#spectrum on 2020-10-24

2019-08-29 20:55 qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/

02:21 <qyliss> cole-h: (moving here from #nixos since there's another conversation going on there rn)

02:21 <qyliss> https://spectrum-os.org/lists/archives/spectrum-devel/87tuwpjeya.fsf@xndr.de/T/#u

02:21 <cole-h> Oh

02:21 <cole-h> Right

02:21 <cole-h> I remember seeing this

02:21 <cole-h> lol

02:51 maxdevjs has quit [Ping timeout: 272 seconds]

03:16 <textmate> qyliss: Do you think youll be able to have a minimal codebase that can be applied as a patchset to nixOS? Just thinking of security so that it can be reviewed easily incase of specific attacks

03:19 <qyliss> No, Spectrum will be very different to NixOS

03:19 <qyliss> NixOS gets too much wrong, unfortunately

03:24 <textmate> hmok

06:08 cole-h has quit [Ping timeout: 258 seconds]

07:27 <MichaelRaskin> Hopefully you would still be able to benefit from 0078…

07:28 <MichaelRaskin> (I expect parts of SpectrumOS that are theoretically shareable with NixOS and not shareable via 0078 to be pretty minimal; HW isolation has to be from-scratched and bootscripts can be small enough to review easily)

07:31 <MichaelRaskin> textmate: but also the first version will clearly not pass a harsh review, because just looking for SIGSEGV at wl_roots tracker is not a pretty sight. But it will have many critical building blocks

08:28 jb55 has quit [Remote host closed the connection]

08:29 jb55 has joined #spectrum

08:42 feepo has quit [Ping timeout: 272 seconds]

08:44 feepo has joined #spectrum

08:45 feepo has quit [Excess Flood]

08:45 feepo has joined #spectrum

09:12 <hyperfekt> many things

09:13 <hyperfekt> > that are being developed for spectrum as part of the nlnet grant seem independent to the stuff nixos gets wrong, or am i mistaken about that?

09:33 <MichaelRaskin> Well, it might be easier to boot the hardware isolation pieces without systemd with its opinion on everything

11:19 mvnetbiz_9 has joined #spectrum

11:23 mvnetbiz_ has quit [Ping timeout: 272 seconds]

11:23 mvnetbiz_9 is now known as mvnetbiz_

12:18 mvnetbiz_ has quit [Ping timeout: 260 seconds]

12:38 mvnetbiz_9 has joined #spectrum

12:41 <textmate> MichaelRaskin: ok

12:42 <textmate> I am super glad that this project exists as I believe this is 100% the way to go instead of Qubes, I think I will be using for many years still though

12:43 <textmate> however* using Qubes*

12:47 mvnetbiz_9 has quit [Quit: Bye!]

13:01 <ehmry> MichaelRaskin: i think the adoption of exotic nixos derivatives will be driven by how close their configuration model is to nixos, so 0078 is important

13:07 maxdevjs has joined #spectrum

13:08 <qyliss> what's 0078?

13:15 <MichaelRaskin> RFC 0078: use configuration file generators that are inspectable, tweakable, and usable outside of NixOS, too

13:16 <qyliss> interesting

13:16 <MichaelRaskin> ehmry: it is an explicit goal that it should very easy to have configuration model close to NixOS, but one the other hand the code should be also easy to black-box incapsulate

13:18 <MichaelRaskin> (lead author of RFC 0078 is me, Sander will hopefully confirm co-authorship, Eelco's reaction at NixCon was overall positive)

13:27 <qyliss> I like this

13:27 <qyliss> I especially like that it doesn't seem to be really tied to the module system at all

13:39 <qyliss> and that presumably config file generators can't depend on the values of random configuration values in a different namespace

13:42 <MichaelRaskin> Yes, they are pure functions

13:43 <MichaelRaskin> Kind of not completely untied from modules system

13:43 <MichaelRaskin> Deep merge and type checking are desirable, people won't lose them, so module system type checking is specified

13:44 <MichaelRaskin> But yeah, it is module system as in «define typechecking and merging for well-delimited single-topic configurations», not «how can we get back all the problems of distributed effects in a global shared space»

14:03 cole-h has joined #spectrum

14:59 <textmate> MichaelRaskin: Where can I read the spec?

15:00 <MichaelRaskin> https://github.com/nixos/rfcs/pull/78 — it is strictly speaking a proposal in early state of discussion

15:00 <textmate> Ah ok

15:03 <textmate> When its somewhat ready you should release a PDF, no?

15:05 <MichaelRaskin> No, why?

15:06 <textmate> So its pleasing for the reader

15:06 <MichaelRaskin> These are Nix RFCs, their primary format is markdown

15:06 <textmate> what is the difference between a nix rfc and a regular rfc

15:07 <MichaelRaskin> Regular b you mean IETF RFC?

15:07 <textmate> maybe I am misunderstanding something

15:07 <textmate> Yes

15:08 <MichaelRaskin> IETF RFCs govern networking interoperability specifications (although, actually, they are supposed to lead to IETDF Standards\)

15:08 <textmate> ok

15:08 <MichaelRaskin> Since their introduction a lot of projects have introduced some kind of a vaguely similar RFC process for in-project specifications

15:09 <textmate> Ah I see

15:09 <textmate> this makes more sense.

15:10 <ehmry> is anyone already translating `systemd.services.*` to some other init?

15:10 <textmate> based if true

15:10 <MichaelRaskin> You mean automatically? There is built-in, very restricted, functionality, that turns out to be enough for my usecase

15:11 <textmate> what if

15:11 <textmate> openrc

15:11 <ehmry> MichaelRaskin: link?

15:11 <textmate> was compatible with systemd .service files

15:11 <MichaelRaskin> ehmry: just grab my slides

15:12 <MichaelRaskin> https://github.com/7c6f434c/lang-os/blob/master/use-from-nixos.nix

15:14 <ehmry> right

15:17 <ehmry> MichaelRaskin: BTW, there is a #nixos-exotic channel now for exotic nixos

15:18 <textmate> exotic = lew

15:18 <textmate> ?

15:18 <MichaelRaskin> I thought it is for exotic platforms?

15:18 <textmate> lewd*

15:18 <textmate> nvm

15:19 <ehmry> exotic hardware and software platforms, so no-systemd kind of stuff

15:19 <textmate> I see

15:19 <MichaelRaskin> Hmm, can't systemd work on some MIPS Linux?

15:20 <ehmry> probably, I thought systemd was supposed to be an embedded thing

15:34 <pie_> idk if this is just a thing in my head

15:34 <pie_> but systemd is more than an init system

15:35 <pie_> so you cant just say what if systemd but openrc

15:35 <pie_> (?)

15:35 <ehmry> pie_: yes, but if you sandbox aggressively enough, the rest doesn't matter?

15:36 <pie_> dunno but ok, thanks for the input

15:37 <pie_> oh good thing i peeked in here <ehmry> MichaelRaskin: BTW, there is a #nixos-exotic channel now for exotic nixos

15:37 <pie_> what if there are nixos channels im not in????

15:38 <pie_> though that sounds like it would have some overlap with the nixos for routers channel which i forgot the name of

15:39 <MichaelRaskin> nix-wrt ?

15:40 <pie_> #nixos-on-your-router

15:41 <pie_> i think its fine either way, just sayung

15:50 * ehmry didn't know that was a channel

16:34 <qyliss> ehmry: I think Profpatsch has done systemd to other init translation too

16:34 <qyliss> maybe s6?

17:18 qyliss has quit [Quit: bye]

17:22 qyliss has joined #spectrum

19:49 cole-h has quit [Ping timeout: 272 seconds]

21:11 tilpner has quit [Remote host closed the connection]

21:12 tilpner has joined #spectrum

21:17 tilpner has quit [Ping timeout: 240 seconds]

21:29 tilpner has joined #spectrum

22:56 <Profpatsch> qyliss: not really, but I know a bit of s6

22:56 <Profpatsch> mostly execline though, I’m slowly getting more familiar with s6