@ljs My estimate all kernel maintainers in Finland in any area would take about a single store bus to fill in. Not sure if @jani agrees with my estimate but this has been impression at least in conferences :-)

@hjvt Any input is welcome most welcome because memory management (in the sense of mapping it) is not the strong point of Rust's stdlib.

I just do bunch of test programs and that will hopefully converge to choice ;-)

Way test these is that I git grep just our call sites in Enarx and then make lowest-common denominator hello world out of it...

Thank you!

Listing monospace fonts with #fontconfig:

❯ fc-list :mono : family | sort -u
Andale Mono
BlexMono Nerd Font
BlexMono Nerd Font,BlexMono Nerd Font ExtraLight
BlexMono Nerd Font,BlexMono Nerd Font Light
BlexMono Nerd Font,BlexMono Nerd Font Medium
BlexMono Nerd Font,BlexMono Nerd Font SemiBold
BlexMono Nerd Font,BlexMono Nerd Font Text
BlexMono Nerd Font,BlexMono Nerd Font Thin
BlexMono Nerd Font Mono
BlexMono Nerd Font Mono,BlexMono Nerd Font Mono ExtraLight
BlexMono Nerd Font Mono,BlexMono Nerd Font Mono Light
BlexMono Nerd Font Mono,BlexMono Nerd Font Mono Medium
BlexMono Nerd Font Mono,BlexMono Nerd Font Mono SemiBold
BlexMono Nerd Font Mono,BlexMono Nerd Font Mono Text
BlexMono Nerd Font Mono,BlexMono Nerd Font Mono Thin
Courier New
Liberation Mono
MesloLGLDZ Nerd Font
MesloLGLDZ Nerd Font Mono
MesloLGL Nerd Font
MesloLGL Nerd Font Mono
MesloLGMDZ Nerd Font
MesloLGMDZ Nerd Font Mono
MesloLGM Nerd Font
MesloLGM Nerd Font Mono
MesloLGSDZ Nerd Font
MesloLGSDZ Nerd Font Mono
MesloLGS Nerd Font
MesloLGS Nerd Font Mono
Nimbus Mono PS
Noto Color Emoji
Source Code Pro
Source Code Pro,Source Code Pro Black
Source Code Pro,Source Code Pro ExtraLight
Source Code Pro,Source Code Pro Light
Source Code Pro,Source Code Pro Medium
Source Code Pro,Source Code Pro Semibold

Had to trial and error for a while so consider no to myself ;-)

@TehPenguin In the backend it JVM does provide safe, concurrent and secure ecosystem and huge track record to back it up. I don't see any actual business reason to switch.

It neither has not made waves yet in the kernel, and it is not likely it will before GCCRS is in par with LLVM. Not saying that it never will but zero defconfigs is not a strong standing point.

The business interesting use I've seen has been WASM so far.

Sixel test. It is funny how much sixels have late years go appreciation when they were invented by DEC already in 1987, when they introduced VT-320 series of dummy terminals ;-)

@TehPenguin i also ignore all meme pic's, sorry ;-) i don't care about em.

@mhd Rust seems to have found its place as defacto for wasm, which I think appropriate use for it too.

I.e. security barrier involved with direct user input.

@mhd Its ideas became big through Objective-C kind of and influenced quite many languages over the years. World would not be the same without Smalltalk even tho it itself was not great success.

Java on the other hand is the most field-tested industry strength language in the backend. And its JIT is heavily optimized by the engineers of the CPU companies involved. It is not that great in the client and but there's no server workload in existence that would not have gone though the "Java exercise".

That said my fav desktop application Bitwig Studio is made with Java ;-) https://www.bitwig.com/

@TudbuT @orizuru Thanks for the qualitative opinion that I will ignore without reading it properly :-)

@elrohir All my password in Firefox sync are duplicates as browser sync works me only as a cache ;-)

@elrohir did not know this but neither big surprises here :-)

I have two-folded approach:

1. My main secret/password vault is https://www.passwordstore.org/.
2. I use sync features as password caches and empty them annually. So I have password “in rotation” in the browser.

One thing I don't get in #Rust and #Go is that #Java and various #JVM -languages have pretty much delivered backend all the goodies that the newer languages promise to deliver 🤷 I call this Yogurt syndrome because it is a product that never really changes but still new versions arrive to the market.

#EU vs #browser vendors: “one has to be able to pick browser and search engine”. Actually that does not solve anything, and shows only that politicians know nothing about #software. More effective enforcement would be “one has to be able to pick a provider for the sync feature of a browser”.

Two relatively recent incidents that have limited the choice here:

1. #Chromium was blocked from #Google sync.
2. #GNOME Web was blocked from #Firefox sync.

#politics

@Dr_Emann Not fully yet understanding capabilities of vm-memory but enarx has two kinds of mappings:

1. Actual mmaps. For these there was trait called Map but cannot recall what was the internal crate called.
2. “Fake” mmaps inside e.g. SGX enclave just for markup with https://github.com/enarx/mmledger

So I’m looking into if I could extend vm-memory to provide the latter so then host/guest mmaps would have same parameters and two internal crates could be removed.

So lot’s of experimentation to do before it make sense to do anything for the actual project. If this draft of an idea would be possible with vm-memory, it would make doing the task whole a lot more feasible.

@rjzak

@Dr_Emann This is exactly why I experiment with these test programs before making any enarx changes ;-) Thanks for the tip.

I still have to play also with vm-memory too...

Turns out that vm-memory is WRONG crate for arbitrary mappings. E.g. it does not allows arbitray permissions for anonymous mappings. Instead mmap-rs is probably better idea:

// SPDX-License-Identifier: MIT
//! Copyright (c) Jarkko Sakkinen 2024

#![deny(clippy::all)]
#![deny(clippy::pedantic)]

use mmap::MemoryMap;

fn main() {
    let mem = MemoryMap::new(0x2000, &[
        mmap::MapOption::MapReadable,
        mmap::MapOption::MapWritable,
        mmap::MapOption::MapExecutable,
    ]).unwrap_or_else(|_| std::process::exit(1));
    println!("{}", mem.len());
}

MapOption contains fields for file and similar stuff too.

Output:

~/work/local/hello-vm-memory master* 7m 13s
❯ target/debug/hello-vm-memory                    
GuestMemoryMmap { regions: [GuestRegionMmap { mapping: MmapRegion { addr: 0x7f593adbf000, size: 8192, bitmap: (), file_offset: None, prot: 3, flags: 16418, owned: true, hugetlbfs: None }, guest_base: GuestAddress(0) }] }

So, in case you’ve ever wondered, this is how you map anonymous memory with vm-memory crate:

//! Copyright (c) Jarkko Sakkinen 2024

#![deny(clippy::all)]
#![deny(clippy::pedantic)]

use vm_memory::{GuestAddress, GuestMemoryMmap};

fn main() {
    let mem: GuestMemoryMmap<()> =
        GuestMemoryMmap::from_ranges(&[(GuestAddress(0u64), 8192usize)]).unwrap();
    println!("{:?}", mem);
}

The type parameter is for Bitmap.

I’ll do a small test program for each type of memory that we need in Enarx and after that make the changes to the project itself. Changes are simple but the code base is large so this is fastest way to formalize a decent patch.

So next step is /dev/kvm test.

#rust #rustlang #mmap #kvm

#Anonym has the same #privacy bug as #Signal:

1. Claim that they run confidential computing environment.
2. Does not periodically piggyback x.509 of the CPU attestation back to the browser so that it could be compared to the #Intel and #AMD CA’s.

Objectively we can thus come to the conclusion that it is belief system based #security.

Especially this is weird given the collaboration with a browser vendor.

Even for AGPL code confidentiality can be faked by emulating necessary opcodes with a modified QEMU.

The whole core idea of confidential computing is based on exactly to the ability for client to verify that the payload is unmodified. This is just fake marketing.

The security promise is exactly as truthful as it was for ANON phones that FBI sold to crooks ;-)

#Mozilla #Firefox #infosec

As a seldom science paper consumer, not a scientist, I browse 95% of papers from which I need a slice of info on my computer screen, but the 5% that I actually need to understand in depth and detail I always print on paper.