💾 Archived View for gemini.ctrl-c.club › ~phoebos › logs › kisslinux-2023-01-07.txt captured on 2023-01-29 at 03:43:19.
-=-=-=-=-=-=-
[2023-01-07T02:15:42Z] <niceguy5000[m]> when is kiss python package manager going to happen? [2023-01-07T02:29:00Z] <Ellowee[m]> Rewritten in python, or it handling python packages [2023-01-07T02:29:06Z] <Ellowee[m]> Because latter is somewhat trivial [2023-01-07T02:29:20Z] <Ellowee[m]> Former breaks purpose of kiss [2023-01-07T02:57:40Z] <illiliti> never [2023-01-07T02:57:57Z] <illiliti> cuz it would be piss [2023-01-07T02:58:05Z] <illiliti> in all senses [2023-01-07T05:09:33Z] <wael_> Hi [2023-01-07T06:14:04Z] <testuser[m]> Hi [2023-01-07T06:26:52Z] <niceguy5000[m]> I really wanted a electron app kiss package with chat gpt build in. [2023-01-07T06:27:32Z] <niceguy5000[m]> * kiss package manager with chat [2023-01-07T06:27:41Z] <wael_> 🥹 [2023-01-07T08:45:52Z] <aelspire> Hi [2023-01-07T10:50:43Z] <wael_> phoebos: is mdoc technically portable? [2023-01-07T14:35:14Z] <wael_> where the hell is kiss-find [2023-01-07T14:36:16Z] <wael_> https://github.com/aabacchus/kiss-find [2023-01-07T14:41:22Z] <wael_> yeah i dont see anyone has managed to package the perf tool sadly [2023-01-07T14:42:46Z] <Ellowee[m]> I keep looking at archive.org snapshots of jedahan's page because there used to be a handful of good ones listed there [2023-01-07T14:43:04Z] <wael_> jedahan's kiss-find databases is pretty old [2023-01-07T15:19:10Z] <phoebos> wael_: mdoc is usually available by default on the majority of bsd, gnu systems [2023-01-07T15:19:24Z] <phoebos> most places is preferred to man [2023-01-07T15:19:35Z] <phoebos> it's just a macro set though [2023-01-07T15:20:28Z] <phoebos> re: kiss-find, my repo makes a new database every 6 hours [2023-01-07T15:35:19Z] <phoebos> perf is rather kernel-specific no [2023-01-07T15:39:46Z] <phoebos> noocsharp: nice post! [2023-01-07T16:03:31Z] <wael_> why does my kernel always say that b3sum has been executed with a executable stack [2023-01-07T16:36:52Z] <noocsharp> thanks phoebos [2023-01-07T16:43:54Z] <noocsharp> wael_: b3sum was probably compiled with an executable stack [2023-01-07T16:44:18Z] <wael_> how [2023-01-07T16:45:23Z] <noocsharp> how did you compile it? [2023-01-07T16:45:29Z] <wael_> kiss b b3sum [2023-01-07T16:45:38Z] <wael_> kiss c b3sum [2023-01-07T16:45:40Z] <wael_> kiss b b3sum [2023-01-07T16:49:25Z] <noocsharp> do `readelf -l /usr/bin/b3sum | grep -A1 GNU_STACK` [2023-01-07T16:49:39Z] <wael_> GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 [2023-01-07T16:49:39Z] <wael_> 0x0000000000000000 0x0000000000000000 RWE 0x10 [2023-01-07T16:49:52Z] <wael_> so cool [2023-01-07T16:50:01Z] <noocsharp> the E indicates executable [2023-01-07T16:51:23Z] <noocsharp> the GNU_STACK section (i think it's a section) gives the permissions of the stack [2023-01-07T16:51:47Z] <noocsharp> not sure why it's compiled with executable permission though, i'm pretty sure the default is without [2023-01-07T16:52:05Z] <wael_> is it the same for you? [2023-01-07T16:52:33Z] <noocsharp> well i'm not using kiss, but for all the executables i've checked, it's just RW, not RWE [2023-01-07T16:53:01Z] <wael_> dddddddddddddddddddddddddjjjjjjjjjjjjjjjj [2023-01-07T16:53:02Z] <noocsharp> which makes sense because C programs don't require executable stacks [2023-01-07T16:54:07Z] <wael_> /usr/bin/ld: warning: blake3_cpuid.o: missing .note.GNU-stack section implies executable stack [2023-01-07T16:54:08Z] <wael_> /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker [2023-01-07T16:54:12Z] <wael_> hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm [2023-01-07T16:54:55Z] <noocsharp> what version is b3sum? [2023-01-07T16:55:08Z] <wael_> cb4111ccc8061039b014fbb657c72f78984f1069 [2023-01-07T16:55:13Z] <wael_> aka 1.3.1 [2023-01-07T16:56:57Z] <wael_> the upstream c blake3 implementationwas last updated 2 months ago, and the one by mcf was last updated 10 months ago [2023-01-07T16:56:58Z] <wael_> hmm [2023-01-07T16:57:51Z] <noocsharp> i just built it locally and GNU_STACK has RW [2023-01-07T16:58:01Z] <noocsharp> what is your LDFLAGS? [2023-01-07T16:58:27Z] <wael_> none [2023-01-07T16:58:39Z] <wael_> running plain make on the repo gives the same result [2023-01-07T16:58:55Z] <wael_> are you on musl? [2023-01-07T16:58:57Z] <noocsharp> so there's some difference between our toolchains [2023-01-07T16:59:01Z] <noocsharp> im using glibc [2023-01-07T16:59:05Z] <wael_> so am i [2023-01-07T16:59:14Z] <noocsharp> gkiss? [2023-01-07T16:59:17Z] <wael_> yes [2023-01-07T16:59:33Z] <noocsharp> see if testuser[m] can reproduce [2023-01-07T16:59:34Z] <wael_> though, gcc and binutils are overrided with --enable-multilib [2023-01-07T16:59:36Z] <wael_> not sure that matters [2023-01-07T16:59:58Z] <noocsharp> well one way to find out is remove the flag and rebuild the toolchain and recompile b3sum [2023-01-07T17:00:07Z] <wael_> will do [2023-01-07T17:02:52Z] <wael_> [grepo] gcc -> binutils -> glibc [2023-01-07T17:07:26Z] <wael_> same problem [2023-01-07T17:15:23Z] <testuser[m]> wael: yeah i noticed that warning too [2023-01-07T17:15:28Z] <testuser[m]> But been occupied with other stuff recentlt [2023-01-07T17:15:31Z] <testuser[m]> recently [2023-01-07T17:15:35Z] <wael_> well its fine [2023-01-07T17:15:40Z] <wael_> it werks :D [2023-01-07T17:15:41Z] <testuser[m]> it unsekure [2023-01-07T17:15:51Z] <wael_> but muh speed [2023-01-07T17:17:54Z] <testuser[m]> Hmm there's no difference in configure flags [2023-01-07T21:35:25Z] <niceguy5000[m]> is kiss a secure distro? [2023-01-07T21:36:25Z] <shokara_> any distro can be secure [2023-01-07T21:37:04Z] <niceguy5000[m]> Is the package manager is secure I mean. [2023-01-07T21:37:12Z] <niceguy5000[m]> s/is// [2023-01-07T21:38:39Z] <niceguy5000[m]> I guess so. [2023-01-07T21:38:39Z] <niceguy5000[m]> https://curl.se/docs/vulnerabilities.html [2023-01-07T21:42:36Z] <noocsharp> what do you mean by secure? [2023-01-07T21:51:44Z] <Ellowee[m]> Minimum surface of attack, maximum memory safety [2023-01-07T22:06:35Z] <niceguy5000[m]> <noocsharp> "what do you mean by secure?" <- remote execution, I guess there's no flaw in the package manager just curl if something does happen. [2023-01-07T22:06:35Z] <niceguy5000[m]> https://curl.se/docs/CVE-2022-43551.html [2023-01-07T22:07:18Z] <niceguy5000[m]> > <@noocsharp:libera.chat> what do you mean by secure? [2023-01-07T22:07:18Z] <niceguy5000[m]> * Remote execution with MITM. I guess there's no flaw in the package manager just curl if something does happen. [2023-01-07T22:07:18Z] <niceguy5000[m]> https://curl.se/docs/CVE-2022-43551.html [2023-01-07T22:08:01Z] <Ellowee[m]> kiss can use curl, wget, and a couple of others, so you're simply limited by what you use [2023-01-07T22:08:24Z] <niceguy5000[m]> Yeah. [2023-01-07T23:13:19Z] <phoebos> curl vulnerabilities do not comprimise the security of kiss because of checksumming [2023-01-07T23:43:23Z] <niceguy5000[m]> https://curl.se/docs/CVE-2021-22901.html [2023-01-07T23:43:53Z] <niceguy5000[m]> This with the above is bad news but it's curl base not the package manager.