|
quote:capability-based security that's funny because this is exactly what larsson and co are building into xdg-app. they refer to it as "portals". but to some extent this is what modern unix looks like: a file descriptor is a capability, and the issuance of file descriptors from privileged services such as logind is how a lot of access to protected system resources (such as keyboards and gpus) is being handled now. hey, there's even a syscall to revoke them now. you know all this far better than i do though so idk why you're saying it's the wrong approach? btw i am volunteering to test any hidpi fixes you have going into mutter or gtk for 3.18 if you are interested, just point me to a git branch i can clone and build.
|
#
?
Jun 26, 2015 18:49
|
|
|
|
| # ? Apr 29, 2024 06:47 |
|
|
lutomirski's complaint about snapshotting posix capabilities and attaching them to messages for authentication purposes seems to be a misunderstanding too. it's not intended as a primary authentication mechanicm, because posix caps are indeed broken for this purpose. normally you'd have a polkit prompt or whatever to authorize a reboot, but if the process making the call holds CAP_SYS_BOOT then it can force the system to reboot whether systemd likes it or not. so systemd might as well honor the request and perform a graceful shutdown. snapshotting the command line and attaching that to a message is also an iffy thing to do (since it's read out of process memory that the process itself can replace with hostile data) but then so is reading /proc/*/cmdline. can lovely programs use these primitives incorrectly and introduce security holes? yes, but they can also introduce bugs by improperly allocating memory or trying to make an incorrect custom riced up sync primitive based on futexes. the important thing is that kdbus doesn't add anything new here: callees already can (and do) read all of this poo poo from caller /proc entries in a messy and racy way.
|
|
#
?
Jun 26, 2015 18:55
|
|
|
Portals are different. Portals aren't capability-based security at all. Portals are going to be singletons. So you have a "file opener" singleton provided by the system. Perhaps we'll add Dropbox integration to it. Or maybe it's a "photo picker" singleton, and we expose a system API for people to add a Picasa tab in that picker. We haven't designed the extensibility mechanism for the portals yet, because we're still working on getting the system-level portals done. What if, in order to access Picasa, Google asks for OAuth2? We could show a button and pop open a little OAuth2 login window. Capabilities are too strict: either you have the object, and you have access up-front, or you don't. They don't allow for design scenarios where menu items are grayed out, or things are only checked at the last minute when you switch to the tab. In order to display that dialog, we would need to request every capability up-front and see what fails. That leaves for a poor experience. Portals also only always pop-up in response to user action. Portals should never pop up out of the blue. Andy and Kenton are starting with a security model and trying to tack on UI. We're starting with a UI and a design that makes user flow explicit and then fitting a security model in that.
|
|
#
?
Jun 26, 2015 19:05
|
|
|
Notorious b.s.d. posted:
On work desktop: uname -r 2.6.18-164.el5 Not the same as what you said but similar enough.
|
|
#
?
Jun 26, 2015 19:08
|
|
|
Suspicious Dish posted:And that "Dropbox" vs. "filesystem" file opener API? Why does the user have to pick up-front? Why can't we show a file picker with multiple providers in there, with tabs or something, so the user doesn't have to realize they chose the wrong one? you mean like in iOS? some aspects of the OS X and iOS security model are capability-based and work quite well. for example, an app gets a security-scoped bookmark "URL" when it's asked to open a file, that comes with a capability to open just the file it resolves to, not others. (and any associated files, via an association mechanism to allow for eg journal files or links to media from project files.) but other aspects are based less on privilege separation rather than capabilities. many APIs are a layer over some form of fast local IPC with an agent or daemon, whether per-user or system-wide. the IPC is stamped with info about its initiator, so the agent or daemon can check whether the initiating process has the right to use the API in the way being asked. supporting techniques like these is one reason having fast kernel-level IPC is so important on a modern system. it can't be done sufficiently securely in user code.
|
|
#
?
Jun 27, 2015 02:03
|
|
|
ryde posted:On work desktop: i was talking about rhel 4, which dies its true death no sooner than 2017 you're on rhel 5. that 2.6.18 kernel will still be patched in 2020
|
|
#
?
Jun 27, 2015 02:26
|
|
|
Notorious b.s.d. posted:i was talking about rhel 4, which dies its true death no sooner than 2017 that reminds me, is NetBSD on SPARC binary-compatible with SunOS? are there any major missing features in NetBSD relative to SunOS 4.1.3?
|
|
#
?
Jun 27, 2015 02:29
|
|
|
eschaton posted:that reminds me, is NetBSD on SPARC binary-compatible with SunOS? are there any major missing features in NetBSD relative to SunOS 4.1.3? i'm not sure whether you're loving with me so here goes netbsd can run some sunos binaries, yes. i never got it to run a non-trivial app because you end up needing so many libraries it's easier to just boot sunos netbsd's sparc32 port is a lot newer and has more features than sunos, but you're missing proprietary hardware drivers. this mostly matters for graphics and network cards the last time i had a 32 bit sparc in my house i ran sunos on it, because what is the point of running a 2015 OS on a 1995 piece of hardware
|
|
#
?
Jun 27, 2015 02:35
|
|
|
Notorious b.s.d. posted:
av/ post combo
|
|
#
?
Jun 27, 2015 19:14
|
|
|
supposedly the latest Linux on the desktop was to have shipped on Friday, courtesy Suspicious Dish et al did that happen? should we expect our boxes next week? is it something you consider 1.0 or still pre-release? (legit looking forward to taking a look at it)
|
|
#
?
Jun 28, 2015 23:33
|
|
|
If you mean the Endless computer, they were all delivered to Shipwire on Tuesday. I don't have any status updates from Shipwire (not on the logistics side of things!) but I can ask to see how that's going tomorrow, if you want. At this point, we consider it stable enough to be a 1.0. Actually, the version shipped on devices is 2.3.1. The latest release is 2.3.3, but the devices weren't flashed in time. After you set them up and connect to the internet, 2.3.3 should be automatically downloaded and installed. We are already hard at work on 2.4 and 2.5, which should be delivered as free updates soon.
|
|
#
?
Jun 28, 2015 23:52
|
|
|
you guys should showcase some of the unique apps you're packaging in some blog posts or something
|
|
#
?
Jun 29, 2015 07:19
|
|
|
We should do a lot of things.
|
|
#
?
Jun 29, 2015 07:26
|
|
|
my consulting fee is in the mail
|
|
#
?
Jun 29, 2015 08:32
|
|
|
Notorious b.s.d. posted:i was talking about rhel 4, which dies its true death no sooner than 2017 were only able to get off RHEL5 at work because Java 7 is end of life and Java 8 isn't supported/packaged for it looking forward to rhel6 for another 5 years
|
|
#
?
Jun 29, 2015 08:35
|
|
|
oh cool my request for 12 vms got approvedquote:Hi ahmeni, 
|
|
#
?
Jun 29, 2015 08:39
|
|
|
ahmeni posted:were only able to get off RHEL5 at work because Java 7 is end of life and Java 8 isn't supported/packaged for it Ok, so I don't work in enterprise and while I kind of maybe sorta get why you want to use super-stable non-changing systems on servers (although why workstations?), why do you upgrade to the second-most-ancient when using the most-ancient becomes untenable? Why not upgrade to the most recent promised-supported-forever version (RHEL 7 it seems), since you have to put in the migration effort anyway?
|
|
#
?
Jun 29, 2015 08:53
|
|
|
ahmeni posted:oh cool my request for 12 vms got approved jesus christ
|
|
#
?
Jun 29, 2015 09:43
|
|
|
Athas posted:Ok, so I don't work in enterprise and while I kind of maybe sorta get why you want to use super-stable non-changing systems on servers (although why workstations?), why do you upgrade to the second-most-ancient when using the most-ancient becomes untenable? Why not upgrade to the most recent promised-supported-forever version (RHEL 7 it seems), since you have to put in the migration effort anyway? it's because you touch yourself at night, op. you think nobody knows, but the sysadmins always know. (actually it's because you want to minimise the amount of change at a time. upgrading from rhel 4 to rhel 7 means that roughly 98.3% of the system software has been rewritten from scratch at least twice by the cadt and its anyone's guess how that will affect your lovely in house apps that you aren't even sure you'll be able to compile again now that the only person who knew how they work retired)
|
|
#
?
Jun 29, 2015 09:59
|
|
|
it's because they finally added rhel 6 to the soe in May this year we've got AWS though! all I have to do is fill out the same spreadsheet, justify my architecture requirement and wait for an engineer to manually spin up my boxes in a few weeks 
ahmeni fucked around with this message at 11:42 on Jun 29, 2015 |
|
#
?
Jun 29, 2015 11:40
|
|
|
ahmeni posted:oh cool my request for 12 vms got approved little do you know that date is big endian
|
|
#
?
Jun 29, 2015 16:00
|
|
|
ahmeni posted:were only able to get off RHEL5 at work because Java 7 is end of life and Java 8 isn't supported/packaged for it
|
|
#
?
Jun 29, 2015 16:32
|
|
|
why would you be installing Linux on a workstation, let alone a browser or other user tools.
|
|
#
?
Jun 29, 2015 16:34
|
|
|
if your workstation is a newer linux than the servers you're going to dev against newer versions of the libraries included on the server because devs are idiots
|
|
#
?
Jun 29, 2015 18:25
|
|
|
Shaggar posted:why would you be installing Linux on a workstation, let alone a browser or other user tools. in order to do work although these days we mostly have windows on the workstations and just have vnc permanently open to a desktop linux running on a server, because apparently that saves money somehow
|
|
#
?
Jun 29, 2015 19:13
|
|
|
what "work" would you be doing in a Linux?
|
|
#
?
Jun 29, 2015 19:14
|
|
|
basically everything that isn't email, web browsing, and occasionally reluctantly doing something in office because some technophobe is so terrified of pdfs that i can't just use latex
|
|
#
?
Jun 29, 2015 19:27
|
|
|
Shaggar posted:what "work" would you be doing in a Linux? That's our Shaggar!
|
|
#
?
Jun 29, 2015 23:32
|
|
|
Shaggar posted:what "work" would you be doing in a Linux? lol you still have the same schtick 4 years later? so glad you are a real human being somewhere rofl
|
|
#
?
Jun 29, 2015 23:40
|
|
|
let me just package this linux app for you *squats over an half empty can of pringles*
|
|
#
?
Jun 29, 2015 23:47
|
|
|
Breakfast All Day posted:let me just package this linux app for you *squats over an half empty can of pringles* Don't spoil the end of game of thrones
|
|
#
?
Jun 29, 2015 23:51
|
|
|
lennart pottering thinks that using google ntp servers that google says they shouldn't use ("systemd should not default to using time{1,2,3,4}.google.com.") is better than claiming to be a "vendor" to the ntp pool https://github.com/systemd/systemd/issues/437 quote:poettering commented 15 hours ago quote:poettering commented 14 hours ago quote:poettering commented 14 hours ago
|
|
#
?
Jul 1, 2015 19:40
|
|
|
so loving future posted:lol you still have the same schtick 4 years later? so glad you are a real human being somewhere rofl yeah I cant believe people are still trying to shoehorn Linux into places it doesn't belong
|
|
#
?
Jul 1, 2015 19:41
|
|
|
Shaggar posted:yeah I cant believe people are still trying to shoehorn Linux into places it doesn't belong like the desktop, lol
|
|
#
?
Jul 1, 2015 19:42
|
|
|
im going to shoehorn my linux onto your phone and theres nothing you can do about it
|
|
#
?
Jul 1, 2015 19:52
|
|
|
Cocoa Crispies posted:lennart pottering thinks that using google ntp servers that google says they shouldn't use ("systemd should not default to using time{1,2,3,4}.google.com.") is better than claiming to be a "vendor" to the ntp pool you left out the rest of his posts: quote:poettering commented 13 hours ago quote:poettering commented 13 hours ago quote:poettering commented 5 hours ago but thanks for reposting reddit drama
|
|
#
?
Jul 1, 2015 19:58
|
|
|
Berkshire Hunts posted:if your workstation is a newer linux than the servers you're going to dev against newer versions of the libraries included on the server because devs are idiots The most important thing is that you are able to easily copy and paste from your 'good' environment to your dev environment
|
|
#
?
Jul 1, 2015 20:31
|
|
|
MALE SHOEGAZE posted:The most important thing is that you are able to easily copy and paste from your 'good' environment to your dev environment Unfortunately if you use Linux you can't even copy from your good environment to your good environment.
|
|
#
?
Jul 1, 2015 20:32
|
|
|
unlike in good operation systems such as
|
|
#
?
Jul 1, 2015 21:35
|
|
|
|
| # ? Apr 29, 2024 06:47 |
|
|
pseudorandom name posted:you left out the rest of his posts: my favorite part is that lennart would rather use servers he's expressly told to not use than just ask the ntp pool if they can use theirs even if they're not a "vendor" or "distribution" it's okay to admit you made a wrong decision lennart, your whole reality won't come crumbling down otoh developing software to use computer resources you've been told not to use is unethical if not illegal
|
|
#
?
Jul 1, 2015 21:52
|
|