Search logs: #osdev2 - 22 October 2021

channel logs for 2004 - 2010 are archived at http://tunes.org/~nef/logs/old/ ·· can't be searched

#osdev2 = #osdev @ Libera from 23may2021 to present

#osdev @ OPN/FreeNode from 3apr2001 to 23may2021

all other channels are on OPN/FreeNode from 2004 to present

http://bespin.org/~qz/search/?view=1&c=osdev2&y=21&m=10&d=22

Friday, 22 October 2021

00:00:00 <sonny> lol
00:00:00 <sonny> yeah
00:01:00 <junon> User programs are going to be chaotic, messy, insecure, opinionated, aggressive and greedy.
00:01:00 <junon> If anything, controlling that chaos and allowing it to coexist with everything else on the system, is good design.
00:01:00 <junon> (For general purpose)
00:01:00 <junon> (sometimes it's a requirement that a program can be chaotic and messy and aggressive - depends on your goals)
00:02:00 <sonny> junon: example is vms and containers, I don't think anyone wants to run a regular process on a server anymore
00:03:00 <junon> I forgot matrix had notification sounds, my headphones were otherwise entirely quiet and on full blast and I about peed myself rn lol
00:03:00 <junon> Sure they do sonny
00:03:00 <junon> All the time. Something has to run those containers and VMs.
00:04:00 <klange> VMs and containers are a great example of a horribly inelegant solution to a problem real users face with computers: No one wants to build clean, reproducible, minimal solutions (because that's both difficult and time consuming in a way that yields little benefit), so we've adapted to support the disorganized approach.
00:04:00 <sonny> kubernetes?
00:04:00 <sonny> I see
00:04:00 <junon> Systemd is the first thing that comes to mind
00:04:00 <junon> The defacto init system on most mainstream linux distributions today.
00:05:00 <junon> Systemd generally would start up docker on systems that want to go that route, and potentially kuberenetes yes
00:05:00 <junon> The thing most people don't know is that 1) docker is garbage, and 2) systemd supports containers out of the box.
00:05:00 <junon> 3) kubernetes is also terrible.
00:06:00 <sonny> systemd isn't on windows etc
00:06:00 <junon> Neither is docker nor kubernetes.
00:07:00 <sonny> I thought docker was, it's used as a runtime for programs?
00:07:00 <CompanionCube> nope
00:08:00 <CompanionCube> docker on windows just spins up a vm iirc
00:08:00 <klange> Docker is not a runtime. It is a frontend for container management.
00:08:00 <sonny> it's used as a runtime
00:08:00 <klange> It's not a runtime.
00:09:00 <junon> No. Docker is a Go program that spins up a daemon that exposes an HTTP server over a UNIX domain socket that is communicated with by the `docker` executable primarily. The daemon itself manipulates linux cgroups and other security facilities to sandbox processes into a chroot'd environment and control their behavior without using a hypervisor to do so.
00:09:00 <klange> It's a way to package together process isolation, network isolation, etc. and combine it with overlay filesystems. These are the fundamentals of "containers" in Linux.
00:10:00 <junon> Docker doesn't exist on MacOS or Windows expressly because they cannot "containerize" software like Linux can.
00:10:00 <sonny> "Package applications as portable container images to run in any environment consistently from on-premises Kubernetes to AWS ECS, Azure ACI, Google GKE and more" -- sounds like a runtime to me
00:10:00 <klange> It does exist, but it exists by managing all of that... within a virtualized Linux.
00:10:00 <junon> You're arguing semantics
00:11:00 <junon> "runtime" is vague as it is, and Docker is not what I would consider a runtime.
00:11:00 <junon> Programs don't rely on docker to run.
00:11:00 <junon> That's actually kind of the whole point.
00:11:00 <sonny> ok
00:12:00 <klange> There's an old joke, maybe it was a webcomic, about "it works on my machine" "well then let's just use your machine I guess".
00:12:00 <junon> E.g. you can write "sandboxed" code in a scripting language. The scripting language itself can control the actions the scripts can perform. Therefore, the scripting environment has a scripting runtime.
00:12:00 <klange> Docker is that taken to its logical conclusion: It's hard to make applications that have complex dependencies and can still be brought up in lots of disparate environments.
00:12:00 <junon> Whereas docker is running real executables that call into the linux kernel with real syscalls. You can, in theory, run it directly on the host system without modification.
00:13:00 <klange> Docker, and the container technology it is built on, is about taking a complete system image whole-hog and running it in isolation. The runtime is Linux.
00:14:00 <sonny> yeah
00:20:00 <clever> junon: i believe the official docker installer for windows/darwin, just spins up a linux virtual machine, and pipes commands to the linux docker daemon, from a windows/darwin docker client
00:20:00 <junon> Yep correct.
00:21:00 <clever> i think there is a proper windows docker as well, but that can only run images built for windows
00:21:00 <klange> When I last used the macOS version, it specifically used VirtualBox.
00:21:00 <junon> Yes there is
00:22:00 <junon> It's not used often though, from what I understand. It also doesn't work well.
00:22:00 <clever> i think darwin does have a chroot api, but the dynamic linker path is hard-coded in the kernel
00:22:00 <clever> so you need a decent chunk of darwin libs in the 2nd root, to do anything
00:23:00 <junon> That wouldn't surprise me, and also you'd have to somehow mount the /System volume to do anything of note. I don't think it's worth it on MacOS, they've tightly coupled the OS so damn much that it's not really feasible.
00:23:00 <junon> Plus chroot isn't sufficient from a security standpoint.
00:23:00 <klange> Actually using the equivalent interfaces on macOS wouldn't make much sense, though, and demonstrates how Docker isn't a runtime: Linux is the runtime.
00:24:00 <clever> junon: most sandboxing i see on darwin, will instead use security policies (similar to selinux), to just deny access to anything you shouldnt be touching
00:24:00 <junon> Yes though chroot has been broken quite a bit in the past. Last I checked there were still ways to break out in some cases.
00:25:00 <klange> Always keep in mind that containers are not a security model :)
00:25:00 <clever> yeah, docker is just a wrapper around cgroups + namespacing
00:25:00 <clever> systemd-nspawn is another way to access the same tools
00:25:00 <junon> Yeah systemd has this stuff out of box.
00:25:00 <junon> klange: Tell that to the docker community.
00:27:00 <klange> Tell it to anyone and everyone who doesn't get it :)
00:27:00 <junon> So the docker community.
00:27:00 <klange> Containers are an approach to packaging and a solution to dependency hell.
00:28:00 <clever> nix is a non-containerized solution to dependency hell
00:44:00 <klange> Realized with the announcement of Gimp 2.99.8 that they use the same version scheme as me for development releases.
00:44:00 <klange> So I'm not weird for having ToaruOS 1.99.8.
04:16:00 <kazinsal> re: versioning schemes, every time I look at my kernel's version being 0.something I always feel like one of those people who posts a hello world bootloader on the forums as their 0.0.1 release
04:25:00 <eryjus> well, on the other hand, if I ever get to v1.0 i grossly misrepresented one of the tenets of the name "CenturyOS".
04:26:00 <Affliction> the correct thing to do is 0.9, 0.99, 0.999, 0.9999, 0.99995, 0.99999, ...
04:31:00 <kazinsal> version numbers so complex you lose floating point precision
04:40:00 <Affliction> floating point versions, incrementing the bytes! 1.0, 1.00000011920928955078, 1.00000023841857910156
04:41:00 <Mondenkind> version 1.0 + 2ulp
04:43:00 <klange> integer versions, but they're 32-bit integers with the wrong endian so you start with v16777216 then v33554432 and eventually you get to v4278190080 before it cycles to v65536
04:45:00 <Mondenkind> ._.
05:18:00 <kazinsal> complex version structure in C defines that has an external script to generate a string from it and sed it into the C file
05:31:00 <Affliction> version is a . separated series of bytes written in decimal, containing x86 shellcode which outputs the version as ascii
05:32:00 <Affliction> naturally the ports for other architectures use their instructions
06:10:00 <geist> could use base 2 floating point hex versions
06:11:00 <geist> that'll confuse folks
06:12:00 <Mondenkind> now I'm thinking of really annoying obfuscation mechanisms
06:12:00 <Mondenkind> first 8 bits specify a permutation of the next 8 bits
06:12:00 <Mondenkind> which specify a permutation for the next 8 bits
06:12:00 <Mondenkind> and again. And the last 8 bits are the actual version, in 4.4 fixedpoint
06:13:00 <kazinsal> adopt Cisco's old school format
06:13:00 <kazinsal> so confusing they published *multiple* documentation posts on it
06:14:00 <kazinsal> 12.4(24)T7
06:14:00 <kazinsal> where the T is part of the 12.4
06:14:00 <kazinsal> not the 7
06:29:00 <klange> ayyyy https://klange.dev/s/Screenshot%20from%202021-10-22%2015-28-46.png
06:29:00 <klange> need to look into why sendto is returning 0 when it clearly sent stuff
06:30:00 <klange> but looks like my loopback is working and I can host UDP servers at least
06:32:00 <kingoffrance> i can scare you guys re: versions
06:33:00 <kingoffrance> i wlll have a version string, part of many charset experiments. but ...every string format/encoding is "versioned" to allow updates/etc. very database-like. what does that mean? it means, to avoid chicken and egg, need another "string format" "version versions" i.e. hardcoded list of known version numbers of "version" string encoding
06:33:00 <kingoffrance> so, my version "strings" will also themselves have a version number lol
06:34:00 <kingoffrance> dont need that really....but it just is being explicit about data formats basically. its like if you had a "version' for every iteration of a struct say
06:34:00 <kingoffrance> i mean, in that case, unlikely to be messing with that often....
06:35:00 <kingoffrance> its more of a uniformity thing
06:39:00 <klange> ah, net_udp_send is out here returning 0 on success, naughty little function
06:55:00 <kingoffrance> if a version number cant itself be versioned, what good is it, he asked? </story of mel>
10:19:00 <klange> https://klange.dev/s/Screenshot%20from%202021-10-22%2019-14-51.png A good step... still tons of TODOs with this network stack, but progress is progress.
22:30:00 <klange> uh oh https://klange.dev/s/Screenshot%20from%202021-10-23%2007-28-36.png
22:31:00 <Griwes> the most uh oh part is how low the kernel space addresses are :'D
22:32:00 <kazinsal> need a Sad Misaka in the style of the vintage Sad Mac
22:32:00 <Griwes> also
22:32:00 <Griwes> the last line of register dumps has all of its values misaligned
22:32:00 <Griwes> and by different values
22:32:00 <Griwes> you *monster*
22:57:00 <gog> press 0xf to pay respects
22:59:00 <clever> gog: on the rpi, if you do a 32bit (size and aligned) read of a register that doesnt exist, you get a constant like 'gpio', but if you do an 8bit read that is mis-aligned by 32bit+8bit, you always get 'p', even on valid registers
22:59:00 <clever> but only on certain peripherals
22:59:00 <clever> some return that constant, others return something else
22:59:00 <clever> and each peripheral has a different constant
23:00:00 <eryjus> klange: i'm a little surprised i dont see the cr registers in the dump.
23:01:00 <klange> Only things pushed by the interrupt handler are in the dump.
23:24:00 <kazinsal> I need to go back through all of my multiprocessor bringup code. Somehow, issuing any sort of reset (8042, ACPI, triple fault) causes the BSP to enter the AP startup code. I'm not sure how I accomplished this, but I'm assuming I was not sober when I did it.