#spectrum on 2020-04-19

2019-08-29 20:55 qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/

03:47 klltkr has quit [Ping timeout: 264 seconds]

07:07 cole-h has quit [Quit: Goodbye]

09:06 tilpner has quit [Quit: tilpner]

09:09 tilpner has joined #spectrum

11:16 <qyliss> Now https://cros-updates-serving.appspot.com/ is 500ing :(

11:16 <qyliss> Maybe I just need to make this script have both cros-omahaproxy and cros-updates-serving backends, and try both until one works :(

11:35 <MichaelRaskin> And poll them hourly automatically, and use cached results if both are down?

11:35 <qyliss> I do eventually plan to have some script that sends a message to the mailing list when this stuff needs to be updated

11:36 <qyliss> It could handle running the script, and then send that as a patch for somebody to start from fixing build failures and stuff

11:36 <qyliss> That would work quite well, probably.

11:37 <qyliss> That would be a good thing for The List

11:53 <lukegb> Or give up on both and talk to Omaha directly :^)

11:55 <qyliss> I don't even know what Omaha is

11:55 <lukegb> Omaha is the Google Updater API thing

11:55 <lukegb> github.com/google/omaha

11:55 <lukegb> It has an awful XML-based API, which is why the proxies exist

11:55 <qyliss> Interesting

11:55 <MichaelRaskin> Is it actual XML or … as usual?

11:56 <lukegb> It's actual XML, I believe

11:56 <lukegb> The general protocol is documented in https://github.com/google/omaha/blob/master/doc/ServerProtocol.md, but it doesn't really describe how CrOS uses it

12:15 klltkr has joined #spectrum

17:00 cole-h has joined #spectrum

19:21 <qyliss> https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/cve-2019-0090-whitepaper.pdf

19:56 <hyperfekt> lol. will it ever stop

19:56 <cole-h> No. It will get faster, though

19:57 <hyperfekt> intel really is doing everything in their power to get us to stop using their processors

19:58 <MichaelRaskin> Well, as for IOMMU races, _these_ I do expect from other high-volume manufacturers (AMD, major ARM) too

19:58 <hyperfekt> μarch/acc

19:59 <MichaelRaskin> Microarchitectural issues… well, again, all majors have them, although Meltdown was indeed at the level of «wait, did you really expect this will not explode?»

20:04 <MichaelRaskin> I guess SpectrumOS should aim for «let's make opening an email attachment not a game over» first and disclose that 1-hour physical access by a qualified (5 years Linux administration, not magic NSA training) adversary having invested time (a month) into preparation is a game over condition

20:05 <MichaelRaskin> By now it looks that you cannot even trust TPM unless you really follow the news, so the approach of Heads is only a partial protection (useful against many attacks! but you need to understand your threat model really well)

20:17 <hyperfekt> MichaelRaskin: Heads?

20:18 <hyperfekt> oh lol. systemd-free tails, isee

20:20 <MichaelRaskin> A relative of Tails that tries to verify you boot what you expect

20:21 <MichaelRaskin> (using TPM in interesting ways)

20:21 <hyperfekt> oh so we're talking antievilmaid like stuff

20:22 <hyperfekt> that's neat

20:22 <MichaelRaskin> Well the Intel CVE posted requires interaction with the system soon after boot, as far as I understand

20:22 <MichaelRaskin> So I kind of assumed we are talking physical access.

21:06 <qyliss> hyperfekt: Heads isn't a distribution, it's a BIOS/EFI replacement

21:06 <qyliss> So well, it's sort of a very specialised distribution

21:07 <qyliss> But it's more useful to think of it as an EFI-like thing that happens to be Linux

21:16 <hyperfekt> oh, fascinating. i'm gonna read up on that

21:23 leah2 has quit [Ping timeout: 272 seconds]

21:34 leah2 has joined #spectrum

21:43 cole-h has quit [Quit: Goodbye]

21:43 cole-h has joined #spectrum

21:47 <qyliss> Writing This Week in Spectrum

21:47 <qyliss> How do I manage to do so much every week and yet still feel like I accomplished nothing at the end?

21:48 <MichaelRaskin> Impostor syndrome?

21:48 <MichaelRaskin> Also, calibration w.r.t. the level of general brokenness of the tools you need to work

22:27 <qyliss> This Week in Spectrum https://spectrum-os.org/lists/archives/spectrum-discuss/874ktf15bh.fsf@alyssa.is/T/#u

22:27 <qyliss> Managed to be shorter than last week (just) but also far less clear I think

22:28 <qyliss> But whatever, it's almost not This Week any more so I had to send something

22:29 <colemickens> :) Thank you for these!!

22:29 <colemickens> I only got to stick around for part of the stream, but I enjoyed that little bit as well.

22:39 <cole-h> Hm, I didn't get that as an email (am subscribed)... Does it take a while for these to make their rounds? Or is it just me?

22:39 <MichaelRaskin> qyliss: note that your spectrum-vm command will by definition hard code some parts of VM-handling design (that might later change once you start sketching SpectrumOS global design)

22:39 <MichaelRaskin> I have got it via both lists

22:39 <MichaelRaskin> Spam folder?

22:39 <cole-h> Nope.

22:40 <cole-h> Maybe @outlook.com just sucks.