#archlinux-ports | Logs for 2017-07-18
Back
[00:00:00] -!- CalimeroTeknik has quit [Ping timeout: 260 seconds]
[00:08:52] -!- CalimeroTeknik has joined #archlinux-ports
[00:28:00] -!- p71 has quit [Ping timeout: 268 seconds]
[00:30:39] -!- p71 has joined #archlinux-ports
[04:12:48] -!- axujen_ has joined #archlinux-ports
[04:13:59] -!- axujen has quit [*.net *.split]
[04:13:59] axujen_ is now known as axujen
[06:25:21] -!- deep42thought has joined #archlinux-ports
[07:04:17] -!- deep42thought has quit [Remote host closed the connection]
[08:06:11] dwm is now known as phillid
[08:32:22] -!- isacdaavid has quit [Quit: isacdaavid]
[08:32:40] -!- deep42thought has joined #archlinux-ports
[09:42:32] <deep42thought> tyzoid: Maybe you can enable captchas ore some other challenge-response mechanism for registering to the forum?
[09:45:31] -!- Faalagorn has quit [Ping timeout: 240 seconds]
[10:02:35] -!- Faalagorn has joined #archlinux-ports
[10:03:01] -!- eschwartz has quit [Ping timeout: 240 seconds]
[10:14:26] -!- eschwartz has joined #archlinux-ports
[11:52:43] <deep42thought> Should I open bugs for (split) packages, which have makedepends on themself (or on a part of them)?
[12:04:07] -!- eschwartz has quit [Ping timeout: 255 seconds]
[12:06:27] -!- eschwartz has joined #archlinux-ports
[12:29:43] -!- alyptik has quit [Ping timeout: 260 seconds]
[12:32:31] -!- alyptik has joined #archlinux-ports
[13:04:20] -!- eschwartz has quit [Remote host closed the connection]
[13:30:04] -!- Faalagorn has quit [Remote host closed the connection]
[13:31:51] -!- Faalagorn has joined #archlinux-ports
[13:48:53] -!- eschwartz has joined #archlinux-ports
[14:25:14] <tyzoid> deep42thought: I did, and they're still coming :/
[14:25:26] <deep42thought> :-/
[14:25:34] <tyzoid> It's that simple math problem one that's used on the main arch forum
[14:25:34] <deep42thought> do you have captchas?
[14:25:41] <deep42thought> hmmm
[14:26:05] <deep42thought> maybe we should users require compiling a valid package instead ;-P
[14:26:11] <tyzoid> lol
[14:26:19] <tyzoid> that requires reproducable builds, though
[14:26:30] <deep42thought> then I wouldn't be sure if _I_ could register again ^^
[14:26:47] <tyzoid> because we can't just say 'What's the sha256 hash of the built package for lightdm-git?'
[14:28:47] <deep42thought> I have no idea on how to keep off those bots
[14:29:48] <tyzoid> deep42thought: The addition of the captcha slowed the resgistration down from 1/min to 1/hr, though
[14:29:54] <tyzoid> or the simple math problem thingy
[14:29:58] <tyzoid> so it is helping
[14:30:02] <deep42thought> ok
[14:30:20] <deep42thought> what do we do with all the old bots, then?
[14:30:25] <tyzoid> idk
[14:30:37] <tyzoid> there's no good way to tell bots from people just from registration
[14:30:45] <deep42thought> is there some simple criterium, like ip, to distinguish them?
[14:30:48] <tyzoid> I'm usually just deleting any bot that makes a post
[14:30:56] <tyzoid> deep42thought: Nope, all of the users have unique ips
[14:31:00] <deep42thought> O.o
[14:31:06] <tyzoid> I've been deleting the *@*.ru emails, though
[14:31:14] <tyzoid> so anyone who registers with a .ru email goes bye-bye
[14:31:32] <tyzoid> and that's been pretty much just bots
[14:31:37] <deep42thought> well, maybe, we have legal russians at some point?
[14:31:47] <tyzoid> We'll just have them use a non .ru domain
[14:31:52] <deep42thought> ok
[14:32:01] <tyzoid> It's not that hard to get a gmail account in russia
[14:32:20] <deep42thought> but then trump also reads your mail instead of only putin
[14:32:41] <tyzoid> There's plenty of email providers around
[14:32:48] <tyzoid> I'm sure there's some in the EU
[14:32:49] <deep42thought> yeah, all good
[14:33:10] <tyzoid> plus afaik, if an EU citizen registers a gmail account, that data stays in the EU because data export laws
[14:33:37] <tyzoid> I know we have that at the company I work for
[14:33:41] <tyzoid> since we handle customer data
[14:33:49] <deep42thought> otherwise, the us has to pay taxes for the exported data
[14:34:14] <deep42thought> sry, just kidding
[14:34:23] <tyzoid> not sure what the fees/fines/penalties are, but my thought was that it's for privacy
[14:34:49] <tyzoid> since the US pretty much can wiretap any transmission from its borders out
[14:34:57] <tyzoid> (as well as some internal, illegally)
[14:35:02] <deep42thought> the eu is quite strict (wrt the us) regarding data privacy
[14:35:07] <tyzoid> yup
[14:35:15] <tyzoid> encryption ftw!
[14:36:47] <deep42thought> btw: our blacklist grows and grows as more and more upstream sources are not available for i686
[14:37:09] <deep42thought> even some, which have been available for i686 before ...
[14:39:07] <tyzoid> Can we make our own archive of these sources in case they go down?
[14:39:28] <deep42thought> it's more like "new versions don't built for i686 (on purpose)"
[14:39:51] <deep42thought> I think it will be hard to patch all new versions to still compile for i686
[14:39:57] <tyzoid> Right, but we should have the source around in case we need to build it against a new version of glibc, for ex.
[14:40:01] <deep42thought> since upstream will have its reasons on dropping i686
[14:40:26] <tyzoid> We don't need to necessarily update the source, but we may need to keep it around for rebuilds
[14:40:27] <deep42thought> so far I just delete the packages, like it's done in upstream-arch
[14:40:43] <deep42thought> I shouldn't? :-/
[14:40:52] <tyzoid> I'd think not
[14:41:04] <tyzoid> They're in mainline because they are/were popular
[14:41:25] <deep42thought> I dunno
[14:41:49] <deep42thought> is it worth to compile a years old package in a years old version?
[14:41:54] <tyzoid> If you don't feel like keeping them in community/extra/etc. then we could create an optional repo for these outdated packages
[14:42:00] <tyzoid> but I think it is worth it
[14:42:26] <tyzoid> ofc, it depends on the package.
[14:42:44] <deep42thought> have a look at our current blacklist
[14:42:57] <tyzoid> That's the one on the github repo?
[14:43:02] <deep42thought> yes
[14:44:04] <tyzoid> pypy3 is nice to have, pycuda is nice to have, tensorflow, gitlab...
[14:44:12] <tyzoid> mongodb...
[14:44:37] <tyzoid> gitlab esp. for servers
[14:47:41] <tyzoid> linux-hardened should? compile on i686...
[14:48:18] <jelle> it just makes no sense on there ;-)
[14:48:29] <jelle> limited randomness
[14:48:47] <tyzoid> not sure why the randomness would be limited
[14:50:04] <jelle> 32bit
[14:50:32] <tyzoid> jelle: But the csprng doesn't use the native int type, afaik
[14:50:46] <deep42thought> I think, the workflow should be: I blacklist, whatever package does not build officially for i686, someone, who likes it, picks up that package, patches it to (still) build for i686 and provides a patch in our package repository. Then we can reintroduce the package.
[14:50:51] <tyzoid> uint64_t works just fine on a 32bit machine
[14:50:59] <tyzoid> just requires an extra instruction for adds
[14:51:33] <tyzoid> deep42thought: Right, but I think we should have an archive of the sources available, so if the source becomes no longer available, it can be fixed/rebuilt/patched
[14:52:12] <jelle> > For 32-bit systems at 2004 computer speeds which have 16 bits for address randomization, Shacham and co-workers state "... 16 bits of address randomization can be defeated by a brute force attack within minutes
[14:52:14] <deep42thought> The value of building an old source is small
[14:52:17] <jelle> https://en.wikipedia.org
[14:52:18] <phrik> Title: Address space layout randomization - Wikipedia (at en.wikipedia.org)
[14:52:31] <tyzoid> jelle: I'm aware of how it works
[14:52:55] <tyzoid> If a 64bit system only has 4G of ram, vs a 32bit system with 4G of ram, it doesn't make a difference...
[14:53:26] <tyzoid> unless you're suggesting to randominze within all 64bits of the virtual address space, which has performance penalties for the TLB
[14:53:27] <jelle> who has 4GB ram these days :o
[14:53:29] <deep42thought> 16bits is less than 4G
[14:53:41] <tyzoid> deep42thought: Who says anything about 16bits?
[14:53:52] <tyzoid> I'm not trying to support the SNES with arch, here.
[14:54:06] <deep42thought> jelle said, 16bits would be randomized
[14:55:14] <tyzoid> jelle: Not sure why only 16bits are randomized...
[14:55:26] <tyzoid> Is it only randomizing a 64k block id?
[14:59:00] <tyzoid> jelle: Regardless, linux-hardened has more than address randomization, afaik
[14:59:11] <jelle> sure
[14:59:21] <jelle> I'd have to ask the maintainer again for the arguments against providing i686
[14:59:57] <tyzoid> jelle: I'm going to suggest we push for that one in particular, as our users are going to be using the software on embedded systems
[15:00:02] <tyzoid> which could benefit from linux-hardened
[15:00:19] <jelle> do what you like :)
[15:00:41] <tyzoid> jelle: Sounds good. Let me know what the maintainer(s) say.
[15:37:32] <eschwartz> deep42thought: https://sources.archlinux.org should host --allsource tarballs of every package source
[15:37:33] <phrik> Title: Index of / (at sources.archlinux.org)
[15:37:48] <deep42thought> eschwartz: no it shouldn't
[15:38:06] <deep42thought> it only hosts those, where the license requires it
[15:38:17] <tyzoid> eschwartz: That's just for packages that require distribution by the license (a la gpl)
[15:39:51] <eschwartz> ... huh, that is a lot less than I thought was supposed to be there. But some of those packages don't make a lot of sense???
[15:40:05] * eschwartz takes it all back
[16:04:36] -!- deep42thought has quit [Quit: Leaving.]
[16:48:01] -!- yokel has quit [Quit: Lost terminal]
[16:48:36] -!- yokel has joined #archlinux-ports
[17:42:06] -!- deep42thought has joined #archlinux-ports
[18:10:29] <brtln> jelle: I will tell you the reason, strcat doesn't care and doesn't have to
[18:14:41] <tyzoid> brtln: Reason for...?
[18:14:56] <tyzoid> not supporting linux-hardened in i686?
[18:33:39] <deep42thought> tyzoid: have you seen my response on the forum?
[18:33:54] <tyzoid> deep42thought: In the installation section?
[18:33:56] <tyzoid> Yes
[18:34:20] <tyzoid> 👍
[18:35:34] <deep42thought> the one regarding the missing archlinux32-keyring on the iso
[18:35:59] <tyzoid> Yup, I saw that
[18:36:22] <tyzoid> I'll be sure to test that when doing an install test of the iso for next month
[18:37:27] <deep42thought> and i figured out the reason for the most failing builds, so we should be safe to move current testing to stable
[18:37:35] <tyzoid> deep42thought: oh?
[18:38:01] <deep42thought> https://buildmaster.archlinux32.org
[18:38:36] <deep42thought> some upstream bugs, some packages where the dependencies aren't ready yet but can't be seen by the build system
[18:38:48] <deep42thought> and a few, where I have no clue
[18:39:10] <deep42thought> 2nd is mostly phonon-qt[45]-backend
[18:39:19] <deep42thought> which is now provided by some packages, but has not before
[18:40:30] <tyzoid> deep42thought: We should do a test instal from packages in testing before we move
[18:40:48] <deep42thought> yeah
[18:41:10] <deep42thought> one of my computers runs on testing packages and has not crashed (more often than usual)
[18:41:51] <deep42thought> but it has no desktop - only some webserver and music stuff
[18:44:05] <deep42thought> can you set up a vagrant file for a 32-bit arch machine, so I can play a little with our packages?
[18:44:17] <deep42thought> Maybe we can recycle that for tests, too
[19:07:48] <jelle> brtln: well actually, "no NX bit without PAE, tiny address space, missing a lot of other security features"
[19:09:29] <tyzoid> deep42thought: Will do. I'll get that out tonight.
[19:09:51] <tyzoid> deep42thought: I still want to get openQA working, but I haven't had a chance to look at it since I left for vacation
[19:12:11] <deep42thought> tyzoid: np, I just want to try a little testing myself before I move everything from testing to stable
[19:49:47] -!- AstroSnail has joined #archlinux-ports
[19:57:10] -!- p71_ has joined #archlinux-ports
[19:57:28] -!- p71 has quit [Ping timeout: 260 seconds]
[20:00:15] -!- alyptik has quit [Ping timeout: 255 seconds]
[20:00:41] -!- p71 has joined #archlinux-ports
[20:01:50] -!- alyptik has joined #archlinux-ports
[20:02:03] -!- p71_ has quit [Ping timeout: 255 seconds]
[20:40:18] -!- alyptik has quit [Ping timeout: 260 seconds]
[20:41:57] -!- alyptik has joined #archlinux-ports
[22:27:08] -!- deep42thought has quit [Remote host closed the connection]