New functions and stuff for R2!

Now if only I actually finished us-perms rather than delaying.

code/apps/sys-everest.lua

@@ -399,9 +399,10 @@ everestProvider(function (pkg, pid, sendSig)
   else
    title = base .. ":" .. title
   end
-  local m = 0
-  if renderingAllowed() then m = 1 end
   local surf = {math.min(#monitors, math.max(1, lIM)), 1, 2, w, h}
+  if h >= monitors[surf[1]][4] then
+   surf[3] = 1
+  end
   local focusState = false
   local llid = lid
   lid = lid + 1
@@ -478,11 +479,11 @@ everestProvider(function (pkg, pid, sendSig)
     return w, (h - 1)
    end,
    getDepth = function ()
-    if neo.dead then return false end
+    if neo.dead then return 1 end
     local m = monitors[surf[1]]
-    if not m then return false end
+    if not m then return 1 end
     local cb, rb = m[1]()
-    if not cb then return false end
+    if not cb then return 1 end
     if rb then
      monitorResetBF(m)
     end
@@ -637,8 +638,8 @@ while not shuttingDown do
    for k, v in ipairs(monitors) do
     if v[2] == s[2] then
      lIM = k
-     local x, y = math.floor(s[3]), math.floor(s[4])
+     local x, y = math.ceil(s[3]), math.ceil(s[4])
-     local ix, iy = s[3] - x, s[4] - y
+     local ix, iy = s[3] - math.floor(x), s[4] - math.floor(y)
      local sid, lx, ly = surfaceAt(k, x, y)
      if sid then
       local os = surfaces[1]
@@ -660,7 +661,7 @@ while not shuttingDown do
     for k, v in ipairs(monitors) do
      if v[2] == s[2] then
       if k == focus[1] then
-       local x, y = (math.floor(s[3]) - focus[2]) + 1, (math.floor(s[4]) - focus[3]) + 1
+       local x, y = (math.ceil(s[3]) - focus[2]) + 1, (math.ceil(s[4]) - focus[3]) + 1
        local ix, iy = s[3] - math.floor(s[3]), s[4] - math.floor(s[4])
        -- Ok, so let's see...
        focus[6](s[1]:sub(3), x, y, ix, iy, s[5])

code/apps/sys-glacier.lua

@@ -177,11 +177,11 @@ donkonitSPProvider(function (pkg, pid, sendSig)
   end,
   -- NOTE: REPLICATED IN GB
   getSetting = function (name)
-   if type(name) ~= "string" then error("Setting name must be string") end
+   neo.ensureType(name, "string")
    return settings[name]
   end,
   delSetting = function (name)
-   if type(name) ~= "string" then error("Setting name must be string") end
+   neo.ensureType(name, "string")
    local val = nil
    if name == "password" or name == "pub.clipboard" then val = "" end
    settings[name] = val
@@ -189,8 +189,8 @@ donkonitSPProvider(function (pkg, pid, sendSig)
    pcall(saveSettings)
   end,
   setSetting = function (name, val)
-   if type(name) ~= "string" then error("Setting name must be string") end
+   neo.ensureType(name, "string")
-   if type(val) ~= "string" then error("Setting value must be string") end
+   neo.ensureType(val, "string")
    settings[name] = val
    -- NOTE: Either a monitor is under application control,
    --  or it's not under any control.
@@ -203,11 +203,11 @@ donkonitSPProvider(function (pkg, pid, sendSig)
    targsSD[pid] = sendSig
   end,
   registerSavingThrow = function (st)
-   if type(st) ~= "function" then error("Saving throw function must be a function") end
+   neo.ensureType(st, "function")
    targsST[pid] = st
   end,
   shutdown = function (reboot)
-   if type(reboot) ~= "boolean" then error("Shutdown parameter must be a boolean (reboot)") end
+   neo.ensureType(reboot, "boolean")
    if shuttingDown then return end
    shuttingDown = true
    shutdownMode = reboot
@@ -263,7 +263,7 @@ donkonitRDProvider(function (pkg, pid, sendSig)
    return c
   end,
   claim = function (address)
-   if type(address) ~= "string" then error("Address must be string.") end
+   neo.ensureType(address, "string")
    for k, v in ipairs(monitorPool) do
     if v.address == address then
      local gpu = getGPU(v)
@@ -379,11 +379,11 @@ glacierDCProvider(function (pkg, pid, sendSig)
   forceRescan = rescanDevs,
   -- NOTE: "pub." prefixed version of functions in sys.manage
   getSetting = function (name)
-   if type(name) ~= "string" then error("Setting name must be string") end
+   neo.ensureType(name, "string")
    return settings["pub." .. name]
   end,
   delSetting = function (name)
-   if type(name) ~= "string" then error("Setting name must be string") end
+   neo.ensureType(name, "string")
    local val = nil
    if name == "clipboard" then val = "" end
    settings["pub." .. name] = val
@@ -391,8 +391,8 @@ glacierDCProvider(function (pkg, pid, sendSig)
    pcall(saveSettings)
   end,
   setSetting = function (name, val)
-   if type(name) ~= "string" then error("Setting name must be string") end
+   neo.ensureType(name, "string")
-   if type(val) ~= "string" then error("Setting value must be string") end
+   neo.ensureType(val, "string")
    settings["pub." .. name] = val
    sRattle("pub." .. name, val)
    pcall(saveSettings)

code/apps/sys-icecap.lua

@@ -78,6 +78,29 @@ nexus = {
  end
 }
 
+local function matchesSvc(xd, pkg, perm)
+ -- This is to ensure the prefix naming scheme is FOLLOWED!
+ -- sys- : System, part of KittenOS NEO and thus tries to present a "unified fragmented interface" in 'neo'
+ -- app- : Application - these can have ad-hoc relationships. It is EXPECTED these have a GUI
+ -- svc- : Service - Same as Application but with no expectation of desktop usability
+ -- Libraries "have no rights" as they are essentially loadable blobs of Lua code.
+ -- They have access via the calling program, and have a subset of the NEO Kernel API
+ local pfx = nil
+ if pkg:sub(1, 4) == "app-" then pfx = "app" end
+ if pkg:sub(1, 4) == "svc-" then pfx = "svc" end
+ if pfx then
+  -- Apps can register with their own name, w/ details
+  local permAct = perm
+  local paP = permAct:match("/[a-z0-9/%.]*$")
+  if paP then
+   permAct = permAct:sub(1, #permAct - #paP)
+  end
+  if permAct == xd .. pfx .. "." .. pkg:sub(5) then
+   return "allow"
+  end
+ end
+end
+
 donkonitDFProvider(function (pkg, pid, sendSig)
  local prefixNS = "data/" .. pkg
  local prefixWS = "data/" .. pkg .. "/"
@@ -101,6 +124,21 @@ donkonitDFProvider(function (pkg, pid, sendSig)
    end)
    return tag
   end,
+  lockPerm = function (perm)
+   -- Are we allowed to?
+   if not matchesSvc("x.", pkg, perm) then
+    return false, "You don't own this permission."
+   end
+   local set = "perm|*|" .. perm
+   if settings.getSetting(set) then
+    -- Silently ignored, to stop apps trying to sense this & be annoying.
+    -- The user is allowed to choose.
+    -- You are only allowed to suggest.
+    return true
+   end
+   settings.setSetting(set, "ask")
+   return true
+  end,
   -- Paths must begin with / implicitly
   list = function (path)
    if type(path) ~= "string" then error("Expected path to be string") end
@@ -187,7 +225,7 @@ rootAccess.securityPolicy = function (pid, proc, perm, req)
  -- Push to ICECAP thread to avoid deadlock b/c wrong event-pull context
  neo.scheduleTimer(0)
  table.insert(todo, function ()
-  local ok, err = pcall(secpol, nexus, settings, proc.pkg, pid, perm, req)
+  local ok, err = pcall(secpol, nexus, settings, proc.pkg, pid, perm, req, matchesSvc)
   if not ok then
    neo.emergency("Used fallback policy because of run-err: " .. err)
    req(def)

code/data/app-claw/local.lua

@@ -19,6 +19,7 @@ return {
    "libs/fmttext.lua",
    "libs/neoux.lua",
    "libs/braille.lua",
+   "libs/bmp.lua",
    "libs/sys-filewrap.lua"
   },
  },
@@ -108,18 +109,29 @@ return {
   }
  },
  ["app-klogo"] = {
-  desc = "KittenOS NEO Logo",
+  desc = "KittenOS NEO Logo shower",
-  v = 0,
+  v = 2,
+  deps = {
+   "neo",
+   "app-klogo-logo"
+  },
+  dirs = {
+   "apps"
+  },
+  files = {
+   "apps/app-klogo.lua",
+  },
+ },
+ ["app-klogo-logo"] = {
+  desc = "KittenOS NEO Logo (data)",
+  v = 2,
   deps = {
-   "neo"
   },
   dirs = {
-   "apps",
    "data",
    "data/app-klogo"
   },
   files = {
-   "apps/app-klogo.lua",
    "data/app-klogo/logo.bmp"
   },
  },

code/init.lua

@@ -543,6 +543,7 @@ function start(pkg, ...)
  end
  local env = baseProcEnv()
  env.neo.pid = pid
+ env.neo.pkg = pkg
  env.neo.executeAsync = startFromUser
  env.neo.execute = function (...)
   return osExecuteCore(function () end, ...)

code/libs/braille.lua

@@ -20,28 +20,34 @@
 -- 25
 -- 67
 local function dotDist(ra, ga, ba, rb, gb, bb)
- local dR, dG, dB = math.abs(ra - rb), math.abs(ga - gb), math.abs(ba - bb)
+ local dR, dG, dB = math.abs(ra - rb)^2, math.abs(ga - gb)^2, math.abs(ba - bb)^2
- return (dR * 0.299) + (dG * 0.587) + (dB * 0.114)
+ return (dR * 0.2126) + (dG * 0.7152) + (dB * 0.0722)
 end
-local function dotGet(p, ra, ga, ba, rb, gb, bb, rc, gc, bc, pos, col)
+local function ditherResult(pos, pos2, luma)
+ local res = false
+ if luma >= 217 then
+  res = true
+ elseif luma >= 158 then
+  res = not pos2
+ elseif luma >= 96 then
+  res = pos
+ elseif luma >= 32 then
+  res = pos2
+ end
+ return res
+end
+local function dotGet(p, ra, ga, ba, rb, gb, bb, rc, gc, bc, pos, pos2, col)
  if not col then
   -- Use our own magic
-  local res = false
   local luma = (ra * 0.299) + (ga * 0.587) + (ba * 0.114)
-  if luma > 96 and luma < 160 then
+  return (ditherResult(pos, pos2, luma) and p) or 0
-   res = pos
-  elseif luma >= 160 then
-   res = true
-  end
-  return (res and p) or 0
  end
  local distA = dotDist(ra, ga, ba, rb, gb, bb)
  local distB = dotDist(ra, ga, ba, rc, gc, bc)
  local distAB = dotDist(rb, gb, bb, rc, gc, bc)
  local distC = dotDist(ra, ga, ba, (rb + rc) / 2, (gb + gc) / 2, (bb + bc) / 2)
- -- If A and B are close,
+ if (distC / 2) < math.min(distA, distB) then
- if (distAB < 32) and (distC < (math.min(distA, distB) * 4)) then
+  return (ditherResult(pos, pos2, (distA / math.max(distA, distB, 0.1)) * 255) and p) or 0
-  return (pos and p) or 0
  end
  return ((distB < distA) and p) or 0
 end
@@ -62,9 +68,7 @@ local function colourize(mark, ...)
   for i = 1, #t do
    local luma = (t[i][1] * 0.299) + (t[i][2] * 0.587) + (t[i][3] * 0.114)
    if luma > nLuma then
-    bCR = t[i][1]
+    bCR, bCG, bCB = table.unpack(t[i])
-    bCG = t[i][2]
-    bCB = t[i][3]
     nLuma = luma
    end
   end
@@ -95,12 +99,10 @@ end
 -- NOTE: xo/yo are 0-based!
 local function calcLine(x, y, w, span, get, colour)
  local str = ""
- local bgR = 0
+ -- *g* : actual colour com.
- local bgG = 0
+ -- *g  : RGB mirror of colour
- local bgB = 0
+ local bgR, bgG, bgB = 0, 0, 0
- local fgR = 255
+ local fgR, fgG, fgB = 255, 255, 255
- local fgG = 255
- local fgB = 255
  local bg = 0
  local fg = 0xFFFFFF
  local ca = 0
@@ -152,14 +154,14 @@ local function calcLine(x, y, w, span, get, colour)
     fgR, fgG, fgB = ofgR, ofgG, ofgB
    end
   end
-  i = i + dotGet(1, dot0R, dot0G, dot0B, bgR, bgG, bgB, fgR, fgG, fgB, true, colour)
+  i = i + dotGet(1, dot0R, dot0G, dot0B, bgR, bgG, bgB, fgR, fgG, fgB, true, false, colour)
-  i = i + dotGet(2, dot1R, dot1G, dot1B, bgR, bgG, bgB, fgR, fgG, fgB, false, colour)
+  i = i + dotGet(2, dot1R, dot1G, dot1B, bgR, bgG, bgB, fgR, fgG, fgB, false, false, colour)
-  i = i + dotGet(4, dot2R, dot2G, dot2B, bgR, bgG, bgB, fgR, fgG, fgB, true, colour)
+  i = i + dotGet(4, dot2R, dot2G, dot2B, bgR, bgG, bgB, fgR, fgG, fgB, true, false, colour)
-  i = i + dotGet(8, dot3R, dot3G, dot3B, bgR, bgG, bgB, fgR, fgG, fgB, false, colour)
+  i = i + dotGet(8, dot3R, dot3G, dot3B, bgR, bgG, bgB, fgR, fgG, fgB, false, false, colour)
-  i = i + dotGet(16, dot4R, dot4G, dot4B, bgR, bgG, bgB, fgR, fgG, fgB, true, colour)
+  i = i + dotGet(16, dot4R, dot4G, dot4B, bgR, bgG, bgB, fgR, fgG, fgB, true, true, colour)
-  i = i + dotGet(32, dot5R, dot5G, dot5B, bgR, bgG, bgB, fgR, fgG, fgB, false, colour)
+  i = i + dotGet(32, dot5R, dot5G, dot5B, bgR, bgG, bgB, fgR, fgG, fgB, false, false, colour)
-  i = i + dotGet(64, dot6R, dot6G, dot6B, bgR, bgG, bgB, fgR, fgG, fgB, false, colour)
+  i = i + dotGet(64, dot6R, dot6G, dot6B, bgR, bgG, bgB, fgR, fgG, fgB, false, false, colour)
-  i = i + dotGet(128, dot7R, dot7G, dot7B, bgR, bgG, bgB, fgR, fgG, fgB, true, colour)
+  i = i + dotGet(128, dot7R, dot7G, dot7B, bgR, bgG, bgB, fgR, fgG, fgB, true, true, colour)
   str = str .. unicode.char(i)
   ca = ca + 1
  end
@@ -167,6 +169,7 @@ local function calcLine(x, y, w, span, get, colour)
   span(x, y, str, bg, fg)
  end
 end
+
 heldRef = {
  calcLine = calcLine,
  new = function (x, y, w, h, cbs, colour)
@@ -185,7 +188,8 @@ heldRef = {
    scroll = cbs.scroll and cTransform(cbs.scroll),
    line = function (window, x, y, iy, bg, fg, selected)
     local colour = colour
-    if window.getDepth() <= 1 then
+    local depth = window.getDepth()
+    if depth <= 1 then
      colour = nil
     end
     calcLine(x, y, control.w, window.span, function (xb, yb)

code/libs/sys-secpolicy.lua

@@ -25,26 +25,15 @@ local actualPolicy = function (pkg, pid, perm)
  if perm == "s.h.component_added" or perm == "s.h.component_removed" then
   return "allow"
  end
- -- This is to ensure the prefix naming scheme is FOLLOWED!
+ if matchesSvc("r.", pkg, perm) then
- -- sys- : System, part of KittenOS NEO and thus tries to present a "unified fragmented interface" in 'neo'
+  return "allow"
- -- app- : Application - these can have ad-hoc relationships. It is EXPECTED these have a GUI
- -- svc- : Service - Same as Application but with no expectation of desktop usability
- -- Libraries "have no rights" as they are essentially loadable blobs of Lua code.
- -- They have access via the calling program, and have a subset of the NEO Kernel API
- local pfx = nil
- if pkg:sub(1, 4) == "app-" then pfx = "app" end
- if pkg:sub(1, 4) == "svc-" then pfx = "svc" end
- if pfx then
-  -- Apps can register with their own name
-  if perm == "r." .. pfx .. "." .. pkg:sub(5) then
-   return "allow"
-  end
  end
  -- Userlevel has no other registration rights
  if perm:sub(1, 2) == "r." then
   return "deny"
  end
- -- app/svc stuff is world-accessible
+ -- app/svc stuff is world-accessible,
+ -- but note perm|*| overrides this
  if perm:sub(1, 6) == "x.app." then
   return "allow"
  end
@@ -55,10 +44,14 @@ local actualPolicy = function (pkg, pid, perm)
  return "ask"
 end
 
-return function (nexus, settings, pkg, pid, perm, rsp)
+return function (nexus, settings, pkg, pid, perm, rsp, matchesSvc)
- local res = actualPolicy(pkg, pid, perm)
+ local res = "ask"
- if res == "ask" and settings then
+ if settings then
-  res = settings.getSetting("perm|" .. pkg .. "|" .. perm) or "ask"
+  res = settings.getSetting("perm|" .. pkg .. "|" .. perm) or
+        settings.getSetting("perm|*|" .. perm) or "ask"
+ end
+ if res == "ask" then
+  res = actualPolicy(pkg, pid, perm, matchesSvc)
  end
  if res == "ask" and nexus then
   local totalW = 3 + 6 + 2 + 8

repository/data/app-claw/local.lua

@@ -34,6 +34,7 @@ return {
    "docs/kn-perms",
    "docs/us-perms",
    "docs/us-nxapp",
+   "docs/us-setti",
    "docs/ul-seria",
    "docs/ul-event",
    "docs/ul-fmttx",

repository/docs/kn-refer

@@ -242,6 +242,10 @@ The additional things available to
  pid: A field that specifies the
   process ID of this process.
   Harmless, but not entirely useful.
+ pkg: A field that specifies the
+  package name of this process.
+  Useful if you're worried about
+   your app getting renamed.
  dead: Actually a field, that isn't
   set at first, but is set later to
   indicate deadness. Useful if your

repository/docs/ul-neoux

@@ -31,19 +31,58 @@ The most reliable reference on the
  note that "xI"/"yI" is within-char
  position from 0 to 1.
 
- TODO, TODO, TODO, TODO, TODO, TODO
+Main functions:
 
- neoux.fileDialog = function (forWrite, callback)
+ fileDialog(mode[, callback]):
- neoux.create = function (w, h, title, callback)
+  Creates a file dialog, returning a
- neoux.pad = require("fmttext").pad
+   file wrapper (see ul-fwrap) on
- neoux.fmtText = function (...)
+   success, or nil on failure.
- neoux.tcwindow = function (w, h, controls, closing, bg, fg, selIndex)
+  If a callback is given, then nil is
- neoux.tcrawview = function (x, y, lines)
+   always returned immediately, and
- neoux.tchdivider = function (x, y, w)
+   the callback is called when the
- neoux.tcvdivider = function (x, y, h)
+   dialog has shown.
- neoux.tcbutton = function (x, y, text, callback)
+  mode is the mode used for the file,
- neoux.tcfield = function (x, y, w, textprop)
+   so see ul-fwrap for values.
- neoux.startDialog = function (fmt, title, wait)
+
+ neoux.create = TODO
+  function (w, h, title, callback)
+ callback(window, evt, ...)
+
+ pad: See ul-fmttx, but loaded on
+  demand and unloaded after use.
+
+ fmtText: See ul-fmttx, but loaded on
+  demand and unloaded after use.
+
+ neoux.tcwindow = TODO
+ function (w, h, controls, closing,
+  bg, fg, selIndex)
+
+ startDialog(fmt, title, wait):
+  Shows a text dialog.
+  fmt is some un-safeTextFormat'd
+   text for the dialog.
+  title can be nil, or more un-STF'd
+   text for the dialog title.
+  wait can be nil/false to not wait,
+   and otherwise.
+
+UI framework controls (TODO):
+
+ neoux.tcrawview = 
+  function (x, y, lines)
+ table of lines not STF'd
+ neoux.tchdivider =
+  function (x, y, w)
+ neoux.tcvdivider =
+  function (x, y, h)
+ neoux.tcbutton =
+  function (x, y, text, callback)
+ callback(window)
+ neoux.tcfield =
+  function (x, y, w, textprop)
+ textprop(newval) -> nil
+ textprop() -> val
 
 -- This is released into
  the public domain.

repository/docs/us-nxapp

@@ -26,7 +26,11 @@ A good example of this is app-flash,
  labelling window never needs to be
  regenerated after it's switched to,
  so the only regeneration is for the
- main window)
+ main window.)
+
+A full application of this technique
+ would regenerate the window whenever
+ anything occurs of interest.
 
 -- This is released into
  the public domain.

repository/docs/us-perms

@@ -1,4 +1,62 @@
-Hello World.
+This is a list of the different
+ additional permissions in KittenOS
+ NEO as distributed, and their
+ purposes.
+
+Installable service documentation is
+ provided with the respective -doc
+ packages, and goes under the rs-*
+ namespace.
+
+For programs with the prefixes "svc-"
+ or "app-", they can register their
+ services using "r.svc.mysvcname"
+ (for the program "svc-mysvcname"),
+ or "r.app.myappname" (for the
+ program "app-myappname") - this
+ MAY have any postfix matching the
+ pattern "/[a-z0-9/%.]*$", or none
+ at all.
+
+For how this registration works,
+ and how to access the resulting
+ service, please see the kn-perms
+ document.
+
+APIs registered in this manner are
+ accessible to all programs by
+ default. However, local security
+ policy may be altered by the user,
+ and part of x.neo.pub.base's API is
+ to allow locking any of your public
+ APIs. (The user can override this
+  mechanism if they so wish, and this
+  will cause a silent failure of the
+  lockPerm function.)
+ A mechanism may also be introduced
+ in later versions of KittenOS NEO to
+ easily allow changing your svc/app's
+ own API to a "ask"-style security
+ model, but this will not be the
+ default, and may still be overridden
+ by a user with access to the
+ Advanced Settings control panel.
+
+As for the system APIs...
+
+-- x.neo.pub.base @ sys-icecap --
+
+-- x.neo.pub.session @ <a shell> --
+
+This API is
+
+-- x.neo.pub.window @ <a shell> --
+
+-- x.neo.pub.session @ <a shell> --
+
+-- x.neo.sys.manage @ sys-glacier --
+-- x.neo.sys.screens @ sys-glacier --
+-- x.neo.pub.globals @ sys-glacier --
 
 -- This is released into
  the public domain.

repository/docs/us-setti

@@ -0,0 +1,94 @@
+This is a list of the settings, and
+ setting formats, in KittenOS NEO.
+
+As "*" is used as a part of some of
+ the settings, <> is used to enclose
+ a component of a varied name.
+
+-- System-wide permissions --
+
+pub.<anything>: Public settings,
+ readable and writable by anything
+ with x.neo.pub.globals access.
+
+pub.clipboard: The text in the user's
+ clipboard. Can include newlines.
+ Hardcoded to be non-nil.
+
+perm|*|<permission>: Security policy
+ override entry, global. Allows an
+ application to set the defaults for
+ its own APIs, or for the user to
+ override that or any other default.
+ If there is a setting here, it must
+ be respected unless the user makes a
+ direct choice to alter it.
+ sys-secpolicy defines this as having
+ priority only second to...
+
+perm|<app>|<permission>: Security
+ policy override entry for a specific
+ application. Solely for use by the
+ user to make specific choices about
+ the applications on the system.
+ The existence or lack of this entry
+ must be respected, unless the user
+ makes a direct choice to alter it.
+
+-- screen management settings --
+
+scr.w.<monitor>: Width, as a string,
+ for a given monitor by address.
+
+scr.h.<monitor>: Height, as a string,
+ for a given monitor by address.
+
+scr.d.<monitor>: Depth, as a string,
+ for a given monitor by address.
+
+scr.t.<monitor>: Touch invert, given
+ as "yes" for true and anything else
+ for false (including non-existence),
+ for a given monitor by address.
+
+-- sys-init specific settings --
+
+password: The user's password.
+ Hardcoded to be non-nil.
+ An empty password is considered to
+ be "not a password".
+
+sys-init.nologin: If set to "yes",
+ the login screen is skipped, even if
+ a password is present.
+
+sys-init.shell: The user's shell.
+ Not hardcoded to be non-nil, since
+ this can be broken in many ways,
+ but is hardcoded with "sys-everest"
+ as a default, which will replace nil
+ the next time sys-glacier starts up.
+
+run.sys-<program beginning with sys->
+ This is stage 1 of startup, which
+ starts things beginning with "sys-".
+ This is required so that security
+ policy changeover happens smoothly.
+ A value equal to "yes" causes the
+ service to be automatically started
+ up as the system boots.
+ As sys-glacier is needed to read the
+ list of processes to start, it is
+ always started regardless, and must
+ not have an entry here.
+
+run.<any program>: Programs which
+ do not begin with "sys-" start up
+ during stage 2. As usual, any entry
+ with the value of "yes" is started.
+
+-- This is released into
+ the public domain.
+-- No warranty is provided,
+ implied or otherwise.
+