On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote:
> On Thu, Nov 22, 2012 at 11:58 AM, Kevin Chadwick
> wrote:
> > On Thu, 22 Nov 2012 09:30:41 -0430
> > Andres Perera wrote:
> >
> >> i'm not sure how using js for configuration files, as opposed to using
> >> a language commonly deplo
> Guys are not probably reading you enough. See
> http://lists.gnu.org/archive/html/gnu-system-discuss/2012-11/msg0.html
> and https://news.ycombinator.com/item?id=4821488 :-)
Can you please take this to another mailing list or off-list?
"Developer's Lists
These lists are for technical discus
On Fri, Nov 23, 2012 at 5:11 AM, Marc Espie wrote:
> On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote:
>> why would the runtime be attractive for rop? what configuration vm
>> needs syscalls that would be attractive to an attacker that can change
>> the address of a jump? does the run
On Thu, Nov 22, 2012 at 11:41 PM, Marc Espie wrote:
>
> On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote:
> > why would the runtime be attractive for rop? what configuration vm
> > needs syscalls that would be attractive to an attacker that can change
> > the address of a jump? does t
On Thu, Nov 22, 2012 at 01:27:46PM -0430, Andres Perera wrote:
> why would the runtime be attractive for rop? what configuration vm
> needs syscalls that would be attractive to an attacker that can change
> the address of a jump? does the runtime really need to open sockets,
> or spawn processes? (
On Thu, 22 Nov 2012 15:58:12 -0430
Andres Perera wrote:
> On Thu, Nov 22, 2012 at 2:53 PM, Kevin Chadwick
> wrote:
> > On Thu, 22 Nov 2012 14:18:59 -0430
> > Andres Perera wrote:
> >
> >> there's still no tie-in to the privileges of the process,
> >
> > It still lets a process do something unint
On Thu, Nov 22, 2012 at 2:53 PM, Kevin Chadwick wrote:
> On Thu, 22 Nov 2012 14:18:59 -0430
> Andres Perera wrote:
>
>> there's still no tie-in to the privileges of the process,
>
> It still lets a process do something unintended. In fact getting a
> browser to execute an external javascript progr
On Thu, 22 Nov 2012 14:18:59 -0430
Andres Perera wrote:
> there's still no tie-in to the privileges of the process,
It still lets a process do something unintended. In fact getting a
browser to execute an external javascript program is a threat in itself
that could have no end of custom instructi
On Thu, Nov 22, 2012 at 1:52 PM, Kevin Chadwick wrote:
> On Thu, 22 Nov 2012 13:27:46 -0430
> Andres Perera wrote:
>
>> but jit isn't irreparably interleaved with js
>>
>
> The latest polkit actually depends on the javascript package.
specifically, js185, aka spidermonkey, aka:
MOZ_ARG_DISABLE_B
On Thu, 22 Nov 2012 13:27:46 -0430
Andres Perera wrote:
> but jit isn't irreparably interleaved with js
>
The latest polkit actually depends on the javascript package.
> am i compromising by running luajit in interpreter mode instead of the
> reference implementation, moreover, would that imply
On Thu, Nov 22, 2012 at 11:58 AM, Kevin Chadwick wrote:
> On Thu, 22 Nov 2012 09:30:41 -0430
> Andres Perera wrote:
>
>> i'm not sure how using js for configuration files, as opposed to using
>> a language commonly deployed for the same purpose, such as lua,
>> presents an innate constraint on sec
On Thu, 22 Nov 2012 09:30:41 -0430
Andres Perera wrote:
> i'm not sure how using js for configuration files, as opposed to using
> a language commonly deployed for the same purpose, such as lua,
> presents an innate constraint on security.
Firstly the article mentioned JIT preventing true randomi
i'm not sure how using js for configuration files, as opposed to using
a language commonly deployed for the same purpose, such as lua,
presents an innate constraint on security.
if i'm somehow expected to ignore how unlikely it is for the
configuration vm to:
a. intentionally have the ability of
> Follow-up interview, much better to say what you want instead of having people
> interpret your email.
Do you know polkit (which I believe is cross platform but I prefer to
remove it, primarily because it gives little indication of what is
allowed and requires constant review, unlike sudo) now u
Follow-up interview, much better to say what you want instead of having people
interpret your email.
http://www.itwire.com/business-it-news/open-source/57589-upstream-vendors-can-harm-small-projects-openbsd-dev
At least this has some visibility, which is a good thing...
lavabit.com> writes:
> As far as I know they are going to release their own linux distro
> called GNOME OS with it's own API (GNOME API) and stuff. In this case
> making GNOME incompatible with everything else and all that talk about
> brands and marketing both make sense.
>From https://trac.tran
On 15:01 Thu 08 Nov , David Coppa wrote:
> On Thu, Nov 8, 2012 at 2:21 PM, Marc Espie wrote:
> > synchronicity, seen thx to Bruno Rohee...
> >
> > https://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
> >
>
> Marketing? Brand presence? Visual identity?
>
> WTF?!?
>
> The
On Thu, Nov 8, 2012 at 2:21 PM, Marc Espie wrote:
> synchronicity, seen thx to Bruno Rohee...
>
> https://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
>
Marketing? Brand presence? Visual identity?
WTF?!?
The following, in particular, is a little gem:
<>
How is this fuckin
synchronicity, seen thx to Bruno Rohee...
https://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
On Thu, 8 Nov 2012 10:18:28 +0100
Lars von den Driesch wrote:
> >> > The only distros with a fair few users who have switched and still
> >> > have far less users are Fedora, Mageia and OpenSUSE.
> >>
> >> Let's have an eye on Arch-Linux.
> >
> > And they have lost users over it. I left them o
On Wed, 7 Nov 2012 22:52:19 +0100
Lars von den Driesch wrote:
> > The only distros with a fair few users who have switched and still
> > have far less users are Fedora, Mageia and OpenSUSE.
>
> Let's have an eye on Arch-Linux.
And they have lost users over it. I left them out because they hav
On Wed, Nov 7, 2012 at 6:39 PM, Kevin Chadwick wrote:
> The only distros with a fair few users who have switched and still
> have far less users are Fedora, Mageia and OpenSUSE.
Let's have an eye on Arch-Linux. They have switched to systemd
recently and seem to be very confident about it. For me
Tomas Bodzar [tomas.bod...@gmail.com] wrote:
>
> Here you can read what Linux devs think about Dfly for example
> https://plus.google.com/101384639386588513837/posts/Dkb8iixE4eP
Yes, let's all work on Linux!!!
Let's all move to Texas.
And, what's with this water? Like in the toilets? What about
On Wed, Nov 7, 2012 at 9:40 PM, William Ahern
wrote:
> On Tue, Nov 06, 2012 at 06:24:58PM -0200, Daniel Bolgheroni wrote:
>> On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
>> >
>> > It's also quickly turning Posix and Unix into a travesty: either you have
>> > the linux goodies, or yo
On Tue, Nov 06, 2012 at 06:24:58PM -0200, Daniel Bolgheroni wrote:
> On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
> >
> > It's also quickly turning Posix and Unix into a travesty: either you have
> > the linux goodies, or you don't. And if you don't, you can forget anything
> > moder
> and if you come with proper arguments (and code) they will be more than
> happy to include it or change the way they do things to accomodate to
> standards. Lennart is a different matter, he made it clear he doesn't
> care about the rest of the ecosystem. But he is just one guy and his
> lobbying
On Wed, Nov 07, 2012 at 08:58:55AM +1100, Brett wrote:
> Not to disparage the hard work by Antoine and others on Gnome and KDE, but if
> upstream are going to entwine their code with non-standard OSs, then why
> bother with them?
That _is_ precisely the question I asked on GNOME lists. I'm not r
07.11.2012 2:06 полÑзоваÑÐµÐ»Ñ "Brett"
напиÑал:
>
> On Tue, 6 Nov 2012 13:38:32 +0100
> Marc Espie wrote:
>
> > Basically, we have a pattern, mostly observed with kde (and a bit with
> > gnome) which is really harmful for us.
>
> > They occupy a few people in our team FULLTIME wi
>> Basically, we have a pattern, mostly observed with kde (and a bit with
>> gnome) which is really harmful for us.
>
>> They occupy a few people in our team FULLTIME with respect to gnome, they're
>> the reason we still DON'T have a full kde4 in our tree (hopefully to be
>> addressed shortly), and
On Tue, 6 Nov 2012 13:38:32 +0100
Marc Espie wrote:
> Basically, we have a pattern, mostly observed with kde (and a bit with
> gnome) which is really harmful for us.
> They occupy a few people in our team FULLTIME with respect to gnome, they're
> the reason we still DON'T have a full kde4 in our
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
>
> It's also quickly turning Posix and Unix into a travesty: either you have
> the linux goodies, or you don't. And if you don't, you can forget anything
> modern...
This IS the main problem.
On Tue, 6 Nov 2012 21:39:42 +0100
Marc Espie wrote:
> I don't have ANY KIND OF SOLUTION.
Certainly couldn't for that general problem without likely being the
problem.
As I've said before I'm not a Gnome fan and far from a Gnome 3 fan
however the reason udisks dropped many gnome features like au
On Tue, Nov 06, 2012 at 08:42:48PM +0100, TAKRIZ wrote:
> I hear you on this, thinking about it I'd like to ask you what would be a
> solution to this rather recurrent issue/problem we're facing from the Linux
> side of the spectrum? What would be a solution or a framework that could
> somehow nega
I hear you on this, thinking about it I'd like to ask you what would be a
solution to this rather recurrent issue/problem we're facing from the Linux
side of the spectrum? What would be a solution or a framework that could
somehow negate most of the effects of this particular problem?. I grew up
ti
On Tue, Nov 06, 2012 at 01:15:04PM +, Kevin Chadwick wrote:
> It could well end up the other way around, with systemd dying. It does
> far too much and most of which is pointless in order to gain traction
> but also limiting it's scope and so success unless it is forked or
> radically changed o
On Tue, Nov 6, 2012 at 1:43 PM, Antoine Jacoutot wrote:
> On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
>> Basically, we have a pattern, mostly observed with kde (and a bit with
>> gnome) which is really harmful for us.
>>
>> Those vendors say "we're not in the distribution business,
> From your point of view everybody
> is nice to you ;-)
I'm not!
Miod
Hi Marc
On Tue, Nov 6, 2012 at 5:16 PM, Marc Espie wrote:
> So, hey, do whatever you want with that. Apart from the proverbial
> curmudgeons,
> there are LOTS of nice people in the OpenBSD developer community, who are
> fairly open to a lot of stuff... I wouldn't be there if that weren't the
>
On Tue, Nov 6, 2012 at 5:10 PM, Peter Hessler wrote:
> On 2012 Nov 06 (Tue) at 16:45:17 +0100 (+0100), Lars von den Driesch wrote:
>
> This is exactly what happened in Linux-land, and brought us to this
> place in the first point.
I know :-) And I understand this - but in this situation I be
On Tue, Nov 06, 2012 at 04:45:17PM +0100, Lars von den Driesch wrote:
> On Tue, Nov 6, 2012 at 1:38 PM, Marc Espie wrote:
>
> >
> > This is a mindset we need to fight, and this has to be a grass-roots
> > movement.
> >
>
> I agree with most of your statement, but for a grass-root movement you
>
On 2012 Nov 06 (Tue) at 16:45:17 +0100 (+0100), Lars von den Driesch wrote:
:If you want people to gain traction you will need to
:reduce some standards...
This is exactly what happened in Linux-land, and brought us to this
place in the first point.
--
Math is like love -- a simple idea but
On Tue, Nov 6, 2012 at 1:38 PM, Marc Espie wrote:
>
> This is a mindset we need to fight, and this has to be a grass-roots
> movement.
>
I agree with most of your statement, but for a grass-root movement you
will need to attract a lot of people. Otherwise you will move exactly
*nothing*. And let
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
> in some cases, you even have some people, who are PAID by some vendors,
> agressively pushing GRATUITOUS, non compatible changes. I won't say names,
> but you guys can fill the blanks in.
I'll fill in redhat, making upstream support eve
Lets be honest, half the problem goes away if Lennart stops "hacking".
On 11/06/2012 03:45 PM, Marc Espie wrote:
On Tue, Nov 06, 2012 at 01:43:50PM +0100, Antoine Jacoutot wrote:
One could answer you that the BSD community is not involved enough with
upstream. 99% of the development is done on Linux by developers using Linux --
if you want that to change, some !l
On Tue, Nov 06, 2012 at 01:43:50PM +0100, Antoine Jacoutot wrote:
> One could answer you that the BSD community is not involved enough with
> upstream. 99% of the development is done on Linux by developers using Linux
> -- if you want that to change, some !linux people should get involved in
> o
On Tue, Nov 06, 2012 at 01:15:04PM +, Kevin Chadwick wrote:
>
> Rather than spending time on these, are trinity and mate etc.. worth
> looking at?
I'm pretty sure trinity is worth looking at, haven't had nearly enough time
to do so, especially since it's yet another build system you need to d
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
> Basically, we have a pattern, mostly observed with kde (and a bit with
> gnome) which is really harmful for us.
>
> ...
Relevant LWN.net article: http://lwn.net/Articles/520892/
Apparently branding as a priority by some devs, is a major reason. I
can't believe a Gnome dev said he hadn't heard of XFCE to a
transmission dev!
http://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
> in some cases, you even have some people, who are PAID by some vendors,
> a
On Tue, Nov 06, 2012 at 01:38:32PM +0100, Marc Espie wrote:
> Basically, we have a pattern, mostly observed with kde (and a bit with
> gnome) which is really harmful for us.
>
> Those vendors say "we're not in the distribution business, distribution
> problems will be handled by OS vendors. We ca
Basically, we have a pattern, mostly observed with kde (and a bit with
gnome) which is really harmful for us.
Those vendors say "we're not in the distribution business, distribution
problems will be handled by OS vendors. We can break compatibility to
advance, and not think about it, this is not
51 matches
Mail list logo