[2023-01-07T02:15:42Z] when is kiss python package manager going to happen? [2023-01-07T02:29:00Z] Rewritten in python, or it handling python packages [2023-01-07T02:29:06Z] Because latter is somewhat trivial [2023-01-07T02:29:20Z] Former breaks purpose of kiss [2023-01-07T02:57:40Z] never [2023-01-07T02:57:57Z] cuz it would be piss [2023-01-07T02:58:05Z] in all senses [2023-01-07T05:09:33Z] Hi [2023-01-07T06:14:04Z] Hi [2023-01-07T06:26:52Z] I really wanted a electron app kiss package with chat gpt build in. [2023-01-07T06:27:32Z] * kiss package manager with chat [2023-01-07T06:27:41Z] 🥹 [2023-01-07T08:45:52Z] Hi [2023-01-07T10:50:43Z] phoebos: is mdoc technically portable? [2023-01-07T14:35:14Z] where the hell is kiss-find [2023-01-07T14:36:16Z] https://github.com/aabacchus/kiss-find [2023-01-07T14:41:22Z] yeah i dont see anyone has managed to package the perf tool sadly [2023-01-07T14:42:46Z] I keep looking at archive.org snapshots of jedahan's page because there used to be a handful of good ones listed there [2023-01-07T14:43:04Z] jedahan's kiss-find databases is pretty old [2023-01-07T15:19:10Z] wael_: mdoc is usually available by default on the majority of bsd, gnu systems [2023-01-07T15:19:24Z] most places is preferred to man [2023-01-07T15:19:35Z] it's just a macro set though [2023-01-07T15:20:28Z] re: kiss-find, my repo makes a new database every 6 hours [2023-01-07T15:35:19Z] perf is rather kernel-specific no [2023-01-07T15:39:46Z] noocsharp: nice post! [2023-01-07T16:03:31Z] why does my kernel always say that b3sum has been executed with a executable stack [2023-01-07T16:36:52Z] thanks phoebos [2023-01-07T16:43:54Z] wael_: b3sum was probably compiled with an executable stack [2023-01-07T16:44:18Z] how [2023-01-07T16:45:23Z] how did you compile it? [2023-01-07T16:45:29Z] kiss b b3sum [2023-01-07T16:45:38Z] kiss c b3sum [2023-01-07T16:45:40Z] kiss b b3sum [2023-01-07T16:49:25Z] do `readelf -l /usr/bin/b3sum | grep -A1 GNU_STACK` [2023-01-07T16:49:39Z] GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 [2023-01-07T16:49:39Z] 0x0000000000000000 0x0000000000000000 RWE 0x10 [2023-01-07T16:49:52Z] so cool [2023-01-07T16:50:01Z] the E indicates executable [2023-01-07T16:51:23Z] the GNU_STACK section (i think it's a section) gives the permissions of the stack [2023-01-07T16:51:47Z] not sure why it's compiled with executable permission though, i'm pretty sure the default is without [2023-01-07T16:52:05Z] is it the same for you? [2023-01-07T16:52:33Z] well i'm not using kiss, but for all the executables i've checked, it's just RW, not RWE [2023-01-07T16:53:01Z] dddddddddddddddddddddddddjjjjjjjjjjjjjjjj [2023-01-07T16:53:02Z] which makes sense because C programs don't require executable stacks [2023-01-07T16:54:07Z] /usr/bin/ld: warning: blake3_cpuid.o: missing .note.GNU-stack section implies executable stack [2023-01-07T16:54:08Z] /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker [2023-01-07T16:54:12Z] hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm [2023-01-07T16:54:55Z] what version is b3sum? [2023-01-07T16:55:08Z] cb4111ccc8061039b014fbb657c72f78984f1069 [2023-01-07T16:55:13Z] aka 1.3.1 [2023-01-07T16:56:57Z] the upstream c blake3 implementationwas last updated 2 months ago, and the one by mcf was last updated 10 months ago [2023-01-07T16:56:58Z] hmm [2023-01-07T16:57:51Z] i just built it locally and GNU_STACK has RW [2023-01-07T16:58:01Z] what is your LDFLAGS? [2023-01-07T16:58:27Z] none [2023-01-07T16:58:39Z] running plain make on the repo gives the same result [2023-01-07T16:58:55Z] are you on musl? [2023-01-07T16:58:57Z] so there's some difference between our toolchains [2023-01-07T16:59:01Z] im using glibc [2023-01-07T16:59:05Z] so am i [2023-01-07T16:59:14Z] gkiss? [2023-01-07T16:59:17Z] yes [2023-01-07T16:59:33Z] see if testuser[m] can reproduce [2023-01-07T16:59:34Z] though, gcc and binutils are overrided with --enable-multilib [2023-01-07T16:59:36Z] not sure that matters [2023-01-07T16:59:58Z] well one way to find out is remove the flag and rebuild the toolchain and recompile b3sum [2023-01-07T17:00:07Z] will do [2023-01-07T17:02:52Z] [grepo] gcc -> binutils -> glibc [2023-01-07T17:07:26Z] same problem [2023-01-07T17:15:23Z] wael: yeah i noticed that warning too [2023-01-07T17:15:28Z] But been occupied with other stuff recentlt [2023-01-07T17:15:31Z] recently [2023-01-07T17:15:35Z] well its fine [2023-01-07T17:15:40Z] it werks :D [2023-01-07T17:15:41Z] it unsekure [2023-01-07T17:15:51Z] but muh speed [2023-01-07T17:17:54Z] Hmm there's no difference in configure flags [2023-01-07T21:35:25Z] is kiss a secure distro? [2023-01-07T21:36:25Z] any distro can be secure [2023-01-07T21:37:04Z] Is the package manager is secure I mean. [2023-01-07T21:37:12Z] s/is// [2023-01-07T21:38:39Z] I guess so. [2023-01-07T21:38:39Z] https://curl.se/docs/vulnerabilities.html [2023-01-07T21:42:36Z] what do you mean by secure? [2023-01-07T21:51:44Z] Minimum surface of attack, maximum memory safety [2023-01-07T22:06:35Z] "what do you mean by secure?" <- remote execution, I guess there's no flaw in the package manager just curl if something does happen. [2023-01-07T22:06:35Z] https://curl.se/docs/CVE-2022-43551.html [2023-01-07T22:07:18Z] > <@noocsharp:libera.chat> what do you mean by secure? [2023-01-07T22:07:18Z] * Remote execution with MITM. I guess there's no flaw in the package manager just curl if something does happen. [2023-01-07T22:07:18Z] https://curl.se/docs/CVE-2022-43551.html [2023-01-07T22:08:01Z] kiss can use curl, wget, and a couple of others, so you're simply limited by what you use [2023-01-07T22:08:24Z] Yeah. [2023-01-07T23:13:19Z] curl vulnerabilities do not comprimise the security of kiss because of checksumming [2023-01-07T23:43:23Z] https://curl.se/docs/CVE-2021-22901.html [2023-01-07T23:43:53Z] This with the above is bad news but it's curl base not the package manager.