@berrange@hachyderm.io
@berrange@hachyderm.io avatar

berrange

@berrange@hachyderm.io

Open source hacker on virtualization software; Photographer working with alternative/analogue processes. Amateur astronomer. 📷 🎨 🔭 📡

This profile is from a federated server and may be incomplete. Browse more on the original instance.

berrange, to random
@berrange@hachyderm.io avatar

IMHO any project which accepts contributions under the DCO (https://developercertificate.org/) has an implicit ban on most AI generated code. A contributor cannot credibly certify to meeting clauses (a) or (b), as they require understanding copyright & licensing status of the AI output, for which there is no broadly accepted legal opinion today. A machine (or its vendor) can't certify compliance with clause (c), unless there was exceptionally clear training data, which is almost never the case.

berrange, to random
@berrange@hachyderm.io avatar

PSA: if you're using GitLab CI and run builds with TSAN in that CI, you might notice crashes since ~1 week ago. GitLab updated the Google COS version in their shared runners, and this brings a kernel running with "vm.mmap_rnd_bits = 31". This is unfortunately incompatible with LLVM < 18, which only supports 'mmap_rnd_bits' value up to 28. https://github.com/google/sanitizers/issues/1716 Lacking root, you can't change the sysctl but you can use 'setarch -R make ....' to turn off VA randomization to avoid the bug.

berrange, to random
@berrange@hachyderm.io avatar

The magnetic storm has been updated from G4 (severe) to G5 (extreme), the first G5 since 2003. Electrical grid and satellite operators are going to be having a fretful time of it.

berrange, to random
@berrange@hachyderm.io avatar

The UK Smart Meter rollout promises much on the surface but delivers much less than you might expect, especially if you are interested in data analysis. The 'In Home Display' (IHD) shows pretty charts in real time & some crude historical reports but offers no way to get the raw data out. If you're lucky your energy supplier might give you the data via an API or you can get it via a trusted third party but the data granularity (30 mins) is way lower than the meter can actually report (15 secs).

berrange,
@berrange@hachyderm.io avatar

The solution to this problem is to get hold of a 'Consumer Access Device' which connects to the meter and provides the raw data in some manner (WiFi w/ cloud). There are very few CADs actually available to buy and they are somewhat expensive considering what they do. Rather wish the IHD and CAD would have been the same device, as adding a WiFi feed from the IHD would have cost little extra. Admittedly the vendors would then be in the software upgrade game for 10s of millions of devices.

berrange,
@berrange@hachyderm.io avatar

@penguin42 in theory the geo IHD that I have has a hidden expansion port taking a WiFi module, but I'm practice the vendor has been sold out of the WiFi add-on for at least 18 months so I assume it's discontinued. Someone sufficiently skilled and motivated could probably hack it I guess

luis_in_brief, to random
@luis_in_brief@social.coop avatar

Gotta admit I found it pretty irritating, in the xz discussion of the last two weeks, that some people declared confidently "you can't pay maintainers". (cc @ehashman)

It isn't easy to pay maintainers, but it can be done: at Tidelift, we've been doing it for years. So I figured I'd write up how we do it and what we've learned. And yes, it's a HOWTO. Be glad I also avoided an FAQ ;)

https://blog.tidelift.com/paying-maintainers-the-howto

berrange,
@berrange@hachyderm.io avatar

@luis_in_brief @ehashman other pain points wrt accepting money as maintainer (1) paid to work on OSS full time, but some projects out of scope for the $day job so get sidelined. taking payment to work on any of those is a tricky conflict of interest to resolve (2) concern around possible tax reporting liabilities that could be created for a recipient, especially with cross-border payments. they would have to be a large enough value to cover accountant fees to make it worthwhile contemplating

jwildeboer, (edited ) to random
@jwildeboer@social.wildeboer.net avatar

TL;DR has been backdoored in 5.6.0 and 5.6.1. While Fedora Rawhide and Fedora 41 packages are affected, Red Hat Enterprise Linux is NOT affected. Updates (well, technically downgrades to 5.4.x) for Fedora are being made available through the regular update channels. Our Security Alert explains more details. https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

Check if your machine is affected: run xz --version and see if it returns 5.6.0 or 5.6.1. If it shows a lower version, you are safe, as far as we can see now.

berrange,
@berrange@hachyderm.io avatar

@jwildeboer the response / handling is great but reading how this was first discovered, we very much got incredibly lucky. This could have been missed for far longer which would have had a real serious impact across the software ecosystem. So so lucky.

berrange, to random
@berrange@hachyderm.io avatar

With this xz backdoor targeting ssh, looks prudent to rotate your login passwords if you've logged into a server affected by the compromised xz. Its unclear if the backdoor was actively harvesting passwords, but I'll assume the worst unless more detailed analysis says otherwise

penguin42, to random
@penguin42@mastodon.org.uk avatar

DMARC people: How do you find mailing lists work for you? My DMARC is generally OK, but I get lots of fails to kernel or qemu-devel mailing lists; how is this supposed to work?

berrange,
@berrange@hachyderm.io avatar

@penguin42 this blog is a decent description of what's needed for mailing lists to work properly. SPF will always fail, but as long as you have DKIM on your mails DMARC should still pass provided the mailing list doesn't alter signed parts of the message. Qemu list does this correctly. Unfortunately a few recipients may have broken servers which incorrectly want SPF and DKIM to /both/ pass instead of just one of the two. https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html

penguin42, to random
@penguin42@mastodon.org.uk avatar

still covid positive; <taps fingers> come on and clear off....

berrange,
@berrange@hachyderm.io avatar

@penguin42 urgh, hope you're at least feeling somewhat better/recovered, even if the test is still reporting positive ? i got it in early Dec, and was testing positive on & off for almost 3 weeks - it kept coming back at me just when i thought i was recovered :-(

penguin42, to random
@penguin42@mastodon.org.uk avatar

fwupd is running on one of my cloud VMs, regularly downloading lists of updated firmware that it's virtual hardware is never going to have. Incredibly pointless use of bandwidth and CPU.

berrange,
@berrange@hachyderm.io avatar

@penguin42 curious what kind of VM, as IIRC with typical Linux KVM stack fwupd wouldn't try to do anything as the OVMF builds don't expose the features it wants (EFI capsule update)

penguin42, to random
@penguin42@mastodon.org.uk avatar

Just finished reading that Bates vs P.O technical appendix - it's very good! I'll put some notes into a thread here; although IMHO the biggest problem is just the P.O. not considering the possibility the inconsistencies were bugs, anyway
1/n :thread:

berrange,
@berrange@hachyderm.io avatar

@penguin42 There are a lot of unrealistic expectations from people outside the IT profession about how accurate and reliable computers are in general. Computers are programmed by humans. Humans are fallible. Ergo computers are fallible too. For mission critical software (aircraft flight computers) there are techniques applied to improve reliability, but they are massively expensive so will never be used for general software like the PO Horizon system.

berrange,
@berrange@hachyderm.io avatar

@penguin42 people totally under-estimate just how frequently computers mess up. Organizations who've been using computers for critical financial systems for a long time, will know they're fallible and have procedures in place to resolve the inevitable problems. ie people whose job is to manually correct the mistakes. This gives the outside world the illusion that the computers are reliable. Those deploying and running this PO Horizon system clearly did not understand this need.

berrange,
@berrange@hachyderm.io avatar

@penguin42 I think it also says a lot about the PO mgmt view of their postmasters. To assume the worst - that all these people were criminals - and discard the possibility of other causes exposes pre-existing bias in the mgmt viewpoint IMHO. The focus on the software feels like a way to deflect blame away from the people in charge who actually made the bad decisions.

berrange, to random
@berrange@hachyderm.io avatar

Public EV chargepoint install rates in the UK are ramping nicely:

Aug 2018: 10,000
+2 years - Sep 2020: 20,000
+1.5 years - Feb 2022: 30,000
+1 year - Feb 2023: 40,000
+0.5 years - Oct 2023: 50,000

and then there's the other 680,000 chargepoints at homes and businesses which have more restrictive access.

https://eandt.theiet.org/content/articles/2023/10/uk-installs-50-000th-electric-vehicle-charger/

which is implicitly referencing this source:

https://www.zap-map.com/news/uk-50000-charge-point-milestone

berrange, to random
@berrange@hachyderm.io avatar

wrote a little bit about a tiny tool I created a few months ago called 'byebyebios', which can inject a MBR sector to VM disk images, informing users that they must use UEFI, if they accidentally try to run with legacy BIOS.

https://www.berrange.com/posts/2023/10/06/bye-bye-bios-a-tool-for-when-you-need-to-warn-users-the-vm-image-is-efi-only/

berrange, to random
@berrange@hachyderm.io avatar

API design rule:

consider an API param (or struct field) for a quantity of something. Please don't just call it 'quantity' or 'something_quantity'.

Always include the units in the name.

eg for data 'size_bytes', 'size_kb', 'size_mb', NEVER just 'size'; for time 'duration_secs', 'duration_ms', 'duration_ns', NEVER just 'duration'.

Don't make developers re-visit the API docs to understand it. Including units in the name makes semantics self-documenting when reading code and avoids many bugs

berrange,
@berrange@hachyderm.io avatar

@penguin42 you don't see the type when calling APIs / setting fields though

eg

somefunc(size_kb = 7)

[assuming non-C lang with named parameters in this example]

or

somestructvariable.size_kb = 7

immediately tells the author & reviewer what they're working with.

penguin42, to random
@penguin42@mastodon.org.uk avatar

People seem to be very negative about this new wind-powered cargo ship; but it seems pretty good to me! This isn't just tacking sails onto an existing ship, and wind power by itself is pretty useless for a cargo ship these days.

https://www.bbc.co.uk/news/technology-66543643

berrange,
@berrange@hachyderm.io avatar

@penguin42 agreed, every innovation that can help reduce emissions is worthwhile trying, especially for difficult to decarbonize sectors like long distance shipping.

The really big win will come from eliminating demand for shipping fossil fuels around the seas, by converting electric grid generation and ground transport off fossil fuels. That should kill something approaching 40% of all shipping traffic. Supplemental wind power will be a nice benefit for the remaining shipping needs.

globalc, to c64
@globalc@chaos.social avatar

Interesting use of AI:

Imagine you have a CPU with unknown design. If you look long enough at what goes in and comes out, the AI software can come up with a CPU design delivering the same I/O patterns.

Seems like they did this successfully with Intel 486 CPUs, and did run Linux then on the resulting/own designed CPU.

Reminds me that at least one chip of the does not have a modern replacement..

https://arxiv.org/abs/2306.12456?utm_source=substack&utm_medium=email

berrange,
@berrange@hachyderm.io avatar

@penguin42 @globalc I'm imagining using it to generate emulator code for CPUs and other arbitrary hardware devices QEMU needs !

berrange, to random
@berrange@hachyderm.io avatar

the crazy difficult bugs that take days to untangle are often the most stimulating ones in the long run, as they're a break from the mundane. You hate them at the time of course, but once you look back on it, they are very satisfying bits of work. My recent favourite was finding and fixing a horribly rare race condition with futex() / errno splattering bug in glib https://gitlab.gnome.org/GNOME/glib/-/issues/3034

berrange,
@berrange@hachyderm.io avatar

@penguin42 but you don't even think to look at that function in the first place, as it can't possibly fail that way :-) Only once you've wasted time investigating the other scenarios do you re-evaluate the first (bogus) assumption about it being impossible to fail :-)

berrange, to random
@berrange@hachyderm.io avatar

"We conclude that Betelgeuse should currently be in a late phase (or near the end) of the core carbon burning. After carbon is exhausted in the core, a core-collapse leading to a supernova explosion is expected in a few tens years"

https://arxiv.org/pdf/2306.00287.pdf

penguin42, to random
@penguin42@mastodon.org.uk avatar

Hopefully that's enough sealent splattered around the shower. I hate that stuff, in particular my lungs also hate it and feel a bit crap for a day or two.

berrange,
@berrange@hachyderm.io avatar

@penguin42 I need to try some of the Marmox Multibond sealant which is 100% solvent free / zero VOC, but always find myself needing it in hurry and getting whatever is in Screwfix on the day.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • cubers
  • DreamBathrooms
  • InstantRegret
  • tacticalgear
  • magazineikmin
  • Youngstown
  • thenastyranch
  • mdbf
  • slotface
  • rosin
  • modclub
  • kavyap
  • ethstaker
  • megavids
  • osvaldo12
  • khanakhh
  • cisconetworking
  • Durango
  • everett
  • ngwrru68w68
  • Leos
  • normalnudes
  • GTA5RPClips
  • tester
  • anitta
  • provamag3
  • lostlight
  • All magazines
    •