ed Before=network-pre.target and Wants=network-pre.target
> without success - it was that not working that set me off trying to fix it.
RequiredBy=network-pre.target should be sufficient, but unfortunately
lots of stuff (like systemd-networkd) that should have
Requires=network-pre.target
gt; >
> >
> >
> > Well, you can look at the process list anytime as normal user. So, what
> > are you trying to accomplishing. Whats the goal? Hiding the process from
> > the users?
> >
>
> I was surprised that I could see it. And as I understand it, I am certai
, but that can be handled in the script themselves.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
safety requirement (such as the backup camera in a car
turning on fast enough), is Linux the correct choice for this
application, or would a safety-certified RTOS be better option?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
hatever the task is)?
Once per virtual NIC appearance. The catch is that the NIC can
disappear and reappear very quickly, and the script must be run every
time this happens. Furthermore, the script must wait for
network-pre.target.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Thin
b.com/systemd/systemd/pull/28433/commits/1ecd1a994733d.
>
> If you're using FSS, please speak up.
>
> Zbyszek
What is the reason for this change?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
On Sun, Jul 30, 2023 at 08:35:24PM +0100, Dave Howorth wrote:
> On Sun, 30 Jul 2023 11:52:34 -0400
> Demi Marie Obenour wrote:
> > On Thu, Jul 27, 2023 at 08:10:41AM +, Zbigniew Jędrzejewski-Szmek
> > wrote:
> > > Hi,
> > >
> > > I'd like to
; RequiresMountsFor=3D should be your friend. It just takes a space-
> separated list of paths and does all the other stuff by itself.
>
> Another options would be to switch to x-systemd.automount in fstab for
> the network shares, so they will be mounted on first access, not
> necessary during early boot when there is no network.
FYI, it looks like your mailer used quoted-printable encoding, but
didn’t set the appropriate headers to indicate that this encoding is in
use.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
ware-specific images, rather than trying to have
a single image that supports many different hardware models. Automotive
and other embedded systemd understandably do not want to pay for
complexity that they do not need, and which is present to support
features (such as supporting arbitrary hardware) they
discoverable,
> unauthenticated relatively simple file system, such as vfat).
>
> Anyway, I can't tell you how to solve your specific problems, but if
> there's one thing I'd suggest you to keep in mind then it's the
> security angle, i.e. keep in mind from the beginning how
> authentication of every component of your process shall work, how
> unatteneded disk encryption shall operate and how measurement shall
> work. Security must be built into things from the beginning, not be
> added as an afterthought.
As a Qubes OS developer and a security researcher, thank you.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, Dec 11, 2023 at 05:03:13PM +, Eric Curtin wrote:
> On Mon, 11 Dec 2023 at 16:36, Demi Marie Obenour
> wrote:
> >
> > On Mon, Dec 11, 2023 at 10:57:58AM +0100, Lennart Poettering wrote:
> > > On Fr, 08.12.
On Mon, Dec 11, 2023 at 10:52:31PM +, Muggeridge, Matt wrote:
>
>
> > -Original Message-
> > From: Demi Marie Obenour
> > Sent: Tuesday, December 12, 2023 7:14 AM
> > To: Muggeridge, Matt ; systemd-
> > de...@lists.freedesktop.org
> >
On Mon, Dec 11, 2023 at 08:58:58PM +, Luca Boccassi wrote:
> On Mon, 11 Dec 2023 at 20:43, Demi Marie Obenour
> wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > On Mon, Dec 11, 2023 at 08:15:27PM +, Luca Boccassi wrote:
>
s,
> Matt.
> PS: Mailing list topics go unanswered and github issues get lost in the
> noise, so I'm hoping there's a more efficient way to collaborate.
In what specific ways is networkd not compliant?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, Dec 11, 2023 at 08:15:27PM +, Luca Boccassi wrote:
> On Mon, 11 Dec 2023 at 17:30, Demi Marie Obenour
> wrote:
> >
> > On Mon, Dec 11, 2023 at 10:57:58AM +0100, Lennart Poettering wrote:
> > > On Fr, 08.12.
index can be changed? In the latter case, does
this mean that the index can be "leaked" in certain error conditions?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
t would replicate all the data, for the heavy users to query. (Or the
> other way around, main instance for the heavy updates ⇒ replica for regular
> queries.)
Generally heavy analytical queries should be on a replica. The reason
is that analytical queries are less likely to need the very latest
data, w
erf even support these single core SoCs?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
unbounded time on
> processing journal messages.
Which regex engine is used? glibc’s engine is not safe for use with
untrusted input, but Rust’s is, so that might be an option in the
future. It isn’t OOM-safe, though.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
On Wed, May 29, 2024 at 10:36:28AM +0200, Lennart Poettering wrote:
> On Di, 28.05.24 17:36, Demi Marie Obenour (d...@invisiblethingslab.com) wrote:
>
> > > (you can of course include PolicyAuthorizeNV in the policy you sign
> > > for PolicyAuthorize, but that doesn#t wo
eys that are not accessible
outside the TPM, but my understanding is that the most common cases
(LUKS and fscrypt keys and systemd credentials) must be accessible in
cleartext on the host _anyway_. If the secret to be sealed is provided
externally, then one can use symmetric encryption with a randomly
generated key to have the same effect.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
the FDE key below it (which will require us
> to fulfill policy 1) and then the unseal the FDE key (which will
> require us to fulfill policy 2).
>
> Unless I am missing something this should work and do exactly what I
> want: I can combine policies arbitrarily.
Does this require policies 1 and 2 to be fulfilled _at the same time_?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
On Thu, May 30, 2024 at 10:43:48PM +0200, Lennart Poettering wrote:
> On Mi, 29.05.24 14:48, Demi Marie Obenour (d...@invisiblethingslab.com) wrote:
>
> > > > > (you can of course include PolicyAuthorizeNV in the policy you sign
> > > > > for PolicyAuthorize,
bject to local,
> delegated policy choices instead of mandated by the policy of the
> actual object we want to protect)
Does this work in practice? I agree that this is ugly, but "ugly" might
be better than "not working".
> I have so far not found a nice way out of
24 matches
Mail list logo
