💾 Archived View for rawtext.club › ~sloum › geminilist › 006829.gmi captured on 2023-12-28 at 16:15:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Omar Polo op at omarpolo.com
Thu Jul 1 19:37:26 BST 2021
- - - - - - - - - - - - - - - - - - -
Jonathan McHugh <indieterminacy at libre.brussels> writes:
Hi Omar,
Would you please mind elaborating on this bullet point please?
```
* splitted in three different process, each one is pledged (this only
on OpenBSD ofc; will add seccomp/landlock in the future, probably)
```
I feels like something I could just nod along to (without really/properly understanding) but I suspect it is probably an interesting design concept.
Probably I should have use the "privsep" term, but it felt a slightlyexaggeration.
Telescope forks as soon as it can into three processes, each one doesonly one thing (conceptually) and they talk via IPC (using imsg fromOpenBSD' libutil in particular). Furthermore, on OpenBSD, each processis sandboxed with pledge(2) [0]. It's on my todo-list to do the samewith seccomp on linux, but later, probably around the 1.0. Seccomp isvery low-level and in general annoying to work with.
This way, for e.g. the `client' process (the only one with the networkaccess) can't be tricked into reading your ssh keys, because the kernelwould kill it as soon as it tries to open(2).
Modern web browsers also do something similar to this, at least to myunderstanding. (see firefox project electrolysis and fission)
This is usually considered a security technique and while that's true,I find that it also encourages cleaner code that's simpler to reasonabout, when writing C at least.
I wrote more about pledge/seccomp/capsicum here[1]: while the detailsregarding the implementation of gmid have changed a bit, the overalldescription of the different sandboxes is still relevant :)
Cheers,
Omar Polo
[0]: gemini://gemini.omarpolo.com/cgi/man/pledge or https://man.openbsd.org/pledge
[1]: gemini://gemini.omarpolo.com/post/gmid-sandbox.gmi
P.S.: Thanks for noticing the wrong url. I fixed it in the gemini version of the page when the patch for telescope 0.3 was committed, but forgot to update it in http-land!
P.P.S: regarding tinmop: it's a very peculiar program -- in a good way. It's both a pleroma AND gemini client! It's a complete client: it has subscriptions support, a really cool history completion UI, built-in help, IRI support (I haven't tested this one though) and so on. And did I mention that it's also a pleroma client? :D
I'm a little bit biased though, because both cage and I are usually on #gemini-it on libera.chat and talk frequently. He (and the others there) have influenced telescope and I think I can say that I did the same with tinmop.
Kind regards,
====================
Jonathan McHugh
indieterminacy at libre.brussels
July 1, 2021 6:52 PM, "Omar Polo" <op at omarpolo.com> wrote:
Hello everyone,
During the last 3/4 months I've been working on a yet another Gemini
ncurses client: telescope
=
gemini://telescope.omarpolo.com
=
https://telescope.omarpolo.com
It's obviously a project only for fun, in a very-WIP stage and with lots
of missing pieces, but it's improving and I've reached the point where I
think I can present it to a wider audience.
The main difference between telescope and others (I've only tried tinmop
and amfora as TUI clients) is the Emacs (and w3m) inspired interface:
instead of scrolling a page and typing a number to open a link, you have
a cursor you can move freely around the page.
The default keybindings are heavily inspired from Emacs, but I tried at
least to include some keys familiar to vi(1) users, so hjkl, gg, G, gT
etc. work. All the keybindings are customizable anyway.
The current list of features is honestly quite short:
* color and keybindings are customizable
* history
* rudimentary bookmark management
* tabs (on startup reloads the last set of tabs)
* streaming pages
* rich set of commands to move around the page
* splitted in three different process, each one is pledged (this only
on OpenBSD ofc; will add seccomp/landlock in the future, probably)
while the TODO list is ever-growing!
I know there are various annoyances still (I just fixed the resize
"jump" in the main branch for instance), but as I was saying, it has
now reached a point where I think it's starting to become "usable". I'd
love to receive feedbacks (and even more patches! :P)
Telescope 0.3 is available on guix, thanks to cage who did the work.
Precompiled binaries for linux amd64 and aarch64 are available from the
site, but it's very easy to compile from source since it only depends on
libevent, libncursesw, libtls and yacc/bison. It's known to compile and
run on FreeBSD too.
Cheers,
Omar Polo