<junon>
User programs are going to be chaotic, messy, insecure, opinionated, aggressive and greedy.
<junon>
If anything, controlling that chaos and allowing it to coexist with everything else on the system, is good design.
<junon>
(For general purpose)
<junon>
(sometimes it's a requirement that a program can be chaotic and messy and aggressive - depends on your goals)
<sonny>
junon: example is vms and containers, I don't think anyone wants to run a regular process on a server anymore
<junon>
I forgot matrix had notification sounds, my headphones were otherwise entirely quiet and on full blast and I about peed myself rn lol
<junon>
Sure they do sonny
<junon>
All the time. Something has to run those containers and VMs.
<klange>
VMs and containers are a great example of a horribly inelegant solution to a problem real users face with computers: No one wants to build clean, reproducible, minimal solutions (because that's both difficult and time consuming in a way that yields little benefit), so we've adapted to support the disorganized approach.
<sonny>
kubernetes?
<sonny>
I see
<junon>
Systemd is the first thing that comes to mind
<junon>
The defacto init system on most mainstream linux distributions today.
<junon>
Systemd generally would start up docker on systems that want to go that route, and potentially kuberenetes yes
<junon>
The thing most people don't know is that 1) docker is garbage, and 2) systemd supports containers out of the box.
<junon>
3) kubernetes is also terrible.
<sonny>
systemd isn't on windows etc
<junon>
Neither is docker nor kubernetes.
<sonny>
I thought docker was, it's used as a runtime for programs?
<CompanionCube>
nope
<CompanionCube>
docker on windows just spins up a vm iirc
<klange>
Docker is not a runtime. It is a frontend for container management.
<sonny>
it's used as a runtime
<klange>
It's not a runtime.
<junon>
No. Docker is a Go program that spins up a daemon that exposes an HTTP server over a UNIX domain socket that is communicated with by the `docker` executable primarily. The daemon itself manipulates linux cgroups and other security facilities to sandbox processes into a chroot'd environment and control their behavior without using a hypervisor to do so.
<klange>
It's a way to package together process isolation, network isolation, etc. and combine it with overlay filesystems. These are the fundamentals of "containers" in Linux.
<junon>
Docker doesn't exist on MacOS or Windows expressly because they cannot "containerize" software like Linux can.
<sonny>
"Package applications as portable container images to run in any environment consistently from on-premises Kubernetes to AWS ECS, Azure ACI, Google GKE and more" -- sounds like a runtime to me
<klange>
It does exist, but it exists by managing all of that... within a virtualized Linux.
<junon>
You're arguing semantics
<junon>
"runtime" is vague as it is, and Docker is not what I would consider a runtime.
<junon>
Programs don't rely on docker to run.
<junon>
That's actually kind of the whole point.
<sonny>
ok
<klange>
There's an old joke, maybe it was a webcomic, about "it works on my machine" "well then let's just use your machine I guess".
<junon>
E.g. you can write "sandboxed" code in a scripting language. The scripting language itself can control the actions the scripts can perform. Therefore, the scripting environment has a scripting runtime.
<klange>
Docker is that taken to its logical conclusion: It's hard to make applications that have complex dependencies and can still be brought up in lots of disparate environments.
<junon>
Whereas docker is running real executables that call into the linux kernel with real syscalls. You can, in theory, run it directly on the host system without modification.
<klange>
Docker, and the container technology it is built on, is about taking a complete system image whole-hog and running it in isolation. The runtime is Linux.
<sonny>
yeah
<clever>
junon: i believe the official docker installer for windows/darwin, just spins up a linux virtual machine, and pipes commands to the linux docker daemon, from a windows/darwin docker client
<junon>
Yep correct.
<clever>
i think there is a proper windows docker as well, but that can only run images built for windows
<klange>
When I last used the macOS version, it specifically used VirtualBox.
<junon>
Yes there is
<junon>
It's not used often though, from what I understand. It also doesn't work well.
<clever>
i think darwin does have a chroot api, but the dynamic linker path is hard-coded in the kernel
<clever>
so you need a decent chunk of darwin libs in the 2nd root, to do anything
sonny has quit [Ping timeout: 256 seconds]
srjek has joined #osdev
<junon>
That wouldn't surprise me, and also you'd have to somehow mount the /System volume to do anything of note. I don't think it's worth it on MacOS, they've tightly coupled the OS so damn much that it's not really feasible.
<junon>
Plus chroot isn't sufficient from a security standpoint.
<klange>
Actually using the equivalent interfaces on macOS wouldn't make much sense, though, and demonstrates how Docker isn't a runtime: Linux is the runtime.
<clever>
junon: most sandboxing i see on darwin, will instead use security policies (similar to selinux), to just deny access to anything you shouldnt be touching
<junon>
Yes though chroot has been broken quite a bit in the past. Last I checked there were still ways to break out in some cases.
<klange>
Always keep in mind that containers are not a security model :)
<clever>
yeah, docker is just a wrapper around cgroups + namespacing
<clever>
systemd-nspawn is another way to access the same tools
<junon>
Yeah systemd has this stuff out of box.
<junon>
klange: Tell that to the docker community.
nj0rd has quit [Read error: Connection reset by peer]
<klange>
Tell it to anyone and everyone who doesn't get it :)
<junon>
So the docker community.
<klange>
Containers are an approach to packaging and a solution to dependency hell.
<clever>
nix is a non-containerized solution to dependency hell
ElectronApps has joined #osdev
sprock has joined #osdev
sonny has joined #osdev
sonny has quit [Remote host closed the connection]
sonny has joined #osdev
<klange>
Realized with the announcement of Gimp 2.99.8 that they use the same version scheme as me for development releases.
<klange>
So I'm not weird for having ToaruOS 1.99.8.
sonny has quit [Remote host closed the connection]
sonny has joined #osdev
sonny has quit [Remote host closed the connection]
sonny has joined #osdev
anon16_ has quit [Ping timeout: 260 seconds]
sonny has quit [Remote host closed the connection]
nj0rd has joined #osdev
sonny has joined #osdev
sonny has quit [Remote host closed the connection]
sonny has joined #osdev
dude12312414 has joined #osdev
sonny has quit [Ping timeout: 256 seconds]
sonny has joined #osdev
sonny has left #osdev [#osdev]
smeso has quit [Quit: smeso]
Oli has quit [Quit: leaving]
smeso has joined #osdev
srjek has quit [Ping timeout: 264 seconds]
sts-q has joined #osdev
mahmutov has joined #osdev
dude12312414 has quit [Remote host closed the connection]
dude12312414 has joined #osdev
mahmutov has quit [Ping timeout: 260 seconds]
[itchyjunk] has quit [Remote host closed the connection]
dude12312414 has quit [Quit: THE RAM IS TOO DAMN HIGH]
<kazinsal>
re: versioning schemes, every time I look at my kernel's version being 0.something I always feel like one of those people who posts a hello world bootloader on the forums as their 0.0.1 release
<eryjus>
well, on the other hand, if I ever get to v1.0 i grossly misrepresented one of the tenets of the name "CenturyOS".
<Affliction>
the correct thing to do is 0.9, 0.99, 0.999, 0.9999, 0.99995, 0.99999, ...
<kazinsal>
version numbers so complex you lose floating point precision
<Affliction>
floating point versions, incrementing the bytes! 1.0, 1.00000011920928955078, 1.00000023841857910156
<Mondenkind>
version 1.0 + 2ulp
<klange>
integer versions, but they're 32-bit integers with the wrong endian so you start with v16777216 then v33554432 and eventually you get to v4278190080 before it cycles to v65536
<Mondenkind>
._.
<kazinsal>
complex version structure in C defines that has an external script to generate a string from it and sed it into the C file
<Affliction>
version is a . separated series of bytes written in decimal, containing x86 shellcode which outputs the version as ascii
ElectronApps has quit [Remote host closed the connection]
<Affliction>
naturally the ports for other architectures use their instructions
gxt_ has quit [Ping timeout: 276 seconds]
gxt_ has joined #osdev
gxt_ has quit [Ping timeout: 276 seconds]
gxt_ has joined #osdev
xenos1984 has quit [Quit: Leaving.]
ElectronApps has joined #osdev
gxt_ has quit [Ping timeout: 276 seconds]
gxt_ has joined #osdev
<geist>
could use base 2 floating point hex versions
<geist>
that'll confuse folks
<Mondenkind>
now I'm thinking of really annoying obfuscation mechanisms
<Mondenkind>
first 8 bits specify a permutation of the next 8 bits
<Mondenkind>
which specify a permutation for the next 8 bits
<Mondenkind>
and again. And the last 8 bits are the actual version, in 4.4 fixedpoint
<kazinsal>
adopt Cisco's old school format
<kazinsal>
so confusing they published *multiple* documentation posts on it
<klange>
need to look into why sendto is returning 0 when it clearly sent stuff
<klange>
but looks like my loopback is working and I can host UDP servers at least
<kingoffrance>
i can scare you guys re: versions
<kingoffrance>
i wlll have a version string, part of many charset experiments. but ...every string format/encoding is "versioned" to allow updates/etc. very database-like. what does that mean? it means, to avoid chicken and egg, need another "string format" "version versions" i.e. hardcoded list of known version numbers of "version" string encoding
<kingoffrance>
so, my version "strings" will also themselves have a version number lol
<kingoffrance>
dont need that really....but it just is being explicit about data formats basically. its like if you had a "version' for every iteration of a struct say
<kingoffrance>
i mean, in that case, unlikely to be messing with that often....
<kingoffrance>
its more of a uniformity thing
<klange>
ah, net_udp_send is out here returning 0 on success, naughty little function
xenos1984 has joined #osdev
MarchHare has quit [Quit: Leaving]
<kingoffrance>
if a version number cant itself be versioned, what good is it, he asked? </story of mel>
<Griwes>
the most uh oh part is how low the kernel space addresses are :'D
<kazinsal>
need a Sad Misaka in the style of the vintage Sad Mac
<Griwes>
also
<Griwes>
the last line of register dumps has all of its values misaligned
<Griwes>
and by different values
<Griwes>
you *monster*
vinleod is now known as vdamewood
[itchyjunk] has quit [Remote host closed the connection]
[itchyjunk] has joined #osdev
nyah has quit [Ping timeout: 260 seconds]
<gog>
press 0xf to pay respects
<clever>
gog: on the rpi, if you do a 32bit (size and aligned) read of a register that doesnt exist, you get a constant like 'gpio', but if you do an 8bit read that is mis-aligned by 32bit+8bit, you always get 'p', even on valid registers
<clever>
but only on certain peripherals
<clever>
some return that constant, others return something else
<clever>
and each peripheral has a different constant
<eryjus>
klange: i'm a little surprised i dont see the cr registers in the dump.
<klange>
Only things pushed by the interrupt handler are in the dump.
Mondenkind is now known as moon-child
ravan has quit [Remote host closed the connection]
ravan has joined #osdev
<kazinsal>
I need to go back through all of my multiprocessor bringup code. Somehow, issuing any sort of reset (8042, ACPI, triple fault) causes the BSP to enter the AP startup code. I'm not sure how I accomplished this, but I'm assuming I was not sober when I did it.
vdamewood has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
gog has quit []
gog has joined #osdev
[itchyjunk] has quit [Remote host closed the connection]