# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 10
# self = https://watcher.sour.is/conv/oihoczq
@prologic First, yes, Linux has many features in that area and that’s not a great situation as it complicates everything. 🫤
The two key advantages of landlock (or pledge/unveil) would be: a) Much easier to use / more lightweight, b) usable by non-root users.
Been a while since I watched it, I think this talk by one of the OpenBSD devs was pretty good: https://www.youtube.com/watch?v=gvmGfpMgny4
@prologic First, yes, Linux has many features in that area and that’s not a great situation as it complicates everything. 🫤
The two key advantages of landlock (or pledge/unveil) would be: a) Much easier to use / more lightweight, b) usable by non-root users.
Been a while since I watched it, I think this talk by one of the OpenBSD devs was pretty good: https://www.youtube.com/watch?v=gvmGfpMgny4
@prologic First, yes, Linux has many features in that area and that’s not a great situation as it complicates everything. 🫤
The two key advantages of landlock (or pledge/unveil) would be: a) Much easier to use / more lightweight, b) usable by non-root users.
Been a while since I watched it, I think this talk by one of the OpenBSD devs was pretty good: https://www.youtube.com/watch?v=gvmGfpMgny4
@prologic First, yes, Linux has many features in that area and that’s not a great situation as it complicates everything. 🫤
The two key advantages of landlock (or pledge/unveil) would be: a) Much easier to use / more lightweight, b) usable by non-root users.
Been a while since I watched it, I think this talk by one of the OpenBSD devs was pretty good: https://www.youtube.com/watch?v=gvmGfpMgny4
@movq Despite the audio sounds like is was recorded with a potato in a bathroom, this is a nice talk! I enjoyed it and learned something.
@lyse Yeah, the audio isn’t all too great. 😂
I’m rewatching the talk just now. My main point is still standing: Linux probably has all these features as well, but look at the slides at minute 19:30 and 19:35, pledge and unveil are *really easy to use*. He didn’t even shorten the code:
https://github.com/openbsd/src/blob/master/usr.bin/nc/netcat.c#L364-L418
unveil this, unveil that, pledge this, pledge that, done. Such a simple, concise, and yet powerful API. You don’t see that very often.
@lyse Yeah, the audio isn’t all too great. 😂
I’m rewatching the talk just now. My main point is still standing: Linux probably has all these features as well, but look at the slides at minute 19:30 and 19:35, pledge and unveil are *really easy to use*. He didn’t even shorten the code:
https://github.com/openbsd/src/blob/master/usr.bin/nc/netcat.c#L364-L418
unveil this, unveil that, pledge this, pledge that, done. Such a simple, concise, and yet powerful API. You don’t see that very often.
@lyse Yeah, the audio isn’t all too great. 😂
I’m rewatching the talk just now. My main point is still standing: Linux probably has all these features as well, but look at the slides at minute 19:30 and 19:35, pledge and unveil are *really easy to use*. He didn’t even shorten the code:
https://github.com/openbsd/src/blob/master/usr.bin/nc/netcat.c#L364-L418
unveil this, unveil that, pledge this, pledge that, done. Such a simple, concise, and yet powerful API. You don’t see that very often.
@lyse Yeah, the audio isn’t all too great. 😂
I’m rewatching the talk just now. My main point is still standing: Linux probably has all these features as well, but look at the slides at minute 19:30 and 19:35, pledge and unveil are *really easy to use*. He didn’t even shorten the code:
https://github.com/openbsd/src/blob/master/usr.bin/nc/netcat.c#L364-L418
unveil this, unveil that, pledge this, pledge that, done. Such a simple, concise, and yet powerful API. You don’t see that very often.
@movq Oh yes. Compare that with an AppArmor or SELinux profile. Awful! The idea of just putting it right in the program itself sounds very appealing.