On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote:
On Thu, Nov 22, 2012 at 11:58 AM, Kevin Chadwick ma1l1i...@yahoo.co.uk
wrote:
On Thu, 22 Nov 2012 09:30:41 -0430
Andres Perera wrote:
i'm not sure how using js for configuration files, as opposed to using
a language
On Fri, Nov 23, 2012 at 5:11 AM, Marc Espie es...@nerim.net wrote:
On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote:
why would the runtime be attractive for rop? what configuration vm
needs syscalls that would be attractive to an attacker that can change
the address of a jump?
Guys are not probably reading you enough. See
http://lists.gnu.org/archive/html/gnu-system-discuss/2012-11/msg0.html
and https://news.ycombinator.com/item?id=4821488 :-)
Can you please take this to another mailing list or off-list?
Developer's Lists
These lists are for technical
Follow-up interview, much better to say what you want instead of having people
interpret your email.
Do you know polkit (which I believe is cross platform but I prefer to
remove it, primarily because it gives little indication of what is
allowed and requires constant review, unlike sudo) now
i'm not sure how using js for configuration files, as opposed to using
a language commonly deployed for the same purpose, such as lua,
presents an innate constraint on security.
if i'm somehow expected to ignore how unlikely it is for the
configuration vm to:
a. intentionally have the ability of
On Thu, 22 Nov 2012 09:30:41 -0430
Andres Perera wrote:
i'm not sure how using js for configuration files, as opposed to using
a language commonly deployed for the same purpose, such as lua,
presents an innate constraint on security.
Firstly the article mentioned JIT preventing true
On Thu, Nov 22, 2012 at 11:58 AM, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote:
On Thu, 22 Nov 2012 09:30:41 -0430
Andres Perera wrote:
i'm not sure how using js for configuration files, as opposed to using
a language commonly deployed for the same purpose, such as lua,
presents an innate
On Thu, 22 Nov 2012 13:27:46 -0430
Andres Perera wrote:
but jit isn't irreparably interleaved with js
The latest polkit actually depends on the javascript package.
am i compromising by running luajit in interpreter mode instead of the
reference implementation, moreover, would that imply
On Thu, 22 Nov 2012 14:18:59 -0430
Andres Perera wrote:
there's still no tie-in to the privileges of the process,
It still lets a process do something unintended. In fact getting a
browser to execute an external javascript program is a threat in itself
that could have no end of custom
On Thu, Nov 22, 2012 at 2:53 PM, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote:
On Thu, 22 Nov 2012 14:18:59 -0430
Andres Perera wrote:
there's still no tie-in to the privileges of the process,
It still lets a process do something unintended. In fact getting a
browser to execute an external
On Thu, 22 Nov 2012 15:58:12 -0430
Andres Perera andre...@zoho.com wrote:
On Thu, Nov 22, 2012 at 2:53 PM, Kevin Chadwick
ma1l1i...@yahoo.co.uk wrote:
On Thu, 22 Nov 2012 14:18:59 -0430
Andres Perera wrote:
there's still no tie-in to the privileges of the process,
It still lets a
On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote:
why would the runtime be attractive for rop? what configuration vm
needs syscalls that would be attractive to an attacker that can change
the address of a jump? does the runtime really need to open sockets,
or spawn processes? (i'm
On Thu, Nov 22, 2012 at 11:41 PM, Marc Espie es...@nerim.net wrote:
On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote:
why would the runtime be attractive for rop? what configuration vm
needs syscalls that would be attractive to an attacker that can change
the address of a
sickmind at lavabit.com writes:
As far as I know they are going to release their own linux distro
called GNOME OS with it's own API (GNOME API) and stuff. In this case
making GNOME incompatible with everything else and all that talk about
brands and marketing both make sense.
From
On Thu, 8 Nov 2012 10:18:28 +0100
Lars von den Driesch wrote:
The only distros with a fair few users who have switched and still
have far less users are Fedora, Mageia and OpenSUSE.
Let's have an eye on Arch-Linux.
And they have lost users over it. I left them out because they
synchronicity, seen thx to Bruno Rohee...
https://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
On Thu, Nov 8, 2012 at 2:21 PM, Marc Espie es...@nerim.net wrote:
synchronicity, seen thx to Bruno Rohee...
https://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
Marketing? Brand presence? Visual identity?
WTF?!?
The following, in particular, is a little gem:
The point
On 15:01 Thu 08 Nov , David Coppa wrote:
On Thu, Nov 8, 2012 at 2:21 PM, Marc Espie es...@nerim.net wrote:
synchronicity, seen thx to Bruno Rohee...
https://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
Marketing? Brand presence? Visual identity?
WTF?!?
and if you come with proper arguments (and code) they will be more than
happy to include it or change the way they do things to accomodate to
standards. Lennart is a different matter, he made it clear he doesn't
care about the rest of the ecosystem. But he is just one guy and his
lobbying
On Tue, Nov 06, 2012 at 06:24:58PM -0200, Daniel Bolgheroni wrote:
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
It's also quickly turning Posix and Unix into a travesty: either you have
the linux goodies, or you don't. And if you don't, you can forget anything
modern...
On Wed, Nov 7, 2012 at 9:40 PM, William Ahern
will...@25thandclement.com wrote:
On Tue, Nov 06, 2012 at 06:24:58PM -0200, Daniel Bolgheroni wrote:
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
It's also quickly turning Posix and Unix into a travesty: either you have
the linux
Tomas Bodzar [tomas.bod...@gmail.com] wrote:
Here you can read what Linux devs think about Dfly for example
https://plus.google.com/101384639386588513837/posts/Dkb8iixE4eP
Yes, let's all work on Linux!!!
Let's all move to Texas.
And, what's with this water? Like in the toilets? What about
On Wed, 7 Nov 2012 22:52:19 +0100
Lars von den Driesch larsvondendrie...@gmail.com wrote:
The only distros with a fair few users who have switched and still
have far less users are Fedora, Mageia and OpenSUSE.
Let's have an eye on Arch-Linux.
And they have lost users over it. I left
Basically, we have a pattern, mostly observed with kde (and a bit with
gnome) which is really harmful for us.
Those vendors say we're not in the distribution business, distribution
problems will be handled by OS vendors. We can break compatibility to
advance, and not think about it, this is not
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
Basically, we have a pattern, mostly observed with kde (and a bit with
gnome) which is really harmful for us.
Those vendors say we're not in the distribution business, distribution
problems will be handled by OS vendors. We can
Apparently branding as a priority by some devs, is a major reason. I
can't believe a Gnome dev said he hadn't heard of XFCE to a
transmission dev!
http://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
in some cases, you even have some people, who are PAID by some vendors,
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
Basically, we have a pattern, mostly observed with kde (and a bit with
gnome) which is really harmful for us.
...
Relevant LWN.net article: http://lwn.net/Articles/520892/
On Tue, Nov 06, 2012 at 01:15:04PM +, Kevin Chadwick wrote:
Rather than spending time on these, are trinity and mate etc.. worth
looking at?
I'm pretty sure trinity is worth looking at, haven't had nearly enough time
to do so, especially since it's yet another build system you need to
On Tue, Nov 06, 2012 at 01:43:50PM +0100, Antoine Jacoutot wrote:
One could answer you that the BSD community is not involved enough with
upstream. 99% of the development is done on Linux by developers using Linux
-- if you want that to change, some !linux people should get involved in
On 11/06/2012 03:45 PM, Marc Espie wrote:
On Tue, Nov 06, 2012 at 01:43:50PM +0100, Antoine Jacoutot wrote:
One could answer you that the BSD community is not involved enough with
upstream. 99% of the development is done on Linux by developers using Linux --
if you want that to change, some
Lets be honest, half the problem goes away if Lennart stops hacking.
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
in some cases, you even have some people, who are PAID by some vendors,
agressively pushing GRATUITOUS, non compatible changes. I won't say names,
but you guys can fill the blanks in.
I'll fill in redhat, making upstream support even
On Tue, Nov 6, 2012 at 1:38 PM, Marc Espie es...@nerim.net wrote:
This is a mindset we need to fight, and this has to be a grass-roots
movement.
I agree with most of your statement, but for a grass-root movement you
will need to attract a lot of people. Otherwise you will move exactly
On 2012 Nov 06 (Tue) at 16:45:17 +0100 (+0100), Lars von den Driesch wrote:
:If you want people to gain traction you will need to
:reduce some standards...
This is exactly what happened in Linux-land, and brought us to this
place in the first point.
--
Math is like love -- a simple idea but
On Tue, Nov 06, 2012 at 04:45:17PM +0100, Lars von den Driesch wrote:
On Tue, Nov 6, 2012 at 1:38 PM, Marc Espie es...@nerim.net wrote:
This is a mindset we need to fight, and this has to be a grass-roots
movement.
I agree with most of your statement, but for a grass-root movement
On Tue, Nov 6, 2012 at 5:10 PM, Peter Hessler phess...@theapt.org wrote:
On 2012 Nov 06 (Tue) at 16:45:17 +0100 (+0100), Lars von den Driesch wrote:
This is exactly what happened in Linux-land, and brought us to this
place in the first point.
I know :-) And I understand this - but in
Hi Marc
On Tue, Nov 6, 2012 at 5:16 PM, Marc Espie es...@nerim.net wrote:
So, hey, do whatever you want with that. Apart from the proverbial
curmudgeons,
there are LOTS of nice people in the OpenBSD developer community, who are
fairly open to a lot of stuff... I wouldn't be there if that
From your point of view everybody
is nice to you ;-)
I'm not!
Miod
On Tue, Nov 6, 2012 at 1:43 PM, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
Basically, we have a pattern, mostly observed with kde (and a bit with
gnome) which is really harmful for us.
Those vendors say we're not in the
On Tue, Nov 06, 2012 at 01:15:04PM +, Kevin Chadwick wrote:
It could well end up the other way around, with systemd dying. It does
far too much and most of which is pointless in order to gain traction
but also limiting it's scope and so success unless it is forked or
radically changed of
I hear you on this, thinking about it I'd like to ask you what would be a
solution to this rather recurrent issue/problem we're facing from the Linux
side of the spectrum? What would be a solution or a framework that could
somehow negate most of the effects of this particular problem?. I grew up
On Tue, Nov 06, 2012 at 08:42:48PM +0100, TAKRIZ wrote:
I hear you on this, thinking about it I'd like to ask you what would be a
solution to this rather recurrent issue/problem we're facing from the Linux
side of the spectrum? What would be a solution or a framework that could
somehow negate
On Tue, 6 Nov 2012 21:39:42 +0100
Marc Espie es...@nerim.net wrote:
I don't have ANY KIND OF SOLUTION.
Certainly couldn't for that general problem without likely being the
problem.
As I've said before I'm not a Gnome fan and far from a Gnome 3 fan
however the reason udisks dropped many gnome
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
It's also quickly turning Posix and Unix into a travesty: either you have
the linux goodies, or you don't. And if you don't, you can forget anything
modern...
This IS the main problem.
On Tue, 6 Nov 2012 13:38:32 +0100
Marc Espie es...@nerim.net wrote:
Basically, we have a pattern, mostly observed with kde (and a bit with
gnome) which is really harmful for us.
They occupy a few people in our team FULLTIME with respect to gnome, they're
the reason we still DON'T have a full
Basically, we have a pattern, mostly observed with kde (and a bit with
gnome) which is really harmful for us.
They occupy a few people in our team FULLTIME with respect to gnome, they're
the reason we still DON'T have a full kde4 in our tree (hopefully to be
addressed shortly), and they're
07.11.2012 2:06 полÑзоваÑÐµÐ»Ñ Brett brett.ma...@gmx.com
напиÑал:
On Tue, 6 Nov 2012 13:38:32 +0100
Marc Espie es...@nerim.net wrote:
Basically, we have a pattern, mostly observed with kde (and a bit with
gnome) which is really harmful for us.
They occupy a few people
On Wed, Nov 07, 2012 at 08:58:55AM +1100, Brett wrote:
Not to disparage the hard work by Antoine and others on Gnome and KDE, but if
upstream are going to entwine their code with non-standard OSs, then why
bother with them?
That _is_ precisely the question I asked on GNOME lists. I'm not
48 matches
Mail list logo
