To me, Bitfrost was just one more lofty windmill OLPC tried to tilt because
it seemed like an interesting challenge. I'm not clear why Sugar needs more
protection from rogue activities than a normal desktop environment has from
rogue applications.
Reinventing the desktop as a constructivist
On Mon, Mar 02, 2009 at 02:08:38PM +0100, Peter Robinson wrote:
The changes to sugar might be minimal but the changes to the
underlying OS are not so simple.
From my (which is very basic) understanding there is patches to at
least the kernel, initscripts, upstart and telepathy and possibly dbus
On Tue, Feb 24, 2009 at 10:09:26AM -0800, Carol Farlow Lerche wrote:
My post was a request to the most knowledgeable person, Michael to do the
service of taking the time to write a document that clearly lays out
. the purpose (not in security speak but in terms of the benefits it brings
to end
On Tue, 24 Feb 2009, Carol Farlow Lerche wrote:
. the purpose (not in security speak but in terms of the benefits it brings
to end users),
also why should rainbow be used instead of one of the many other sets of
tools available to distros for locking down a desktop (SELinux, or other
LSMs)?
On Tue, Feb 24, 2009 at 01:47:01AM -0500, Mikus Grinbergs wrote:
[Also, I'm hearing whispers of 'no Rainbow' after Joyride.]
Mikus,
In my view, it's up to the SugarLabs folks to use Rainbow or to drop it. I have
tried to clear the way for them to use it on all the platforms they care about
by
On Tue, Feb 24, 2009 at 11:24:37AM -0500, Michael Stone wrote:
http://lists.sugarlabs.org/archive/sugar-devel/2008-December/010528.html
Thanks for your work! I sure hope it'll get used instead of dropped,
it's the #1 reason I looked into Sugar in the first place and the one
thing I miss
Michael,
when several weeks ago you showed me in #sugar your patches to Sugar
and explained the new rainbow concept, I told you that it seemed a
good idea and that the patches looked pretty good.
As you said Rainbow wasn't ready for 0.84, I told you that we would
talk again when work on 0.86
On Tue, Feb 24, 2009 at 05:41:09PM +0100, Sascha Silbe wrote:
On Tue, Feb 24, 2009 at 11:24:37AM -0500, Michael Stone wrote:
http://lists.sugarlabs.org/archive/sugar-devel/2008-December/010528.html
Thanks for your work! I sure hope it'll get used instead of dropped,
it's the #1
Rainbow in jhbuild would help debugging. I don't think I am along=e in
using it as a development environment.
-walter
On Tue, Feb 24, 2009 at 12:09 PM, Michael Stone mich...@laptop.org wrote:
On Tue, Feb 24, 2009 at 05:41:09PM +0100, Sascha Silbe wrote:
On Tue, Feb 24, 2009 at 11:24:37AM
To me, Bitfrost was just one more lofty windmill OLPC tried to tilt because
it seemed like an interesting challenge. I'm not clear why Sugar needs more
protection from rogue activities than a normal desktop environment has from
rogue applications.
Reinventing the desktop as a constructivist
Wade Brainerd wrote:
To me, Bitfrost was just one more lofty windmill OLPC tried to tilt because
it seemed like an interesting challenge. I'm not clear why Sugar needs more
protection from rogue activities than a normal desktop environment has from
rogue applications.
Reinventing the
Hi Carol,
you make it sound as if Rainbow was new and unknown and Michael was
pushing it. That's a bit unfair. Rainbow has been shipping in the OLPC
releases for quite a while, and activity authors in general do know
that they simply have to respect the designated directories for saving
On Tue, Feb 24, 2009 at 12:41 PM, Benjamin M. Schwartz
bmsch...@fas.harvard.edu wrote:
They are a single, indivisible cause, and also the entire reason for the
existence of Sugar.
Many operating systems provide users with a set of powerful tools for
manipulating ideas and data. Sugar's
Bert, Are you satisfied with the number of activity developers? Are you
satisfied with the number of developers within the deployments? Have you
noticed the periodic questions on the developer-oriented lists about Rainbow
security and whether it is causing mysterious symptoms? I'm not, and I
On Tue, Feb 24, 2009 at 08:56:06AM -0800, Carol Farlow Lerche wrote:
Michael, I think your work on Rainbow is very important, but I think it is a
bit opaque.
Carol,
Thanks you for this detailed critique of my documentation efforts to date. One
thing that I've (obviously) struggled with is
--- Carol Farlow Lerche c...@msbit.com wrote:
things that the activity developers can and can't do
As an aside, I yesterday uploaded a simple activity to addons.sugarlabs.org.
This activity runs on os767 and soas (afaik). Your post and this discussion
made me realize that I hadn't had to
bert wrote:
On 24.02.2009, at 19:09, Carol Farlow Lerche wrote:
...
Asking for better documentation doesn't imply that the facility is
new. It recognizes that development has reached a local minimum in
an important component that is not well understood by many. My post
was a
On Tue, Feb 24, 2009 at 1:30 PM, p...@laptop.org wrote:
bert wrote:
On 24.02.2009, at 19:09, Carol Farlow Lerche wrote:
...
Asking for better documentation doesn't imply that the facility is
new. It recognizes that development has reached a local minimum in
an important
--- Wade Brainerd wad...@gmail.com wrote:
Backup, a far more useful and achievable
solution to this problem.
I don't see how Rainbow, something _working_ and pretty usable on my XO right
now, is usefully compared to backup, a solution similar in specificity to the
aphorism be careful and
Hi Michael,
2009/2/24 Michael Stone mich...@laptop.org:
In my view, it's up to the SugarLabs folks to use Rainbow or to drop it.
How realistic is it to make rainbow something generic that all
environments and applications could use? In an ideal world, such a
security system should be available
Michael, I'm happy to continue this discussion off-list if you or others
feel it is inappropriate to carry it on here. However, to respond to your
mail:
Thanks you for this detailed critique of my documentation efforts to date.
One
thing that I've (obviously) struggled with is understanding
On Tue, Feb 24, 2009 at 03:45:33PM -0300, Daniel Drake wrote:
Hi Michael,
2009/2/24 Michael Stone mich...@laptop.org:
In my view, it's up to the SugarLabs folks to use Rainbow or to drop it.
How realistic is it to make rainbow something generic that all environments
and applications could use?
On Tue, Feb 24, 2009 at 12:29:57PM -0500, Wade Brainerd wrote:
I'm not clear why Sugar needs more protection from rogue activities
than a normal desktop environment has from rogue applications.
It's not that Sugar needs more protection than currently existing
desktop environments, but rather
On 24.02.2009, at 20:43, Sascha Silbe wrote:
On Tue, Feb 24, 2009 at 12:29:57PM -0500, Wade Brainerd wrote:
I'm not clear why Sugar needs more protection from rogue activities
than a normal desktop environment has from rogue applications.
It's not that Sugar needs more protection than
On 24 Feb 2009, at 17:52, Wade Brainerd wrote:
On Tue, Feb 24, 2009 at 12:41 PM, Benjamin M. Schwartz
bmsch...@fas.harvard.edu
wrote:
They are a single, indivisible cause, and also the entire reason for
the
existence of Sugar.
Many operating systems provide users with a set of
On Wed, Feb 25, 2009 at 5:24 AM, Michael Stone mich...@laptop.org wrote:
In my view, it's up to the SugarLabs folks to use Rainbow or to drop it. I
have
tried to clear the way for them to use it on all the platforms they care about
by simplifying it, by making it more generically useful, by
Martin Langhoff wrote:
Maybe my ignorance on matters selinux is showing? ;-)
You are not alone. Sugar/OLPC simply never had SELinux experts who
volunteered to work on Rainbow. We still don't (raise your hand if you
consider yourself proficient at writing SELinux policy!).
It's hard to write a
On Wed, Feb 25, 2009 at 11:33:30AM +1300, Martin Langhoff wrote:
You are now talking about the implementation of rainbow that provides
userland privilege isolation.
For the record, rainbow only describes the userland privilege isolation part.
The rest is just OFW, olpcrd, olpc-update, OATS
On Tue, Feb 24, 2009 at 06:05:51PM -0500, Benjamin M. Schwartz wrote:
Sugar/OLPC simply never had SELinux experts
I'm pretty sure this is false. For instance, I know that ancient OLPC+RH
kernels has SELinux enabled and I know that the SELinux folks at RH have always
been excited to help me to
On Wed, Feb 25, 2009 at 12:22:13AM +0100, Jonas Smedegaard wrote:
Sugarlabs care about Sugar. Sugar on any distro, and any hardware.
Yes, hence my work to write rainbow-0.8.* in a (relatively) distro-neutral
fashion.
Rainbow is tied not primarily to Sugar but to a specific distro: the
OLPC fork
On Tue, Feb 24, 2009 at 10:22:07PM +, Gary C Martin wrote:
remind me, Pippy's getting special case hack permission to drive a 8 line
highway through Rainbow security permissions, right?
Unfortunately, no. No one has yet completed an implementation of the gates
needed to guard access to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Feb 25, 2009 at 12:22:13AM +0100, Jonas Smedegaard wrote:
I can understand your frustration. But perhaps you need to aim
differently.
Correction: Perhaps *we* need to aim differently. It is off course not
your problem - we all loose if
On Wed, Feb 25, 2009 at 12:21 PM, Michael Stone mich...@laptop.org wrote:
For the record, rainbow only describes the userland privilege isolation
part.
You're right. I conflated the overarching shadow of bitfrost with
rainbow. My bad.
I think this would have the effect of making rainbow much
Tomeu Vizoso wrote:
Michael,
when several weeks ago you showed me in #sugar your patches to Sugar
and explained the new rainbow concept, I told you that it seemed a
good idea and that the patches looked pretty good.
As you said Rainbow wasn't ready for 0.84, I told you that we would
talk
34 matches
Mail list logo