codonell

@codonell@fosstodon.org

Free software volunteer. Steward for the GNU C Library. GNU Toolchain Fund trustee https://fosstodon.org/@gnutools. Distinguished Engineer @RedHat.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

drewdevault, to random
@drewdevault@fosstodon.org avatar

A question that is of interest today is "should a code of conduct apply outside of its borders?" In other words, can a project hold someone accountable for their behavior outside of that project's spaces?

The short answer is "yes". The long answer is "we live in a society".

🧵

codonell,

@drewdevault Agreed. "In addition, violations of this code outside these spaces may affect a person's ability to participate within them." https://sourceware.org/glibc/wiki/CoC/Conduct

drewdevault, to random
@drewdevault@fosstodon.org avatar

I needed a break from Real Work, so I'm speedrunning writing a Unix-ish operating system

Day 3

codonell,

@drewdevault "A fork() in the road" https://www.microsoft.com/en-us/research/uploads/prod/2019/04/fork-hotos19.pdf

codonell,

@drewdevault Sorry, no judgement here, just wanted to point out an interesting paper I'd read recently only for the first time. And that perhaps might influence how deeply one plumbs fork as an abstraction into the OS.

drewdevault, to random
@drewdevault@fosstodon.org avatar

Brief aside: if you're wondering why the Linux Foundation endorsed Valkey, it helps to note that 4/5 of the commercial interests behind Valkey are gold or platinum members of the Linux Foundation.

Together the leadership of Valkey represents a bit over $1.1M of the Linux Foundation's annual budget. They say "jump" and LF says "how high".

LF is a consortium of commercial interests, nothing more.

codonell,

@drewdevault Yes, absolutely, the LF is a 501(c)(6) which means they exist to serve the interests of their members. The actions they take are in the interest of their members... but how do those members arrive at their positions? My opinion is that it is up to the technical leadership within the companies to champion why we should be using copyleft licenses and advocate for that. At which point the LF supports what the membership asks for it to support.

codonell, to random

And glibc now has a Code of Conduct: https://inbox.sourceware.org/libc-alpha/ea69deee-0277-da10-db41-75598bbfdbfc@redhat.com/T/#u
... if you'd like to volunteer for the CoCC: https://inbox.sourceware.org/libc-alpha/bb54e1b7-6250-86d6-10d4-92e909bce632@redhat.com/T/#u
At this point we have CoCs covering gcc, binutils and glibc.

codonell, to random

Awesome to see GCC adopt a CoC, now to consider this for all GNU Toolchain projects. "Announcing GCC Code of Conduct" https://gcc.gnu.org/pipermail/gcc/2023-June/241826.html

jwildeboer, (edited ) to random
@jwildeboer@social.wildeboer.net avatar

A kinda weird question. If you were to write an , just the standard document itself: Under what license would you put it to make sure it is irrevocably available for free to anyone but also making sure it cannot be altered by downstream recipients? 1/n

codonell,

@jwildeboer @richardfontana A standard that can be modified creates another standard; meeting the possibly different requirements of another community, and those changes may make their way back to the upstream standard as improvements never before considered.

codonell, to random

Taking an outcomes based approach at rolling release branch backport policy for glibc: https://sourceware.org/pipermail/libc-alpha/2023-March/146031.html

brainwane, (edited ) to opensource
@brainwane@social.coop avatar

Some enterprises, in the wake of #xz, are focusing on their metrics for #opensource dependencies they ingest..... rather than investing money, developer time, or other resources* to directly support maintainers.

But as I mentioned to a friend recently:

If downstreams do not provide at least as much support as a motivated attacker would, we're likely to continue to get these kinds of outcomes - & to be deceived, as attackers shape their efforts to trick the metrics.

codonell,

@brainwane Fantastic writeup. I empathize most with the coaching and cheerleading 😃

codonell, to random

It was a fairly smooth run through the full set of steps for the most recent CVE as a glibc CNA: https://inbox.sourceware.org/libc-announce/302f32ba-10f4-4928-8f44-ce19c668ca04@linaro.org/T/#u

codonell, to random

Yes, everything needs a test case :-) https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=dfe8c445883a50a55564b02b6957257bfc510db4

codonell, to random

Failing is OK. We can learn a lot when we fail. https://inbox.sourceware.org/libc-alpha/cf4a8045-c824-6f1c-ffd1-e433aa45ef2c@redhat.com/T/#u

codonell, to random

The secret-gift-giving season arrived early... with the gift of Autoconf 2.72 🎁
https://lists.gnu.org/archive/html/autoconf/2023-12/msg00037.html
Frederic Berat has been working on Fedora tooling to do orchestrated mass package rebuilds (https://gitlab.com/fedora/packager-tools/mass-prebuild) and the first question that tooling had to answer was "show me we happens when we update autoconf in Fedora?"

codonell, to random

glibc 2.39 released! https://inbox.sourceware.org/libc-announce/38790850.J2Yia2DhmK@pinacolada/T/#u - We have an advisories format! And 3 last-minute CVE fixes 😃

eniko, to random
@eniko@peoplemaking.games avatar

oh no

i added the ability to use a custom allocator to my unmanaged memory arenas

which means

i could make arenas for arenas

oh no what have i done

codonell,

@eniko @slaeshjag systemd was using the residual space from malloc() via malloc_usable_size(), but we've not recommended that for general use even if jemalloc supports it by reporting the full size allocated. We really need a more industry standard approach to this API issue e.g. https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2021/p0401r6.html

bluca, to random
@bluca@fosstodon.org avatar

Alright, this took some team effort but in git main we are now at:

$ lddtree build/libsystemd.so.0
build/libsystemd.so.0 (interpreter => None)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
ld-linux-x86-64.so.2 => /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2

for a full-feature build, down 5 libs which are now dlopened on demand. Last one, libcap, will need to be swapped for some ioctls which won't happen for this release.

codonell,

@bluca Congratulations! If dlopen() doesn't do what it says on the tin you know where to find us 😃

codonell,

@bluca Yes, we don't defer as much as possible with -Wl,z,lazy (for semantic reasons). The difficulty has been in hardening the in-memory process image from attack. Delaying loading means we would need some novel way to segregate those control structures AND keep the same security features. RELRO took the low-cost high-value approach of immediate binding and hardening.

codonell,

@bluca Do you have any pointers to these features on OSX? You would have to have a way for a compiled function call to fail, and the language has to have semantics for that.

azonenberg, to random
@azonenberg@ioc.exchange avatar

TIL that if you have a large enough input dataset, it's possible for the NIST MIST plugin for ImageJ to generate a TIFF file >2^32 bytes in size.

Except this isn't allowed by the spec since all of the pointers to offsets in the file are 32 bit.

If you then attempt to open this malformed file in GIMP, it will appear to load normally until it hits some point a bit past the 4GB boundary, at which point you get some kind of integer overflow or something.

I'm not sure what happens next because my machine with 128GB RAM froze up for a while and ultimately GIMP got oomkilled. But nothing good, that's for sure.

codonell,

@azonenberg cough cough Just rewrite GIMP in Rust right? 🤪

codonell,

@azonenberg It's not entirely clear to me that such a thing is not possible. Why can't the IFD use TYPE = double?

codonell,

@azonenberg ZOMG, 121 pages for the TIFF 6.0 spec... with 13 extensions. Yeah only 32-bits for the first IFD offset. Were the authors being cheeky here "Readers must follow the pointers wherever they may lead." That's kind of ominous to write in a spec?

purpleidea, to random
@purpleidea@mastodon.social avatar

After upgrading Fedora, it seems /etc/nsswitch.conf management has changed again, and what is authselect and was it always here? Well, something nuked my old nsswitch.conf file anyways!

Looking forward for @pid_eins and systemd to replace this and all the pam config stuff with something modern and sane!

codonell,

@purpleidea @pid_eins Yes, authselect has always been there, about 6 years in Fedora IIRC, and in general glibc handed file ownership of /etc/nsswitch.conf over to authselect in 2021 (https://bugzilla.redhat.com/show_bug.cgi?id=2023741) for Fedora. I agree that something more integrated could be more beneficial.

codonell, to random

Don't forget that Y2038 is coming...

brainwane, to random
@brainwane@social.coop avatar

https://www.askamanager.org/2024/02/my-store-is-doing-great-because-im-breaking-all-our-policies.html

"I feel like everything I’ve done to make our store a good place to work at and shop at has been directly at odds with the instructions and directions I am supposed to be following."

Echoes of so many critiques of human institutions - "On the Psychology of Military Incompetence" (by Norman Dixon, 1976) comes to mind for me. Also, this is kind of the opposite of the classic principal-agent problem.

codonell,

@brainwane Would you also suggest tempering that inspiration with "I need to practice communicating the value of FOSS to non-technical audiences?" :-)

thejpster, to random
@thejpster@hachyderm.io avatar

https://github.com/rust-embedded-community/tinyrlibc/issues/22

I appreciate the bug report but the fix is obvious and much smaller than the huge block of Asan output posted. It’s cool the tool found the bug but you can just say “3 is bigger than 2” and I’ll believe you.

codonell,

@thejpster As a maintainer I continually underestimate that contributing to open source can be intimidating, and having something like "Asan output" may help a developer post publicly. Summoning @brainwane for a cross check. Your response on the bug was perfect... but I expect you'll always see posts like this where the poster shows you their work either because they are proud of it or because they are intimidated by contributing publicly. $0.02.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • Durango
  • mdbf
  • osvaldo12
  • magazineikmin
  • tacticalgear
  • rosin
  • thenastyranch
  • Youngstown
  • InstantRegret
  • slotface
  • everett
  • kavyap
  • DreamBathrooms
  • JUstTest
  • khanakhh
  • ethstaker
  • cubers
  • tester
  • modclub
  • ngwrru68w68
  • GTA5RPClips
  • cisconetworking
  • megavids
  • anitta
  • normalnudes
  • Leos
  • lostlight
  • All magazines
    •