<    April 2017    >
Su Mo Tu We Th Fr Sa  
 2  3  4  5  6  7  8  
 9 10 11 12 13 14 15  
16 17 18 19 20 21 22  
23 24 25 26 27 28 29  
00:51 Amplificator joined
00:58 kl3 joined
01:02 gopar joined
01:04 Amplificator joined
01:05 blueness joined
01:42 kazblox joined
01:43 jackmcbarn joined
01:49 blueness joined
01:50 s33se joined
02:02 Emperor_Earth joined
02:06 grayhemp joined
02:08 kazblox2 joined
02:15 grayhemp joined
02:16 dirac1 joined
02:30 grayhemp joined
02:31 kl3_ joined
02:38 blueness joined
02:59 dirac1 joined
03:01 Oooohboy_ joined
03:04 mguentner joined
03:09 <Oooohboy_> sory connection dropped... I'm having trouble install freeswitch using apk add freeswitch
03:10 <Oooohboy_> I get an ERROR: unstatisfiable constraints using raspberry-pi
03:11 <Oooohboy_> Sorry in a docker container on raspberry pi
03:32 preyalone joined
03:36 grayhemp joined
03:38 mguentner2 joined
03:44 Barnerd joined
03:53 TemptorSent joined
04:01 dirac1 joined
04:11 ysh joined
04:57 jailbox joined
05:00 mitchty joined
05:28 ysh joined
05:39 grayhemp joined
05:55 uriah joined
05:57 grayhemp joined
06:23 ysh joined
06:24 grayhemp joined
06:24 ysh joined
06:34 grayhemp joined
06:40 czart__ joined
06:45 minimalism joined
06:54 slowpak joined
06:54 lasconic left
07:06 urda joined
07:06 <urda> hey so I'm pretty new to Alpine but, when will something like "python 3.6" go from "Edge" to say 3.5?
07:09 <Shiz> it won't
07:09 <Shiz> 3.5 is a stable release, those typically don't get major updates like that
07:09 <Shiz> it will be in 3.6 though
07:10 <Shiz> if it's in edge right now
07:10 ryonaloli joined
07:10 ryonaloli joined
07:14 sergey_ joined
07:20 <urda> Oh ok
07:20 <urda> again still pretty new to Alpine! I wasn't aware of how packages and releases are done
07:20 <urda> Thanks for the tid bit Shiz
07:20 <Shiz> no prob
07:20 <Shiz> new releases are typically done by snapshotting edge
07:21 <Shiz> at least, the x.y.0 release
07:21 <Shiz> after that, they are in their own branch for maintenance updates/patches
07:21 <urda> So is https://bugs.alpinelinux.org/projects/alpine/roadmap my best friend for releases or is there a better way to track alpine versions?
07:22 <urda> or maybe https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases
07:23 <Shiz> both work, yeah
07:23 <Shiz> another avenue is the mailing list where release candidates are announced
07:23 <urda> oh good point, ok thanks :)
07:23 <urda> I'll need to wait to do python 3.6 stuff until then
07:43 rollniak joined
07:58 blueness joined
08:11 mystified joined
08:24 andor2007 joined
08:36 gopar joined
08:42 blueness joined
08:46 blueness joined
09:09 fekepp joined
09:47 grayhemp joined
09:47 medber joined
09:53 blueness joined
10:04 t0mmy joined
10:09 cyborg-one joined
10:19 syntrx joined
11:36 gopar joined
12:04 schndr_ joined
12:16 fabled_ joined
12:21 medber joined
12:25 kl3 joined
12:38 fekepp joined
12:43 Skele joined
13:20 grayhemp joined
14:04 benjaminrb3__ joined
14:15 minimalism joined
14:26 blackwind_123 joined
15:05 lesion joined
15:19 benjaminrb3__ joined
15:27 Amplificator joined
15:38 Amplificator joined
15:41 untoreh joined
16:09 TomJepp joined
16:10 ostera joined
16:24 schndr_ joined
16:28 nszceta joined
16:38 vidr joined
16:50 nszceta joined
17:11 uriah joined
17:14 mdillon joined
17:47 kazblox joined
17:55 lonix joined
17:55 luxio joined
17:55 <luxio> When I do "startx", xfce4 doesn't start. x just prints some loading messages and then it freezes.
17:56 <luxio> Is this a known bug?
17:56 koollman joined
17:56 ostera joined
18:00 chris| joined
18:05 kl3 joined
18:05 <scv> luxio there are hundreds of potential reasons for that
18:05 <scv> need more info
18:05 <scv> like the contents of those messages perhaps
18:05 <scv> or parts of the Xorg log file
18:05 <kahiru> or if you have some obscure hardware
18:07 DLange joined
18:08 thunfisch joined
18:10 <uriah> I'm certain this has been asked >1000 times before, but what aspects of the grsec patch would be used if one were to apply it to the rpi kernel sources (albeit likely with a decent amount of manual fix ups) and what is missing from arm architecture + kernel code compared to the x86_64 specific implementation?
18:11 <uriah> Would be nice if someone had a bookmarked discussion about this that I could read ;-)
18:26 <uriah> I mean, I'm aware that the rpi involves an unaudited blob which almost makes the effort pointless, but wouldn't "better than nothing" be a reasonable concept to consider wrt alpine providing at least an experimental rpi/grsec frankenkernel?
18:28 <uriah> Of course, the system would remain potentially vulnerable due to the proprietary blobs but would still become more robust from attacks by a majority of perpetrators, wouldn't it?
18:30 <uriah> Or, is it more that nobody has been willing to take on the maintenance role for such proposed development given the lack of resources?
18:32 <uriah> I mean, if it's actually wanted, I could give it a bit of time in the relatively near future... but I'm wondering, is it worth it, or wanted/needed?
18:36 felixjet joined
18:37 <uriah> But would an apkbuild for such a monstrosity even be accepted into the testing repo?
18:41 <uriah> Anyway... I'll try to stick around in the hopes of getting a reply, but I don't currently have an irc bouncer so I may disconnect frequently at some point
19:06 <TBB> uriah, I think grsecurity is on the way out so putting effort to it wouldn't probably be sensible anymore
19:08 ahrs joined
19:11 <TemptorSent> Your time would probably be better spent analyzing specific grsec/pax features that could be reimplemented in a clean, cross-platform manner.
19:12 <yGweSm1OzVHe> many of the features are hardenings of the kernel, which are platform independent
19:12 <yGweSm1OzVHe> like the sys restrictions
19:13 <yGweSm1OzVHe> also the various gcc-plugins
19:13 <yGweSm1OzVHe> etc
19:13 <TemptorSent> The code in grsec is not designed with multiple archs in mind, and is thus a nightmare to support new systems with.
19:13 <yGweSm1OzVHe> most of this should work on arm too
19:13 <yGweSm1OzVHe> depends on which part you mean
19:13 <yGweSm1OzVHe> there's a lot which is arch independent
19:13 <TemptorSent> yGweSm1OzVHe: Should, but the implementation is not very clean.
19:14 <yGweSm1OzVHe> again depends
19:14 <TemptorSent> yGweSm1OzVHe: It would be better to extract those features to a clean, cross platform implementation.
19:15 <TemptorSent> yGweSm1OzVHe: The problem is that it started as x86 centric, and adding support for arm was a late thought.
19:15 <yGweSm1OzVHe> hrmpf
19:15 <yGweSm1OzVHe> let me repeat: depends on which part you talk about.
19:15 <TemptorSent> yGweSm1OzVHe: So many basic implementation details are tied up in arch-specifc stuff where they don't need to be.
19:16 <yGweSm1OzVHe> let me repeat: depends on which part you talk about.
19:17 <TemptorSent> yGweSm1OzVHe: The usefulness of the grsec/pax features as a whole is dependent on them actually functioning in a running kernel.
19:17 <yGweSm1OzVHe> stop hiliting me pls
19:17 <TemptorSent> Sorry.
19:18 <TemptorSent> Anyway, to use those features, you need to enable the base support for grsec/pax, which is not portable.
19:19 <TemptorSent> If the features could be extracted from the non-portable implementation and applied cleanly, we would actually be able to support it.
19:19 cyborg-one joined
19:20 <uriah> Ah I see...
19:21 <uriah> Will anything be replacing grsec?
19:21 <uriah> As it's apparently on its way out
19:21 <TemptorSent> I haven't looked at the most recent patches before they closed the sources, but the last I looked at was rife with #ifdefs and macros. Ask kaniini :)
19:21 mdillon joined
19:22 <TemptorSent> uriah: The intent is to port the good code I believe.
19:22 peterrus joined
19:23 <TemptorSent> Or reimplement functionality... It is somewhat of a mess.
19:23 <uriah> Ok. Has this porting effort begun in a git repo somewhere?
19:23 <TemptorSent> Not that I know of, but ask around when the devs show up.
19:23 <uriah> Ok will do...
19:24 <TemptorSent> Check the irc logs for the discussion.
19:24 <uriah> Good idea
19:26 <uriah> TemptorSent: how long ago was this discussed, afayk?
19:26 <TemptorSent> If you've got some kernel chops, I'm sure the help would be appreciated in putting eyeballs on code and figuring out what's worth keeping and not.
19:26 <TemptorSent> Past several weeks IIRC
19:31 <uriah> Hmm, well, my development skills are limited to a dirty hack of an unreleased openbsd driver that turns off the nvidia optimus gpu in my laptop (my first C coding experience tbh, so it works but it likely wouldn't get merged into obsd upon submission) and I used to mess around with kernel patching during the Gentoo kernel mod craze as well as one small effort to update the gp2x kernel... lol
19:33 <uriah> So idk what help I could provide aside from just patching all of grsec onto rpi sources and manually fixing what breaks, then testing and running it till the next oops/panic hits ;-)
19:34 <uriah> I've mostly been running vanilla for a while but I'm interested in grsec, but I guess if it's being reimplemented by the alpine devs there must be good reasons
19:35 <TemptorSent> uriah: grsecurity took it closed source, which leaves them with a fork to maintain of not terribly portable code.
19:36 <uriah> Ah... well their test patch is still downloadable for free, no?
19:36 <asie> AFAIK that's about to change
19:36 <TBB> not even that
19:36 <uriah> Darn
19:37 <TemptorSent> uriah: If you could backport the more useful features of grsec (PaX could be nice) to vanilla and remove the rest of the code deps to the remainder of the patch, it would be greatly helpful
19:37 <uriah> I see why then... not fully by choice
19:37 <asie> not at all by choice
19:37 <TemptorSent> Yeah, forking would be a good option, if the code base wasn't so fragile.
19:38 <TemptorSent> I know a couple people here have taken a close look at it.
19:39 <uriah> Hmm... well, I guess I'll see when/if I get to a point where I can spend time on this.
19:40 <uriah> Also, I'll see who has looked into it before and find out the verdict wrt porting
19:50 lesion_ joined
19:54 algitbot joined
19:57 <yGweSm1OzVHe> doesn't look very much unavailable to me: https://grsecurity.net/test/grsecurity-3.1-4.9.20-201703310823.patch
19:58 <yGweSm1OzVHe> so much fud
20:00 <asie> not fud per se
20:00 <asie> rather, going from logs from the gentoo-hardened IRC
20:00 <asie> where it was announced that the test patches would soon become unavailable, with an indeterminate soon
20:00 <yMGJRgi997ZH> also fud
20:00 <yMGJRgi997ZH> fud everywhere
20:00 <asie> we cannot trust anyone
20:00 <asie> people close to devs, people who are near devs
20:00 <yMGJRgi997ZH> !! ;)
20:01 <asie> nobody
20:01 <asie> and the biggest fud is you
20:01 <asie> ;)
20:01 <ScrambledAuroras> o_O
20:01 <asie> pointing out fud is creating fud!!
20:01 edgar_ joined
20:01 <asie> you know
20:01 <yMGJRgi997ZH> oh? sorry bout that
20:01 <asie> nah
20:01 <edgar_> hi guys!
20:01 <asie> i'm not being entirely serious
20:01 <asie> dQw4w9WgXcQ: i recognize this URL
20:01 <yMGJRgi997ZH> nice nick you have there dQw4w9....
20:03 <ScrambledAuroras> looool
20:03 <dQw4w9WgXcQ> asie: indeed, i probably linked it to you many times in te past
20:03 <asie> the past.
20:03 <dQw4w9WgXcQ> yes
20:03 <asie> yes, i know.
20:03 <dQw4w9WgXcQ> grasshopper
20:03 <asie> it's just... the past.
20:04 <asie> back when i didn't spend days pulling my hair out due to being unable to find peace with the direction i chose for my life: computer technology
20:05 <asie> and, instead, i simply had fun with things
20:05 <asie> simpler things
20:05 <dQw4w9WgXcQ> things like mienkarft
20:05 <asie> which i still help make mods for
20:05 <asie> as a timefiller
20:11 <Shiz> re:pax
20:11 <Shiz> https://grsecurity.net/~paxguy1/
20:11 <Shiz> PaX test patches are still uploaded here
20:11 <Shiz> which are the... PaX parts of grse
20:11 <Shiz> c
20:12 <yMGJRgi997ZH> btw i can recommend to look at commit msg 08e03c1434f26e9b56f00a6ce8236320bd557494 in the grsec repo, where you might find hints of other projects doing something with grsec - also some sourness regarding their contributions back, could be releated to them being unhappy and not so eager to share
20:12 <asie> yMGJRgi997ZH: there's many issues grsec has with other projects
20:12 <kaniini> it's not known if the pax guy will stop too
20:12 <Shiz> also: what grsec repo
20:12 <asie> ultimately, it's their choice, and the backstory behind it doesn't change the fact alpine can't afford a volume license for every single one of its users
20:12 <yMGJRgi997ZH> https://grsecurity.net/changelog-test.txt grep here for the hash shiz
20:13 <Shiz> thats not a repo, just a changelog
20:13 <Shiz> p
20:13 <Shiz> :p
20:13 <yMGJRgi997ZH> nevertheless an alternative to see the content of the commit message
20:13 <asie> also, honestly
20:14 <asie> did he expect people to just pay him money and not exercise the GPLv2 to rip his patches back into the vanilla kernel?
20:14 <kaniini> blah blah blah
20:14 <Shiz> i won't comment much on the situation, but it seems like spender just sees the GPL as a nuisance and not much else
20:14 <asie> we've had this discussion before.
20:14 <Shiz> and will go to a ton of lengths to attempt to bypass it
20:14 <kaniini> i'm tired of stupid grsec trolls
20:15 <yMGJRgi997ZH> sorry
20:15 <kaniini> if you want it get spender on thorazine
20:17 <kaniini> i could honestly give two shits
20:18 <kaniini> the unpleasant grsec advocates that show up always
20:19 <kaniini> is enough reason to drop it
20:19 <kaniini> tbh
20:19 <kaniini> who the fuck do you people think you are
20:20 <kaniini> do you employ us?
20:21 GRSEC_ADVOCATE joined
20:25 <Xe> kaniini: april fools day announcement should have been alpine picking up systemd, avconv and upstart
20:25 <asie> Xe: too easy
20:26 <asie> april fools day announcement should have been moving to the plan 9 kernel
20:28 <edgar_> exit
20:29 edgar_ left
20:30 <kazblox> lowland linux
20:30 schndr_ joined
20:32 Nobabs27 joined
20:32 <Shiz> plan 9 from kernel space
20:39 <TBB> forking grsec and having negotiated a deal with Linux for immediate inclusion maybe
20:39 <TBB> nah. nobody would've taken that seriously.
20:41 Nobabs27 joined
20:47 <kaniini> yMGJRgi997ZH: well?
20:50 Skele joined
21:00 <cartwright> Pretty sure that paxguy page will slowly go away as paxguy was all in favor of not continuing public patches immediately.
21:05 nszceta joined
21:06 schndr_ joined
21:07 Oooohboy_ joined
21:28 <uriah> kaniini: sorry about getting people riled up about this issue again, my mistake. I was genuinely curious and unaware of the implications
21:29 <uriah> However, looks like grsec is being abandoned due to their abandonment of gpl, which is understandable
21:29 <kaniini> uriah my point is every time spender has some mood swing and says he is going to take grsec private
21:30 <kaniini> all these people show up and demand we do some unspecified thing about it
21:30 <uriah> Ah
21:31 <yMGJRgi997ZH> uriah they don't abandond the gpl, they cannot, the linux kernel is gpl2.0, they cannot derive without staying gplv2.0 themselves.
21:31 <uriah> Yeah, that wasn't exactly what I was getting at, more like is there anything I could do to help/is it worthwhile, which has been adequately addressed ;-)
21:32 <kaniini> see and then they say stupid shit like the above
21:32 <uriah> yMGJRgi997ZH: oh... but they're circumventing it to an extent, are they not?
21:33 <TemptorSent> kaniini: The gist I got from previous discussion was port what's worth porting and dump the rest, right?
21:33 <scv> so pretty much pax stuff
21:33 <TemptorSent> Focusing on hardening the rest of the layers better.
21:33 <kaniini> oldschool PaX is not even really worth porting
21:33 <TemptorSent> I think the gcc-plugins were mentioned as being interesting.
21:34 <kaniini> the really interesting stuff in PaX these days are the GCC plugins
21:34 <uriah> TemptorSent: mind if I pm you?
21:34 <kaniini> anyway
21:34 <kaniini> the bottom line is
21:34 <TemptorSent> uriah: Go right ahead, but I'm about to head out for the afternoon.
21:34 <kaniini> - spender is having some tantrum and he has threatened to take it fully private
21:34 <kaniini> - it is not yet known if he is going to actually do so
21:35 <scv> oh spender threw another tantrum?
21:35 <scv> is it public?
21:35 <scv> i want some fun reading
21:36 <kaniini> - either way, this isn't the first time he has threatened this, and as a distro we can't really bet on somebody who keeps threatening to take his patch private when he doesnt get his way
21:37 <kaniini> we certainly cannot commit to an LTS release of alpine with grsecurity anymore, and probably not a full release cycle (2 years) of grsecurity either
21:37 <kaniini> scv: i don't know, apparently some weeks ago he had some huge rant in #grsecurity about how upstream is incorporating the gcc plugins and other hardening stuff from grsecurity and now he is taking it private
21:37 <Shiz> i'm glad i compile my own kernels anyway
21:38 <kaniini> exactly
21:38 <kaniini> if you care that much and want to use grsecurity, go buy your patch from spender or whatever
21:38 <kaniini> and compile it yourself
21:39 <scv> aw i was hoping for a whole heap of mailing list drama
21:40 kl3 joined
21:41 <kaniini> i don't know/care, i dont have time for his stupid shit
21:42 <kaniini> tho i want to point out also
21:43 <kaniini> that the last grsec troll that showed up
21:43 <kaniini> runs some child porn hentai site shit
21:43 <scv> lovely
21:43 <kaniini> so i mean, apparently that's the type of people who really need grsec
21:43 <Shiz> guilt by association much
21:44 <kaniini> hey i am just saying
21:44 <kaniini> i dont even think that dude used alpine
21:44 <Shiz> of course you are
21:44 <kaniini> so i have no idea why he came here and demanded shit from us
21:44 <uriah> Double edged sword security is
21:44 <kaniini> oh right, because he's a troll
21:46 <cartwright> is it even worth mentioning that you compile your own kernels if both pipacs and spender are committed to having the testing patches private and you're not on the cool kids list?
21:46 <kaniini> you can buy your way onto the cool kids list
21:47 <cartwright> need a company first
21:47 <kaniini> wow it's B2B only?
21:47 <uriah> On one side you've got the ones who rightfully need it, such as journalists/activists in oppressed areas, on another you've got criminal minded people trying to hide... sadly this probably won't change, unless all people realize security is needed everywhere
21:51 <cartwright> either you're part of the cool kids list or you speak to jake over at sales on behalf of a company and discuss your exact needs.
21:52 <kaniini> uriah: well then hopefully someone forks it because upstream doesnt seem to care about activists, only about money
21:52 <uriah> Sad
21:55 <kaniini> as for PaX, i looked into it, the changes are too invasive to separate into modular patches (which makes rebasing a lot easier)
21:56 <uriah> I'll try not to start rambling about how money needs to become less relevant to life cause I just want to be able to get something done today ;-)
21:56 <uriah> Ah I see
21:58 <kaniini> either way, i am tired of idiots coming in here and going on about how great grsec is, when in reality, we mainly use PaX from grsec and not many other features
21:59 <kaniini> if they care, they should present a solution
21:59 <kaniini> if they want to bitch, they would be better off bitching at spender
21:59 <uriah> Agreed... I was just uninformed
21:59 <cartwright> should ask them why aren't they fighting kspp instead
21:59 <kaniini> if we do not have a dependable source of patches (as in it's not going to go away in the middle of a release cycle), we can't ship grsec
22:00 <kaniini> well
22:00 <cartwright> waste of time bothering people here, you can't do anything significant about this
22:00 <kaniini> i can tell you why they do not like kspp
22:00 <kaniini> it is pretty simple
22:00 <kaniini> kspp is going to hurt their revenue
22:00 <kaniini> because it will be "good enough" for a lot of their customers
22:01 <kaniini> when it comes down to it, that is why they do not like it
22:01 <kaniini> cartwright: so who the hell is 'jake' over at sales for grsec
22:01 <cartwright> I'm aware, I meant asking the people who bother this channel, why don't they spend their ``valuable'' time antagonizing kspp instead, maybe something will become of that instead.
22:02 <kaniini> like is that for real? they have an actual sales rep now?
22:02 <cartwright> for a while since stable went private.
22:03 <kaniini> shit son
22:03 <kaniini> wait i have a solution
22:03 <kaniini> docker could just buy out open source security, inc
22:03 <kaniini> they have billions they dont know what to do with
22:03 <kaniini> so maybe they can do that
22:04 <cartwright> docker bought mirage to do nothing with after all
22:04 <kaniini> i'm sure a cool 20-30 mil will be enough to close it
22:05 <cartwright> but nah, doubt that'd work out.
22:05 <kaniini> anyway if people have not been paying attention, we have been deprecating grsec already for over a year
22:05 <kaniini> it's restricted to x86, x86-64 and 32-bit arm
22:05 <kaniini> there is no plan to enable it on any other arch
22:11 <uriah> If I had a working computer I'd type up something in the wiki explaining the situation so people wouldn't bother anyone in the channel about it...
22:11 <uriah> Give me a few days/weeks and I can
22:12 <uriah> I don't really feel like performing such a task on my phone ;-)
22:13 <kaniini> well part of it is we havent formally made a go or no-go decision for grsec in 3.6
22:15 <uriah> Ok
22:19 <uriah> Is there a way to make a compile hook in apk that calls alpine-sdk to build linux-grsec on a per-user basis for those who want to pay for a license? Could be a solution... I know it's a bit wonky but it might be the best of both worlds
22:21 <kaniini> we would just supply an APKBUILD for it in non-free
22:21 <uriah> Ah ok
22:21 <uriah> Much simpler
22:22 <uriah> Are binaries compiled with the grsec patched gcc compatible with a vanilla kernel?
22:23 ogres joined
22:23 <kaniini> there is no grsec patched gcc
22:23 <kaniini> lol
22:23 <uriah> Oh
22:23 <uriah> My mistake
22:23 <uriah> <-- still uninformed ;-)
22:25 <uriah> I must have been thinking about something else
22:29 <uriah> Well that about concludes the discussion, thankfully... sorry I initiated it, seems to have taken quite some time away from higher priorities
22:37 blueness joined
23:07 dirac joined
23:34 fragtastic joined
23:37 tw joined
23:48 uriah joined
23:52 mdillon joined