~kaey

Recent activity

Re: Problem of Rebasing a GitLab MR 8 months ago

From Konstantin Kulikov to ~sircmpwn/alpine-devel

What are you trying to achieve by rebasing? Pretty sure only those
with commit access can do it and they will when merging.

Re: logrotation best practice 9 months ago

From Konstantin Kulikov to ~sircmpwn/alpine-devel

Logging is still annoying.

Best case is when an application supports writing to a file with
O_APPEND and can reopen it on signal using open/dup2/close.
If it can't, openrc gives you 2 options
output_log - this redirects to a file and can only be rotated using a
racy copy/truncate approach (truncate option in logrotate).
output_logger - this redirects to stdin of another program, not
supported by supervise-daemon and your application will stall if
logger program crashes. This is the approach I use in my services.

% cat /etc/conf.d/victoria-metrics
...
error_logger="logger -t $RC_SVCNAME"

Re: Security problem in how you manage users in package installations 2 years ago

From Konstantin Kulikov to ~sircmpwn/alpine-devel

>Note that this will most like break container installations, which do no
>run services. So you cannot rely on checkpath in an init script to
>created required directories.

Do people actually use alpine in this way?
That would be really surprising to me.
And I have heard no complaints about grafana for example.

>I don’t know how do you define proper logging implementation, but maybe you don’t know about `output_log` and `error_log` parameters. You can use it to “redirect” stdout/stderr to syslog using logger(1) command. See kresd.initd [1] for example.

If only error_logger worked with supervise-daemon.
Even then it does work enough for my small installation, but it is far
from ideal - for example everybody has write access to /dev/log or if
logger is killed service will stall or silently drop logs.

Re: Security problem in how you manage users in package installations 2 years ago

From Konstantin Kulikov to ~sircmpwn/alpine-devel

> Some distros create system users only with predefined uid/gid.

There are ~500 *-openrc packages so I guess it can work.

> A first effective improvement would be, not to lower/remove restrictions
> of _any_ existing user in a kind of black box (installation script from
> admin perspective) during package installation.

adduser fails if user exists so I'm not sure what you mean here.

> Same proceeding would be good for file/directory permissions.
> For this there should be also taken care in e.g. checkpath of
> openrc-scripts. If the admin locks out users of a directory and during
> the next service start by a checkpath the directory becomes world

Re: Security problem in how you manage users in package installations 2 years ago

From Konstantin Kulikov to ~sircmpwn/alpine-devel

How would you improve this situation? Fail package installation if
user exists and is non-system (id >= 1000)?
How do other distros solve conflicts between admin's usernames and
service's usernames?

On Sat, Jun 18, 2022 at 1:00 PM Markus Kolb
<alpinelinux+develml@tower-net.de> wrote:
>
> Hello,
>
> I'm trying to maintain 2 packages I'm using with Alpine and would not
> like to see being removed from the repositories from future releases.
> But I could see that there is some basic problem.
> Currently you are unlocking users in pre-install of packages without any

Re: [PATCH gio 0/3] Physics-based scrollbar 3 years ago

From Konstantin Kulikov to ~eliasnaur/gio-patches

Thanks for the background.
I have not looked at the code and have no plans to do so any time soon.
What I don't understand is if we don't know the size of the content,
how is the scrollbar position even drawn at all? Estimate?
If you're in need of ideas I think there can be several different
types of scrolling:
1. Row height and row count are known (plain text editor for example),
precise scrolling possible
2. Content is arbitrary but low amount (web pages for example) -
layout everything, but draw only what's in viewport, precise scrolling
possible
3. Content is arbitrary and big - only scroll forward and backward.
4. Tables (excel, gdocs) -  scrolling is snapped to rows and you can't
display half of a row (IIRC both excel and gdocs do that), but it's a

Re: [PATCH gio 0/3] Physics-based scrollbar 3 years ago

From Konstantin Kulikov to ~eliasnaur/gio-patches

The first thing I do on new systems is disable all kinds of animations
and smooth scrolling. Added latency is completely unnecessary.

To answer your question - no, it doesn't feel natural at all. When I
click on the scrollbar I expect the position to change instantly.
When I drag I expect content to follow mouse movement precisely.
I know adding "smooth scrolling" is popular these days, but not
everyone is comfortable with that. Maybe add
AnimationSpeed=None/Fast/Default property on Theme?
Also scrolling with mouse wheel and trackball[1] is way too slow,
especially given content size.

[1] Look for ScrollButton option:
https://manpages.debian.org/buster/xserver-xorg-input-libinput/libinput.4.en.html

Re: Text rendering on HiDPI screen 3 years ago

From Konstantin Kulikov to ~eliasnaur/gio

> That’s great. May I ask a screen capture of the kitchen example ?
>
> A 27" 4k screen is 163 DPI, not 192. How do you get 192 DPI ?

https://0x0.st/-pr7.png

I scale UI to 192 because qt and gtk don't exactly work well with 1.5
scaling - some apps work well, others, for example, have big icons
with microscopic text.

Re: Text rendering on HiDPI screen 3 years ago

From Konstantin Kulikov to ~eliasnaur/gio

What Alessandro said.

At 192 DPI text is lighter compared to browser and it's immediately noticeable.

If you're looking for a 4k display I use this one and can recommend it
https://www.tftcentral.co.uk/reviews/acer_nitro_xv273k.htm

Re: Containerised APK builds and security xattrs 3 years ago

From Konstantin Kulikov to ~sircmpwn/alpine-devel

Some packages also use libcap to enable servers to listen on port 80
without root privs.

On Wed, May 5, 2021 at 9:20 AM Timo Teras <timo.teras@iki.fi> wrote:
>
> Hi,
>
> There are multiple reasons why we want the xattrs. Originally it was
> introduced to store the grsec kernel pax flags, and some packages also
> use it to set capabilities for some executables. APK also internally
> uses XATTRs for the file hash, but that happens transparently and never
> hits the disk surface.
>
> It might make sense an abuild option to not include the on-disk xattrs,