<pie__>
something something mozilla automatically allowing mitm certificates because antiviruses
<gchristensen>
oh thank god
<pie__>
i guess it doesnt reaaallly make anything worse because if you have code exec on someones machine you can just do that anyway?
<gchristensen>
this is so good
<gchristensen>
> Finally, we’ve added an indicator that allows the user to determine when a website is relying on an imported root CA certificate.
<{^_^}>
error: syntax error, unexpected ',', expecting ')', at (string):255:8
<gchristensen>
very nice!
<pie__>
is this good?
<gchristensen>
this is good
<pie__>
ok
<pie__>
(why is this good)
<gchristensen>
because it means enterprise users can use safely use Firefox without being an expert in TLS
<pie__>
why did using it safely require being an expert in tls before?
<gchristensen>
because Firefox didn't look at the system's TLS store
<gchristensen>
so they'd get an error
<gchristensen>
and then have to know how to fix it, or, MUCH more likely, click around it
<pie__>
hm
<ekleog>
it's basically 1. not reducing security (adding to the OS store is ~like adding to the firefox store), 2. adding a special icon for things coming from the OS store (so people know), and 3. making things more usable for the not-knowing user
<pie__>
yeah thats roughly what i figured, thanks for making it explicit
<pie__>
still have a sinking feeling because "automatic mitm" but i cant really justify it
<ekleog>
well, enterprises are going to do automatic mitm and you can't do anything about that except not going on the net, so you might as well just know
<gchristensen>
yup
<pie__>
right, except not all of them firewall ssl that isnt their own
<pie__>
well, if youre tech savvy and want to you can work around it anyway
<pie__>
"what is this strange new icon
<pie__>
then again if you open 3000 tabs and it loads them all :D
<pie__>
pipe all my shit through the traffic analyzer yeahhhhh
<pie__>
sorry i keep forgetting this is for things that are already installed in the system store
<gchristensen>
(maybe redirect to another channel)
<pie__>
im done
<pie__>
qyliss, are there any small ways to help with youre qubes-y project?
<ekleog>
wait what?
<ekleog>
are you porting qubesos to nixos
* ekleog
wanted to do that since learning of qubesos
<qyliss>
depends on whether the funding comes through
<qyliss>
looking good, but I’ve been waiting for a confirmation for several weeks now…
<qyliss>
pie__: not yet, but there will be in a couple of months assuming the above works out
<pie__>
ekleog, like everyone else probably ;P
<pie__>
qyliss, ok :)
<ekleog>
qyliss: wow great :) let me know if there's anything I can do to help :)
<qyliss>
I will! Right now I’m mostly keeping quiet about it so I don’t get people’s hopes up.
<pie__>
no pressure :D
<qyliss>
Was gonna link to the website but apparently letsencrypt didn’t auto renew…
qyliss has quit [Quit: bye]
qyliss^work has quit [Quit: bye]
qyliss has joined #nixos-security
qyliss^work has joined #nixos-security
qyliss has quit [Remote host closed the connection]
qyliss^work has quit [Remote host closed the connection]
qyliss^work has joined #nixos-security
qyliss has joined #nixos-security
qyliss has quit [Quit: bye]
qyliss^work has quit [Quit: bye]
<gchristensen>
should our sudo set secure_path?
<gchristensen>
to systemPackages' path and run wrappers
<pie__>
unless you already had something in mind (idk it just hit me)
<pie__>
qyliss, ok cool!
<qyliss>
sorta
<qyliss>
I don't really want to come up with anything like that until I know I'm actually going to be able to put in the amount of work it needs.
<qyliss>
The name came from me thinking that would focus lots of different things into one cohesive whole, and then realising that PRISM was a bad name for some privacy tech :P
<pie__>
haha
<pie__>
(yeah i know a logo does not a project make)
<pie__>
(or rather, literally bikeshedding)
<qyliss>
it's okay, we can't argue about what colour to paint the bikeshed because it's obviously going to be rainbow
<gchristensen>
what, not X-ray spectrum?
<pie__>
we can call the releases progressively cooler names as they get better
<pie__>
*progressively cooler parts of the spectrum
* pie__
waiting for the gamma ray release
<gchristensen>
I never use software when it is in or below the visual spectrum, always wait for it to mature a bit
<pie__>
x'D
<ekleog>
qyliss++
<{^_^}>
qyliss's karma got increased to 2
<ekleog>
(though I personally do like the concept of running VMs, as you mention being backend-agnostic it should be great :))
<ekleog>
(well, to be precise, I don't trust linux kernel to be able to actually do containers properly, to be precise -- I don't like VMs either, I just dislike them less than linux's containers :p)
<pie__>
hypervisors are where its at. vms have all those weird drivers and stuff right?
<pie__>
or are hypervisors no different in that regard? :D