From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 0BECD4BB8;
	Mon, 25 Aug 2025 11:55:05 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 124044BA0; Mon, 25 Aug 2025 11:55:03 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fout-b2-smtp.messagingengine.com
 (fout-b2-smtp.messagingengine.com [202.12.124.145])
	by atuin.qyliss.net (Postfix) with ESMTPS id 96E934B9A
	for <discuss@spectrum-os.org>; Mon, 25 Aug 2025 11:55:00 +0000 (UTC)
Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44])
	by mailfout.stl.internal (Postfix) with ESMTP id 3732E1D000A9;
	Mon, 25 Aug 2025 07:54:58 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-04.internal (MEProxy); Mon, 25 Aug 2025 07:54:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:message-id:mime-version:reply-to:subject:subject:to:to; s=fm2;
	 t=1756122898; x=1756209298; bh=SUGnEh1nDnnwuGR66oLPEBOAWV44+KBr
	6g7Gi+toYh0=; b=Bq1eB2VdGfA1qJRZsmpGRt47ALSIDw1ohJamtu8zObpzo/th
	aLthlbJMF4TsmHBpXSgUNdVii6Wko9iHw3t6ev+UNGbQYUrnDZo00zumLwhGrVID
	edBMq3qXkDoMbfbVFUOGrsXUDUrrOTG0xk65w6rMTu7BbBmr8jhY7XwHDwZenXvq
	2zFJlrdWFiVpDYPuKyZnOdE+AVeoi6+Fh+YMWJS9lG4OHj1Ivl7Qr1y76dLKH1B1
	GChOAC6JOUrFgDVpKMn+EhBaDtQJ0bjcQIQvTT/fPyo5jqOPr66ZNpbvMgJHFyvN
	o+iNJViPNvUBTjbG9pvP6DeuXrgfmsXEBEaobA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:message-id
	:mime-version:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1756122898; x=
	1756209298; bh=SUGnEh1nDnnwuGR66oLPEBOAWV44+KBr6g7Gi+toYh0=; b=V
	G5Ydx0AIV+G0nb2bXJtfrpmB6QM86Zw3Je281swmHJcTf6Cyc/WLck57M0GvHLMQ
	NkwZB6MmJp1QAnf/1iweSeK2o3aRtdCC1WDCZ+bleTufO6IIG1j/ImHOT1OYK3WC
	GIa2cDD9pkGYoELxi3pSkrwEFx9nUjHlpIdplrRmFCnqw5al9Ci1O+1i28Pk22TJ
	TG3QLQW8RL/YNS7VFRsBElbVU2WmWy8yRvSx4U6oHdiEqEQst9rQHjleNcuuFPMm
	m6Zq9Wol7UhxG5bLM7Dx4gQkudT6/uHJe0APvfwuvqzrZzowLM6saSuYSzpUaSFG
	kfIvfXYARE2zTE6xjR5cg==
X-ME-Sender: <xms:EU-saFIZbBtWaoV-HalL7DyAfvy79Cl50yH6gHME7QJwYOLHaRU9KA>
    <xme:EU-saKwm8xqH62juUNAhUQbbn3y0lTZSTm4bO_wnnFu9hlrPMnquZfRW_uZfOs3BP
    397kg7MWBGozI5_Ow>
X-ME-Received: 
 <xmr:EU-saNv2p2538uAshWYrmD-unsF0deqWVLvAJewL8WveaHgg5q104pa8cLqRSKYzfA>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgddujedvfedvucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf
    gurhephffvvefufffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcutfho
    shhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpedtuddvheelje
    ffvdethfetffeftefghfdtvedtleduleehiefgffettdejjedtueenucffohhmrghinhep
    shhpvggtthhruhhmqdhoshdrohhrghdpghhithhhuhgsrdgtohhmpdhkvghrnhgvlhdroh
    hrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehh
    ihesrghlhihsshgrrdhishdpnhgspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouh
    htpdhrtghpthhtohepuggvmhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgtphht
    thhopeguihhstghushhssehsphgvtghtrhhumhdqohhsrdhorhhgpdhrtghpthhtohephi
    hukhgrseihuhhkrgdruggvvh
X-ME-Proxy: <xmx:EU-saJvlrrVYYcgmZCWcRV_zGr2qsLGCSwLzwW_EJ_EuV7wffjp-eg>
    <xmx:EU-saKOIb3t0Ivyg3VG3hLMfjk7wujrny2Vpl6bLns4q7-po4RJf-w>
    <xmx:EU-saP0a5X3extJZChi4M_SDe9MxyMdAeknjI1qvDwlNYbYEN1Wspw>
    <xmx:EU-saONMmcKdd1N9CrFfBaIHMxseKfvbh48BDONTY6MFOdJjTtvBSg>
    <xmx:Ek-saIg5t6zUh7G68bf6pBKcO5sSWROQkVIkNefpZxTtleqe9eoZvBko>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 25 Aug 2025 07:54:57 -0400 (EDT)
Received: by rock.qyliss.net (Postfix, from userid 1000)
	id 4E1CE187AD2; Mon, 25 Aug 2025 13:54:46 +0200 (CEST)
From: Alyssa Ross <hi@alyssa.is>
To: discuss@spectrum-os.org
Subject: This Week in Spectrum, 2025-W34
Date: Mon, 25 Aug 2025 13:54:43 +0200
Message-ID: <87v7mbty4c.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: F2HILZDYRENKGIGQALEM5IZUA4QTNBRC
X-Message-ID-Hash: F2HILZDYRENKGIGQALEM5IZUA4QTNBRC
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-discuss.spectrum-os.org-0;
 header-match-discuss.spectrum-os.org-1;
 header-match-discuss.spectrum-os.org-2;
 header-match-discuss.spectrum-os.org-3;
 header-match-discuss.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>, Yureka <yuka@yuka.dev>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: General high-level discussion about Spectrum
 <discuss.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/message/F2HILZDYRENKGIGQALEM5IZUA4QTNBRC/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/>
List-Help: <mailto:discuss-request@spectrum-os.org?subject=help>
List-Owner: <mailto:discuss-owner@spectrum-os.org>
List-Post: <mailto:discuss@spectrum-os.org>
List-Subscribe: <mailto:discuss-join@spectrum-os.org>
List-Unsubscribe: <mailto:discuss-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain

This week, we've seen the first results from Yureka's work on Spectrum's
new networking stack posted to the mailing list[1].  The draft
submission modifies the networking VM to forward packets using XDP
between physical interfaces attached to the VM and a virtual interface
that will be provided by the host system.  She has also been working on
getting the required dependencies into Nixpkgs: updating[2] libbpf to a
version that includes her recently accepted bugfix[3], and fixing
a musl build issue[4][5].

[1]: https://spectrum-os.org/lists/archives/spectrum-devel/20250823222134.1772413-1-yureka@cyberchaos.dev/
[2]: https://github.com/NixOS/nixpkgs/pull/435918
[3]: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6c6b4146deb12d20f42490d5013f2043df942161
[4]: https://github.com/libbpf/libbpf/pull/919
[5]: https://github.com/NixOS/nixpkgs/pull/436237#discussion_r2296245797

Demi has been experimenting with using the systemd service manager on
the Spectrum host system.  The main motivation was systemd's service
hardening capabilities.  I think we will probably stick with s6 for now,
having discovered that we can likely get a similar level of hardening
with standalone sandboxing tools, and just creating users for VM
services at VM import time, but I wouldn't be surprised if we revisit
systemd again in future, and am open to the switch at some point in
future if it will be of benefit to Spectrum.  I also understand that her
work has resulted in a number of service manager-independent
improvements to Spectrum that we should see posted soon.

As for me, it's been recovering from the second (final) round of dental
surgery, the usual Nixpkgs and server maintenance, and most of all
getting the new grant all finalized, which I'm hoping is now basically
done.  I'm looking forward to actually getting back to proper work
soon. :)

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmisTwMACgkQ+dvtSFmy
ccDr1A//d+drWUbqo5AskyYAcE/pMHtjIbjKVRYeVMnLwtP2+ywAwIadbBmomt9M
hwp+bTPE9YISoGzEVyzRzAjUCQb0rzl9g77uWu8QRy0iNYbk4oOB7YlTN5cVFap5
/hgKMvojtX5VGIia36lkzj9zhZ4gx4577GG38U2XC24kFZ7Wc7ZkWXhdCYUd8UGT
XMdRXeaxUOSYuC23bZj7rmkU/cc60RijC5R1MwvcbPObpy3R62fwM2tTMfhxUGpb
paZdO4k9Peq77YhZIcVEVdsCOX9Z5EVBTfUBHM0R0fc7bIhfBfia8ly/rqt6J9us
KbJ0BWpE0bB3mh8aCTO4w7NrOso7RnXvci8IBXO6vEoJmcJHqi7l5BNlmOr4mLCl
NWDndf7Ecvd1MK9SyMgg23rUVCGvy82PLZKmjEr0BWLjKZwhWQGCI2z3zKiY/tbN
vJGfZb7QfS94Mhf+9aNgyklTKwe5TTNIBLFrxI5fc3n3xHubW7hjAC0h8YUZrWJ8
iGd5lxEL76TZSNbr50pT6PWljnd1gCFuMd3CVp08lzoaF+ZXKsp/0flMBM0szQb8
i0swpom0ukOdc4tHhpZIOmUH/ryRJ2bEV5rHEa9IR6kWZu02TYS+asHprUGEIwYt
9y3tAD0rWjcqyE0Vm1DPlHiL+wzlKBRECHgkPt0Kph9gDBpSKz4=
=xCdb
-----END PGP SIGNATURE-----
--=-=-=--