@lkundrak blessings u too bro :-) jesus might be the lord but satan is my wingman

The smallest-ever force field map of nature.

Physicists have mapped the forces acting inside a #proton, showing in unprecedented detail how #quarks—the tiny #particles within—respond when hit by high-energy #photons.

The new result breaks down #space and #time into a fine grid, allowing simulating how the strong force—the fundamental interaction that binds quarks into #protons and #neutrons—varies across different regions inside the proton.

#physics
https://phys.org/news/2025-02-scientists-proton.html

Next step learning NixOS-in-Podman: manual kernel config :-)

The default NixOS config is not exactly practical (hours of waiting) for this use. Already use my tree.

I also make the build process pick semantic version from Git instead of using fixed version.

#nixos #podman #linux #kernel

With a simple `podman login` and `podman push` you can push containers from your local machine to your #forgejo instance, so you can use said containers on other machines as Forgejo also is an OCI-compliant container registry :) And now you can use these containers to build even more software with forgejo Actions and don't worry about Docker limiting traffic from their registry ;)

I used Foot almost exactly a year before this :-) Kitty image protocol is the thing in this w/o having to use Kitty (which I dislike).

Now I tried Ghostty for the first time and IBM Plex looks amazing on it ;-)

So i guess it is a switch...

Im sticking to that ”C RFC first and Rust non-RFC second” plan.

That is why i invested 48h w/o sleep to get this podman/NixOS test environment set up. If I had stopped in the middle it would have been very away putting to return to it and most likely shifted few months 🙂

RFC is expected to be out in March!

Are you looking for a first experience in Open Source professional coding? Apply to be a part of our Coding Experience (CE) program! All CE positions are paid, remote-friendly, and entail 450 hours of mentored hands-on work in one of six different teams. People from groups underrepresented in technology are especially invited to apply. Learn more: https://igalia.com/coding-experience/

Neither Satan gets a free pass from my screening ;-)

Rust kernel patches should really level up on commit messages and not merging random code with zero callers.

I welcome Rust but disobey not doing right things right :-)

If a commit message does not by practical means exist except some generic mumbling that would be best to be deleted. How do we e.g. know that a commit is not AI generated and unchecked by the author? If we don't know that we have objectively engineered a security leak as that can be eweaponized.

That is really dangerous type of trust. I'd just like check and not trust. Even if a patch would come from some ultra famous figure like Linus, Greg or even God himself, I'd still like to check, not believe the authority and based on that draw my OWN conclusions.

I actually do not even mind if some random patch would be AI generated. Use any tool you see fit. It is just that the commit message verifies that you UNDERSTAND what you are doing.

#linux #kernel #rust #rustlang

i.e. just podman-compose up --build

Packer was in the end of the day quite horrible experience as of 2025 so: https://codeberg.org/jarkko/linux-tpmdd-nixos/commit/2652318c3b91a427f59309b6e65e001246cffa9e

Great I have new kernel testing sandbox for more complex kernel features such as Rust, IMA and perhaps video4linux:

https://codeberg.org/jarkko/linux-tpmdd-nixos

Right now it builds as per "packer build tpmdd.pkr.hcl" but I might possibly consider OCI or POD in future. Packer was just the first thing I got working, and thus the random pick :-)

My other sandbox is BuildRoot based:

https://codeberg.org/jarkko/linux-tpmdd-test

So yeah that really has been my barrier for doing anything at all with Rust in Linux kernel so I'm officially now Rust-Linux enabled ;-)

#linux #kernel #buildroot #nixos #rust #rustlang

#SELinux must be awesome today because I've forgotten that it even exists in my system ;-)

@securepaul

I have not yet found this working too well but I did star the project, and will follow from the audience, and occasionally browse the issue database:

https://github.com/fossable/goldboot

Especially when you need tailored VM's and kernel's there's room for new shit so I hope the developer has patience with this, and continues push it forward.

I'd like to contribute too but right now I'm starting on a new job week after that plus I really want to finish up with video-loop.ko :-)

#goldboot #vm #image #build

Just found about Terra.

https://terra.fyralabs.com/ #fedora #terra #linux

Finally sorted out how to have changing Git tip and keeping it “pure” in NixOS build. Here’s flake.nix:

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  outputs = { self, nixpkgs }: let
    tpmddSrc = if builtins.pathExists ./linux-tpmdd.json then
                 builtins.removeAttrs (builtins.fromJSON (builtins.readFile ./linux-tpmdd.json)) [ "hash" "path" "date" ]
               else {};
  in {
    nixosConfigurations = {
      tpmdd = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ({ config, lib, pkgs, modulesPath, ... }:
            import ./configuration.nix {
              inherit config lib pkgs modulesPath tpmddSrc;
            }
          )
        ];
      };
    };
  };
}

After this I can refer to the Git tip with tpmddSrc in configuration.nix, or any other module.

The JSON itself is generated in Dockerfile, pod or Dockerfile as:

nix-prefetch-git --url https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git > linux-tpmdd.json

Two days went figuring this out. I switched from Podman to Packer but in the end of the day I could have just well used Podman now that I figured out how to pass the data (I had some terrible moments with builtins.readFile and builtins.getEnv with no luck).

Oh well, I use Packer for now and add a Dockerfile in some point in future.

As said, this effort was done for the sake engineering some kind edit-compile-run cycle for Rust enabled Linux kernel (even tho my configuration.nix at this point has none of that but it is now downhill ;-) knock knock

#nixos #linux #kernel #rust #rustlang

@orva Also one quite technical angle that came to mind: more often than not these type of people tend to push features over having legit processes for security (CVE's etc.). In infosec ignorance towards other people is not a great quality in a person.

It's pretty much the same deal that you don't want to police officers to be crazy psychopaths :-)

There is somewhat reasonable way to solve this:

src = pkgs.fetchgit (builtins.fromJSON (builtins.readFile ./linux-tpmdd.json));

In the Dockerfile, nix-prefetch-git can then be used to generate that file.

@twoolie But why what? It already outputs qcow2.