<IamThePope> Brothers and Sisters! I think I reached the point of no-return w.r.t. not being able to tolerate systemd on my machines any longer after systemd devs dropped utmp. I don't want to replace finely matured portable UNIX utils produced by The Old Gods for the sake of making a bunch of crazy people into The New Gods. And, as it turns out, I'm not alone.
And so we (I and a couple of anonymous friends) are pleased to announce the establishment of The Church of Suckless NixOS ("SLNOS" for short). * Our common goal is to have fun (see below) and to get a NixOS system that can run using only suckless tools [1]. * Some of us want to drop GRUB in favor of running on top of minimal Xen payload on Coreboot firmware and isolate everything like in QubesOS, but we are not united on that point at this point. (Yes, we are aware of Heads:ROM, thank you, we are discussing all of this.) * We like LISP, but we don't think package expressions should be written in LISP just for the sake of LISP. Nor do we like the bloated GNU tools. GuixSD is out of question. For now we have a couple of proposals for the general NixOS community. # The Systemd part In short, we propose: (1) to reimplement full dependency tracking in nix (should replace `strings-with-deps.nix`) with `toposort`, (2) return the old `system.jobs` under another name (for backwards compatibility), but with most of that `system.systemd` now provides, (3) reimplement all the services we use with "system.jobs", (4) implement ~~~~ { # use OpenRC instead of systemd system.initd = "openrc"; } ~~~~ and ~~~~ { # toposort `system.jobs` and render static # init script for suckless.org initd # (a page of nix code and a page of C code # instead of systemd, yay!) system.initd = "static"; } ~~~~ The (1) can then be used to get dependency tracking in `initrd` for free too. As we see it, implementing the infrastructure (1)-(2) is a couple of days of work, but reimplementing services (3) will need lots of effort for very systemd specific, highly cgrouped and socket-activated services, and (4) requires writing an alternative activation script. SLNOS will reimplement that for the services we use whenever you like it or not (in fact, we already implemented a part of (1) because we wanted encryption on networking `fileSystems` (LUKS over nbd) in initrd, but never even proposed those changes to upstream because merging simple `toposort` for `fileSystems` took a year). But we want to know how many people here are like-minded and would like to join our SLNOS effort. The following template answers were proposed by our current members for your convenience: * Poettering is my New God! PulseAudio! Avahi! Systemd! PulseAudio! Avahi! Systemd! DBus for the Kernel! utmp is for old people! All computers are laptops! All initds should include Udev, DBus, and do DHCP and DNS-resolver, this is what initds are for! Merging this upstream would be blasphemy! Burn it! Burn it with fire! * I don't care, but am willing to break UNIX-like part of GNU/Linux for posterity. [2] If one of these templates covers your feelings you can reply-to-only-me not to spam the list. If there are enough interested people we will organize a public SLNOS repo thing as soon as we produce something substantial that can be read by other people. General thoughts and pointers to anything in current or nearly-current NixOS that might become a general snag for this effort are very welcome. If you have an idea for a simpler solution to the no-systemd problem you are very welcome too. Bikeshedding of "`toposort` is too slow, not gonna work" and "toposorting should be done at runtime" kinds are not welcome. Just go and measure first. And it should not. Works fine for us. If it's slow on your graphs, then just implement builtin `toposort` into nix. # The Nix part Or even better: generalize closure generation by splitting it into `toposort` and `depends-on` relation on paths, expose both via builtins, reimplement closure generation in lib. Then proceed to implementing half of `nix-store` commands on top of that infrastructure instead, which would allow to customize `nix-store` with nix code. For instance, want to GC as usual, but always leave source tarballs intact (some of us do exactly that with hacks)? Easy. Want custom queries? Trivial. Just imagine: * `nix-store --gc -A gc-no-src` (`--gc` gives gc roots to `gc-no-src` and checks `gc-no-src` doesn't leave any orphans with its returned list of to-be-removed paths, then cleans them up as usual), * `nix-store --gc -A gc-no-src $derivations` (as before, but start collecting from `$derivations`) * `nix-store --realize -A list-all-sources $derivation` (run `list-all-sources` on `$derivation` and realize all those paths. yes, this can be done with a crazy shell command already, but this is much more generic) * now the blasphemous idea trivially follows from above: `nix-store --realize -A list-all-sources` (realize all gc roots, this is actually useful sometimes) At SLNOS we sure like to have something like this, but not sure we want to implement this ourselves, we can live with just `toposort`. # The Later part We want suckless tools instead of GNU. Sh instead of Bash. Coreboot instead of GRUB and BIOS and so on. But getting rid of Systemd is a priority. # The Organizational part I (@oxij) am somewhat active in NixOS and am okay with sacrificing my privacy w.r.t. NixOS to be the public face of SLNOS, but my friends are not and wish to stay anonymous. If you wish to participate publicly - you're welcome! You can even ignore SLNOS and push the same agenda via PRs to nixpkgs yourself. Having substring "SLNOS" or mentioning other public members (currently only me) somewhere in your PR message so that we could grep nixpkgs issues and review your PR would be nice, but not required. If you too wish to anonymously join our Church to anonymously submit patches to SLNOS you can write to The Pope Address: The Pope of SLNOS <sl...@oxij.org> GPG ID: 0x23C376668F6C7ECE available from keyservers and attached Key fingerprint = 6345 FF85 C3FC 22DD A7DC AF02 23C3 7666 8F6C 7ECE Attach you public key to your email and don't ever sign this key with your key (unless you know how to do local signatures in gpg), unless you want The Pope to accidentally leak that metadata to keyservers. Give up to two weeks for delivery. Short-term keys are available on request (no idea why you'd need them for just submiting patches, but if you want to piss off NSA we are fine with that, whatever). Check that you client can encrypt attachments before sending patches! Or ping The Pope via Tox 267496CAC570829CA53F0B697DECA3E04ADD672A4841DA4DA4A6166AB98877475B90EE3BF15B and send patches there. However, be aware that Tox currently is not as secure as GPG with short-term keys and is a subject to KCI attacks if you (or we) loose your (our) private keys. GPG + email via remailers is better, but needs care not to leak metadata and much less convenient. BitMessage conference, I2P-bote, SMTP, Git and "fuck all that, that's too complicated, lets just netcat/socat" over Tor/I2P might be available on request via encrypted email/Tox after you prove you are able to set any of that up (we have patches for NixOS that do some of that for you and will probably publish them later, however). By joining anonymous part of SLNOS you agree * that all your patches are to be published under a single common name of "The Pope of SLNOS", * that you don't actually exist, you assign all copyright of you patches to The Pope, all your work is done by The Pope, and you would never advertise your participation in SLNOS in such a way that it can be linked to any part of the work you did (claiming that "I'm am a member of SLNOS" is ok, "I wrote that patch" is not), because you did none of the work, * that The Pope can reject your patches for both technical and metadata reasons (think if anything in your code is different from average, do a web/code search and ask yourself if any results are related to you, if they are, the patch needs to be rewritten) * that The Pope can change anything in your patches before publishing them (for technical reasons, to not leak metadata, and against stylometry) * that you might not ever communicate with any other participants of SLNOS unless that desire is mutual, if you don't know any other anonymous SLNOS members already, the most likely scenario you won't know ever. Cheers, ahem, Amen, The Pope </IamThePope> As of this moment I relinquish my status as The Pope and share The Pope's private keys with the current members of SLNOS. Cheers, Jan # FAQ * Q: What the hell? A: We are having fun with modern privacy tools, security culture methods and simple suckless software. (You might need these skills in the coming "1984", though.) Not interested? Join publicly or just proceed your own way. * Q: What the hell was that <IamThePope> thing? A: We published our desire to push the agenda of The Church of Suckless NixOS and created and published public keys of a pseudonymous organization named "The Pope of SLNOS". Patches of said organization are to be made by the collective of the unknown number of members. * Q: Why? A: Because some of us proposed patches that might, arguably, create some problems IRL for their authors. These people don't want to use complicated tools (auditing the output of `git format-patch` and sending it via internal Tor/I2P is trivial, having secure Git channel to the clearnet is not) and to leave the darknet for obvious reasons. GitHub doesn't have the I2P address for netcating formatted patches, creating PRs with turned off JS is a pain, and so having some dedicated members to interface with the public is useful. * Q: You must have some hidden agenda! Some of you have something to hide! Russian/Slavic Hackers! Criminals! Right? A: Nope. We're just having fun (and defending privacy of our less fortunate friends). * Q: I want to join to talk to other anonymous members! Can I? A: Nope. For the general public currently there's only @oxij, who was our Pope for a couple of hours while composing this email. In fact, as noticed above, no other members of SLNOS even exist. But you can spend some of your time on lesser known clearnet and some darknet forums/imageboards and BitMessage channels (not giving links, sorry. do your own research). We lurk there too. There are lots of people that like to have that kind of fun there, most use Gentoo (you guessed it! because of systemd), but some threads even mention NixOS, this is how some of us met. * Q: Hm, okay. Why did you advertise here then? Isn't this against security culture? A: Yes, actually. But we hate merging, and so we decided to sacrifice @oxij to the NSA in the hope of getting some upstream support for our efforts. Note, however, that everyone, including @oxij, gets deniability in case we implement something that would piss off some three letter agency. Not that we actually plan to. We are just having fun. * Q: Why The Church thing? A: Because we are having fun. Consider it to be a joke unless religious cults get lawful benefits in your country/state. * Q: So what's the plan? A: We wait and see if there's interest. If there is, we setup something public in the clearnet. If there isn't then all of this was a joke by @oxij. [1] http://suckless.org/ [2] http://suckless.org/sucks/systemd
signature.asc
Description: PGP signature
-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFjL2dEBCADi6MUn9A41tcDMtBFJrwwAZkqEJUqbx8GbWLqDWHmehDRbwSas /CRmUZ6KRxaYR1ap11S2Ocrkxok9wYSpUKwwBNGAliVAR4+/1pqwN5qBNUVk9z8F 1RD0lp0WZD5tRh0cxyOhNH9BMSM2XIxJJnEo0DAb51zk6Lfna11WqlX9qNJNq19X 8DTRXWT7ayceaZ7wmq6J/CTMZp3vuIC8SxZA0/nKfpNiyW69n8/Xl4Fy3+UEf1lc q2W3Cwo9VnaTHlYOv82hb1ZqNiJ72TRqUmldmfTy7ORijslazo6yVmhWVC5nfUEi 8fPwKcuBkQkL28Po8h42ca5e8zXZTyw4d+jjABEBAAG0IlRoZSBQb3BlIG9mIFNM Tk9TIDxzbG5vc0BveGlqLm9yZz6JAVQEEwEKAD4WIQRjRf+Fw/wi3afcrwIjw3Zm j2x+zgUCWMvZ0QIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAj w3Zmj2x+zhzeB/9beqQbjZh8w0aOh/VQw0ww52U/9e6zai0tLPISd/vvIuIAXgwx fUq//PVnzzExoh96QwyDbWD4XyOmt2E0EcZthEnkanZEsVa6/YoPXP35NnifFVy5 I1F5HodbS0HEaryoo+eZR5J6DCsmnxL9IWDEwHxz044FEt4UqTe5Wty88a1zEadK 6e2QxR0YudcW168fv0cc6YfJUEPAYWW922irnYEV42Ge1EsZpP+Sbres5ttBSN3k AQzIU+mbdJr+8K+d29JHZpEfCLq6wwneZ8+eEt8wF4tPRvu1gsmUzMHe3Gh962up y038ahNhnQ5qrD2X/efdyzgnE1C04ZirfeyluQENBFjL2dEBCACujIJMfiH3OzCI laPnuBXc1YCq4LNA9DglAkNd+t+w3LQ+lfY4HrwJXnMg8vpfM8iCudEfjV2iXMae FgONR9fW3hXThB7oP0o5e+Hqb3R2hiCXiuiWuZKA2vyPL20xwrSRbd5sPIxrbU4G LPTzgqlC6Y+m0xFnhslOKaTlz1be9Vp4rYEtvsoOjmxC5+FfiMnCt91mEZhgz6tJ tScOB6i6JeoQ2/6lDwXLPoT4KoccY45RtACwlgsisirxyILcBbgZ048xWt6j+M/q vIMLIWZKwD2iAZs+ZtSKwoffXNxPEQ6e9EIDaUvViXn0eVZTD6QwhxCghppwT29y 3xqA15uPABEBAAGJATwEGAEKACYWIQRjRf+Fw/wi3afcrwIjw3Zmj2x+zgUCWMvZ 0QIbDAUJA8JnAAAKCRAjw3Zmj2x+zp3uB/0cxkzx93In1NrTWpd14w3RcpQYKGg7 /cY/5SXJzSz+UxRPiE/XfgP54O9Pkv0gcf/+wY97KWVtwIf2+7nZH5CGSFtolgcq sCBegRxtLkC1Y5FjnOGJfvTG2+bBzrY/XhUvjcZk7Le3TnjU/CMLZBl1W3fPcjB/ WxxSN9mqofloq8CXq/pg7qrW2gYK3hk+/wbgjVjNo2ex1N5q0OT+2Eg0oX+5rWsg 2ZPcyBGlcW4A8jRRFQPMzTOjWWKZwxSell3RszcdlOmV2qdiaRmxxhnj6F7iMQxF gp8GcXrWxDhqyvrTu4qrBJJhQa0TIWhjV1pvAz7X0M+OZI1WyrUp6D2G =5hBz -----END PGP PUBLIC KEY BLOCK-----
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev