[Nix-dev] The Church of Suckless NixOS is looking for followers
Lluís Batlle i Rossell
viric at viric.name
Sun Mar 19 13:34:21 CET 2017
Hello,
I didn't read the long post, but based on the title it may be of your
interest what I wrote years ago: nanonixos.
http://viric.name/cgi-bin/nanonixos/doc/trunk/doc/home.wiki
It's very outdated. Pick nixpkgs commits from those dates to make it work.
It is a cross-built nixos for the Ben Nanonote. There is very little
amount of code. It worked well enough for me.
That may be way more "suckless" than you may be used to use. :)
Regards,
Lluís.
On Fri, Mar 17, 2017 at 02:00:00PM +0000, Jan Malakhovski wrote:
> <IamThePope>
> Brothers and Sisters!
>
> I think I reached the point of no-return w.r.t. not being able to
> tolerate systemd on my machines any longer after systemd devs dropped
> utmp. I don't want to replace finely matured portable UNIX utils
> produced by The Old Gods for the sake of making a bunch of crazy people
> into The New Gods. And, as it turns out, I'm not alone.
>
> And so we (I and a couple of anonymous friends) are pleased to announce
> the establishment of The Church of Suckless NixOS ("SLNOS" for short).
>
> * Our common goal is to have fun (see below) and to get a NixOS system
> that can run using only suckless tools [1].
>
> * Some of us want to drop GRUB in favor of running on top of minimal
> Xen payload on Coreboot firmware and isolate everything like in
> QubesOS, but we are not united on that point at this point. (Yes, we
> are aware of Heads:ROM, thank you, we are discussing all of this.)
>
> * We like LISP, but we don't think package expressions should be written
> in LISP just for the sake of LISP. Nor do we like the bloated GNU
> tools. GuixSD is out of question.
>
> For now we have a couple of proposals for the general NixOS community.
>
> # The Systemd part
>
> In short, we propose:
>
> (1) to reimplement full dependency tracking in nix (should replace
> `strings-with-deps.nix`) with `toposort`,
>
> (2) return the old `system.jobs` under another name (for backwards
> compatibility), but with most of that `system.systemd` now provides,
>
> (3) reimplement all the services we use with "system.jobs",
>
> (4) implement
>
> ~~~~
> {
> # use OpenRC instead of systemd
> system.initd = "openrc";
> }
> ~~~~
>
> and
>
> ~~~~
> {
> # toposort `system.jobs` and render static
> # init script for suckless.org initd
> # (a page of nix code and a page of C code
> # instead of systemd, yay!)
> system.initd = "static";
> }
> ~~~~
>
> The (1) can then be used to get dependency tracking in `initrd` for free
> too.
>
> As we see it, implementing the infrastructure (1)-(2) is a couple of
> days of work, but reimplementing services (3) will need lots of effort
> for very systemd specific, highly cgrouped and socket-activated
> services, and (4) requires writing an alternative activation script.
>
> SLNOS will reimplement that for the services we use whenever you like it
> or not (in fact, we already implemented a part of (1) because we wanted
> encryption on networking `fileSystems` (LUKS over nbd) in initrd, but
> never even proposed those changes to upstream because merging simple
> `toposort` for `fileSystems` took a year).
>
> But we want to know how many people here are like-minded and would like
> to join our SLNOS effort.
>
> The following template answers were proposed by our current members for
> your convenience:
>
> * Poettering is my New God! PulseAudio! Avahi! Systemd! PulseAudio!
> Avahi! Systemd! DBus for the Kernel! utmp is for old people! All
> computers are laptops! All initds should include Udev, DBus, and do
> DHCP and DNS-resolver, this is what initds are for! Merging this
> upstream would be blasphemy! Burn it! Burn it with fire!
>
> * I don't care, but am willing to break UNIX-like part of GNU/Linux for
> posterity. [2]
>
> If one of these templates covers your feelings you can reply-to-only-me
> not to spam the list.
>
> If there are enough interested people we will organize a public SLNOS
> repo thing as soon as we produce something substantial that can be read
> by other people.
>
> General thoughts and pointers to anything in current or nearly-current
> NixOS that might become a general snag for this effort are very welcome.
>
> If you have an idea for a simpler solution to the no-systemd problem you
> are very welcome too.
>
> Bikeshedding of "`toposort` is too slow, not gonna work" and
> "toposorting should be done at runtime" kinds are not welcome. Just go
> and measure first. And it should not. Works fine for us. If it's slow on
> your graphs, then just implement builtin `toposort` into nix.
>
> # The Nix part
>
> Or even better: generalize closure generation by splitting it into
> `toposort` and `depends-on` relation on paths, expose both via builtins,
> reimplement closure generation in lib.
>
> Then proceed to implementing half of `nix-store` commands on top of that
> infrastructure instead, which would allow to customize `nix-store` with
> nix code. For instance, want to GC as usual, but always leave source
> tarballs intact (some of us do exactly that with hacks)? Easy. Want
> custom queries? Trivial. Just imagine:
>
> * `nix-store --gc -A gc-no-src` (`--gc` gives gc roots to `gc-no-src`
> and checks `gc-no-src` doesn't leave any orphans with its returned
> list of to-be-removed paths, then cleans them up as usual),
>
> * `nix-store --gc -A gc-no-src $derivations` (as before, but start
> collecting from `$derivations`)
>
> * `nix-store --realize -A list-all-sources $derivation` (run
> `list-all-sources` on `$derivation` and realize all those paths. yes,
> this can be done with a crazy shell command already, but this is much
> more generic)
>
> * now the blasphemous idea trivially follows from above: `nix-store
> --realize -A list-all-sources` (realize all gc roots, this is actually
> useful sometimes)
>
> At SLNOS we sure like to have something like this, but not sure we want
> to implement this ourselves, we can live with just `toposort`.
>
> # The Later part
>
> We want suckless tools instead of GNU. Sh instead of Bash. Coreboot
> instead of GRUB and BIOS and so on.
>
> But getting rid of Systemd is a priority.
>
> # The Organizational part
>
> I (@oxij) am somewhat active in NixOS and am okay with sacrificing my
> privacy w.r.t. NixOS to be the public face of SLNOS, but my friends are
> not and wish to stay anonymous.
>
> If you wish to participate publicly - you're welcome! You can even
> ignore SLNOS and push the same agenda via PRs to nixpkgs yourself.
> Having substring "SLNOS" or mentioning other public members (currently
> only me) somewhere in your PR message so that we could grep nixpkgs
> issues and review your PR would be nice, but not required.
>
> If you too wish to anonymously join our Church to anonymously submit
> patches to SLNOS you can write to The Pope
>
> Address: The Pope of SLNOS <slnos at oxij.org>
> GPG ID: 0x23C376668F6C7ECE available from keyservers and attached
> Key fingerprint = 6345 FF85 C3FC 22DD A7DC AF02 23C3 7666 8F6C 7ECE
>
> Attach you public key to your email and don't ever sign this key with
> your key (unless you know how to do local signatures in gpg), unless
> you want The Pope to accidentally leak that metadata to keyservers.
>
> Give up to two weeks for delivery.
>
> Short-term keys are available on request (no idea why you'd need them
> for just submiting patches, but if you want to piss off NSA we are
> fine with that, whatever).
>
> Check that you client can encrypt attachments before sending patches!
>
> Or ping The Pope via Tox
>
> 267496CAC570829CA53F0B697DECA3E04ADD672A4841DA4DA4A6166AB98877475B90EE3BF15B
>
> and send patches there.
>
> However, be aware that Tox currently is not as secure as GPG with
> short-term keys and is a subject to KCI attacks if you (or we) loose
> your (our) private keys. GPG + email via remailers is better, but
> needs care not to leak metadata and much less convenient.
>
> BitMessage conference, I2P-bote, SMTP, Git and "fuck all that, that's
> too complicated, lets just netcat/socat" over Tor/I2P might be available
> on request via encrypted email/Tox after you prove you are able to set
> any of that up (we have patches for NixOS that do some of that for you
> and will probably publish them later, however).
>
> By joining anonymous part of SLNOS you agree
>
> * that all your patches are to be published under a single common name
> of "The Pope of SLNOS",
>
> * that you don't actually exist, you assign all copyright of you patches
> to The Pope, all your work is done by The Pope, and you would never
> advertise your participation in SLNOS in such a way that it can be
> linked to any part of the work you did (claiming that "I'm am a member
> of SLNOS" is ok, "I wrote that patch" is not), because you did none of
> the work,
>
> * that The Pope can reject your patches for both technical and metadata
> reasons (think if anything in your code is different from average, do
> a web/code search and ask yourself if any results are related to you,
> if they are, the patch needs to be rewritten)
>
> * that The Pope can change anything in your patches before publishing
> them (for technical reasons, to not leak metadata, and against
> stylometry)
>
> * that you might not ever communicate with any other participants of
> SLNOS unless that desire is mutual, if you don't know any other
> anonymous SLNOS members already, the most likely scenario you won't
> know ever.
>
> Cheers, ahem, Amen,
> The Pope
> </IamThePope>
>
> As of this moment I relinquish my status as The Pope and share The
> Pope's private keys with the current members of SLNOS.
>
> Cheers,
> Jan
>
> # FAQ
>
> * Q: What the hell?
>
> A: We are having fun with modern privacy tools, security culture
> methods and simple suckless software. (You might need these skills in
> the coming "1984", though.) Not interested? Join publicly or just
> proceed your own way.
>
> * Q: What the hell was that <IamThePope> thing?
>
> A: We published our desire to push the agenda of The Church of
> Suckless NixOS and created and published public keys of a pseudonymous
> organization named "The Pope of SLNOS". Patches of said organization
> are to be made by the collective of the unknown number of members.
>
> * Q: Why?
>
> A: Because some of us proposed patches that might, arguably, create
> some problems IRL for their authors. These people don't want to use
> complicated tools (auditing the output of `git format-patch` and
> sending it via internal Tor/I2P is trivial, having secure Git channel
> to the clearnet is not) and to leave the darknet for obvious reasons.
> GitHub doesn't have the I2P address for netcating formatted patches,
> creating PRs with turned off JS is a pain, and so having some
> dedicated members to interface with the public is useful.
>
> * Q: You must have some hidden agenda! Some of you have something to
> hide! Russian/Slavic Hackers! Criminals! Right?
>
> A: Nope. We're just having fun (and defending privacy of our less
> fortunate friends).
>
> * Q: I want to join to talk to other anonymous members! Can I?
>
> A: Nope. For the general public currently there's only @oxij, who was
> our Pope for a couple of hours while composing this email. In fact, as
> noticed above, no other members of SLNOS even exist.
>
> But you can spend some of your time on lesser known clearnet and some
> darknet forums/imageboards and BitMessage channels (not giving links,
> sorry. do your own research). We lurk there too. There are lots of
> people that like to have that kind of fun there, most use Gentoo (you
> guessed it! because of systemd), but some threads even mention NixOS,
> this is how some of us met.
>
> * Q: Hm, okay. Why did you advertise here then? Isn't this against
> security culture?
>
> A: Yes, actually. But we hate merging, and so we decided to sacrifice
> @oxij to the NSA in the hope of getting some upstream support for our
> efforts.
>
> Note, however, that everyone, including @oxij, gets deniability in
> case we implement something that would piss off some three letter
> agency. Not that we actually plan to. We are just having fun.
>
> * Q: Why The Church thing?
>
> A: Because we are having fun. Consider it to be a joke unless
> religious cults get lawful benefits in your country/state.
>
> * Q: So what's the plan?
>
> A: We wait and see if there's interest. If there is, we setup
> something public in the clearnet. If there isn't then all of this was
> a joke by @oxij.
>
> [1] http://suckless.org/
> [2] http://suckless.org/sucks/systemd
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mQENBFjL2dEBCADi6MUn9A41tcDMtBFJrwwAZkqEJUqbx8GbWLqDWHmehDRbwSas
> /CRmUZ6KRxaYR1ap11S2Ocrkxok9wYSpUKwwBNGAliVAR4+/1pqwN5qBNUVk9z8F
> 1RD0lp0WZD5tRh0cxyOhNH9BMSM2XIxJJnEo0DAb51zk6Lfna11WqlX9qNJNq19X
> 8DTRXWT7ayceaZ7wmq6J/CTMZp3vuIC8SxZA0/nKfpNiyW69n8/Xl4Fy3+UEf1lc
> q2W3Cwo9VnaTHlYOv82hb1ZqNiJ72TRqUmldmfTy7ORijslazo6yVmhWVC5nfUEi
> 8fPwKcuBkQkL28Po8h42ca5e8zXZTyw4d+jjABEBAAG0IlRoZSBQb3BlIG9mIFNM
> Tk9TIDxzbG5vc0BveGlqLm9yZz6JAVQEEwEKAD4WIQRjRf+Fw/wi3afcrwIjw3Zm
> j2x+zgUCWMvZ0QIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAj
> w3Zmj2x+zhzeB/9beqQbjZh8w0aOh/VQw0ww52U/9e6zai0tLPISd/vvIuIAXgwx
> fUq//PVnzzExoh96QwyDbWD4XyOmt2E0EcZthEnkanZEsVa6/YoPXP35NnifFVy5
> I1F5HodbS0HEaryoo+eZR5J6DCsmnxL9IWDEwHxz044FEt4UqTe5Wty88a1zEadK
> 6e2QxR0YudcW168fv0cc6YfJUEPAYWW922irnYEV42Ge1EsZpP+Sbres5ttBSN3k
> AQzIU+mbdJr+8K+d29JHZpEfCLq6wwneZ8+eEt8wF4tPRvu1gsmUzMHe3Gh962up
> y038ahNhnQ5qrD2X/efdyzgnE1C04ZirfeyluQENBFjL2dEBCACujIJMfiH3OzCI
> laPnuBXc1YCq4LNA9DglAkNd+t+w3LQ+lfY4HrwJXnMg8vpfM8iCudEfjV2iXMae
> FgONR9fW3hXThB7oP0o5e+Hqb3R2hiCXiuiWuZKA2vyPL20xwrSRbd5sPIxrbU4G
> LPTzgqlC6Y+m0xFnhslOKaTlz1be9Vp4rYEtvsoOjmxC5+FfiMnCt91mEZhgz6tJ
> tScOB6i6JeoQ2/6lDwXLPoT4KoccY45RtACwlgsisirxyILcBbgZ048xWt6j+M/q
> vIMLIWZKwD2iAZs+ZtSKwoffXNxPEQ6e9EIDaUvViXn0eVZTD6QwhxCghppwT29y
> 3xqA15uPABEBAAGJATwEGAEKACYWIQRjRf+Fw/wi3afcrwIjw3Zmj2x+zgUCWMvZ
> 0QIbDAUJA8JnAAAKCRAjw3Zmj2x+zp3uB/0cxkzx93In1NrTWpd14w3RcpQYKGg7
> /cY/5SXJzSz+UxRPiE/XfgP54O9Pkv0gcf/+wY97KWVtwIf2+7nZH5CGSFtolgcq
> sCBegRxtLkC1Y5FjnOGJfvTG2+bBzrY/XhUvjcZk7Le3TnjU/CMLZBl1W3fPcjB/
> WxxSN9mqofloq8CXq/pg7qrW2gYK3hk+/wbgjVjNo2ex1N5q0OT+2Eg0oX+5rWsg
> 2ZPcyBGlcW4A8jRRFQPMzTOjWWKZwxSell3RszcdlOmV2qdiaRmxxhnj6F7iMQxF
> gp8GcXrWxDhqyvrTu4qrBJJhQa0TIWhjV1pvAz7X0M+OZI1WyrUp6D2G
> =5hBz
> -----END PGP PUBLIC KEY BLOCK-----
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
--
(Escriu-me xifrat si saps PGP / Write ciphered if you know PGP)
PGP key D4831A8A - https://emailselfdefense.fsf.org/
More information about the nix-dev
mailing list