Sixel test. It is funny how much sixels have late years go appreciation when they were invented by DEC already in 1987, when they introduced VT-320 series of dummy terminals ;-)

@TehPenguin i also ignore all meme pic's, sorry ;-) i don't care about em.

@mhd Rust seems to have found its place as defacto for wasm, which I think appropriate use for it too.

I.e. security barrier involved with direct user input.

@mhd Its ideas became big through Objective-C kind of and influenced quite many languages over the years. World would not be the same without Smalltalk even tho it itself was not great success.

Java on the other hand is the most field-tested industry strength language in the backend. And its JIT is heavily optimized by the engineers of the CPU companies involved. It is not that great in the client and but there's no server workload in existence that would not have gone though the "Java exercise".

That said my fav desktop application Bitwig Studio is made with Java ;-) https://www.bitwig.com/

@TudbuT @orizuru Thanks for the qualitative opinion that I will ignore without reading it properly :-)

@elrohir All my password in Firefox sync are duplicates as browser sync works me only as a cache ;-)

@elrohir did not know this but neither big surprises here :-)

I have two-folded approach:

1. My main secret/password vault is https://www.passwordstore.org/.
2. I use sync features as password caches and empty them annually. So I have password “in rotation” in the browser.

One thing I don't get in #Rust and #Go is that #Java and various #JVM -languages have pretty much delivered backend all the goodies that the newer languages promise to deliver 🤷 I call this Yogurt syndrome because it is a product that never really changes but still new versions arrive to the market.

#EU vs #browser vendors: “one has to be able to pick browser and search engine”. Actually that does not solve anything, and shows only that politicians know nothing about #software. More effective enforcement would be “one has to be able to pick a provider for the sync feature of a browser”.

Two relatively recent incidents that have limited the choice here:

1. #Chromium was blocked from #Google sync.
2. #GNOME Web was blocked from #Firefox sync.

#politics

@Dr_Emann Not fully yet understanding capabilities of vm-memory but enarx has two kinds of mappings:

1. Actual mmaps. For these there was trait called Map but cannot recall what was the internal crate called.
2. “Fake” mmaps inside e.g. SGX enclave just for markup with https://github.com/enarx/mmledger

So I’m looking into if I could extend vm-memory to provide the latter so then host/guest mmaps would have same parameters and two internal crates could be removed.

So lot’s of experimentation to do before it make sense to do anything for the actual project. If this draft of an idea would be possible with vm-memory, it would make doing the task whole a lot more feasible.

@rjzak

@Dr_Emann This is exactly why I experiment with these test programs before making any enarx changes ;-) Thanks for the tip.

I still have to play also with vm-memory too...

Turns out that vm-memory is WRONG crate for arbitrary mappings. E.g. it does not allows arbitray permissions for anonymous mappings. Instead mmap-rs is probably better idea:

// SPDX-License-Identifier: MIT
//! Copyright (c) Jarkko Sakkinen 2024

#![deny(clippy::all)]
#![deny(clippy::pedantic)]

use mmap::MemoryMap;

fn main() {
    let mem = MemoryMap::new(0x2000, &[
        mmap::MapOption::MapReadable,
        mmap::MapOption::MapWritable,
        mmap::MapOption::MapExecutable,
    ]).unwrap_or_else(|_| std::process::exit(1));
    println!("{}", mem.len());
}

MapOption contains fields for file and similar stuff too.

Output:

~/work/local/hello-vm-memory master* 7m 13s
❯ target/debug/hello-vm-memory                    
GuestMemoryMmap { regions: [GuestRegionMmap { mapping: MmapRegion { addr: 0x7f593adbf000, size: 8192, bitmap: (), file_offset: None, prot: 3, flags: 16418, owned: true, hugetlbfs: None }, guest_base: GuestAddress(0) }] }

So, in case you’ve ever wondered, this is how you map anonymous memory with vm-memory crate:

//! Copyright (c) Jarkko Sakkinen 2024

#![deny(clippy::all)]
#![deny(clippy::pedantic)]

use vm_memory::{GuestAddress, GuestMemoryMmap};

fn main() {
    let mem: GuestMemoryMmap<()> =
        GuestMemoryMmap::from_ranges(&[(GuestAddress(0u64), 8192usize)]).unwrap();
    println!("{:?}", mem);
}

The type parameter is for Bitmap.

I’ll do a small test program for each type of memory that we need in Enarx and after that make the changes to the project itself. Changes are simple but the code base is large so this is fastest way to formalize a decent patch.

So next step is /dev/kvm test.

#rust #rustlang #mmap #kvm

#Anonym has the same #privacy bug as #Signal:

1. Claim that they run confidential computing environment.
2. Does not periodically piggyback x.509 of the CPU attestation back to the browser so that it could be compared to the #Intel and #AMD CA’s.

Objectively we can thus come to the conclusion that it is belief system based #security.

Especially this is weird given the collaboration with a browser vendor.

Even for AGPL code confidentiality can be faked by emulating necessary opcodes with a modified QEMU.

The whole core idea of confidential computing is based on exactly to the ability for client to verify that the payload is unmodified. This is just fake marketing.

The security promise is exactly as truthful as it was for ANON phones that FBI sold to crooks ;-)

#Mozilla #Firefox #infosec

As a seldom science paper consumer, not a scientist, I browse 95% of papers from which I need a slice of info on my computer screen, but the 5% that I actually need to understand in depth and detail I always print on paper.

@triskelion i only mind about padding and borders to be more specific

Call sites:

~/work/github/enarx/enarx main
❯ git grep -e Map\< 
crates/enarx-config/src/lib.rs:    pub env: HashMap<String, String>,
src/backend/binary.rs:        pages: Map<perms::ReadWrite>,
src/backend/kvm/builder.rs:    fn map(&mut self, pages: Map<perms::ReadWrite>, to: usize, with: u32) -> anyhow::Result<()> {
src/backend/kvm/builder.rs:    pages: &Map<perms::ReadWrite>,
src/backend/kvm/mem.rs:    backing: Map<perms::ReadWrite>,
src/backend/kvm/mem.rs:    pub fn new(slot: Slot, backing: Map<perms::ReadWrite>) -> Self {
src/backend/kvm/mem.rs:        backing_memory: &Map<perms::ReadWrite>,
src/backend/kvm/mod.rs:        pages: Map<perms::ReadWrite>,
src/backend/sev/builder.rs:        mut pages: Map<perms::ReadWrite>,
src/backend/sev/hasher.rs:    fn map(&mut self, pages: Map<perms::ReadWrite>, to: usize, with: u32) -> anyhow::Result<()> {
src/backend/sgx/builder.rs:    mmap: Map<perms::Unknown>,
src/backend/sgx/builder.rs:        pages: Map<perms::ReadWrite>,
src/backend/sgx/hasher.rs:        pages: Map<perms::ReadWrite>,
src/backend/sgx/mod.rs:    mem: Map<perms::Unknown>,

Compiled #enarx first time for a long time. I'm looking into how feasible it would be to switch the ad-hoc mmap abstraction to rust-vmm/vm-memory crate. #Rust #rustlang

@triskelion i don’t care what window decoration looks like.