qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/
awordnot has joined #spectrum
hube has joined #spectrum
nara has quit [Ping timeout: 260 seconds]
<Profpatsch> qyliss: Just make spectrum a subfolder of _nixpkgs_
<Profpatsch> Who said there could only be /nixos? *big brain*
<IdleBot_5e50c57d> Is there any memory-safe namespace setup tool, by the way? I still think that extra-wrapping VMs in containers does not hurt, but then the path names are passed as string so maaaybe replacing nsjail/minijail is slightly safer if there is an alternative?
<nicoo> qyliss: Just read the dev docs; that's a nice start <3
<nicoo> IdleBot_5e50c57d: There's servo/gaol, but it doesn't seem quite as fine-grained as minijail (because gaol aims to be cross-platform)
<IdleBot_5e50c57d> If it is cross-platform it might even lack mount-namespace-mangling…
<pie_[bnc]> by the way
<pie_[bnc]> Ive spammed this on like 5 channels already but there's a new edition of Security Engineering in the works and you can already read it
<pie_[bnc]> some e.g. quick summary of snowden stuff https://www.cl.cam.ac.uk/~rja14/Papers/SEv3-ch2-dec18.pdf
<pie_[bnc]> the preface is like two pages https://www.cl.cam.ac.uk/~rja14/Papers/SEv3-pref-May16.pdf
<pie_[bnc]> probably put this book on mandatory spectrum reading list or something ;P
<qyliss> Profpatsch: that's kinda what I was thinking
<pie_[bnc]> >:D
<qyliss> The reason I think I might not want to do that though, is that it wouldn't make sense to keep actual software source code in there
<pie_[bnc]> qyliss: nixos does it already, ok, to a limited extent
<pie_[bnc]> citation needed
<qyliss> only for a bunch of shell scripts
<pie_[bnc]> i think all the nixos- tools are in there
<qyliss> those are just shell scripts
<pie_[bnc]> eh ok
<qyliss> less $(which nixos-rebuild) :)
<pie_[bnc]> also youre giving everyone write access to spectrum, but arguably you could just have spectrum check that all the commits are signed by you, but idk
<qyliss> what?
<pie_[bnc]> *everyone with access to nixpkgs
<pie_[bnc]> sorry if I say something dumb
<qyliss> sure
<qyliss> but I think I would notice while merging if there was suddenly a spectrum/ directory
<qyliss> but nixpkgs is part of our TCB anyway
<pie_[bnc]> I...what? I mean if you made a nixpkgs/spectrum
<pie_[bnc]> but yeah ok good point re tcb
<qyliss> pie_[bnc]: People with Nixpkgs write access could create a spectrum/ directory to mess with things, but only if I actually merged that version of Nixpkgs in
<qyliss> Upstream's Nixpkgs isn't pulled into Spectrum's repo automatically
<qyliss> At least not now
<qyliss> And even if it was, it would be trivial to ensure that upstream didn't have a spectrum/ directory.
<pie_[bnc]> for some reason I assumed that the spectrum codebase was separate but now I'm reminded you just have a nixpkgs fork
<qyliss> Well, that's what this whole conversation has been about
<qyliss> Right now, there is no seperate Spectrum codebase
<qyliss> (except for start-vm.nix)
<qyliss> there'd be nothing to put in it
<qyliss> because pretty much everything I've done so far has been packaging work
<qyliss> but at some point, there will be, probably
<IdleBot_5e50c57d> Most of the work I would expect sounds like also presentable as separate projects
nicoo has quit [Remote host closed the connection]
nicoo has joined #spectrum
<IdleBot_5e50c57d> Usability implications of «contain all the things»: suddenly, having a local recursive DNS resolver, but also feeding a remote DNS server via SSH to some applications is completely fine
<Shell> btw, usability implications of DoH by default: captive portals break without some extra work
<IdleBot_5e50c57d> Of course my prebuilt Firefox profile base forbids DoH
<qyliss> Shell: are you aware of Tails' Unsafe Browser?
<qyliss> Basically all traffic on Tails goes through Tor by default, _except_ for Unsafe Browser's?
<qyliss> idk why I put a ? there
<qyliss> I think it's a nice model
<qyliss> If you need to do a captive portal, open this special application for doing that. Otherwise never use it.
<Shell> nice
<FireFly> oh, neat model
<qyliss> Also possible in a Qubes/Spectrum model, of course, but those put the onus on you to set that up
<Shell> qyliss: I also discovered this earlier today which is an interesting model, https://blog.filippo.io/captive-browser/
<Shell> and Spectrum makes it a lot easier
<qyliss> makes what easier exactly?
<qyliss> the thing you just linked or Tails' thing?
<Shell> the idea of having a separate browser with separate configuration just for doing captive portals
<qyliss> Oh, right
<Shell> since you don't have to mess with socks etc, just configure a VM with the right networking stack.
<qyliss> Yeah, course.
<qyliss> I'm looking at implementing inter-guest virtio in crosvm atm to enable that sort of thing without touching the host's network stack
<qyliss> It'll be a surprisingly small change I think
nicoo has quit [Ping timeout: 240 seconds]
<qyliss> Problem: this wouldn't be very useful without hotplugging of virtio devices
<qyliss> And I'm not sure crosvm does that
<qyliss> Oh it _does_
<qyliss> but only USB devices
nicoo has joined #spectrum
<qyliss> TIL: eventfd(2)
<IdleBot_5e50c57d> It would also be enough if virtio-host-inside-VM could be reusable (so there would be something that could accept multiple normal virtio client VMs)