gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
justanotheruser has joined #nixos-security
Synthetica has joined #nixos-security
<pie__> something something mozilla automatically allowing mitm certificates because antiviruses
<gchristensen> oh thank god
<pie__> i guess it doesnt reaaallly make anything worse because if you have code exec on someones machine you can just do that anyway?
<gchristensen> this is so good
<gchristensen> > Finally, we’ve added an indicator that allows the user to determine when a website is relying on an imported root CA certificate.
<{^_^}> error: syntax error, unexpected ',', expecting ')', at (string):255:8
<gchristensen> very nice!
<pie__> is this good?
<gchristensen> this is good
<pie__> ok
<pie__> (why is this good)
<gchristensen> because it means enterprise users can use safely use Firefox without being an expert in TLS
<pie__> why did using it safely require being an expert in tls before?
<gchristensen> because Firefox didn't look at the system's TLS store
<gchristensen> so they'd get an error
<gchristensen> and then have to know how to fix it, or, MUCH more likely, click around it
<pie__> hm
<ekleog> it's basically 1. not reducing security (adding to the OS store is ~like adding to the firefox store), 2. adding a special icon for things coming from the OS store (so people know), and 3. making things more usable for the not-knowing user
<pie__> yeah thats roughly what i figured, thanks for making it explicit
<pie__> still have a sinking feeling because "automatic mitm" but i cant really justify it
<ekleog> well, enterprises are going to do automatic mitm and you can't do anything about that except not going on the net, so you might as well just know
<gchristensen> yup
<pie__> right, except not all of them firewall ssl that isnt their own
<pie__> well, if youre tech savvy and want to you can work around it anyway
<pie__> "what is this strange new icon
<pie__> then again if you open 3000 tabs and it loads them all :D
<pie__> pipe all my shit through the traffic analyzer yeahhhhh
<pie__> sorry i keep forgetting this is for things that are already installed in the system store
<gchristensen> (maybe redirect to another channel)
<pie__> im done
<pie__> qyliss, are there any small ways to help with youre qubes-y project?
<ekleog> wait what?
<ekleog> are you porting qubesos to nixos
* ekleog wanted to do that since learning of qubesos
<qyliss> depends on whether the funding comes through
<qyliss> looking good, but I’ve been waiting for a confirmation for several weeks now…
<qyliss> pie__: not yet, but there will be in a couple of months assuming the above works out
<pie__> ekleog, like everyone else probably ;P
<pie__> qyliss, ok :)
<ekleog> qyliss: wow great :) let me know if there's anything I can do to help :)
<qyliss> I will! Right now I’m mostly keeping quiet about it so I don’t get people’s hopes up.
<pie__> no pressure :D
<qyliss> Was gonna link to the website but apparently letsencrypt didn’t auto renew…
qyliss has quit [Quit: bye]
qyliss^work has quit [Quit: bye]
qyliss has joined #nixos-security
qyliss^work has joined #nixos-security
qyliss has quit [Remote host closed the connection]
qyliss^work has quit [Remote host closed the connection]
qyliss^work has joined #nixos-security
qyliss has joined #nixos-security
qyliss has quit [Quit: bye]
qyliss^work has quit [Quit: bye]
<gchristensen> should our sudo set secure_path?
<gchristensen> to systemPackages' path and run wrappers
qyliss^work has joined #nixos-security
qyliss has joined #nixos-security
<gchristensen> A+ name
<gchristensen> (I think I said that before ...)
<qyliss> You did :)
<pie__> where _did_ the name come from?
<pie__> qyliss, do you think you will abstract the impementation enough to handle different backends, or will you focus on a specific thing?
<qyliss> pie__: that's absolutely part of the lan
<qyliss> *plan
<qyliss> (to allow different backends)
<pie__> unless you already had something in mind (idk it just hit me)
<pie__> qyliss, ok cool!
<qyliss> sorta
<qyliss> I don't really want to come up with anything like that until I know I'm actually going to be able to put in the amount of work it needs.
<qyliss> The name came from me thinking that would focus lots of different things into one cohesive whole, and then realising that PRISM was a bad name for some privacy tech :P
<pie__> haha
<pie__> (yeah i know a logo does not a project make)
<pie__> (or rather, literally bikeshedding)
<qyliss> it's okay, we can't argue about what colour to paint the bikeshed because it's obviously going to be rainbow
<gchristensen> what, not X-ray spectrum?
<pie__> we can call the releases progressively cooler names as they get better
<pie__> *progressively cooler parts of the spectrum
* pie__ waiting for the gamma ray release
<gchristensen> I never use software when it is in or below the visual spectrum, always wait for it to mature a bit
<pie__> x'D
<ekleog> qyliss++
<{^_^}> qyliss's karma got increased to 2
<ekleog> (though I personally do like the concept of running VMs, as you mention being backend-agnostic it should be great :))
<pie__> I dont know, Extremely High Frequency doesnt sound so bad https://en.wikipedia.org/wiki/Electromagnetic_spectrum it's more than your CPU clock at that point
<ekleog> (well, to be precise, I don't trust linux kernel to be able to actually do containers properly, to be precise -- I don't like VMs either, I just dislike them less than linux's containers :p)
<pie__> hypervisors are where its at. vms have all those weird drivers and stuff right?
<pie__> or are hypervisors no different in that regard? :D
<gchristensen> a VM runs under a hypervisor
<pie__> ...oh :I
<pie__> right.