Goddammit. I can see how this is convenient for Netflix subscribers in the short term. But this is yet another consolidation adding to the oppressive weight on consumers, and would-be competitors. For one thing, I’m sure this is going going to lead to higher Netflix subscription prices than we would have seen otherwise.

My recollection is in the mirror universe Worf has a huge battle cruiser, and keeps Garak on a chain. So that’s inconclusive I guess.

My understanding is that the NixOS Lutris package runs with a virtual FHS that is built with a selection of libraries for running Wine. I think that might mean it doesn’t hook up libraries that are configured with nix-ld. If the game runs with steam-app, but not with Lutris, then it sounds like there’s a library missing from the Lutris FHS.

You can override to fix that. Looking at the game logs could give you information about which libraries are missing. Or you could add in everything that steam-app uses, the way you configured nix-ld.

There’s a configuration snippet that might point you in the right direction in this thread: https://discourse.nixos.org/t/nix-overlay-to-change-fhs-environment/54139/2

No, if something goes wrong with the VPN then the confined service will be unable to reach the internet. The setup runs the confined process in a network namespace that does not have a route to your default wifi or ethernet interfaces. If the VPN interface isn’t set up correctly, or stops working there is no other route out.

You can test this with or without setting up VPN-Confinement. To do a quick test without any VPN setup, create a test service like this:

systemd.services.test-unit = {
  serviceConfig = {
    NetworkNamespacePath = "/run/netns/test";
    Type = "oneshot";
  };
  script = ''
    ${pkgs.iputils}/bin/ping 1.1.1.1
  '';
};

Create a matching network namespace that doesn’t route anywhere:

sudo ip netns add test

Then set the unit running, and watch its output:

sudo systemctl start test-unit.service
journalctl -u test-unit.service -f

You’ll see ping report that the network is unreachable. If you delete the namespace while ping is running it will continue to report that the network is unreachable.

sudo ip netns del test

(If you don’t want to bother with a systemd unit, you can run a process in a given network namespace using sudo ip netns exec <namespace> <command>. For example, sudo ip netns exec test ping 1.1.1.1.)

If the namespace wasn’t set up for whatever reason the confined service won’t start. (See the edit on the post.)

I also did some tests with the VPN-Confinement setup with this test unit:

systemd.services.test-unit = {
  serviceConfig = {
    Type = "oneshot";
  };
  script = ''
    while true; do
      ${pkgs.curl}/bin/curl https://am.i.mullvad.net/connected
      sleep 5
    done
  '';
  vpnConfinement = {
    enable = true;
    inherit vpnNamespace;
  };
};

If I set vpnNamespace to a name that doesn’t match a configured vpnNamespace then the service won’t start.

If I bring down the VPN namespace while that curl loop is running with sudo systemctl stop wg.service then test-unit also stops, because of the systemd dependencies that systemd.services.<name>.vpnConfinement sets up.

If I bring down the network namespace manually while the curl loop is running with sudo ip netns del wg then the curl loop keeps running, and continues to report that it is connected to Mullvad. I guess the network namespace continues to exist while a running process is using it.

If I bring down the VPN network interface with sudo ip -n wg link set dev wg0 down then curl fails with status=6/NOTCONFIGURED

I enjoyed Atlantis because so many of the episodes felt like emergency drills at a place where I used to work, and it made me feel right at home!

I’ve heard worrisome speculation about the white house working up to invading Venezuela. Supposedly officials are talking to oil industry executives about investment opportunities after a regime charge, and those conversations sound a lot like conversations that took place before the Iraq invasion.

Edit: Oh damn, the situation has escalated more than I realized https://unac.notowar.net/no-war-on-venezuela-all-out-for-a-week-of-emergency-protests/

Also the Social Security Administration, despite being a huge operation, runs with less than 1% overhead. And they get those checks out month after month. Medicare’s overhead is under 2%, compared to an average of 12% for private insurance, and polls seem to show people are more satisfied with Medicare than with private insurance.

I know the complaint that government is ineffective and inefficient is a classic - but it makes me wonder what programs that refers to? Maybe something in the Defense Department?

That’s peak game dev transparency

That’s the same thing they said about the cosmological constant!

It’s about the Dutch-style bike intersection, specifically the first one built in Montreal. It sort of extends bike lanes through the intersection. Instead of bikes and cars mixing in the entire square area of the intersection, there are concrete curb islands inside each corner of the intersection separating car lanes from bike lanes. Turning cars have to go around the inside of the islands, which makes drivers slow down which adds safety. Bike lanes are on the outer sides of the islands which reduces the distance cyclists have to ride where they might intersect with a car since cyclists are protected by the islands for parts of the crossing through the intersection. There are other interesections that use the same idea, but apply it to pedestrians rather than bikes.

Drivers complain that the design is a “labyrinth”. The video argues people will get used to it when there are more of these.

Left turns are intended to be two-phase, like with unprotected left-turn boxes. First you ride straight across the intersection. Then you stop in a box in the perpendicular bike lane on the other side, which is protected by one of those islands. The box provides space to turn left before stopping. Then when you get a green light for that direction you proceed.

Some cyclists seem to be confused about how left turns are supposed to work. One cyclist merged into traffic before turning, performing the turn in the car lane. Another cyclist crossed both lanes of car traffic before the intersection, rode across the intersection in the bike lane, but going the wrong direction, and finally turned left into the bike lane on the other side.

Ah, space interns! Sounds a bit like Prodigy season 2.

My god what is even the point now?

I haven’t gotten much into flake-parts, but my understanding is that it creates a module system very similar to NixOS modules and Home Manager modules. Except that instead of defining a system configuration, flake-parts modules define flake outputs.

So I don’t think you would use it in your NixOS configuration. If your configuration uses a flake there might be use cases for using it at the flake level. For example your flake defines a nixosConfigurations output, which is a set with an attribute for each host. If you had some unusually complicated code in that flake output you might use flake-parts to modularize it.

Or I suppose flake-parts is largely aimed at simplifying per-system outputs like packages and devShells. Once again, if you wanted to split those definitions over multiple files flake-parts can do that. Or you can use it just to get flake-parts’ eachDefaultSystem helper if you don’t want to use equivalent functionality from flake-utils, or the built-in genAttrs function.

Although I love the NixOS module system, I haven’t used flake-parts because I haven’t had a case where I want reusable modules in the context of flake outputs. Usually my flakes are a pretty uncomplicated combination of genAttrs, basic devShells, basic overlays, and package expressions that I build with callPackage.

I like using leap.nvim for this since it has an added feature where you can select the node you want in one step by typing a two-letter label.

There is a similar feature in flash.nvim.

Well you’ve got one visitor currently cranking it lol

I came here to make the same comment lol. My dog does look pretty unhappy when there is string in the butt.

The First Lady of Ferenginar?

Lol! I think it’s a nice car because it’s the car I’ve always wanted: a small electric hatchback.

We have a dog

It’s a Chevy Bolt