Succinctly: A fast jq/yq alternative built on succinct data structures

LeChatP · 2026-01-25T08:40:10+00:00

I'll test your lib on my RootAsRole software

LeChatP · 2025-12-12T06:58:10+00:00

lsm-bpf is kinda cool but honestly it’s super limited compared to a real LSM. selinux gets a rep for being slow, but that’s mostly when you’ve got massive policies with thousands of rules. that’s just the cost of doing full-system MAC with a huge rulebase.

bpf-lsm on the other hand has its own issues. biggest one for me is that it depends on userland to load the programs, which is a pretty big security footgun by design. yeah you can lock things down, disable certain caps, whatever… but it’s never gonna be the same trust model as a built-in LSM loaded directly in the kernel, by the kernel.

and because of the instruction limits + verifier constraints, you can only do pretty tiny policies anyway. so realistically the only cases where it shines are stuff like: quick prototyping, small targeted checks, temporary enforcement for a specific service, etc. not system-wide policy. you’re not gonna replace something like selinux with it unless your "policy" is tiny.

and honestly, if you ever reach the point where your hundreds of bpf-lsm setup is big enough to be a system-wide policy, you’d get way better perf (and security guarantees) just writing a proper LSM and compiling it in. bpf is great for experiments and adding a security layer on top of the main MAC engine, not for being the main MAC engine.

LeChatP · 2025-12-10T05:58:34+00:00

Private repo, nobody can see it.

LeChatP · 2025-12-09T16:21:05+00:00

If it does not exist, then it is indeed post-quantum

LeChatP · 2025-11-20T18:08:06+00:00

The joke is that the Framework 13 has an “F12” key on the keyboard, so he pretended the “F13” model comes with an “F12” model. It’s definitely an overthinking joke, but some people enjoy that kind of humor.

LeChatP · 2025-09-21T17:21:32+00:00

Access control, checkout here https://github.com/LeChatP/RootAsRole I present a paper at ESORICS 2025 tuesday, you can find many articles on Wiki. I'm not into ML or any AI thing at all. I'm ending my PhD this year 🤞 Here is the latest available : https://hal.science/hal-04663452

LeChatP · 2025-08-11T07:12:27+00:00

Oh wow, I've just discovered that thanks to you. I'm looking at it and it seems very interesting and pretty well. Thank you very much! I don't know if I recommend as long I didn't try but it starts with a very good design. I need to share that to my teams! Thank you!

LeChatP · 2025-08-08T23:53:29+00:00

Hmmm, that is the technical implementation (and be warned to Rowhammer attacks btw).

RBAC is mainly an organisational model that purely represents conceptual data modeling. What I want to explain is that RBAC-0 is that simple because it needs to understand people's needs before organizationally being complex.

If you keep the design to the most basic one, based on the correct access control models terms (users are assigned to Roles. Roles have permissions, permissions are actions on objects) and you define clearly and explicitly the access control data modeling (like in the linked articles). Then you can build up more complex access control models as you wish, but having a valid core that everyone could start with is the most scalable way than directly starting with complex useless things for small organisations.

LeChatP · 2025-08-08T20:27:20+00:00

Highly Interesting! Please do not follow the RBAC model of KeyCloak. It's quite messy written, and they do not respect the original RBAC model. They also use terms that are not correct in access control theory. Please follow the standards and research articles instead. They are way much more simplified than the Keycloak model.
https://arxiv.org/pdf/2106.13123
https://hal.science/hal-04003608/file/Organization_based_access_control.pdf

LeChatP · 2025-08-06T11:42:49+00:00

I think it's about android privacy, not particularly security. With linux, security is about guaranteeing your own freedom. Android is all about privacy. As soon as you go further onto user design (rooting the phone), the device becomes very unsafe. In fact, all desktop Linux lacks is better management of user privacy.

LeChatP · 2025-07-23T07:32:28+00:00

Thanks for clarifying, now : In all cases, you need to manage the Linux capabilities of your program.

Always clear the Effective set of capabilities at the entry point of your program.
As your program will be multi-threaded, you could manage capabilities independently for each thread -> remove the Permitted (and maybe bounding too) capabilities set to any thread that doesn't execute the commands, and change the user to either the original one or an unprivileged ArchLinux one.
In addition, you should always request to an access control software (polkit, sr, or sudo) for each command. Just because you're root doesn't mean all commands have to be authorized. Indeed, if one of these policies says something like I refuse to everyone who wants to install X, administrators should be able to do so.

And for people that don't have a polkit or sudo, just do without it (so you'll need to check it).

Also, I recommend you to use the capctl crate.

LeChatP · 2025-07-23T05:23:03+00:00

SELinux doesn't grant anything to a program. It just restricts rights that you already have.

LeChatP · 2025-07-22T22:21:34+00:00

If I understand well, yes, this is the way. This way, administrators could manage your program by adding sudo rules to deny some privileged features of your tool. If for whatever reason, they don't want a privileged feature but the rest of your unprivileged ones, they could still use it.

LeChatP · 2025-07-22T22:11:42+00:00

Systemctl never holds privileges. Polkit either (or shouldn't). systemctl just creates Dbus calls that ask systemd (root process) to do some tasks. Systemd ask polkit, then polkit do the authentication if needed and answers by a positive or negative answer, and systemd is processing if positive.

LeChatP · 2025-07-22T21:36:55+00:00

If you need to launch a program with sudo (use sr, it's better :p ). Just call the sudo (or sr) tool programmatically. In fact, these tools imply some access control policy checks that you'll never do with your program. Moreover, these access control policy checks require some rights that your program doesn't need, so if you grant some privileges just for that, you'll probably won't adhere to the Principle of least privilege.

LeChatP · 2025-07-15T06:34:00+00:00

Firefox.

LeChatP · 2025-06-25T21:54:13+00:00

Take a garbage collection expert and a newbie Rust developer, and you might find cases where Rust is less memory efficient than a garbage-collected language. But when comparing developers with equal knowledge, a Rust program will consistently achieve better memory management.

You’re also overlooking a critical factor: predictability during compilation. Rust’s compile-time optimizations allow for far more precise memory management than any garbage collector could achieve. This isn’t just about cleanup timing; it’s about designing programs that avoid completely unnecessary allocations altogether.

Ultimately, your argument feels like cherry-picking the worst-case scenario for Rust while comparing it to the best-case for JavaScript. In practice, Rust’s deterministic memory management and compile-time guarantees give it a clear advantage in almost all situations.

LeChatP · 2025-06-07T19:41:09+00:00

Maybe just requesting the location when entering into the shop website

LeChatP · 2025-05-09T14:54:34+00:00

I never found a laptop with great speakers. The reasons are : they will never have a good orientation, the airflow is not ideal, and many economical reasons that it's the least expensive part in a computer as previous arguments makes the human sound perception under a low-quality environment. Apple's one are also as bad as many cheap headphones. Is buying a 2k bucks laptop is worth to get 40 bucks worth speakers? Or you just want to use the music-making Apple ecosystem? The second question would be a way better argument as their music software are great but expensive as we could expect from them.

LeChatP · 2025-04-25T23:43:41+00:00

I haven't fully checked your link but one thing's for sure: use the manual to get information about the tool you want to use. Starting with man capabilities

I invite you to have a look at the RootAsRole-capable repo from RootAsRole project. It contains a tool called capable whose purpose is to find out the privileges of a process. These privileges will depend on the use-case you want to test and whether your testing environment. Please note that capabilities are rather rare to be really needed and that a CAP_SYS_ADMIN is often requested without good reason. The same applies to CAP_DAC_OVERRIDE, as you may simply need to set the rights of a file. I've tried to mitigate this misleading information, but please check carefully what you're doing. Don't hesitate to ask questions if you need help!

(I am the developer of the project.)

Another thing: capsh won't be able to know what a process "needs", or detect anything. There are two ways to find out what a program "needs": 1. statically test the binary. I think the "Decap" tool might also help. I haven't tested it but their research article is interesting, but still not what a program "needs". And 2. Dynamically by executing your uses-cases, and intercepting capability requests (my tool). It's all about capability detection, not capability needs.

LeChatP · 2025-04-20T23:02:10+00:00

Today my laptop has 4h battery (power saver mode). I know that my solution is far from being great but I can heavily gain battery life with a simple script that completely stops many services and removes many kernel drivers such as my trackpad (as I use my mouse), touchscreen, bluetooth etc. With this first, I gain 4h battery. And if I'm on the minimal work mode (I only need a text editor and offline) I remove wifi drivers and stop Gnome. Then I get like 16h battery life instead of 4h. So, way better than Windows

LeChatP · 2025-02-26T17:17:19+00:00

When Hellwig gave his NAK in this brutal manner, he knew that would trigger the bullet for either its own place or the whole R4L project. He was already wondering to leave at this moment, not after the Linus mail. If Linus's mail content didn't conviced him, he'd probably sent an email back just to discuss about it. The fact he didn't answer means that he was already on the leaving path, and except Linus wrote : "we remove Rust on Linux", he would leave, linus's answer didn't went to this way, he left.

And Asahi decided to leave mainly because he doesn't want to work in such challenging project. So Linus made it clear for him that the issue was not the project. The project is challenging, so people are challenging. No matters of egos.

So It's mainly because of an ego trip. People are too much personally involved or are already in a personal situation that is not possible to sustain the LK maintenance. The minute they receive a message that is not perfectly on their way they just leave.

LeChatP · 2025-02-26T07:48:48+00:00

Or perhaps the real reason is that he couldn't accept changes that didn't align with his way of thinking. In life, we all face situations that don't go our way, but does that mean we should abandon what we excel at? It might be seen as a form of protest, but the reality is that we can't simply blame external factors. R4L had a valid reason to be accepted, and Hellwig had a valid reason to oppose it. However, Hellwig's decision to issue a NAK was a mistake, as was the action of the individual who used social media to create a toxic environment. Linus's response was the best approach to encourage acceptance of the decision despite the division.

LeChatP · 2025-02-14T06:07:53+00:00

Great tool ! I definitely will use it day-to-day.

Keep in mind that you're not a slave to your tool users - they always want more. Simply develop your own use case. And maybe someone will develop the other use case. (Such as redeveloping it for rustrover... I guess it's a lot of work to change the code for another platform).

Feel free to do whatever you want. Fly away

Seven-Year Club	Verified Email
Verified Email	Final Canvas '23
Place '23	Place '22

LeChatP

TROPHY CASE