qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/
klltkr has quit [Ping timeout: 264 seconds]
cole-h has quit [Quit: Goodbye]
tilpner has quit [Quit: tilpner]
tilpner has joined #spectrum
<qyliss> Maybe I just need to make this script have both cros-omahaproxy and cros-updates-serving backends, and try both until one works :(
<MichaelRaskin> And poll them hourly automatically, and use cached results if both are down?
<qyliss> I do eventually plan to have some script that sends a message to the mailing list when this stuff needs to be updated
<qyliss> It could handle running the script, and then send that as a patch for somebody to start from fixing build failures and stuff
<qyliss> That would work quite well, probably.
<qyliss> That would be a good thing for The List
<lukegb> Or give up on both and talk to Omaha directly :^)
<qyliss> I don't even know what Omaha is
<lukegb> Omaha is the Google Updater API thing
<lukegb> github.com/google/omaha
<lukegb> It has an awful XML-based API, which is why the proxies exist
<qyliss> Interesting
<MichaelRaskin> Is it actual XML or … as usual?
<lukegb> It's actual XML, I believe
<lukegb> The general protocol is documented in https://github.com/google/omaha/blob/master/doc/ServerProtocol.md, but it doesn't really describe how CrOS uses it
klltkr has joined #spectrum
cole-h has joined #spectrum
<hyperfekt> lol. will it ever stop
<cole-h> No. It will get faster, though
<hyperfekt> intel really is doing everything in their power to get us to stop using their processors
<MichaelRaskin> Well, as for IOMMU races, _these_ I do expect from other high-volume manufacturers (AMD, major ARM) too
<hyperfekt> μarch/acc
<MichaelRaskin> Microarchitectural issues… well, again, all majors have them, although Meltdown was indeed at the level of «wait, did you really expect this will not explode?»
<MichaelRaskin> I guess SpectrumOS should aim for «let's make opening an email attachment not a game over» first and disclose that 1-hour physical access by a qualified (5 years Linux administration, not magic NSA training) adversary having invested time (a month) into preparation is a game over condition
<MichaelRaskin> By now it looks that you cannot even trust TPM unless you really follow the news, so the approach of Heads is only a partial protection (useful against many attacks! but you need to understand your threat model really well)
<hyperfekt> MichaelRaskin: Heads?
<hyperfekt> oh lol. systemd-free tails, isee
<MichaelRaskin> A relative of Tails that tries to verify you boot what you expect
<MichaelRaskin> (using TPM in interesting ways)
<hyperfekt> oh so we're talking antievilmaid like stuff
<hyperfekt> that's neat
<MichaelRaskin> Well the Intel CVE posted requires interaction with the system soon after boot, as far as I understand
<MichaelRaskin> So I kind of assumed we are talking physical access.
<qyliss> hyperfekt: Heads isn't a distribution, it's a BIOS/EFI replacement
<qyliss> So well, it's sort of a very specialised distribution
<qyliss> But it's more useful to think of it as an EFI-like thing that happens to be Linux
<hyperfekt> oh, fascinating. i'm gonna read up on that
leah2 has quit [Ping timeout: 272 seconds]
leah2 has joined #spectrum
cole-h has quit [Quit: Goodbye]
cole-h has joined #spectrum
<qyliss> Writing This Week in Spectrum
<qyliss> How do I manage to do so much every week and yet still feel like I accomplished nothing at the end?
<MichaelRaskin> Impostor syndrome?
<MichaelRaskin> Also, calibration w.r.t. the level of general brokenness of the tools you need to work
<qyliss> Managed to be shorter than last week (just) but also far less clear I think
<qyliss> But whatever, it's almost not This Week any more so I had to send something
<colemickens> :) Thank you for these!!
<colemickens> I only got to stick around for part of the stream, but I enjoyed that little bit as well.
<cole-h> Hm, I didn't get that as an email (am subscribed)... Does it take a while for these to make their rounds? Or is it just me?
<MichaelRaskin> qyliss: note that your spectrum-vm command will by definition hard code some parts of VM-handling design (that might later change once you start sketching SpectrumOS global design)
<MichaelRaskin> I have got it via both lists
<MichaelRaskin> Spam folder?
<cole-h> Nope.
<cole-h> Maybe @outlook.com just sucks.