One thing I don't get in #Rust and #Go is that #Java and various #JVM -languages have pretty much delivered backend all the goodies that the newer languages promise to deliver 🤷 I call this Yogurt syndrome because it is a product that never really changes but still new versions arrive to the market.

#EU vs #browser vendors: “one has to be able to pick browser and search engine”. Actually that does not solve anything, and shows only that politicians know nothing about #software. More effective enforcement would be “one has to be able to pick a provider for the sync feature of a browser”.

Two relatively recent incidents that have limited the choice here:

1. #Chromium was blocked from #Google sync.
2. #GNOME Web was blocked from #Firefox sync.

#politics

@Dr_Emann Not fully yet understanding capabilities of vm-memory but enarx has two kinds of mappings:

1. Actual mmaps. For these there was trait called Map but cannot recall what was the internal crate called.
2. “Fake” mmaps inside e.g. SGX enclave just for markup with https://github.com/enarx/mmledger

So I’m looking into if I could extend vm-memory to provide the latter so then host/guest mmaps would have same parameters and two internal crates could be removed.

So lot’s of experimentation to do before it make sense to do anything for the actual project. If this draft of an idea would be possible with vm-memory, it would make doing the task whole a lot more feasible.

@rjzak

@Dr_Emann This is exactly why I experiment with these test programs before making any enarx changes ;-) Thanks for the tip.

I still have to play also with vm-memory too...

Turns out that vm-memory is WRONG crate for arbitrary mappings. E.g. it does not allows arbitray permissions for anonymous mappings. Instead mmap-rs is probably better idea:

// SPDX-License-Identifier: MIT
//! Copyright (c) Jarkko Sakkinen 2024

#![deny(clippy::all)]
#![deny(clippy::pedantic)]

use mmap::MemoryMap;

fn main() {
    let mem = MemoryMap::new(0x2000, &[
        mmap::MapOption::MapReadable,
        mmap::MapOption::MapWritable,
        mmap::MapOption::MapExecutable,
    ]).unwrap_or_else(|_| std::process::exit(1));
    println!("{}", mem.len());
}

MapOption contains fields for file and similar stuff too.

Output:

~/work/local/hello-vm-memory master* 7m 13s
❯ target/debug/hello-vm-memory                    
GuestMemoryMmap { regions: [GuestRegionMmap { mapping: MmapRegion { addr: 0x7f593adbf000, size: 8192, bitmap: (), file_offset: None, prot: 3, flags: 16418, owned: true, hugetlbfs: None }, guest_base: GuestAddress(0) }] }

So, in case you’ve ever wondered, this is how you map anonymous memory with vm-memory crate:

//! Copyright (c) Jarkko Sakkinen 2024

#![deny(clippy::all)]
#![deny(clippy::pedantic)]

use vm_memory::{GuestAddress, GuestMemoryMmap};

fn main() {
    let mem: GuestMemoryMmap<()> =
        GuestMemoryMmap::from_ranges(&[(GuestAddress(0u64), 8192usize)]).unwrap();
    println!("{:?}", mem);
}

The type parameter is for Bitmap.

I’ll do a small test program for each type of memory that we need in Enarx and after that make the changes to the project itself. Changes are simple but the code base is large so this is fastest way to formalize a decent patch.

So next step is /dev/kvm test.

#rust #rustlang #mmap #kvm

#Anonym has the same #privacy bug as #Signal:

1. Claim that they run confidential computing environment.
2. Does not periodically piggyback x.509 of the CPU attestation back to the browser so that it could be compared to the #Intel and #AMD CA’s.

Objectively we can thus come to the conclusion that it is belief system based #security.

Especially this is weird given the collaboration with a browser vendor.

Even for AGPL code confidentiality can be faked by emulating necessary opcodes with a modified QEMU.

The whole core idea of confidential computing is based on exactly to the ability for client to verify that the payload is unmodified. This is just fake marketing.

The security promise is exactly as truthful as it was for ANON phones that FBI sold to crooks ;-)

#Mozilla #Firefox #infosec

As a seldom science paper consumer, not a scientist, I browse 95% of papers from which I need a slice of info on my computer screen, but the 5% that I actually need to understand in depth and detail I always print on paper.

@triskelion i only mind about padding and borders to be more specific

Call sites:

~/work/github/enarx/enarx main
❯ git grep -e Map\< 
crates/enarx-config/src/lib.rs:    pub env: HashMap<String, String>,
src/backend/binary.rs:        pages: Map<perms::ReadWrite>,
src/backend/kvm/builder.rs:    fn map(&mut self, pages: Map<perms::ReadWrite>, to: usize, with: u32) -> anyhow::Result<()> {
src/backend/kvm/builder.rs:    pages: &Map<perms::ReadWrite>,
src/backend/kvm/mem.rs:    backing: Map<perms::ReadWrite>,
src/backend/kvm/mem.rs:    pub fn new(slot: Slot, backing: Map<perms::ReadWrite>) -> Self {
src/backend/kvm/mem.rs:        backing_memory: &Map<perms::ReadWrite>,
src/backend/kvm/mod.rs:        pages: Map<perms::ReadWrite>,
src/backend/sev/builder.rs:        mut pages: Map<perms::ReadWrite>,
src/backend/sev/hasher.rs:    fn map(&mut self, pages: Map<perms::ReadWrite>, to: usize, with: u32) -> anyhow::Result<()> {
src/backend/sgx/builder.rs:    mmap: Map<perms::Unknown>,
src/backend/sgx/builder.rs:        pages: Map<perms::ReadWrite>,
src/backend/sgx/hasher.rs:        pages: Map<perms::ReadWrite>,
src/backend/sgx/mod.rs:    mem: Map<perms::Unknown>,

Compiled #enarx first time for a long time. I'm looking into how feasible it would be to switch the ad-hoc mmap abstraction to rust-vmm/vm-memory crate. #Rust #rustlang

@triskelion i don’t care what window decoration looks like.

@visone i prefer running tmux sessions so that kind of provides me same in all terminals but don’t mind feature to exist

Ya, and another thing I like in foot that the only setting in graphics that I had to change was font. No borders, extra padding etc. in the default configuration. And only other setting I changed was to add F11 shortcut for full-screen. Took about 5 minutes to get it right from finding the project in the first place.

I've tried both alacritty and kitty for some time only to realize that cross-platform terminal is not always the best idea.

E.g. it is pretty hard to find ubiquitos font settings that work for both GNOME and macOS. So on macOS I now use iTerm2 and in GNOME I use this. They play better with the surrounding environment, and possibility have shared configuration was rendered out anyway on how graphics works in each specific OS.

#foot is a super nice #terminal that I just learned to exist: https://codeberg.org/dnkl/foot

#wayland only. has all the modern mandatory stuff but not extras.

@jorgen Some characters like curly brace look beautiful and have that IBM old school vibe ;-)

I've been use catppuccin and its variants for colors lately because it has also nice light background variant that does hurt eyes, and the colors hve that nice Motif/FVWM feel in them ;-)

@aria OK, that's unfortunate! But also expected, as Firefox follows the footsteps of Chrome.

Does not affect my workflow tho. I wonder how is the situation with Iceweasel.

@vbabka Forgot one thing: HEAD@{<index>} can be used to index the reflog entries. It is nice because it is just a bookmark list where new bookmark gets added when ever there is a new commit ID. It is nothing retained in the version control itself.