Language:
switch to room list switch to menu My folders
Go to page: First ... 12 13 14 15 [16] 17 18 19 20 ... Last
[#] Thu Sep 18 2014 16:35:46 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Thu Sep 18 2014 06:48:48 EDT from fleeb @ Uncensored

It feels weird, to me, to make research recommendations to my Linux co-worker (the one hired to work on Linux issues). And yet, I find myself doing this more than I would expect, despite being a primarily Windows-oriented developer.

I dunno... maybe I know more about Linux than I thought.

I tend to be the one to tell the windows guys what to do in the end... so I guess its vice versa here ;-)



[#] Thu Sep 18 2014 21:56:13 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Thu Sep 18 2014 16:35:46 EDT from dothebart @ Uncensored

 I tend to be the one to tell the windows guys what to do in the end... so I guess its vice versa here ;-)

We should trade.  Either I work for your company, or you work for our company, and swap out our respective other.  One company or the other will lose out, but the winning company would have some fine work accomplished rather quickly.



[#] Fri Sep 19 2014 05:18:09 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Thu Sep 18 2014 21:56:13 EDT from fleeb @ Uncensored

 

Thu Sep 18 2014 16:35:46 EDT from dothebart @ Uncensored

 I tend to be the one to tell the windows guys what to do in the end... so I guess its vice versa here ;-)

We should trade.  Either I work for your company, or you work for our company, and swap out our respective other.  One company or the other will lose out, but the winning company would have some fine work accomplished rather quickly.



well, remember? I quit that company ;-) or rather, it quit me.



[#] Fri Sep 19 2014 08:39:41 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Heh... I suppose something similar happened for me as well, as I am no longer working where I was.

[#] Wed Sep 24 2014 07:28:28 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

hm, yet another linux distribution?

http://nixos.org/nixos/about.html

otoh, it claims that its sort of pupet/ansible/... as core os feature and the whole os structured around it

 



[#] Wed Sep 24 2014 07:48:00 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I dunno... maybe I know more about Linux than I thought.

Smart people tend to be Linux people, so it's inevitable.

[#] Wed Sep 24 2014 08:31:04 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


nixos?

Is that an OS distribution made by Ford?

[#] Thu Sep 25 2014 15:31:00 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Hrm.

I made a very small contribution to Citadel a long time ago, but I might have a contribution to GDK+ that should frighten people because of the security implications, if they accept it at all.

As such, a small request for comments is in order, and before I approach the Gnome folks, I thought I'd ask you guys about it.

I want to provide a library that, when GDK+ sees that it exists, adds it to their loaded libraries, and uses it to forward all events processed by gdk_event_get(). That is, if I understand GDK+ correctly, I want to see every event every application built with GDK+ on a given system emits.

I'm sure you can appreciate the security implications of such a beast.

And naturally, that's a concern.

To help deal with part of the security concern (the only part that the Gnome people should share), I suspect when I make this alteration available to the Gnome folks, I should do the following:

1. Ensure that all such altered code gets the #ifdef guards set up in a way where, by default, you do *not* compile this feature into the toolkit.

2. When compiled into the toolkit, you have to specify an absolute path to the library you want to load. If it can't find the library, it won't load it. It won't search for the library in a path, and the path is compiled into GDK+, hard-coded.

Do you think that would provide enough security?

(And, yeah, I need to do this. I do not have an option to avoid doing this, as we can't really accomplish our goals without something this invasive... but it isn't like we want to spread this around or anything).

[#] Thu Sep 25 2014 19:22:44 EDT from vince-q @ Cascade Lodge BBS

[Reply] [ReplyQuoted] [Headers] [Print]

Just don't let snowden know about it... ;)

[#] Fri Sep 26 2014 08:20:15 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Heh... I sometimes wonder if this feature would require a cryptographer to decypher once in play.

[#] Fri Sep 26 2014 17:38:00 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I'm sure you can appreciate the security implications of such a beast.


Yes and no. There's a bit of a sliding scale: obviously if you provide the ability to load that library from every random $HOME, and gdk+ were to load that even for setuid binaries, that would be a serious problem. But if gdk+ will only load it from a system location after verifying that its path-writable only by root, I don't see any problem.

[#] Fri Sep 26 2014 17:40:53 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Do you think that would provide enough security?

Thoroughly verify path-writability (each directory in the chain) only by root and there should be no problem. Hell, even that is unnecessarily paranoid: if the path to the extention library is hardcoded, and it's a location that's typically only root-writable, then that's enough.

and/or refuse to load the hooks for setuid/setgid binaries.

[#] Mon Sep 29 2014 08:36:15 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Okay, that is pretty much along the lines of what I was thinking, although I forgot about testing the uid/gid on the extention itself. That would be wise. It might also be wise to ensure that the file for the library is owned by someone in the 'root' family or somesuch, although that might be a tad paranoid.

[#] Mon Sep 29 2014 08:59:18 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

well, is this something which if of use to anybody else then you?

else I would rather have a git repo with that patch, and rebase it to every new release and not bother upstream.



[#] Mon Sep 29 2014 09:37:21 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


I suspect this is something useful beyond what I need to do with it. If you wanted to research the way messages were working within the gdk for some particular reason (chasing down a problem, for example), you might find something like this rather handy. For normal, average use, no, this isn't the sort of thing I would think should get compiled into the toolkit by default.

It might be handy for recording/playback, although X11 itself already has software for that sort of thing so you don't have much of a need for it. Ergo, I think this would be useful more for research purposes.

[#] Tue Sep 30 2014 15:08:42 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

[#] Tue Oct 07 2014 04:21:11 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

http://www.theregister.co.uk/2014/10/06/poettering_says_linux_kernel_community_is_hostil/

There was more in a german article, where Poettering claims he received death threats and that people were collecting bitcoins to hire a contract killer.

In other words: Welcome to the Internets! Being threatened with death is kind of an internet baptism rite, I thought.

I understand that people would rather have a soft and friendly language on mailing lists, forums and in comments everywhere. But I can also understand why Torvalds reacts how he reacts, you can not lead a big project without getting angry. Especially if it is not a business/money project, but your brainchild.

Also, systemd can go straight to hell.



[#] Tue Oct 07 2014 07:39:45 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

"The Linux community is dominated by western, white, straight, males in their 30s and 40s these days," Poettering wrote. Well then, regardless of the relative merits of systemd vs. sysvinit (sysvinit is a classic, why mess with it?) ... if he's going to go down the road of being a social justice warrior, then yeah I agree with you, he can go straight to hell. Linux doesn't need that kind of liberal communist crap. And I disagree with social justice warrior Poettering -- Linus's abrasive and sometimes abusive style is *exactly* what made the project succeed.

[#] Tue Oct 07 2014 08:17:53 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Straight? Really?

I dunno... maybe.

The problem systemd sought to address that supposedly sysvinit fails to handle well is the bit about starting several services simultaneously while still having some sense of order. Supposedly, systemd helps get your OS up and running faster than the traditional sysvinit process.

But, I thought Gentoo managed to achieve the same results using a sysvinit-style process, just slightly evolved (which is more the Linux tradition, from what I understand, than coming up with something completely new). Is that true?

[#] Tue Oct 07 2014 10:13:07 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Tue Oct 07 2014 08:17:53 EDTfrom fleeb @ Uncensored

Straight? Really?
 
Linux is certainly dominated by people from countries with huge internet connections and a technological "fetish". These are mostly white males, but I doubt that the 30-40yr old people are the "hat0rz" in any scene. That's something for the teens and twens. I also thought OSS people were anti/asexual. ;)
Also, I have a feeling that at least a lot of people from India and Korea are contributing. 
 
The problem systemd sought to address that supposedly sysvinit fails to handle well is the bit about starting several services simultaneously while still having some sense of order. Supposedly, systemd helps get your OS up and running faster than the traditional sysvinit process.

But, I thought Gentoo managed to achieve the same results using a sysvinit-style process, just slightly evolved (which is more the Linux tradition, from what I understand, than coming up with something completely new). Is that true?

That is true. Gentoo uses OpenRC which has the capability to run init scripts in parallel. That is disabled by default, but who uses an "out of the box" Gentoo anyway? It is disabled because it might lead to a deadlock/livelock situation, which I never encountered.

You can tell init scripts that they "need" some service, "provide" some service or should start before/after some service. Citadel for example provides "mta", syslog provides "logger". net.ppp0 can provide "net", but that is optional, you can say that net.lo is sufficient as "net" service. You can also activate interactive booting, so you can hit "i" during boot in order to mess around. http://en.wikipedia.org/wiki/OpenRC

My server always start unparallel since they only start about twice a year. My laptop/desktops always booted in parallel and were lightning fast, even before this whole upstart/systemd "zomg I boot with the speed of a farting ray of light shot out of a plasma gun" thing became hip.

Who wants/needs to boot anyway?! My MBA boots once a month at max, my linux netbook rebooted when I installed a new kernel. I dunno if a full reboot/halt is more energy efficient as keeping the computer ready in standby/hibernation.



Go to page: First ... 12 13 14 15 [16] 17 18 19 20 ... Last