To me, Bitfrost was just one more lofty windmill OLPC tried to tilt because
it seemed like an interesting challenge. I'm not clear why Sugar needs more
protection from rogue activities than a normal desktop environment has from
rogue applications.
Reinventing the desktop as a constructivist
On Mon, Mar 02, 2009 at 02:08:38PM +0100, Peter Robinson wrote:
The changes to sugar might be minimal but the changes to the
underlying OS are not so simple.
From my (which is very basic) understanding there is patches to at
least the kernel, initscripts, upstart and telepathy and possibly dbus
On Tue, Feb 24, 2009 at 10:09:26AM -0800, Carol Farlow Lerche wrote:
My post was a request to the most knowledgeable person, Michael to do the
service of taking the time to write a document that clearly lays out
. the purpose (not in security speak but in terms of the benefits it brings
to end
On Tue, Feb 24, 2009 at 18:29, Wade Brainerd wad...@gmail.com wrote:
To me, Bitfrost was just one more lofty windmill OLPC tried to tilt because
it seemed like an interesting challenge. I'm not clear why Sugar needs more
protection from rogue activities than a normal desktop environment has
The userland application privilege
isolation is hugely important, as we are pushing for making our apps
heavily network oriented, the risks of other network hosts trying to
take advantage of vulnerable apps is huge.
A problem with expanding Rainbow to other
Michael, I think your work on Rainbow is very important, but I think it is a
bit opaque. Perhaps you could improve your documentation and as well write
a tutorial about it that would make it more apparent how much is actually
implemented and what an activity can do with it.
So here's an example.
On Tue, Feb 24, 2009 at 05:41:09PM +0100, Sascha Silbe wrote:
On Tue, Feb 24, 2009 at 11:24:37AM -0500, Michael Stone wrote:
http://lists.sugarlabs.org/archive/sugar-devel/2008-December/010528.html
Thanks for your work! I sure hope it'll get used instead of dropped,
it's the #1
Rainbow in jhbuild would help debugging. I don't think I am along=e in
using it as a development environment.
-walter
On Tue, Feb 24, 2009 at 12:09 PM, Michael Stone mich...@laptop.org wrote:
On Tue, Feb 24, 2009 at 05:41:09PM +0100, Sascha Silbe wrote:
On Tue, Feb 24, 2009 at 11:24:37AM
To me, Bitfrost was just one more lofty windmill OLPC tried to tilt because
it seemed like an interesting challenge. I'm not clear why Sugar needs more
protection from rogue activities than a normal desktop environment has from
rogue applications.
Reinventing the desktop as a constructivist
Wade Brainerd wrote:
To me, Bitfrost was just one more lofty windmill OLPC tried to tilt because
it seemed like an interesting challenge. I'm not clear why Sugar needs more
protection from rogue activities than a normal desktop environment has from
rogue applications.
Reinventing the
Hi Carol,
you make it sound as if Rainbow was new and unknown and Michael was
pushing it. That's a bit unfair. Rainbow has been shipping in the OLPC
releases for quite a while, and activity authors in general do know
that they simply have to respect the designated directories for saving
On Tue, Feb 24, 2009 at 12:41 PM, Benjamin M. Schwartz
bmsch...@fas.harvard.edu wrote:
They are a single, indivisible cause, and also the entire reason for the
existence of Sugar.
Many operating systems provide users with a set of powerful tools for
manipulating ideas and data. Sugar's
On Tue, Feb 24, 2009 at 12:29:57PM -0500, Wade Brainerd wrote:
To me, Bitfrost was just one more lofty windmill OLPC tried to tilt because
it seemed like an interesting challenge.
So you've said in the past. What of it?
I'm not clear why Sugar needs more protection from rogue activities than a
On Tue, Feb 24, 2009 at 12:57 PM, Michael Stone mich...@laptop.org wrote:
I'm not clear why Sugar needs more protection from rogue activities than a
normal desktop environment has from rogue applications.
The justification which interests me the most goes something like: strong
protections
Bert, Are you satisfied with the number of activity developers? Are you
satisfied with the number of developers within the deployments? Have you
noticed the periodic questions on the developer-oriented lists about Rainbow
security and whether it is causing mysterious symptoms? I'm not, and I
On 24.02.2009, at 19:09, Carol Farlow Lerche wrote:
Bert, Are you satisfied with the number of activity developers?
Are you satisfied with the number of developers within the
deployments? Have you noticed the periodic questions on the
developer-oriented lists about Rainbow security
On Tue, Feb 24, 2009 at 08:56:06AM -0800, Carol Farlow Lerche wrote:
Michael, I think your work on Rainbow is very important, but I think it is a
bit opaque.
Carol,
Thanks you for this detailed critique of my documentation efforts to date. One
thing that I've (obviously) struggled with is
--- Carol Farlow Lerche c...@msbit.com wrote:
things that the activity developers can and can't do
As an aside, I yesterday uploaded a simple activity to addons.sugarlabs.org.
This activity runs on os767 and soas (afaik). Your post and this discussion
made me realize that I hadn't had to
bert wrote:
On 24.02.2009, at 19:09, Carol Farlow Lerche wrote:
...
Asking for better documentation doesn't imply that the facility is
new. It recognizes that development has reached a local minimum in
an important component that is not well understood by many. My post
was a
On Tue, Feb 24, 2009 at 1:30 PM, p...@laptop.org wrote:
bert wrote:
On 24.02.2009, at 19:09, Carol Farlow Lerche wrote:
...
Asking for better documentation doesn't imply that the facility is
new. It recognizes that development has reached a local minimum in
an important
--- Wade Brainerd wad...@gmail.com wrote:
Backup, a far more useful and achievable
solution to this problem.
I don't see how Rainbow, something _working_ and pretty usable on my XO right
now, is usefully compared to backup, a solution similar in specificity to the
aphorism be careful and
Michael, I'm happy to continue this discussion off-list if you or others
feel it is inappropriate to carry it on here. However, to respond to your
mail:
Thanks you for this detailed critique of my documentation efforts to date.
One
thing that I've (obviously) struggled with is understanding
On Tue, 24 Feb 2009, Carol Farlow Lerche wrote:
. the purpose (not in security speak but in terms of the benefits it brings
to end users),
also why should rainbow be used instead of one of the many other sets of
tools available to distros for locking down a desktop (SELinux, or other
LSMs)?
On 24.02.2009, at 20:43, Sascha Silbe wrote:
On Tue, Feb 24, 2009 at 12:29:57PM -0500, Wade Brainerd wrote:
I'm not clear why Sugar needs more protection from rogue activities
than a normal desktop environment has from rogue applications.
It's not that Sugar needs more protection than
Hi,
On Dienstag, 24. Februar 2009, Wade Brainerd wrote:
Many operating systems provide users with a set of powerful tools for
manipulating ideas and data. Sugar's purpose is to add another
dimension: to encourage users to modify and share the tools themselves.
To that end, if my friend
On 24 Feb 2009, at 17:52, Wade Brainerd wrote:
On Tue, Feb 24, 2009 at 12:41 PM, Benjamin M. Schwartz
bmsch...@fas.harvard.edu
wrote:
They are a single, indivisible cause, and also the entire reason for
the
existence of Sugar.
Many operating systems provide users with a set of
On Tue, Feb 24, 2009 at 11:24:37AM -0500, Michael Stone wrote:
http://lists.sugarlabs.org/archive/sugar-devel/2008-December/010528.html
Thanks for your work! I sure hope it'll get used instead of dropped,
it's the #1 reason I looked into Sugar in the first place and the one
thing I miss
On Tue, Feb 24, 2009 at 12:29:57PM -0500, Wade Brainerd wrote:
I'm not clear why Sugar needs more protection from rogue activities
than a normal desktop environment has from rogue applications.
It's not that Sugar needs more protection than currently existing
desktop environments, but rather
On Wed, Feb 25, 2009 at 5:24 AM, Michael Stone mich...@laptop.org wrote:
In my view, it's up to the SugarLabs folks to use Rainbow or to drop it. I
have
tried to clear the way for them to use it on all the platforms they care about
by simplifying it, by making it more generically useful, by
Martin Langhoff wrote:
Maybe my ignorance on matters selinux is showing? ;-)
You are not alone. Sugar/OLPC simply never had SELinux experts who
volunteered to work on Rainbow. We still don't (raise your hand if you
consider yourself proficient at writing SELinux policy!).
It's hard to write a
On Tue, 24 Feb 2009, Benjamin M. Schwartz wrote:
Martin Langhoff wrote:
Maybe my ignorance on matters selinux is showing? ;-)
You are not alone. Sugar/OLPC simply never had SELinux experts who
volunteered to work on Rainbow. We still don't (raise your hand if you
consider yourself
On Wed, Feb 25, 2009 at 11:33:30AM +1300, Martin Langhoff wrote:
You are now talking about the implementation of rainbow that provides
userland privilege isolation.
For the record, rainbow only describes the userland privilege isolation part.
The rest is just OFW, olpcrd, olpc-update, OATS
On Tue, Feb 24, 2009 at 06:05:51PM -0500, Benjamin M. Schwartz wrote:
Sugar/OLPC simply never had SELinux experts
I'm pretty sure this is false. For instance, I know that ancient OLPC+RH
kernels has SELinux enabled and I know that the SELinux folks at RH have always
been excited to help me to
On Tue, Feb 24, 2009 at 10:22:07PM +, Gary C Martin wrote:
remind me, Pippy's getting special case hack permission to drive a 8 line
highway through Rainbow security permissions, right?
Unfortunately, no. No one has yet completed an implementation of the gates
needed to guard access to the
On Wed, Feb 25, 2009 at 12:21 PM, Michael Stone mich...@laptop.org wrote:
For the record, rainbow only describes the userland privilege isolation
part.
You're right. I conflated the overarching shadow of bitfrost with
rainbow. My bad.
I think this would have the effect of making rainbow much
Tomeu Vizoso wrote:
Michael,
when several weeks ago you showed me in #sugar your patches to Sugar
and explained the new rainbow concept, I told you that it seemed a
good idea and that the patches looked pretty good.
As you said Rainbow wasn't ready for 0.84, I told you that we would
talk
36 matches
Mail list logo