[BRLTTY] Nos braille ouput through Orca since 6.2

Mon Mar 15 12:48:16 EDT 2021

[quoted lines by Didier Spaier on 2021/03/15 at 16:00 +0100]

>> A properly configured system boots with a clean /run/ (i.e. /run/ is in a
>tmpfs) so that shouldn't be necessary. I recommend removing that line
>altogether.
>
>I will have to assess the consequences. Patrick Volkerding wrote it, I have
>to first understand why before making such a change in the main startup
>script.

Sure, but the real question is why wiping out that directory - a very destructive operation - was being done in the first place.

>But there was no issue with brltty-6.1

Things like this change from one release to the next. Why destroying needed data was okay before and now isn't is an issue not worth debating. The real issue is why needed data was being destroyed in the first place.

>> I'm not. This is just the way all good apps are designed these days.
>
>Really? Next questions from 3 1/2 yo grandson would probably be:
>What is a good app?

In the context of the question at hand - why brltty should be run with least privilege - the answer is that an app has become better than it used to be if it has become less susceptible to being hacked. So, to put it as simple as possile, a good app is one that can be trusted. Now, we've always strived to ensure that brltty, when run with full privileges, can be trusted, but (asks that hypothetical young grandson) what's wrong with a bit of additional security.

Please do note that running brltty with less than full privileges is optional. You need to specifically configure it to run that way. If you think it's okay to expose your system to greater (albeit the same as it's always been till now) risk then, by all means, do so. We're aren't here to tell you how to configure your system. We're here to give you choices. If it's your opinion that we've wasted our time on this one then that's okay. I disagree!

>And why are these designed this way these days?

Because there are people out there who pride themselves in doing whatever they can to destroy companies, organizations, people, etc. Why do you lock your door, especially when you aren't at home? Because there are thieves. Why, when we can do something, shouldn't we make our software just a little bit safer to use.

>But I'm Didier not Lucas, so feel free to not answer :-)

For one thing, who's Lucas? For another, I'm always willing to answer. I don't mind it at all when people disagree with me. I implicitly 100% trust the Bible and have been seriously ridiculed for that. I believe that abortion is a mother using a doctor as a hench person to have her unwanted baby murdered and have been seriously ridiculed for that. Anyone who wants to upset me will have to try much harder. :-)

>I'm not paid either to maintain Slint, but that doesn't bother me at all.

As it shouldn't.

>System integration is my hobby, and that it can help a few is rewarding enough.

Yes, and we're no different. And, to the current issue, we feel that it's well worth our time to improve the security of our software.

>> Please send a log with -ldebug,async that shows what's going on.
>
>Attached. The root partition being still mounted ro I just wrote:
>
>mount -rw UUID="3C8C-1441" /mnt/tmp #This is on an US stick
>...
>/bin/brltty -b tt -d /dev/tty3  -ldebug,usb,async -L/mnt/tmp/brlttylog1
>
>the ",usb" is pointless (no physical braille display) but doesn't hurt, I
>assume.
>
>killal brltty just stop the output on /dev/tty3 but doesn't kill the daemon.
>I didn't check if the log goes beyond the SIGTERM, if necessary I will.

Thanks. I'll have a look at it and respond in a later message.

-- 
I believe the Bible to be the very Word of God: http://Mielke.cc/bible/
Dave Mielke            | 2213 Fox Crescent | WebHome: http://Mielke.cc/
EMail: Dave at Mielke.cc  | Ottawa, Ontario   | Twitter: @Dave_Mielke
Phone: +1 613 726 0014 | Canada  K2A 1H7   |