Language Selection

English French German Italian Portuguese Spanish

Debian

Syndicate content
Planet Debian - https://planet.debian.org/
Updated: 12 hours 11 min ago

Antoine Beaupré: The CLA Denial-Of-Service attack

Monday 24th of February 2020 03:32:53 PM

I just stumbled upon this weird mind bender this morning. I have found what I believe is a simple typo in the Ganeti documentation which has a trivial fix. But then, before I submitted a PR to fix it, I remembered that I had trouble getting stuff merged in Ganeti before. That's because they require a CLA (which is already annoying enough) that requires a Google account to sign (which is simply unacceptable). So that patch has been sitting there for months, unused and I haven't provided a patch for the other issue because of this very problem.

But that got me thinking. If I would want to mess things up real bad in a CLA-using project I don't like and:

  1. find a critical bug
  2. figure out a patch for the bug
  3. publish the patch in their issue tracker
  4. forever refuse to sign the CLA

Then my patch, and any derivative, would be unmergeable. If the bug is trivial enough, it might even be impossible to fix it without violating the letter of the law, or at least the process that project as adhered to.

Obviously, there's a flaw in that logic. A CLA is an agreement between a project and a (new) contributor. A project does not absolutely requires the contributor to sign the agreement to accept its contributions, in theory. It's the reverse: for the contributor to have their patch accepted, they need to accept the CLA. But the project could accept contributions without CLA without violating the law.

But it seems that projects sometimes end up doing a DOS on themselves by refusing perfectly fine contributions from drive-by contributors who don't have time to waste filling forms on all projects they stumble upon.

In the case of this typo, I could have submitted a patch, but because I didn't sign a CLA, again, the project couldn't have merged it without breaking their own rules, even if someone else submits the same patch, after agreeing to the CLA. So, in effect, I would have DOS'd the project by providing the patch, so I just opened an issue which strangely — and hopefully — isn't covered by the CLA.

Feels kind of stupid, really...

Instances of known self-imposed CLA DOS attacks:

Russ Allbery: Book haul

Monday 24th of February 2020 05:04:00 AM

I have been reading rather more than my stream of reviews might indicate, although it's been almost all non-fiction. (Since I've just started a job in astronomy, I decided I should learn something about astronomy. Also, there has been some great non-fiction published recently.)

Ilona Andrews — Sweep with Me (sff)
Conor Dougherty — Golden Gates (non-fiction)
Ann K. Finkbeiner — A Grand and Bold Thing (non-fiction)
Susan Fowler — Whistleblower (non-fiction)
Evalyn Gates — Einstein's Telescope (non-fiction)
T. Kingfisher — Paladin's Grace (sff)
A.K. Larkwood — The Unspoken Name (sff)
Murphy Lawless — Raven Heart (sff)
W. Patrick McCray — Giant Telescopes (non-fiction)
Terry Pratchett — Men at Arms (sff)
Terry Pratchett — Soul Music (sff)
Terry Pratchett — Interesting Times (sff)
Terry Pratchett — Maskerade (sff)
Terry Pratchett — Feet of Clay (sff)
Ethan Siegel — Beyond the Galaxy (non-fiction)
Tor.com (ed.) — Some of the Best from Tor.Com 2019 (sff anthology)

I have also done my one-book experiment of reading Terry Pratchett on the Kindle and it was a miserable experience due to the footnotes, so I'm back to buying Pratchett in mass market paperback.

Russ Allbery: Review: Sweep with Me

Monday 24th of February 2020 03:21:00 AM

Review: Sweep with Me, by Ilona Andrews

Series: Innkeeper Chronicles #5 Publisher: NYLA Copyright: 2020 ISBN: 1-64197-136-3 Format: Kindle Pages: 146

Sweep with Me is the fifth book in the Innkeeper Chronicles series. It's a novella rather than a full novel, a bit of a Christmas bonus story. Don't read this before One Fell Sweep; it will significantly spoil that book. I don't believe it spoils Sweep of the Blade, but it may in some way that I don't remember.

Dina and Sean are due to appear before the Assembly for evaluation of their actions as Innkeepers, a nerve-wracking event that could have unknown consequences for their inn. The good news is that this appointment is going to be postponed. The bad news is that the postponement is to allow them to handle a special guest. A Drífan is coming to stay in the Gertrude Hunt.

One of the drawbacks of this story is that it's never clear about what a Drífan is, only that they are extremely magical, the inns dislike them, and they're incredibly dangerous. Unfortunately for Dina, the Drífan is coming for Treaty Stay, which means she cannot turn them down. Treaty Stay is the anniversary of the Treaty of Earth, which established the inns and declared Earth's neutrality. During Treaty Stay, no guest can be turned away from an inn. And a Drífan was one of the signatories of the treaty.

Given some of the guests and problems that Dina has had, I'm a little dubious of this rule from a world-building perspective. It sounds like the kind of absolute rule that's tempting to invent during the first draft of a world background, but that falls apart when one starts thinking about how it might be abused. There's a reason why very few principles of law are absolute. But perhaps we only got the simplified version of the rules of Treaty Stay, and the actual rules have more nuance. In any event, it serves its role as story setup.

Sweep with Me is a bit of a throwback to the early books of the series. The challenge is to handle guests without endangering the inn or letting other people know what's going on. The primary plot involves the Drífan and an asshole businessman who is quite easy to hate. The secondary plots involve a colloquium of bickering, homicidal chickens, a carnivorous hunter who wants to learn how Dina and Sean resolved a war, and the attempts by Dina's chef to reproduce a fast-food hamburger for the Drífan.

I enjoyed the last subplot the best, even if it was a bit predictable. Orro's obsession with (and mistaken impressions about) an Earth cooking show are the sort of alien cultural conflict that makes this series fun, and Dina's willingness to take time away from various crises to find a way to restore his faith in his cooking is the type of action that gives this series its heart. Caldenia, Dina's resident murderous empress, also gets some enjoyable characterization. I'm not sure what I thought a manipulative alien dictator would amuse herself with on Earth, but I liked this answer.

The main plot was a bit less satisfying. I'm happy to read as many stories about Dina managing alien guests as Andrews wants to write, but I like them best when I learn a lot about a new alien culture. The Drífan feel more like a concept than a culture, and the story turns out to revolve around human rivalries far more than alien cultures. It's the world-building that sucks me into these sorts of series; my preference is to learn something grand about the rest of the universe that builds on the ideas already established in the series and deepens them, but that doesn't happen.

The edges of a decent portal fantasy are hiding underneath this plot, but it all happened in the past and we don't get any of the details. I liked the Drífan liege a great deal, but her background felt disappointingly generic and I don't think I learned anything more about the universe.

If you like the other Innkeeper Chronicles books, you'll probably like this, but it's a minor side story, not a continuation of the series arc. Don't expect too much from it, but it's a pleasant diversion to bide the time until the next full novel.

Rating: 7 out of 10

Steve McIntyre: What can you preseed when installing Debian?

Monday 24th of February 2020 12:55:00 AM

Preseeding is a very useful way of installing and pre-configuring a Debian system in one go. You simply supply lots of the settings that your new system will need up front, in a preseed file. The installer will use those settings instead of asking questions, and it will also pass on any extra settings via the debconf database so that any further package setup will use them.

There is documentation about how to do this in the Debian wiki at https://wiki.debian.org/DebianInstaller/Preseed, and an example preseed file for our current stable release (Debian 10, "buster") in the release notes.

One complaint I've heard is that it can be difficult to work out exactly the right data to use in a preseed file, as the format is not the easiest to work with by hand. It's also difficult to find exactly what settings can be changed in a preseed.

So, I've written a script to parse all the debconf templates in each release in the Debian archive and dump all the possible settings in each. I've put the results up online at my debian-preseed site in case it's useful. The data will be updated daily as needed to make sure it's current.

Enrico Zini: Assorted wonders

Sunday 23rd of February 2020 11:00:00 PM
Daily Science Fiction :: Rules For Living in a Simulation by Aubrey Hirsch fiction archive.org 2020-02-24 «Listen. We're fairly certain it's true. The laws of the universe just don't make sense the way they should and it's more and more apparent with every atom of gold we run through the Relativistic Heavy Ion Collider and every electron we smash up at the Large Hadron Collider that we are living in a universe especially constructed for us. And, since we all know infinities cannot be constructed, we must conclude that our universe has been simulated.…» Missionary Church of Kopimism - Wikipedia religion archive.org 2020-02-24 The Missionary Church of Kopimism (in Swedish Missionerande Kopimistsamfundet), is a congregation of file sharers who believe that copying information is a sacred virtue and was founded by Isak Gerson, a 19-year-old philosophy student, and Gustav Nipe in Uppsala, Sweden in the autumn of 2010.[6] The Church, based in Sweden, has been officially recognized by the Legal, Financial and Administrative Services Agency as a religious community in January 2012, after three application attempts. The Perfect Tribe - Bizzarro Bazar bias archive.org 2020-02-24 I cannibali Korowai vivono in cima agli alberi. Ma è tutto vero? The Korowai cannibals live on top of trees. But is it true? Usanza tutta islandese di celebrare il Natale intonando canzoni pop italiane music archive.org 2020-02-24 “Siccome @ciocci mi ha confessato che la cosa gli stava facendo esplodere la testa, e siccome io stesso da tempo ero alla ricerca di risposte adeguate sul tema, ho fatto un po’ di ricerche sull'usanza tutta islandese di celebrare il Natale intonando canzoni pop italiane

Russ Allbery: Review: Exit Strategy

Sunday 23rd of February 2020 04:46:00 AM

Review: Exit Strategy, by Martha Wells

Series: Murderbot Diaries #4 Publisher: Tor.com Copyright: October 2018 ISBN: 1-250-18546-7 Format: Kindle Pages: 172

Exit Strategy is the fourth of the original four Murderbot novellas. As you might expect, this is not the place to begin. Both All Systems Red (the first of the series) and Rogue Protocol (the previous book) are vital to understanding this story.

Be warned that All Systems Red sets up the plot for the rest of the series, and thus any reviews of subsequent books (this one included) run the risk of spoiling parts of that story. If you haven't read it already, I recommend reading it before this review. It's inexpensive and very good!

When I got back to HaveRotten Station, a bunch of humans tried to kill me. Considering how much I'd been thinking about killing a bunch of humans, it was only fair.

Murderbot is now in possession of damning evidence against GrayCris. GrayCris knows that, and is very interested in catching Murderbot. That problem is relatively easy to handle. The harder problem is that GrayCris has gone on the offensive against Murderbot's former client, accusing her of corporate espionage and maneuvering her into their territory. Dr. Mensah is now effectively a hostage, held deep in enemy territory. If she's killed, the newly-gathered evidence will be cold comfort.

Exit Strategy, as befitting the last chapter of Murderbot's initial story arc, returns to and resolves the plot of the first novella. Murderbot reunites with its initial clients, takes on GrayCris directly (or at least their minions), and has to break out of yet another station. It also has to talk to other people about what relationship it wants to have with them, and with the rest of the world, since it's fast running out of emergencies and special situations where that question is pointless.

Murderbot doesn't want to have those conversations very badly because they result in a lot of emotions.

I was having an emotion, and I hate that. I'd rather have nice safe emotions about shows on the entertainment media; having them about things real-life humans said and did just led to stupid decisions like coming to TransRollinHyfa.

There is, of course, a lot of the normal series action: Murderbot grumbling about other people's clear incompetence, coming up with tactical plans on the fly, getting its clients out of tricky situations, and having some very satisfying fights. But the best part of this story is the reunion with Dr. Mensah. Here, Wells does something subtle and important that I've frequently encountered in life but less commonly in stories. Murderbot has played out various iterations of these conversations in its head, trying to decide what it would say. But those imagined conversations were with its fixed and unchanging memory of Dr. Mensah. Meanwhile, the person underlying those memories has been doing her own thinking and reconsideration, and is far more capable of having an insightful conversation than Murderbot expects. The result is satisfying thoughtfulness and one of the first times in the series where Murderbot doesn't have to handle the entire situation by itself.

This is one of those conclusions that's fully as satisfying as I was hoping it would be without losing any of the complexity. The tactics and fighting are more of the same (meaning that they're entertaining and full of snark), but Dr. Mensah's interactions with Murderbot now that she's had the time span of two intervening books to think about how to treat it are some of the best parts of the series. The conclusion doesn't answer all of the questions raised by the series (which is a good thing, since I want more), but it's a solid end to the plot arc.

The sequel, a full-length Murderbot novel (hopefully the first of many) titled Network Effect, is due out in May of 2020.

Rating: 9 out of 10

Dirk Eddelbuettel: digest 0.6.25: Spookyhash bugfix

Saturday 22nd of February 2020 11:42:00 PM

And a new version of digest is getting onto CRAN now, and to Debian shortly.

digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64, murmur32, and spookyhash algorithms) permitting easy comparison of R language objects. It is a fairly widely-used package (currently listed at 889k monthly downloads with 255 direct reverse dependencies and 7340 indirect reverse dependencies) as many tasks may involve caching of objects for which it provides convenient general-purpose hash key generation.

This release is a one issue fix. Aaron Lun noticed some issues when spookyhash is used in streaming mode. Kendon Bell, who also contributed spookyhash quickly found the issue which is a simple oversight. This was worth addressing in new release, so I pushed 0.6.25.

CRANberries provides the usual summary of changes to the previous version.

For questions or comments use the issue tracker off the GitHub repo.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Norbert Preining: QOwnNotes for Debian

Saturday 22nd of February 2020 10:07:25 PM

QOwnNotes is a cross-platform plain text and markdown note taking application. By itself, it wouldn’t be something to talk about, we have vim and emacs and everything in between. But QOwnNotes integrates nicely with the Notes application from NextCloud and OwnCloud, as well as providing useful integration with NextCloud like old version of notes, access to deleted files, watching changes, etc.

The program is written using Qt and contains, besides language files and desktop entries only one binary. There is a package in a PPA for Ubuntu, so it was a breeze to package, converting the cdbs packaging from the ppa to debhelper on the way.

Source packages and amd64 binaries for sid/testing and buster are available at

deb https://www.preining.info/debian unstable main deb-src https://www.preining.info/debian unstable main

and

deb https://www.preining.info/debian buster main deb-src https://www.preining.info/debian buster main

respectively. The git repository is als available.

Enjoy.

Martin Michlmayr: ledger2beancount 2.0 released

Saturday 22nd of February 2020 01:28:50 PM

I released version 2.0 of ledger2beancount, a ledger to beancount converter.

Here are the changes in 2.0:

  • Handle comments in account and commodity declarations
  • Handle transactions with a single posting (without bucket)
  • Handle empty metadata values
  • Rewrite Emacs modeline

You can get ledger2beancount from GitHub.

Dirk Eddelbuettel: RcppSimdJson 0.0.2: First Update!

Saturday 22nd of February 2020 12:55:00 PM

Following up on the initial RcppSimdJson release, a first updated arrived on CRAN yesterday.

RcppSimdJson wraps the fantastic simdjson library by Daniel Lemire which truly impressive. Via some very clever algorithmic engineering to obtain largely branch-free code, coupled with modern C++ and newer compiler instructions, it results in persing gigabytes of JSON parsed per second which is quite mindboggling. I highly recommend the video of the recent talk by Daniel Lemire at QCon (which was also voted best talk). The best-case performance is ‘faster than CPU speed’ as use of parallel SIMD instructions and careful branch avoidance can lead to less than one cpu cycle use per byte parsed.

This release syncs the simdjson headers with upstream, and polishes the build a little by conditioning on actually having a C++17 compiler rather than just suggesting it. The NEWS entry follows.

Changes in version 0.0.2 (2020-02-21)
  • Sychronized with upstream (Dirk in #4 and #5).

  • The R side of validateJSON now globs the file argument, expanding symbols like ~ appropriately.

  • C++ code in validateJSON now conditional on C++17 allowing (incomplete) compilation on lesser systems.

  • New helper function returning value of __cplusplus macro, used in package startup to warn if insufficient compiler used.

For questions, suggestions, or issues please use the issue tracker at the GitHub repo.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Russ Allbery: Review: All About Emily

Saturday 22nd of February 2020 04:38:00 AM

Review: All About Emily, by Connie Willis

Publisher: Subterranean Copyright: 2011 ISBN: 1-59606-488-9 Format: Kindle Pages: 96

Claire Havilland is a Broadway star, three-time Tony winner, and the first-person narrator of this story. She is also, at least in her opinion, much too old to star in the revival of Chicago, given that the role would require wearing a leotard and fishnet stockings. But that long-standing argument with her manager was just the warm-up request this time. The actual request was to meet with a Nobel-Prize-winning physicist and robotics engineer who will be the Grand Marshal of the Macy's Day Parade. Or, more importantly, to meet with the roboticist's niece, Emily, who has a charmingly encyclopedic knowledge of theater and of Claire Havilland's career in particular.

I'll warn that the upcoming discussion of the background of this story is a spoiler for the introductory twist, but you've probably guessed that spoiler anyway.

I feel bad when someone highly recommends something to me, but it doesn't click with me. That's the case with this novella. My mother loved the character dynamics, which, I'll grant, are charming and tug on the heartstrings, particularly if you enjoy watching two people geek at each other about theater. I got stuck on the world-building and then got frustrated with the near-total lack of engagement with the core problem presented by the story.

The social fear around robotics in All About Emily is the old industrialization fear given new form: new, better robots will be able to do jobs better than humans, and thus threaten human livelihoods. (As is depressingly common in stories like this, the assumptions of capitalism are taken for granted and left entirely unquestioned.) Willis's take on this idea is based on All About Eve, the 1950 film in which an ambitious young fan maneuvers her way into becoming the understudy of an aging Broadway star and then tries to replace her. What if even Broadway actresses could be replaced by robots?

As it turns out, the robot in question has a different Broadway role in mind. To give Willis full credit, it's one that plays adroitly with some stereotypes about robots.

Emily and Claire have good chemistry. Their effusive discussions and Emily's delighted commitment to research are fun to read. But the plot rests on two old SF ideas: the social impact of humans being replaced by machines, and the question of whether simulated emotions in robots should be treated as real (a slightly different question than whether they are real). Willis raises both issues and then does nothing with either of them. The result is an ending that hits the expected emotional notes of an equivalent story that raises no social questions, but which gives the SF reader nothing to work with.

Will robots replace humans? Based on this story, the answer seems to be yes. Should they be allowed to? To avoid spoilers, I'll just say that that decision seems to be made on the basis of factors that won't scale, and on experiences that a cynic like me thinks could be easily manipulated.

Should simulated emotions be treated as real? Willis doesn't seem to realize that's a question. Certainly, Claire never seems to give it a moment's thought.

I think All About Emily could have easily been published in the 1960s. It feels like it belongs to another era in which emotional manipulation by computers is either impossible or, at worst, a happy accident. In today's far more cynical time, when we're increasingly aware that large corporations are deeply invested in manipulating our emotions and quite good at building elaborate computer models for how to do so, it struck me as hollow and tone-deaf. The story is very sweet if you can enjoy it on the same level that the characters engage with it, but is not of much help in grappling with the consequences for abuse.

Rating: 6 out of 10

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, January 2020

Friday 21st of February 2020 05:00:08 PM

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports In January, 252 work hours have been dispatched among 14 paid contributors. Their reports are available: Evolution of the situation

January started calm until at the end of the month some LTS contributors met, some for the first time ever, at the Mini-DebCamp preceeding FOSDEM in Brussels. While there were no formal events about LTS at both events, such face2face meetings have proven to be very useful for future collaborations!
We currently have 59 LTS sponsors sponsoring 219h each month. Still, as always we are welcoming new LTS sponsors!

The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 33 packages needing an update.

Thanks to our sponsors

New sponsors are in bold (none this month).

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Andrej Shadura: Follow-up on the train journey to FOSDEM

Friday 21st of February 2020 02:09:28 PM

Here’s a recap of my train journey based on the Twitter thread I kept posting as I travelled.

To FOSDEM…

The departure from Bratislava was as planned:

Ready to depart from Bratislava hl. st.

Half an hour in Vienna was just enough for me to grab some coffee and breakfast and board the train to Frankfurt without a hurry:

Boarding a Deutsche Bahn ICE to Frankfurt am Main

Unfortunately, soon after we left Linz and headed to Passau, the train broke down. Apparently, it powered down and the driver was struggling to reboot it. After more than an hour at Haiding, we finally departed with a huge delay:

Trapped in Haiding near Linz

Since the 18:29 train to Brussels I needed to catch in Frankfurt was the last one that day, I was put into a hotel Leonardo across the street from Frankfurt Hbf, paid by Deutsche Bahn, of course. By the time of our arrival in Frankfurt, the delay was 88 minutes.

Hotel room in Frankfurt am Main

Luckily, I didn’t have to convince Deutsche Bahn to let me sleep in the morning, they happily booked me (for free) onto a 10:29 ICE to Brussels so I had an opportunity to have a proper breakfast at the hotel and spend some time at Coffee Fellows at the station.

Guten Morgen Frankfurt About to depart for Brussels

Fun fact: Aachen is called Cáchy in Czech, apparently as a corruption of an older German form ze Aachen.

Stopping at Aachen

Having met some Debian people on the train, I have finally arrived in Brussels, albeit with some delay. This, unfortunately meant that I haven’t gone to Vilvoorde to see a friend, so the regional tickets I bought online were useless.

Finally, Brussels!

… and back!

The trip home was much better in terms of missed trains, only if a tiny bit more tiring since I took it in one day.

Leaving Brussels on time

Going to Frankfurt, I’ve spent most of the time in the bistro carriage. Unfortunately, the espresso machine was broken and they didn’t have any croissants, but the tea with milk was good enough.

In the bistro carriage

I’ve used the fifty minutes I had in Frankfurt to claim the compensation for the delay, which (€33) I received in my bank account the next week.

The ICE train to Wien Hbf is about to depart Herzlich willkommen in Österreich!

Arrived at Wien Hbf The last leg

Finally, exactly twelve hours and one minute after the departure, almost home:

Finally home

Andrej Shadura: Follow-up on the train journey to FOSDEM

Friday 21st of February 2020 12:09:01 PM

Norbert Preining: Okular update for Debian

Friday 21st of February 2020 12:17:34 AM

The quest for a good tabbed pdf viewer lead me okular. While Gnome3 has gone they way of “keep it stupid keep it simple” to appeal to less versed users, KDE has gone the opposite direction and provides lots of bells and knobs to configure their application. Not surprisingly, I am tending more and more to KDE apps away from the redux stuff of Gnome apps.

Unfortunately, okular in Debian is horrible outdated. The version shipped in unstable is 17.12.2, there is a version 18.04 in experimental, and the latest from upstream git is 19.12.2. Fortunately, and thanks to the Debian maintainers, the packaging of the version in experimental can be adjusted without too much pain to the latest version, see this git repo.

You can find the sources and amd64 packages in my Debian repository:

deb https://www.preining.info/debian unstable main deb-src https://www.preining.info/debian unstable main

Enjoy.

Matthew Garrett: What usage restrictions can we place in a free software license?

Thursday 20th of February 2020 12:45:40 AM
Growing awareness of the wider social and political impact of software development has led to efforts to write licenses that prevent software being used to engage in acts that are seen as socially harmful, with the Hippocratic License being perhaps the most discussed example (although the JSON license's requirement that the software be used for good, not evil, is arguably an earlier version of the theme). The problem with these licenses is that they're pretty much universally considered to fall outside the definition of free software or open source licenses due to their restrictions on use, and there's a whole bunch of people who have very strong feelings that this is a very important thing. There's also the more fundamental underlying point that it's hard to write a license like this where everyone agrees on whether a specific thing is bad or not (eg, while many people working on a project may feel that it's reasonable to prohibit the software being used to support drone strikes, others may feel that the project shouldn't have a position on the use of the software to support drone strikes and some may even feel that some people should be the victims of drone strikes). This is, it turns out, all quite complicated.

But there is something that many (but not all) people in the free software community agree on - certain restrictions are legitimate if they ultimately provide more freedom. Traditionally this was limited to restrictions on distribution (eg, the GPL requires that your recipient be able to obtain corresponding source code, and for GPLv3 must also be able to obtain the necessary signing keys to be able to replace it in covered devices), but more recently there's been some restrictions that don't require distribution. The best known is probably the clause in the Affero GPL (or AGPL) that requires that users interacting with covered code over a network be able to download the source code, but the Cryptographic Autonomy License (recently approved as an Open Source license) goes further and requires that users be able to obtain their data in order to self-host an equivalent instance.

We can construct examples of where these prevent certain fields of endeavour, but the tradeoff has been deemed worth it - the benefits to user freedom that these licenses provide is greater than the corresponding cost to what you can do. How far can that tradeoff be pushed? So, here's a thought experiment. What if we write a license that's something like the following:

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. All permissions granted by this license must be passed on to all recipients of modified or unmodified versions of this work
2. This work may not be used in any way that impairs any individual's ability to exercise the permissions granted by this license, whether or not they have received a copy of the covered work

This feels like the logical extreme of the argument. Any way you could use the covered work that would restrict someone else's ability to do the same is prohibited. This means that, for example, you couldn't use the software to implement a DRM mechanism that the user couldn't replace (along the lines of GPLv3's anti-Tivoisation clause), but it would also mean that you couldn't use the software to kill someone with a drone (doing so would impair their ability to make use of the software). The net effect is along the lines of the Hippocratic license, but it's framed in a way that is focused on user freedom.

To be clear, I don't think this is a good license - it has a bunch of unfortunate consequences like it being impossible to use covered code in self-defence if doing so would impair your attacker's ability to use the software. I'm not advocating this as a solution to anything. But I am interested in seeing whether the perception of the argument changes when we refocus it on user freedom as opposed to an independent ethical goal.

Thoughts?

Edit:

Rich Felker on Twitter had an interesting thought - if clause 2 above is replaced with:

2. Your rights under this license terminate if you impair any individual's ability to exercise the permissions granted by this license, even if the covered work is not used to do so

how does that change things? My gut feeling is that covering actions that are unrelated to the use of the software might be a reach too far, but it gets away from the idea that it's your use of the software that triggers the clause.

comments

Gunnar Wolf: Made with Creative Commons at FIL Minería

Wednesday 19th of February 2020 08:00:00 AM

Book presentation!

Again, this message is mostly for people that can be at Mexico City on a relatively short notice.

Do you want to get the latest scoop on our translation of Made with Creative Commons? Are you interested in being at a most interesting session presented by the two officials of Creative Commons Mexico chapter, Irene Soria (@arenita) and Iván Martínez (@protoplasmakid) and myself?

Then… Come to the always great 41 Feria Internacional del Libro del Palacio de Minería! We will have the presentation next Monday (2020.02.24), 12:00, in Auditorio Sotero Prieto (Palacio de Minería).

How to get there? Come on… Don’t you know one of the most iconic and beautiful buildings in our historic center?

Kees Cook: security things in Linux v5.4

Wednesday 19th of February 2020 12:37:02 AM

Previously: v5.3.

Linux kernel v5.4 was released in late November. The holidays got the best of me, but better late than never! ;) Here are some security-related things I found interesting:

waitid() gains P_PIDFD
Christian Brauner has continued his pidfd work by adding a critical mode to waitid(): P_PIDFD. This makes it possible to reap child processes via a pidfd, and completes the interfaces needed for the bulk of programs performing process lifecycle management. (i.e. a pidfd can come from /proc or clone(), and can be waited on with waitid().)

kernel lockdown
After something on the order of 8 years, Linux can now draw a bright line between “ring 0” (kernel memory) and “uid 0” (highest privilege level in userspace). The “kernel lockdown” feature, which has been an out-of-tree patch series in most Linux distros for almost as many years, attempts to enumerate all the intentional ways (i.e. interfaces not flaws) userspace might be able to read or modify kernel memory (or execute in kernel space), and disable them. While Matthew Garrett made the internal details fine-grained controllable, the basic lockdown LSM can be set to either disabled, “integrity” (kernel memory can be read but not written), or “confidentiality” (no kernel memory reads or writes). Beyond closing the many holes between userspace and the kernel, if new interfaces are added to the kernel that might violate kernel integrity or confidentiality, now there is a place to put the access control to make everyone happy and there doesn’t need to be a rehashing of the age old fight between “but root has full kernel access” vs “not in some system configurations”.

tagged memory relaxed syscall ABI
Andrey Konovalov (with Catalin Marinas and others) introduced a way to enable a “relaxed” tagged memory syscall ABI in the kernel. This means programs running on hardware that supports memory tags (or “versioning”, or “coloring”) in the upper (non-VMA) bits of a pointer address can use these addresses with the kernel without things going crazy. This is effectively teaching the kernel to ignore these high bits in places where they make no sense (i.e. mathematical comparisons) and keeping them in place where they have meaning (i.e. pointer dereferences).

As an example, if a userspace memory allocator had returned the address 0x0f00000010000000 (VMA address 0x10000000, with, say, a “high bits” tag of 0x0f), and a program used this range during a syscall that ultimately called copy_from_user() on it, the initial range check would fail if the tag bits were left in place: “that’s not a userspace address; it is greater than TASK_SIZE (0x0000800000000000)!”, so they are stripped for that check. During the actual copy into kernel memory, the tag is left in place so that when the hardware dereferences the pointer, the pointer tag can be checked against the expected tag assigned to referenced memory region. If there is a mismatch, the hardware will trigger the memory tagging protection.

Right now programs running on Sparc M7 CPUs with ADI (Application Data Integrity) can use this for hardware tagged memory, ARMv8 CPUs can use TBI (Top Byte Ignore) for software memory tagging, and eventually there will be ARMv8.5-A CPUs with MTE (Memory Tagging Extension).

boot entropy improvement
Thomas Gleixner got fed up with poor boot-time entropy and trolled Linus into coming up with reasonable way to add entropy on modern CPUs, taking advantage of timing noise, cycle counter jitter, and perhaps even the variability of speculative execution. This means that there shouldn’t be mysterious multi-second (or multi-minute!) hangs at boot when some systems don’t have enough entropy to service getrandom() syscalls from systemd or the like.

userspace writes to swap files blocked
From the department of “how did this go unnoticed for so long?”, Darrick J. Wong fixed the kernel to not allow writes from userspace to active swap files. Without this, it was possible for a user (usually root) with write access to a swap file to modify its contents, thereby changing memory contents of a process once it got paged back in. While root normally could just use CAP_PTRACE to modify a running process directly, this was a loophole that allowed lesser-privileged users (e.g. anyone in the “disk” group) without the needed capabilities to still bypass ptrace restrictions.

limit strscpy() sizes to INT_MAX
Generally speaking, if a size variable ends up larger than INT_MAX, some calculation somewhere has overflowed. And even if not, it’s probably going to hit code somewhere nearby that won’t deal well with the result. As already done in the VFS core, and vsprintf(), I added a check to strscpy() to reject sizes larger than INT_MAX.

ld.gold support removed
Thomas Gleixner removed support for the gold linker. While this isn’t providing a direct security benefit, ld.gold has been a constant source of weird bugs. Specifically where I’ve noticed, it had been pain while developing KASLR, and has more recently been causing problems while stabilizing building the kernel with Clang. Having this linker support removed makes things much easier going forward. There are enough weird bugs to fix in Clang and ld.lld. ;)

Intel TSX disabled
Given the use of Intel’s Transactional Synchronization Extensions (TSX) CPU feature by attackers to exploit speculation flaws, Pawan Gupta disabled the feature by default on CPUs that support disabling TSX.

That’s all I have for this version. Let me know if I missed anything. :) Next up is Linux v5.5!

© 2020, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Daniel Silverstone: Subplot volunteers? (Acceptance testing tool)

Tuesday 18th of February 2020 08:24:57 PM

Note: This is a repost from Lars' blog made to widen the reach and hopefully find the right interested parties.

Would you be willing to try Subplot for acceptance testing for one of your real projects, and give us feedback? We're looking for two volunteers.

given a project
when it uses Subplot
then it is successful

Subplot is a tool for capturing and automatically verifying the acceptance criteria for a software project or a system, in a way that's understood by all stakeholders.

In a software project there are always more than one stakeholder. Even in a project one writes for oneself, there are two stakeholders: oneself, and that malicious cretin oneself-in-the-future. More importantly, though, there are typically stakeholders such as end users, sysadmins, clients, software architects, developers, and testers. They all need to understand what the software should do, and when it's in an acceptable state to be put into use: in other words, what the acceptance criteria are.

Crucially, all stakeholders should understand the acceptance criteria the same way, and also how to verify they are met. In an ideal situation, all verification is automated, and happens very frequently.

There are various tools for this, from generic documentation tooling (word processors, text editors, markup languages, etc) to test automation (Cucumber, Selenium, etc). On the one hand, documenting acceptance criteria in a way that all stakeholders understand is crucial: otherwise the end users are at risk of getting something that's not useful to help them, and the project is a waste of everyone's time and money. On the other hand, automating the verification of how acceptance criteria is met is also crucial: otherwise it's done manually, which is slow, costly, and error prone, which increases the risk of project failure.

Subplot aims to solve this by an approach that combines documentation tooling with automated verification.

  • The stakeholders in a project jointly produce a document that captures all relevant acceptance criteria and also describes how they can be verified automatically, using scenarios. The document is written using Markdown.

  • The developer stakeholders produce code to implement the steps in the scenarios. The Subplot approach allows the step implementations to be done in a highly cohesive, de-coupled manner, making such code usually be quite simple. (Test code should be your best code.)

  • Subplot's "docgen" program produces a typeset version as PDF or HTML. This is meant to be easily comprehensible by all stakeholders.

  • Subplot's "codegen" program produces a test program in the language used by the developer stakeholders. This test program can be run to verify that acceptance criteria are met.

Subplot started in in late 2018, and was initially called Fable. It is based on the yarn tool for the same purpose, from 2013. Yarn has been in active use all its life, if not popular outside a small circle. Subplot improves on yarn by improving document generation, markup, and decoupling of concerns. Subplot is not compatible with yarn.

Subplot is developed by Lars Wirzenius and Daniel Silverstone as a hobby project. It is free software, implemented in Rust, developed on Debian, and uses Pandoc and LaTeX for typesetting. The code is hosted on gitlab.com. Subplot verifies its own acceptance criteria. It is alpha level software.

We're looking for one or two volunteers to try Subplot on real projects of their own, and give us feedback. We want to make Subplot good for its purpose, also for people other than us. If you'd be willing to give it a try, start with the Subplot website, then tell us you're using Subplot. We're happy to respond to questions from the first two volunteers, and from others, time permitting. (The reality of life and time constraints is that we can't commit to supporting more people at this time.)

We'd love your feedback, whether you use Subplot or not.

Mike Gabriel: MATE 1.24 landed in Debian unstable

Tuesday 18th of February 2020 10:03:27 AM

Last week, Martin Wimpress (from Ubuntu MATE) and I did a 2.5-day packaging sprint and after that I bundle-uploaded all MATE 1.24 related components to Debian unstable. Thus, MATE 1.24 landed in Debian unstable only four days after the upstream release. I think this was the fastest version bump of MATE in Debian ever.

Packages should have been built by now for most of the 22 architectures supported by Debian. The current/latest build status can be viewed on the DDPO page of the Debian+Ubuntu MATE Packaging Team [1].

Please also refer to the MATE 1.24 upstream release notes for details on what's new and what's changed [2].

Credits

One big thanks goes to Martin Wimpress. Martin and I worked on all the related packages hand in hand. Only this team work made this very fast upload possible. Martin especially found the fix for a flaw in Python Caja that caused all Python3 based Caja extensions to fail in Caja 1.24 / Python Caja 1.24. Well done!

Another big thanks goes to the MATE upstream team. You again did an awesome job, folks. Much, much appreciated.

Last but not least, a big thanks goes to Svante Signell for providing Debian architecture specific patches for Debian's non-Linux distributions (GNU/Hurd, GNU/kFreeBSD). We will wait now until all MATE 1.24 packages have initially migrated to Debian testing and then follow-up upload his fixes. As in the past, MATE shall be available on as many Debian architectures as possible (ideally: all of them). Saying this, all Debian porters are invited to send us patches, if they see components of MATE Desktop fail on not-so-common architectures.

References

light+love,
Mike Gabriel (aka sunweaver)

More in Tux Machines

Games: Humble Store, Bully: Scholarship and DOSBox

  • Humble Store has a 'Tabletop Sale' going, some good Linux games on offer

    It's the start of another glorious week for Linux gaming and another big sale is going on again. Over on the Humble Store, they have a Tabletop Sale now live.

  • How to play Bully: Scholarship Edition on Linux

    Bully: Scholarship Edition is a remaster of Rockstar Game’s “Bully,” a game about a young kid working his way through the social hierarchy of high school, meeting girls, making friends, and causing mischief. The game is an open world, which is typical of Rockstar. Here’s how to get it working on your Linux PC.

  • DOSBox – Run classic DOS games on your Linux PC

    DOSBox is an open-source software that creates a virtual MS-DOS compatible environment, including sound, graphics, and basic networking. It enables you to run DOS applications without any modifications. Using this wonderful app, you can run your classic DOS games and compilers like Wolfenstein 3D, Prince of Persia, Turbo C++, and MASM on your Linux PC. DOSBox makes use of Simple DirectMedia Layer (SDL), a library designed to allow low-level access to hardware components like a mouse, keyboards, sound system, and graphics. It has made the whole process of porting easier to various platforms. Currently, DOSBox runs on several platforms like different Linux, Windows, and macOS.

The CLA Denial-Of-Service attack

Obviously, there's a flaw in that logic. A CLA is an agreement between a project and a (new) contributor. A project does not absolutely requires the contributor to sign the agreement to accept its contributions, in theory. It's the reverse: for the contributor to have their patch accepted, they need to accept the CLA. But the project could accept contributions without CLA without violating the law. But it seems that projects sometimes end up doing a DOS on themselves by refusing perfectly fine contributions from drive-by contributors who don't have time to waste filling forms on all projects they stumble upon. In the case of this typo, I could have submitted a patch, but because I didn't sign a CLA, again, the project couldn't have merged it without breaking their own rules, even if someone else submits the same patch, after agreeing to the CLA. So, in effect, I would have DOS'd the project by providing the patch, so I just opened an issue which strangely — and hopefully — isn't covered by the CLA. Read more

today's howtos

More Android Leftovers