK, I wasn’t fair. There’s a setup doc and a “general random tips and docs about common tasks and softwares” dumped on one huge and unbookmarkable page.

                                                                  What about a software-specific configuration reference?

                                                                  Edit: for example, say I want to setup a wayland-based sway environment on top of nixos. I don’t even know if it’s supported by the system at hand, as it consistently pushes X11 forward.

                                                                  1. 1

                                                                    The options search I’ve mentioned above gives some info: https://search.nixos.org/options?show=programs.sway.enable&query=Sway&from=0&size=30&sort=relevance&channel=unstable#disabled

                                                                    programs.sway.enable

                                                                    Description

                                                                    Whether to enable Sway, the i3-compatible tiling Wayland compositor. You can manually launch Sway by executing “exec sway” on a TTY. Copy /etc/sway/config to ~/.config/sway/config to modify the default configuration. See https://github.com/swaywm/sway/wiki and “man 5 sway” for more information. Please have a look at the “extraSessionCommands” example for running programs natively under Wayland.

                                                                    I don’t know how complete or correct this is.

                                                              1. 9

                                                                Wanted to comment on the “Install Nix:” section since I helped narrowly with the Catalina installer update this May, just finished updating the Nix installer for Big Sur, and happen to be working this morning on a draft PR that may finally de-complicate Catalina+ installs.

                                                                This works.

                                                                Edit: I think I told a small lie; this method of install works, but the correct incantation is actually curl -L https://nixos.org/nix/install | sh :)

                                                                • Catalina with a T2 chip: sh <(curl -L https://nixos.org/nix/install) –darwin-use-unencrypted-nix-store-volume (according to the site, “unecrypted” is a misnomer as the chip will encrypt it anyway).

                                                                The scare-flag’s goal is to encourage anyone who cares (or is compelled to care by some policy) to go read the docs before installing. “Unencrypted” is only a ~misnomer for T2 macs and is quite accurate on non-T2 macs :)

                                                                • Catalina without a T2 chip: follow these instructions 4.

                                                                It isn’t this complicated/manual on a non-T2 Mac unless you use FileVault (in which case, the linked instructions are a good resource). If you do not use FileVault, sh <(curl -L https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume should be sufficient.

                                                                1. 1

                                                                  Thanks for the info! I’ll update the post later tonight.

                                                                  1. 1

                                                                    If you see it as an evergreen post, you may want to keep an eye on https://github.com/NixOS/nix/pull/4181. I can’t swear if/when it’ll land, but hopefully it’ll de-complicate things a little.

                                                                1. 8

                                                                  I was a little sad that this had nothing to do with nix the distribution/package manager/language. :)

                                                                  1. 5

                                                                    same here… It is probably good warning the author that choosing a name starting with nix, while there is a NixOs distribution, and a Nix language, with tools like nix repl, nix-build, nix-shell, nix-store, nix-env, nix-doc… that such a name may create confusion.

                                                                    Just my two cents.

                                                                    On the other side, while the *nix acronym was already used in the 2000s, instead of Nix/NixOs, they could have chosen Nyx (the goddess of the Night).

                                                                    That makes three cents.

                                                                    1. 4

                                                                      Better yet, there literally is a nix-info command, generally used for people to include information alongside issue reports.

                                                                      $ nix-info -m
                                                                       - system: `"x86_64-darwin"`
                                                                       - host os: `Darwin 19.5.0, macOS 10.15.5`
                                                                       - multi-user?: `no`
                                                                       - sandbox: `yes`
                                                                       - version: `nix-env (Nix) 2.3.4`
                                                                       - channels(abathur): `"darwin, nixpkgs-20.09pre237891.f9eba87bf03"`
                                                                       - nixpkgs: `/Users/abathur/.nix-defexpr/channels/nixpkgs`
                                                                      
                                                                    2. 2

                                                                      Exactly! I came across this crate when I was looking for Nix store support functions, and sadly it was not it. Also, it didn’t support FreeBSD, if I recall correctly, so the crate might be misnamed.

                                                                      1. 1

                                                                        Not misnamed, just not implemented yet. I feel like for the most part I have the Linux side covered, I still need to implement the BSD side of things.

                                                                        I’ve been very busy lately juggling around multiple projects and in real life things, I just haven’t found the time to implement it yet.

                                                                    1. 3

                                                                      While Nix is still the recommended way to install, we now also have auto-created Docker images for neuron.

                                                                      Thanks for doing this! I attempted to try out Neuron once before, and setting up Nix under macOS on an encrypted disk turned out to be a messy and scarcely documented process that I eventually gave up on. I’m looking forward to making another attempt.

                                                                      1. 5

                                                                        FWIW, if you tried installing Nix on Catalina before June, you may have more luck re-trying it now. There’s still one case the installer doesn’t really solve for–older pre-T2 hardware also using FileVault FDE–but if you don’t fit in that camp the experience shouldn’t be the disaster it was from October to May.

                                                                        1. 5

                                                                          I unfortunately am in that camp, but thank you for reminding me of exactly what the problematic case is. I may get my hands on a newer Mac soon.

                                                                          1. 3

                                                                            We got a tip on that case as well, but the only implementation I’m aware of yet is something in Ruby that was written for a company’s dev bootstrap scripts and we haven’t found someone with the time/interest/hardware to translate and test this yet. (TLDR; encrypting the new volume and putting the credential in the system keychain reportedly solves race-condition issues we’ve seen with the login keychain that have kept us from trying to handle that case yet).

                                                                            Someone recently expressed interest in tackling it, so I’m hopeful, but until there’s a PR I’ll try to avoid suggesting it’s right around the corner :)

                                                                            Oh. Also. A question mark we still have is whether anyone in this camp will object to the installer creating a new volume, generating an encryption passphrase without user input, and putting the credential into the system keychain on its own. Thoughts?

                                                                            1. 1

                                                                              That sounds great to me, assuming the the installer asks first. I haven’t had time to follow developments this issue on GH, so thank you for the excellent summary!

                                                                        2. 3

                                                                          Next step, someone needs to build a Whalebrew-friendly image based on Neuron’s or modify it to be compatible with Whalebrew.

                                                                          Edit: opened a feature suggestion ticket: https://github.com/srid/neuron/issues/307