💾 Archived View for gemini.ctrl-c.club › ~phoebos › logs › kisslinux-2023-01-07.txt captured on 2024-05-12 at 16:01:12.

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

[2023-01-07T02:15:42Z] <niceguy5000[m]> when is kiss python package manager going to happen?
[2023-01-07T02:29:00Z] <Ellowee[m]> Rewritten in python, or it handling python packages
[2023-01-07T02:29:06Z] <Ellowee[m]> Because latter is somewhat trivial
[2023-01-07T02:29:20Z] <Ellowee[m]> Former breaks purpose of kiss
[2023-01-07T02:57:40Z] <illiliti> never
[2023-01-07T02:57:57Z] <illiliti> cuz it would be piss
[2023-01-07T02:58:05Z] <illiliti> in all senses
[2023-01-07T05:09:33Z] <wael_> Hi
[2023-01-07T06:14:04Z] <testuser[m]> Hi
[2023-01-07T06:26:52Z] <niceguy5000[m]> I really wanted a electron app kiss package with chat gpt build in.
[2023-01-07T06:27:32Z] <niceguy5000[m]> * kiss package manager with chat
[2023-01-07T06:27:41Z] <wael_> 🥹
[2023-01-07T08:45:52Z] <aelspire> Hi
[2023-01-07T10:50:43Z] <wael_> phoebos: is mdoc technically portable?
[2023-01-07T14:35:14Z] <wael_> where the hell is kiss-find
[2023-01-07T14:36:16Z] <wael_> https://github.com/aabacchus/kiss-find
[2023-01-07T14:41:22Z] <wael_> yeah i dont see anyone has managed to package the perf tool sadly
[2023-01-07T14:42:46Z] <Ellowee[m]> I keep looking at archive.org snapshots of jedahan's page because there used to be a handful of good ones listed there
[2023-01-07T14:43:04Z] <wael_> jedahan's kiss-find databases is pretty old
[2023-01-07T15:19:10Z] <phoebos> wael_: mdoc is usually available by default on the majority of bsd, gnu systems
[2023-01-07T15:19:24Z] <phoebos> most places is preferred to man
[2023-01-07T15:19:35Z] <phoebos> it's just a macro set though
[2023-01-07T15:20:28Z] <phoebos> re: kiss-find, my repo makes a new database every 6 hours
[2023-01-07T15:35:19Z] <phoebos> perf is rather kernel-specific no
[2023-01-07T15:39:46Z] <phoebos> noocsharp: nice post!
[2023-01-07T16:03:31Z] <wael_> why does my kernel always say that b3sum has been executed with a executable stack
[2023-01-07T16:36:52Z] <noocsharp> thanks phoebos 
[2023-01-07T16:43:54Z] <noocsharp> wael_: b3sum was probably compiled with an executable stack
[2023-01-07T16:44:18Z] <wael_> how
[2023-01-07T16:45:23Z] <noocsharp> how did you compile it?
[2023-01-07T16:45:29Z] <wael_> kiss b b3sum
[2023-01-07T16:45:38Z] <wael_> kiss c b3sum
[2023-01-07T16:45:40Z] <wael_> kiss b b3sum
[2023-01-07T16:49:25Z] <noocsharp> do `readelf -l /usr/bin/b3sum | grep -A1 GNU_STACK`
[2023-01-07T16:49:39Z] <wael_>   GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
[2023-01-07T16:49:39Z] <wael_>                  0x0000000000000000 0x0000000000000000  RWE    0x10
[2023-01-07T16:49:52Z] <wael_> so cool
[2023-01-07T16:50:01Z] <noocsharp> the E indicates executable
[2023-01-07T16:51:23Z] <noocsharp> the GNU_STACK section (i think it's a section) gives the permissions of the stack
[2023-01-07T16:51:47Z] <noocsharp> not sure why it's compiled with executable permission though, i'm pretty sure the default is without
[2023-01-07T16:52:05Z] <wael_> is it the same for you?
[2023-01-07T16:52:33Z] <noocsharp> well i'm not using kiss, but for all the executables i've checked, it's just RW, not RWE
[2023-01-07T16:53:01Z] <wael_> dddddddddddddddddddddddddjjjjjjjjjjjjjjjj
[2023-01-07T16:53:02Z] <noocsharp> which makes sense because C programs don't require executable stacks
[2023-01-07T16:54:07Z] <wael_> /usr/bin/ld: warning: blake3_cpuid.o: missing .note.GNU-stack section implies executable stack
[2023-01-07T16:54:08Z] <wael_> /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
[2023-01-07T16:54:12Z] <wael_> hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
[2023-01-07T16:54:55Z] <noocsharp> what version is b3sum?
[2023-01-07T16:55:08Z] <wael_> cb4111ccc8061039b014fbb657c72f78984f1069
[2023-01-07T16:55:13Z] <wael_> aka 1.3.1
[2023-01-07T16:56:57Z] <wael_> the upstream c blake3 implementationwas last updated 2 months ago, and the one by mcf was last updated 10 months ago
[2023-01-07T16:56:58Z] <wael_> hmm
[2023-01-07T16:57:51Z] <noocsharp> i just built it locally and GNU_STACK has RW
[2023-01-07T16:58:01Z] <noocsharp> what is your LDFLAGS?
[2023-01-07T16:58:27Z] <wael_> none
[2023-01-07T16:58:39Z] <wael_> running plain make on the repo gives the same result
[2023-01-07T16:58:55Z] <wael_> are you on musl?
[2023-01-07T16:58:57Z] <noocsharp> so there's some difference between our toolchains
[2023-01-07T16:59:01Z] <noocsharp> im using glibc
[2023-01-07T16:59:05Z] <wael_> so am i
[2023-01-07T16:59:14Z] <noocsharp> gkiss?
[2023-01-07T16:59:17Z] <wael_> yes
[2023-01-07T16:59:33Z] <noocsharp> see if testuser[m] can reproduce
[2023-01-07T16:59:34Z] <wael_> though, gcc and binutils are overrided with --enable-multilib
[2023-01-07T16:59:36Z] <wael_> not sure that matters
[2023-01-07T16:59:58Z] <noocsharp> well one way to find out is remove the flag and rebuild the toolchain and recompile b3sum
[2023-01-07T17:00:07Z] <wael_> will do
[2023-01-07T17:02:52Z] <wael_> [grepo] gcc -> binutils -> glibc
[2023-01-07T17:07:26Z] <wael_> same problem
[2023-01-07T17:15:23Z] <testuser[m]> wael: yeah i noticed that warning too
[2023-01-07T17:15:28Z] <testuser[m]> But been occupied with other stuff recentlt
[2023-01-07T17:15:31Z] <testuser[m]> recently
[2023-01-07T17:15:35Z] <wael_> well its fine
[2023-01-07T17:15:40Z] <wael_> it werks :D
[2023-01-07T17:15:41Z] <testuser[m]> it unsekure
[2023-01-07T17:15:51Z] <wael_> but muh speed
[2023-01-07T17:17:54Z] <testuser[m]> Hmm there's no difference in configure flags
[2023-01-07T21:35:25Z] <niceguy5000[m]> is kiss a secure distro?
[2023-01-07T21:36:25Z] <shokara_> any distro can be secure
[2023-01-07T21:37:04Z] <niceguy5000[m]> Is the package manager is secure I mean.
[2023-01-07T21:37:12Z] <niceguy5000[m]> s/is//
[2023-01-07T21:38:39Z] <niceguy5000[m]> I guess so.
[2023-01-07T21:38:39Z] <niceguy5000[m]> https://curl.se/docs/vulnerabilities.html
[2023-01-07T21:42:36Z] <noocsharp> what do you mean by secure?
[2023-01-07T21:51:44Z] <Ellowee[m]> Minimum surface of attack, maximum memory safety
[2023-01-07T22:06:35Z] <niceguy5000[m]> <noocsharp> "what do you mean by secure?" <- remote execution, I guess there's no flaw in the package manager just curl if something does happen.
[2023-01-07T22:06:35Z] <niceguy5000[m]> https://curl.se/docs/CVE-2022-43551.html
[2023-01-07T22:07:18Z] <niceguy5000[m]> > <@noocsharp:libera.chat> what do you mean by secure?
[2023-01-07T22:07:18Z] <niceguy5000[m]>  * Remote execution with MITM. I guess there's no flaw in the package manager just curl if something does happen.
[2023-01-07T22:07:18Z] <niceguy5000[m]> https://curl.se/docs/CVE-2022-43551.html
[2023-01-07T22:08:01Z] <Ellowee[m]> kiss can use curl, wget, and a couple of others, so you're simply limited by what you use
[2023-01-07T22:08:24Z] <niceguy5000[m]> Yeah.
[2023-01-07T23:13:19Z] <phoebos> curl vulnerabilities do not comprimise the security of kiss because of checksumming
[2023-01-07T23:43:23Z] <niceguy5000[m]> https://curl.se/docs/CVE-2021-22901.html
[2023-01-07T23:43:53Z] <niceguy5000[m]> This with the above is bad news but it's curl base not the package manager.