Aim to base helloSystem on supported FreeBSD 12.2-RELEASE-p4 or 13.0-RELEASE

[grahamperrin]

DRM

#1

From https://old.reddit.com/r/freebsd/comments/lgjuab/-/gn3t3qi/?context=1 for three relevant packages from latest:

grahamperrin@freebsd:/usr/home/grahamperrin $ su -
root@freebsd:~ # kldload /boot/modules/i915kms.ko
root@freebsd:~ # kldstat
Id Refs Address                Size Name
1   37 0xffffffff80200000  227ae70 kernel
2    1 0xffffffff8247b000   667e20 openzfs.ko
3    1 0xffffffff83011000     2698 intpm.ko
4    1 0xffffffff83014000      b40 smbus.ko
5    1 0xffffffff83015000    2eb93 vboxguest.ko
6    1 0xffffffff83044000     88c0 tmpfs.ko
7    1 0xffffffff8304d000   12bf6c i915kms.ko
8    1 0xffffffff83179000    75e10 drm.ko
9    4 0xffffffff831ef000    12d30 linuxkpi.ko
10    3 0xffffffff83202000    13f30 linuxkpi_gplv2.ko
11    2 0xffffffff83216000      6d0 debugfs.ko
root@freebsd:~ # pkg query '%o %v %R' drm-kmod drm-fbsd12.0-kmod gpu-firmware-kmod
graphics/drm-kmod g20190710_1 FreeBSD
graphics/drm-fbsd12.0-kmod 4.16.g20201016_1 FreeBSD
graphics/gpu-firmware-kmod g20201213 FreeBSD
root@freebsd:~ # date ; uptime ; uname -a
Fri Feb 12 21:40:02 UTC 2021
9:40PM  up 4 mins, 2 users, load averages: 0.29, 0.32, 0.15
FreeBSD freebsd 12.2-RELEASE-p3 FreeBSD 12.2-RELEASE-p3 GENERIC  amd64
root@freebsd:~ # freebsd-version -kru
12.2-RELEASE-p3
12.2-RELEASE-p3
12.2-RELEASE-p3
root@freebsd:~ # grep url /etc/pkg/FreeBSD.conf 
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
root@freebsd:~ #

• success.

OpenZFS

From #125 (comment):

… it's reasonable to assume that this build will include sysutils/openzfs-kmod.

FreeBSD 12.2-RELEASE-p3 with the kernel module built from a 12.2 jail for quarterly:

2021-02-12.22.03.FreeBSD.12.2-RELEASE-p3.with.openzfs-kmod.from.quarterly.mp4

• success.

ksnip

#17 (2020-11-21)

ISO/settings/packages.hello

Line 68 in 9c09b32

# Take screenshots; FIXME: Replace by ksnip once it does not segfault anymore

A fixed version in quarterly:

grahamperrin@freebsd:/usr/home/grahamperrin $ pkg search ksnip
ksnip-1.7.3_1                  Screenshot and annotation tool
grahamperrin@freebsd:/usr/home/grahamperrin $ grep url /etc/pkg/FreeBSD.conf
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly",
grahamperrin@freebsd:/usr/home/grahamperrin $ 

https://www.freshports.org/graphics/ksnip#history 1.7.3_1 committed 2020-12-30.

[probonopd]

Keep in mind that we cannot use quarterly packages because packages can disappear there from one day to the next, preventing us from doing ISO builds.

And we can only switch to 12.2 once we have a compatible Intel DRM package.

Which means (if I am not mistaken) that we can only switch to 12.2 once the Intel DRM package in last quarter's packages is compatible with 12.2.

So, at least another quarter to wait?

[grahamperrin]

… packages can disappear … from one day to the next, …

Disappearances should be infrequent (and annoyances should be avoidable). Maybe raise a separate issue for this, for a focused investigation that's not scattered across multiple issues.

… compatible Intel DRM package. …

Above, kldload /boot/modules/i915kms.ko – is this kernel module not what's required?

[probonopd]

Above, kldload /boot/modules/i915kms.ko – is this kernel module not what's required?

I think it is - but does it work? #1

[grahamperrin]

File systems support

From helloSystem/docs@5414719:

• exFAT (Windows) once available in quarterly packages

– and:

• EXT4 (Linux) once available in quarterly packages

https://github.com/vermaden/automount describes sysutils/fusefs-ext4fuse, https://www.freshports.org/sysutils/fusefs-ext4fuse/#history that's removed ∴ vermaden/automount#26

Instead: sysutils/fusefs-ext2.

Available, logged:

1. http://beefy2.nyi.freebsd.org/data/122amd64-quarterly/563981/logs/exfat-utils-1.3.0.log
2. http://beefy2.nyi.freebsd.org/data/122amd64-quarterly/563981/logs/fusefs-exfat-1.3.0.log
3. http://beefy2.nyi.freebsd.org/data/122amd64-quarterly/563981/logs/fusefs-ext2-0.0.10_2.log

[grahamperrin]

f73b9d6 hello-0.5.0_0E5-FreeBSD-12.2-amd64.iso pre-release currently at https://github.com/helloSystem/ISO/releases/tag/experimental-12.2 is:

• 12.2-RELEASE
• not 12.2-RELEASE-p3

[grahamperrin]

@probonopd I suspect, no not great value in having hello-0.5.0_0E5-FreeBSD-12.2-amd64.iso alongside hello-0.5.0_0E5-FreeBSD-12.1-amd64.iso …

… consider withdrawing hello-0.5.0_0E5-FreeBSD-12.2-amd64.iso.

Thanks

[probonopd]

For me the question is which FreeBSD version the next helloSystem version, 0.5.0 (~March 2021) should be based on. The experimental builds right now are building towards the upcoming 0.5.0. (The mid-term question will be whether 1.0.0 will be 13-based...).

I must have overlooked the difference between RELEASE and RELEASE-p3 (still leearning FreeBSD versioning). What I am looking for is "the latest security-patched RELEASE in the 12 series" - ideally without having to manually track p1, p2,... (is there a wy to say "latest 12 RELEASE"?)

And the question is, can any 12 later than 12.2 currently work properly (including Intel GPU drivers) with last quarter's packages (because quarterly seems to have missing packages from one day to the next)?

[probonopd]

freebsd-12-2-release-p3-amd64 does not exist as an instance name on Cirrus CI (which is using Google Cloud Computing Engine instances).

[grahamperrin]

freebsd-12-2-release-p3-amd64 does not exist as an instance name on Cirrus CI …

helloSystem documentation refers to https://cirrus-ci.com/ but it's somewhat mysterious.

How can I tell what does exist?

---

#135 (comment)

say "latest 12 RELEASE"

freebsd-update upgrade -r 12.2-RELEASE

• begins an upgrade to the latest version of 12.2-RELEASE, which is currently patch level 3 i.e. 12.2-RELEASE-p3.

Patch levels and security advisories

Thanks to debdrup in freenode (@debdrup in GitHub?) I recently learnt of this unnoficial page:

• FreeBSD Patch Level Table

Under https://bokut.in/freebsd-patch-level-table/#releng/12.2

• we have 12.2-RELEASE-p2 with reference to its one related SA
• we do not yet have 12.2-RELEASE-p3 with reference to its two related SAs.

Posted to Reddit, unfortunately neither post was allowed:

• https://www.reddit.com/r/freebsd/comments/l92s5g/-/
• https://www.reddit.com/r/freebsd/comments/l92r3p/-/

[grahamperrin]

… can any 12 later than 12.2 currently work properly … with last quarter's packages …

It's simple to test this for yourself with hello-0.5.0_0E6-FreeBSD-12.2-amd64.iso and VirtualBox. I'll make a screen recording to help you …

[grahamperrin]

It's simple

Unfortunately not. This is a show-stopper to reasonable testing:

For my everyday system with 2,019 packages from latest, few vulnerabilities:

root@mowa219-gjp4-8570p:~ # grep url /etc/pkg/FreeBSD.conf
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
root@mowa219-gjp4-8570p:~ # pkg audit --quiet
openexr-2.5.4
ilmbase-2.5.4
root@mowa219-gjp4-8570p:~ # pkg audit --recursive
openexr-2.5.4 is vulnerable:
openexr, ilmbase -- security fixes related to reading corrupted input files
WWW: https://vuxml.FreeBSD.org/freebsd/98044aba-6d72-11eb-aed7-1b1b8a70cc8b.html

Packages that depend on openexr: gimp-app, gimp, gimp-gutenprint, opencv,
digikam, frei0r-plugins-opencv, frei0r-plugins, kdenlive, kdemultimedia,
shotcut, gegl, gnome-photos, gnome-utils, gnome3, kio-extras, dolphin,
kf5-kimageformats

ilmbase-2.5.4 is vulnerable:
openexr, ilmbase -- security fixes related to reading corrupted input files
WWW: https://vuxml.FreeBSD.org/freebsd/98044aba-6d72-11eb-aed7-1b1b8a70cc8b.html

Packages that depend on ilmbase: gimp-app, gimp, gegl, gnome-photos, kio-extras,
dolphin, kf5-kimageformats

2 problem(s) in 2 installed package(s) found.
root@mowa219-gjp4-8570p:~ # 

For helloSystem with some packages from release_2:

date ; uptime ; uname -a
Wed Feb 17 23:58:27 EST 2021
11:58PM  up  1:20, 0 users, load averages: 0.39, 0.39, 0.42
FreeBSD FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE r366954 GENERIC  amd64
root@FreeBSD:/usr/home/liveuser # freebsd-version -kru
12.2-RELEASE-p3
12.2-RELEASE
12.2-RELEASE-p3
root@FreeBSD:/usr/home/liveuser # pkg audit --quiet | sort
curl-7.72.0
freetype2-2.10.2_1
jasper-2.0.21
libexif-0.6.21_5
mysql57-client-5.7.31_1
mysql57-server-5.7.31_1
p11-kit-0.23.21
raptor2-2.0.15_14
samba410-4.10.18
sudo-1.9.3p1
tmux-3.1b
xorg-server-1.20.9,1
root@FreeBSD:/usr/home/liveuser # 

Worst amongst those might be sudo, the fix for which is already in latest and quarterly for FreeBSD:11:amd64 FreeBSD:12:amd64 FreeBSD:13:amd64 and FreeBSD:14:amd64:

• https://svnweb.freebsd.org/ports?view=revision&revision=562997
• https://www.freshports.org/security/sudo/#packages
• https://www.theregister.com/2021/01/26/qualys_sudo_bug/

pkg audit --recursive
samba410-4.10.18 is vulnerable:
samba -- Multiple Vulnerabilities
CVE: CVE-2020-14383
CVE: CVE-2020-14323
CVE: CVE-2020-14318
WWW: https://vuxml.FreeBSD.org/freebsd/9ca85b7c-1b31-11eb-8762-005056a311d1.html

Packages that depend on samba410: gvfs

xorg-server-1.20.9,1 is vulnerable:
xorg-server -- Multiple input validation failures in X server XKB extension
CVE: CVE-2020-25712
CVE: CVE-2020-14360
WWW: https://vuxml.FreeBSD.org/freebsd/76c8b690-340b-11eb-a2b7-54e1ad3d6335.html

Packages that depend on xorg-server: slim, xf86-video-vesa, xf86-video-scfb,
xf86-video-cirrus, xf86-video-ati, xf86-input-mouse, xf86-input-libinput,
xf86-input-keyboard, xf86-input-evdev

libexif-0.6.21_5 is vulnerable:
libexif -- multiple vulnerabilities
WWW: https://vuxml.FreeBSD.org/freebsd/cff0b2e2-0716-11eb-9e5d-08002728f74c.html

Packages that depend on libexif: lximage-qt, libfm-qt, libgphoto2, gvfs

freetype2-2.10.2_1 is vulnerable:
freetype2 -- heap buffer overlfow
CVE: CVE-2020-15999
WWW: https://vuxml.FreeBSD.org/freebsd/458df97f-1440-11eb-aaec-e0d55e2a8bf9.html

Packages that depend on freetype2: libreoffice, openjdk8, wx31-gtk3, audacity,
gstreamer1-plugins-a52dec, gstreamer1-plugins-core, gstreamer1-plugins-mpg123,
gstreamer1-plugins-png, gstreamer1-plugins-dts, gstreamer1-plugins-dvdread,
gstreamer1-plugins-resindvd, gstreamer1-plugins-theora,
gstreamer1-plugins-pango, gstreamer1-plugins-ugly, gstreamer1-plugins-good,
gstreamer1-plugins-vorbis, openbox, slim, qt5-webengine, xterm, poppler-qt5,
qpdfview, imlib2, gstreamer1-plugins-ogg, tk86, ssvnc, tk-wrapper, poppler,
ghostscript9-agpl-base, libgd, libgphoto2, webkit2-gtk3, gstreamer1-plugins-gl,
harfbuzz-icu, gtk3, libcanberra-gtk3, kf5-knotifications, kf5-purpose,
kf5-kparts, kf5-kio, kf5-kwallet, falkon, kaccounts-integration,
signon-kwallet-extension, kf5-kdewebkit, libappindicator, screenkey, arandr,
libdbusmenu, gnome-online-accounts, gvfs, libgdata, gcr, librsvg2, ffmpeg,
gstreamer1-libav, mpv, webcamoid, libass, gstreamer1-plugins-bad,
qt5-multimedia, libXfont2, xorg-server, gstreamer1-plugins, qt5-webkit,
signon-ui, kf5-kdesignerplugin, akonadi, pango, libcanberra, redshift, dunst,
djvulibre, gnome-mount, policykit-gnome, gconf2, adwaita-icon-theme, gtk2,
cairo, libspectre, py37-gobject3, libaccounts-glib, libaccounts-qt5,
accounts-qml-module, system-config-printer, graphene, py37-cairo, libXft, lmms,
fltk, qt5-gui, ksnip, kImageAnnotator, kf5-kirigami2, kf5-kcmutils, signon-qt5,
signon-plugin-oauth2, kf5-kdeclarative, qt5-designer, kf5-kplotting,
kf5-kbookmarks, kf5-solid, kf5-kded, kf5-kjobwidgets, kf5-kxmlgui, pinentry-qt5,
kf5-attica, kf5-ktextwidgets, kf5-kglobalaccel, phonon-qt5, kf5-sonnet,
qt5-speech, kf5-kservice, kf5-kiconthemes, kf5-kcompletion, kf5-kcrash,
kf5-kitemviews, kf5-kconfigwidgets, kf5-kauth, kf5-kguiaddons, kf5-kconfig,
kf5-kpackage, kf5-kwidgetsaddons, qt5-uitools, qt5-uiplugin, py37-qt5-webengine,
qt5-assistant, lximage-qt, featherpad, qterminal, dsbmixer, lxqt-globalkeys,
qt5-graphicaleffects, libdbusmenu-qt5, kf5-kdbusaddons, py37-qt5-printsupport,
py37-qt5-webchannel, qt5-help, libfm-qt, qtermwidget, liblxqt, qt5-location,
polkit-qt-1, libqtxdg, kf5-kwindowsystem, py37-qt5-qml, qt5-x11extras,
py37-qt5-widgets, hello, wpa_supplicant_gui, py37-qt5-gui, qt5-quickcontrols,
qt5-quickcontrols2, qt5-svg, qt5-imageformats, qt5-opengl, qt5-declarative,
kf5-kitemmodels, qt5-sensors, kf5-ki18n, kf5-kdoctools, qt5-webchannel,
qscintilla2-qt5, py37-qt5-dbus, py37-qt5-network, py37-qt5-core,
qt5-printsupport, qt5-widgets, kColorPicker, harfbuzz, fontconfig, mkfontscale,
crosextrafonts-caladea, crosextrafonts-carlito, GentiumBasic, linuxlibertine-g,
twemoji-color-font-ttf, font-awesome, wqy-fonts, liberation-fonts-ttf, dejavu,
xorg-fonts-truetype, font-bh-ttf, font-misc-ethiopic, font-misc-meltho

raptor2-2.0.15_14 is vulnerable:
raptor2 -- buffer overflow
CVE: CVE-2017-18926
WWW: https://vuxml.FreeBSD.org/freebsd/07c7ae7a-224b-11eb-aa6e-e0d55e2a8bf9.html

Packages that depend on raptor2: libreoffice, redland, rasqal

jasper-2.0.21 is vulnerable:
jasper -- heap overflow vulnerability
CVE: CVE-2020-27828
WWW: https://vuxml.FreeBSD.org/freebsd/85349584-3ba4-11eb-919d-08002728f74c.html

Packages that depend on jasper: qt5-imageformats

p11-kit-0.23.21 is vulnerable:
p11-kit -- Multiple vulnerabilities
CVE: CVE-2020-29363
CVE: CVE-2020-29362
CVE: CVE-2020-29361
WWW: https://vuxml.FreeBSD.org/freebsd/fdc49972-3ca7-11eb-929d-d4c9ef517024.html

Packages that depend on p11-kit: gvfs, libgdata, gnome-online-accounts, gcr,
glib-networking, libsoup-gnome, libsoup, gnutls

curl-7.72.0 is vulnerable:
cURL -- Multiple vulnerabilities
CVE: CVE-2020-8286
CVE: CVE-2020-8285
CVE: CVE-2020-8284
WWW: https://vuxml.FreeBSD.org/freebsd/3c77f139-3a09-11eb-929d-d4c9ef517024.html

Packages that depend on curl: libreoffice, libcmis, raptor2, mysql57-server,
akonadi, mysql57-client, qt5-sqldrivers-mysql, hw-probe, py37-pycurl,
system-config-printer, liboauth, libgdata, git-lite

mysql57-server-5.7.31_1 is vulnerable:
MySQL -- Multiple vulnerabilities
CVE: CVE-2020-14771
CVE: CVE-2020-14791
CVE: CVE-2020-14860
CVE: CVE-2020-14838
CVE: CVE-2020-14873
CVE: CVE-2020-14867
CVE: CVE-2020-14870
CVE: CVE-2020-14672
CVE: CVE-2020-14869
CVE: CVE-2020-14799
CVE: CVE-2020-14844
CVE: CVE-2020-14790
CVE: CVE-2020-14786
CVE: CVE-2020-14893
CVE: CVE-2020-14891
CVE: CVE-2020-14888
CVE: CVE-2020-14868
CVE: CVE-2020-14866
CVE: CVE-2020-14861
CVE: CVE-2020-14845
CVE: CVE-2020-14839
CVE: CVE-2020-14837
CVE: CVE-2020-14809
CVE: CVE-2020-14794
CVE: CVE-2020-14793
CVE: CVE-2020-14785
CVE: CVE-2020-14777
CVE: CVE-2020-14773
CVE: CVE-2020-14812
CVE: CVE-2020-14804
CVE: CVE-2020-14789
CVE: CVE-2020-14814
CVE: CVE-2020-14852
CVE: CVE-2020-14848
CVE: CVE-2020-14829
CVE: CVE-2020-14821
CVE: CVE-2020-14776
CVE: CVE-2020-14760
CVE: CVE-2020-14827
CVE: CVE-2020-14800
CVE: CVE-2020-14846
CVE: CVE-2020-14836
CVE: CVE-2020-14830
CVE: CVE-2020-14769
CVE: CVE-2020-14765
CVE: CVE-2020-14775
CVE: CVE-2020-14828
CVE: CVE-2020-14878
WWW: https://vuxml.FreeBSD.org/freebsd/4fba07ca-13aa-11eb-b31e-d4c9ef517024.html

mysql57-server-5.7.31_1 is vulnerable:
MySQL -- Multiple vulnerabilities
WWW: https://vuxml.FreeBSD.org/freebsd/31344707-5d87-11eb-929d-d4c9ef517024.html

Packages that depend on mysql57-server: akonadi

sudo-1.9.3p1 is vulnerable:
sudo -- Potential information leak in sudoedit
CVE: CVE-2021-23239
WWW: https://vuxml.FreeBSD.org/freebsd/6193b3f6-548c-11eb-ba01-206a8a720317.html

sudo-1.9.3p1 is vulnerable:
sudo -- Multiple vulnerabilities
CVE: CVE-2021-3156
WWW: https://vuxml.FreeBSD.org/freebsd/f3cf4b33-6013-11eb-9a0e-206a8a720317.html

Packages that depend on sudo: 

tmux-3.1b is vulnerable:
tmux -- stack overflow in CSI parsing
WWW: https://vuxml.FreeBSD.org/freebsd/8827134c-1a8f-11eb-9bb0-08002725d892.html

Packages that depend on tmux: 

mysql57-client-5.7.31_1 is vulnerable:
MySQL -- Multiple vulnerabilities
WWW: https://vuxml.FreeBSD.org/freebsd/31344707-5d87-11eb-929d-d4c9ef517024.html

Packages that depend on mysql57-client: libreoffice, mysql57-server, qt5-sqldrivers-mysql

14 problem(s) in 12 installed package(s) found.
root@FreeBSD:/usr/home/liveuser # 

[probonopd]

This means that we really need to find a way to make quarterly work for us, rather than having to use last quarter's packages...

If only this could be solved FreeBSD-wide. I would really rather not want to have to maintain a private mirror of the packages.

[grahamperrin]

… I would really rather not want to have to maintain a private mirror of the packages.

▶ #141 (comment)

[grahamperrin]

With reference to 12.2-RELEASE-p4:

1. [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:06.microcode
2. [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:07.caroot
3. [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:08.freebsd-update
4. [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:03.pam_login_access
5. [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:04.jail_remove
6. [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:05.jail_chdir
7. [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:06.xen

Important

FreeBSD-EN-21:08.freebsd-update fixes the bug that caused #115 #136 and #137

1744e6d prevents upgrades to packages with helloSystem and so, increases the risk of problems. Again: please revert this commit; it's excessive.

[probonopd]

When deciding on whether to base the next version on 12.x or on 13, we need to factor in that GPU acceleration may be severly limited in 13:

#22 (comment)

Also, this currently blocks us from using 13:
#32

(Unless we can get rid of gvfs which would be the best solution)

[probonopd]

0.5.0 will be based on 12.2 thanks to the help of @crees with the Intel GPU driver.

I don't know about -p4 or how to download it.

[grahamperrin]

Thanks,

I don't know about -p4

#135 (comment) above described patch levels and security advisories and:

patch level 3 i.e. 12.2-RELEASE-p3.

– so -p4 is patch level 4.

#135 (comment) above listed, and linked to, the four security vulnerabilities that were fixed at patch level 4.

I don't have a readily available list of security vulnerabilities that were fixed by levels 1, 2 or 3.

12.2-RELEASE is a huge step in the right direction ☑ however it lacks some security (through lack of all patches) and if I'm not mistaken:

• 1744e6d intends to prevent use of freebsd-update(8)

If you'll prevent updates to the non-patched system, then you'll force users to be without fixes for security vulnerabilities. This is somewhat inconsistent with the welcome to the system, which mentions security:

A truly secure system involves much more than end-to-end encryption.

The prevention of package upgrades by 1744e6d is more than a security concern. It is, moreover, deeply inconsistent with the promised freedom to load software without restrictions.

Prevention is working against me, not for me.

[probonopd]

Indeed. Will look into it. Opening a separate issue.

[grahamperrin]

Thanks.

Briefly:

-p4 or how to download it.

I should assume that all post -p4 snapshots of STABLE are suitably patched; and more than stable enough for early development of helloSystem.

https://download.freebsd.org/ftp/snapshots/amd64/amd64/ISO-IMAGES/12.2/

• and mirrors, for me the best is probably ftp://ftp.uk.freebsd.org/pub/FreeBSD/snapshots/ISO-IMAGES/12.2/

[probonopd]

Patching the contents of the ISO is probably futile, because at the time when the user installs the ISO of the helloSystem release there are already new patches available. So allowing the user to patch the installed system could possibly make sense, see my thoughts in helloSystem/Utilities#33 (comment) though.

[grahamperrin]

#135 (comment)

helloSystem documentation refers to cirrus-ci.com but it's somewhat mysterious.

How can I tell what does exist?

Found, a few weeks later:

• https://cirrus-ci.com/github/helloSystem/

[probonopd]

https://cirrus-ci.com/github/helloSystem/ shows all the builds that are going on, and their logs. Not something "mere mortals" should need to understand, but definitely interesting for helloSystem developers, testers, and power users ;-)