Comments by "" (@grokitall) on "Brodie Robertson" channel.

  1. No, the problem is that dispite a number of user complaints, it was ever promoted out of sid, which raises wider concerns as to what sid is for if not to stop this sort of breakage getting though to unstable.
    1
  2. the point is that it is not about you trusting your distribution, but them being able to audit the trust for everyone upstream of them so they know that the stuff they built has identical source and output as what was got from upstream. it does not stop the xz hack, you need other methods for that.
    1
  3. they claimed it was company policy, because the threats left no time to do it right. the problem is that if you can't afford to do it right, you really can't afford to do it wrong. also, most threats are not that time critical.
    1
  4. @Vegemeister1  restarting a cluster is a solved problem. You can use wake on lan to wake up a machine from powered down, and doing update and reboot works if the kernel or core libraries change. If they don't, you can just shut down the service and restart it. Bearing in mind the only time it makes sense to live patch is for high throughput systems, sharding gives much better scalability. In this sort of throughput scenario, you are basically talking about high availability systems, so having multiple machines as part of the system is already a given for reliability and resilience reasons, so sharing does not add much load at all. Tools like ansible even make this whole process relatively easy. I think it was Netflix who intended to reboot a specific machine and accidentally rebooted their entire data center instead, which only took a couple of minutes to come back up.
    1
  5. only the first time when the build does not match, and you can automate some of that. you are basically having to debug what is different in the builds. once it builds reproducibly, the tooling stops you having to do all of the work again.
    1
  6.  @MaxusR  which is the entire point of reproducible builds. if you cross compile gcc using llvm, and then use that on a machine with another architecture to cross compile llvm using gcc, you can be fairly sure that your new llvm install has not been hacked by the compiler. if i can then do the same thing, and get a bit perfect copy, we can both be sure that the same source code produces the same output. it does not stop the xz attack, but there are other parts of the supply chain testing which help catch that.
    1
  7. ​ @warpedgeoid black box statistical ai has the issue that while it might give you the same results, you have a lot of trouble knowing how it got those results. this is due to the fact that it does not model the problem space, so is inherently about plausible results, not correct results. there is an example from early usage where they took photos of a forest, and later took photos of the same forest with tanks in it, and trained the system. it perfectly managed to split the two sets. then they took some more photos with tanks, and it failed miserably. it turned out it had learned to tell the difference between photos taken on a cloudy day, and photos taken on a sunny day. while this story is old, the point still applies. the nature of this sort of ai is inherently black box, so you by definition don't know how it gets its results, which makes all such systems not suitable for man rated and safety critical systems. symbolic ai like expert systems on the other hand have a fully auditable model of the problem space as part of how they work. this makes them just as checkable as any other software where you can access the source code. this is referred to as white box ai, as you can actually look inside and determine not just that it produces the right result, but why and how it does it. this sort of system should be compatible with aviation standards.
    1
  8. the point about refactorings is just wrong. even in the original book, you could change function signatures as long as you fixed all the callers at the same time. what the rust maintainers are asking for is to make every private api into a public one with future proofing guarantees for any piece of code which rust wants to call, and for the c code maintainers to have to do all of that work. the c maintainers reasonably point out that these are private apis without the guarantees provided by public apis, and by working in any different language, you win the right to fix them in your bindings when they break, as there is no reasonable way to expect kernel maintainers who are already overworked to put in the time to learn every language which wants to become part of kernel development just so as to not break bindings to private apis for languages they don't use.
    1
  9.  @davidpaulos2943  when not working in oo languages, adding an extra field to an object would change the signature of the function header, and a number of other refactorings can also affect the api, which is not a problem as long as it is fixed everywhere inside the private api. because these things are in the private api, the stability constraints on the public api are not enforced, but still good practice. the code from the public api still behaves the same, as the ci tests confirm, as long as all the calls are fixed at the same time. this is something that is not generally understood by oo practitioners, but is implicit in both opdykes phd, and in fowlers book, when talking about non oo languages. this is why the distinction between the public and private apis matter. for oo, the information hiding is done at the level of the object and the class, and the public private split is much less important. for non oo, the hiding occurs at that boundary, and api changing refactorings which would be hidden in oo only happen behind the boundary, or when doing a major semantic version update on the public api. the rust advocates ignore this difference, and various community mouthpieces make statements to the effect that if they want to use it in the bindings, it should act like a public api, or the c maintainers should be forced to stop work for a month to learn enough rust that they effectively take over as maintainers of the rust bindings. this just is not realistic in any large project, especially when the language is not oo. also requiring them to collect a lot of data including liveness, but not limited to it, which is not used in c is also silly. for both these reasons, the overworked and understaffed maintainers have the attitude that if the rust people want to write bindings for what in a project this size is a minority use case, fine, but don't expect us to not break the private api, or to have to learn a new language to fix your bindings, and if you need extra info that other languages don't need, well, here is the source code so find it yourself. as rust attaches itself to more of the periphery of the kernel, this tension between the two communities will only grow, and the c maintainers will have to push back harder. when coming to play in someone else's sandbox, first you need to learn how to play by the rules, then you can try and improve them, and this gets more important as the project gets bigger. the author of bcachfs proved he cannot do this regarding the stable development cycle rules, and plenty of others are proving the same thing about other conventions in kernel development.
    1
  10.  @klafbang  what they are admitting is looking for ways to get the code without signing the eula, and this not breaching the rules of the eula. every business big enough to need a legal department looks for the cheapest way to do this sort of thing, and then looks for alternatives, and that is legal.
    1
  11. lots of people want yo give microsoft a free pass on this one, but the big issue with this outage is the boot loop problem preventing easy recovery, which is fairly easy to fix, and which microsoft has repeatedly ignored since at least 2016. this is also why they are also in the cross hairs of the lawsuits, as from previous experience they knew or should have known the consequences of not fixing it, which is the standard for gross negligence. crowdstrike are in a similar position after seeing the way their previous releases crashed systems. this is why they are being sued, and why they stand a good chance of losing.
    1
  12.  @MarkusEicher70  people have different needs, which leads to different choices. red hat built it's business on the basis of always open, and base yourself on us. later the accountants started to complain, and instead of reducing the developer headcount through natural churn, they decided to go on a money hunt, closing source access to a lot of people who believed them, thus causing the current problems. rocky, alma, parts of suse, oracle linux and clear linux exist to provide support to people left high and dry after red hat decided not to support the needs of those customers. as red hat is an enterprise platform, the support needs can be up to 10 years if you get a problem at the right part of the cycle. third party software is often only tested against red hat, so you either have to pay them the money and sign up to their dodgy eula, or use one of the derivatives. the open source mentality views access restrictions as damage and looks for ways around it. moving to other non derived distributions comes with added costs, as not all the choices are the same and the software you need might not be tested against those choices, so you have to do a lot of testing to make sure it works, then either fix it if you can get the source, or find alternatives. this adds costs, hence people getting annoyed.
    1
  13.  @turtlefrog369  so how does the flight status board find out if a flight is on time or delayed or cancelled? how does the cash dispenser find out if you have enough money in the bank? how does the till get your card payment approved? all of these require connecting to a server which holds the information, and thus an internet connection. if the connection is there, people will try and get in, so you have to do something to keep them out.
    1
  14.  @turtlefrog369  i am a fan of dynamically updated static pages as well, but the issue is the need to have a network which is usually turned on. you could run the flight information board by regenerating the page when the data changes, and only having the board turn on the internet long enough to download the pages, but that does not work as well for things like tills. having said that, way more stuff could be done by having the machines on a private subnet, with each machine getting a dynamically assigned ip address when it turn the connection on to do the update, then off again, but that is not how it is currently done.
    1
  15.  @turtlefrog369  i know how to do things better. you are starting from the position that nothing needs internet access, which blatantly does not work for all sorts of use cases. air gapped machines have a very few use cases where they make any sense, and most of the machines that got hit do not fit those usages. this is the point you keep ignoring.
    1
  16.  @turtlefrog369  so how do you believe the card payment machine can check if it is ok to make the payment, or how does the flight status board get the updated information about the flights?
    1
  17. ibm have a history of dumb moves, and still have corporate memory of the debacle of giving the pc market to microsoft. however it is clear from statements from red hat employees that the decisions are coming from the current management whose every action and statement shows that despite being in the linux ecosystem for over a decade, they have no idea how it works, or what it means to be an enterprise distro. talk about failing upwards.
    1
  18. legacy code is a nightmare. snowflake systems nobody wants to touch have exactly one advantage, they have not failed YET!, but they will as the environment around them changes. so for these systems the question is "do we start trying to fix them now, or wait until they break and then have to try and fix them on an emergency priority basis". now is almost always the better answer. for unsupported legacy binary projects, you have only 2 choices, reverse engineer it to get code you can compile, or implement a replacement with a big bang switchover. neither are very good options, so it is better to try and avoid getting these systems in the first place. for legacy code where you have buildable source code, i can recommend michael feathers book "working effectively with legacy code". to summarise, it says get all new code under continuous integration and continuous delivery, and gradually migrate the rest to use it, making each change be covered by tests. this requires trunk based development, and everyone being committed to not breaking the tests. your only other question is if you are prepared to accept new legacy code.
    1
  19.  @aheendwhz1  about halfway through the thread, he said that he was not only opposed to rust in his part of the kernel, even though by this point it had been made clear that he literally had to nothing but get out of the way, but that he was going to do everything he could to kill the whole project. That sounds like wanting to burn it to the ground to me.
    1
  20. people depended on python 2 because it wasn't perl 6, and it was the new and shiny. then they built huge monolithic apps in it in a way that was hard to split up, requiring a major rewrite of the entire application to move to the new version. really bad design, but that is the history, and they are making the same mistakes with ruby as well.
    1
  21. Windows is already dying, as Linux has already killed it. A lot of tasks that used to be done on only windows have moved to new platforms not run by Microsoft. The only place windows is not dead is the desktop, but most things are either moving down the tech stack to smartphones and tablets using apps, up the stack to be web apps, or are open source and open standards cross platform programs. In all of these cases the underlying os is either not windows, or not relevant. This process is accelerating, and once it has gone far enough windows will go the way of the horse and cart, only a lot faster.
    1
  22. as long as the rust binding maintainers keep trying to force the c maintainers to turn private apis into future proofed public apis, you will have lots of push back, leading to further hostility to the rust community. this requirement seems to be fundamental to how the memory safety in rust works, so as more rust gets added to the periphery of the kernel, the problem is only going to get worse. this is further agravated by the problem of only being able to build on top of the rust code in rust. this makes the likelihood of a rust takeover of the main kernel highly unlikely, as the rust binding maintainers don't want to do the work that comes with effectively acting as if all the rust code is out of tree, as the c code maintainers probably don't have either the desire, time, or energy to put up with the garbage currently being shovelled in their direction.
    1
  23.  @szaszm_  except that is not what they are asking for. lots of rust fanboys in these threads expect various information only of interest to the compiler and the rust binding maintainers to be collected by the c maintainers just to support adding the rust bindings. others then expect these same c maintainers to do all the updates to the rust bindings if the c private apis change, and if they don't code in rust, then they should just do less maintainence and take the time off to learn how to take over as the rust binding maintainers. if they don't, they should be forced to keep the private apis as stable as the public ones, just to not break rust code. the amount of entitlement in those assumptions is staggering, only matched by the toxicity of the response when the c maintainers push back against the amount of extra work the rust advocates expect them to do just for the privilege of having rust code attached to the part of the kernel they maintain.
    1