Jonathan Corbet
Posts
186Following
25Followers
920
Jonathan Corbet
corbet
@mnalis SPF and DKIM are there and have been for some time. We just haven't done the DMARC part to tell sites that we mean it; I'm afraid to just turn it on, so I need to go through the reporting process and such, and just haven't found the time to figure out how to do that. Needless to say, my motivation level has increased...
0
0
0
Jonathan Corbet
corbet
If you think you got spam from me — it wasn't me, honest!
It would appear that the folks at belleclair.co.jp are running an open email relay (or have been compromised entirely). Some bright individual has been using it to send out massive volumes of spam and, for reasons known only to them, chose to put my return address on it. That has resulted in just short of 40,000 bounce messages landing in my inbox.
As a way to start your day, that just isn't as fun as it sounds.
A single notmuch command made the bounces go away; a couple of lines in header_checks has, so far, prevented the arrival of about 1,000 more. But spam with my email address on it, it seems, continues to flood the net.
Time to get serious about that DMARC setup in the hope that it might help, I guess. Email is so much fun.
It would appear that the folks at belleclair.co.jp are running an open email relay (or have been compromised entirely). Some bright individual has been using it to send out massive volumes of spam and, for reasons known only to them, chose to put my return address on it. That has resulted in just short of 40,000 bounce messages landing in my inbox.
As a way to start your day, that just isn't as fun as it sounds.
A single notmuch command made the bounces go away; a couple of lines in header_checks has, so far, prevented the arrival of about 1,000 more. But spam with my email address on it, it seems, continues to flood the net.
Time to get serious about that DMARC setup in the hope that it might help, I guess. Email is so much fun.
5
3
19
Jonathan Corbet
corbet
Ah...Sharper Image...where would we be without you...? The "precision of a chainsaw" indeed.
2
0
8
Jonathan Corbet
corbet
@luis_in_brief Banks has long been a favorite mine, will have to check out Kincaid's book.
I was always struck by how *boring* the Culture is. The books are never just about the Culture — they are about its interactions with outside, distinctly less utopian, civilizations.
Still...wouldn't it be fun to travel the galaxy on a smart-ass ship?
I was always struck by how *boring* the Culture is. The books are never just about the Culture — they are about its interactions with outside, distinctly less utopian, civilizations.
Still...wouldn't it be fun to travel the galaxy on a smart-ass ship?
1
0
1
Jonathan Corbet
corbet
On the radar: !CVE
An alternate list of (alleged) vulnerability numbers for problems that the designated CNA refuses to issue a CVE for.
https://lwn.net/ml/oss-security/c01c1617-641d-4ec2-847f-2e85ea4676f7@notcve.org/
Perhaps this is an effort to identify vulnerabilities that, for whatever reason, the Powers That Be won't recognize. It also looks like a way to circumvent efforts to combat the growing bogus-CVE problem, though.
An alternate list of (alleged) vulnerability numbers for problems that the designated CNA refuses to issue a CVE for.
https://lwn.net/ml/oss-security/c01c1617-641d-4ec2-847f-2e85ea4676f7@notcve.org/
Perhaps this is an effort to identify vulnerabilities that, for whatever reason, the Powers That Be won't recognize. It also looks like a way to circumvent efforts to combat the growing bogus-CVE problem, though.
2
4
6
Jonathan Corbet
corbet
Aww...they deleted my old videobuf document:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a2fffb488a3c
I'd actually forgotten that I wrote that thing at all, evidently I did it back in 2010...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4b586a38b04
Hopefully it was useful while it lasted.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a2fffb488a3c
I'd actually forgotten that I wrote that thing at all, evidently I did it back in 2010...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4b586a38b04
Hopefully it was useful while it lasted.
1
0
9
Jonathan Corbet
corbet
On the radar: what is the linux-kernel mailing list for? @monsieuricon is suggesting that many or most patch postings be redirected to a separate list:
https://lwn.net/ml/ksummit-discuss/20231106-venomous-raccoon-of-wealth-acc57c@nitro/
I've not jumped into the conversation because I'm still trying to figure out what I think about it. I'm one of those people who actually reads over that list; the broad view it provides is helpful in both the LWN and documentation-maintainer roles. But it *is* painful to keep up with.
LKML has traditionally been the place you post patches to get them reviewed. If that's not its role anymore, what is it for?
https://lwn.net/ml/ksummit-discuss/20231106-venomous-raccoon-of-wealth-acc57c@nitro/
I've not jumped into the conversation because I'm still trying to figure out what I think about it. I'm one of those people who actually reads over that list; the broad view it provides is helpful in both the LWN and documentation-maintainer roles. But it *is* painful to keep up with.
LKML has traditionally been the place you post patches to get them reviewed. If that's not its role anymore, what is it for?
4
2
7
Jonathan Corbet
corbet
LWN is trying to hire a full-time writer/editor:
https://lwn.net/Articles/949461/
Please talk to us if you think you might be interested, and pass on a pointer to anybody else who might be a good fit.
https://lwn.net/Articles/949461/
Please talk to us if you think you might be interested, and pass on a pointer to anybody else who might be a good fit.
3
215
74
Jonathan Corbet
corbet
@bookwar @llvm The thing is, I don't think we should have "reviewers" as a separate role. That is something that developers should be doing as a matter of course. They are best placed to do that work, but just as importantly, it's one of the best ways to learn about the kernel outside of one's little corner.
2
2
6
Jonathan Corbet
corbet
@bookwar @llvm That's funny, I could have sworn I talked about the need for people to do code reviews (I said that was the most important thing to take away from the talk), documentation writers (I *am* aware of documentation, after all), and so on. About how it shouldn't be the maintainers doing all of that.
I'm not really sure what else you think I should have wedged into a 20-minute slot; I'm sorry you were disappointed with it.
I'm not really sure what else you think I should have wedged into a 20-minute slot; I'm sorry you were disappointed with it.
2
0
0
Jonathan Corbet
corbet
@adamw @monsieuricon @Di4na @bars @marcan I have a different experience; I follow a vast number of projects on mailing lists quickly and efficiently - mostly without actually subscribing to the lists. But once a project disappears into its own special little web silo, it's gone from sight.
2
0
2
Jonathan Corbet
corbet
@vegard I stashed that stuff aside somewhere, would have to look. Not sure I can post it and ever show my face in public again, though...
C++ was my thought too, but I'm not convinced of that. I was wondering if somebody had been looking forward to features they never implemented.
C++ was my thought too, but I'm not convinced of that. I was wondering if somebody had been looking forward to features they never implemented.
0
0
2
Jonathan Corbet
corbet
@vegard The C-domain stuff spends a lot of time building an elaborate data structure that, as far as I can tell, it doesn't actually use. A couple of years or so ago I went in with a hatchet and hacked a lot of it out, with a build-time improvement of about 20%.
I ran out of time before I could go further with it. All that work must be there for *some* reason, and I'd need to figure it out and prepare a proper patch to even try to upstream that work, and that would take a while. It would be nice to get back to it...
I ran out of time before I could go further with it. All that work must be there for *some* reason, and I'd need to figure it out and prepare a proper patch to even try to upstream that work, and that would take a while. It would be nice to get back to it...
1
0
2
Jonathan Corbet
corbet
@adamw @bars @marcan Bug tracking is clearly a place where the kernel project falls down badly, agreed. We finally got regression tracking funded, but that's just barely the beginning of the problem.
For bug tracking, one aspect of the problem is a simple unwillingness on the part of many maintainers to bother with a bug tracker. That does not help at all.
The other part is something I'm going to poke people at the LF shindig about next week. Almost everybody who works on the kernel is paid to do it, but there are many areas that no company thinks it needs to worry about funding. Of the 5,000 developers who work on the kernel each year, not a single one of them is tasked with documentation — my own pet peeve. But (almost) nobody is paid to work on tools, and it hurts us in all kinds of ways, including bug tracking.
For bug tracking, one aspect of the problem is a simple unwillingness on the part of many maintainers to bother with a bug tracker. That does not help at all.
The other part is something I'm going to poke people at the LF shindig about next week. Almost everybody who works on the kernel is paid to do it, but there are many areas that no company thinks it needs to worry about funding. Of the 5,000 developers who work on the kernel each year, not a single one of them is tasked with documentation — my own pet peeve. But (almost) nobody is paid to work on tools, and it hurts us in all kinds of ways, including bug tracking.
4
5
15
Jonathan Corbet
corbet
@leftpaddotpy @marcan How is a forge for each subsystem ever going to work? This is one program we're dealing with, and an awful lot of work is not contained to a single subsystem.
1
0
3
Jonathan Corbet
corbet
@marcan @bars One of the worst things about working in the kernel — one of the most toxic parts — is the constant stream of nastiness toward our community that comes from outside.
The kernel community is far from perfect; we have a lot of problems and we have been actively working for years (decades) to improve on them.
We are, nonetheless, a project that manages to incorporate nearly 100,000 commits per year, from over 5,000 developers, into a single code base while maintaining a level of quality that — while also certainly in need of improvement — is good enough for deployment into billions of devices.
As for the use of email...email is painful and broken, but we have found nothing better that will work at the scale we need. See https://lwn.net/Articles/702177/ from a few years back. For all its faults, email is distributed, non-proprietary, scriptable, and gives everybody the freedom to choose their tools; it is a highly inclusive solution in a way that proprietary web forges (for example) are not. Someday we'll find something better and move on with a cry of joy, but that day has not come.
Rather than crapping on the kernel community from afar, why not work with us to try to make things better?
The kernel community is far from perfect; we have a lot of problems and we have been actively working for years (decades) to improve on them.
We are, nonetheless, a project that manages to incorporate nearly 100,000 commits per year, from over 5,000 developers, into a single code base while maintaining a level of quality that — while also certainly in need of improvement — is good enough for deployment into billions of devices.
As for the use of email...email is painful and broken, but we have found nothing better that will work at the scale we need. See https://lwn.net/Articles/702177/ from a few years back. For all its faults, email is distributed, non-proprietary, scriptable, and gives everybody the freedom to choose their tools; it is a highly inclusive solution in a way that proprietary web forges (for example) are not. Someday we'll find something better and move on with a cry of joy, but that day has not come.
Rather than crapping on the kernel community from afar, why not work with us to try to make things better?
7
20
56
Jonathan Corbet
corbet
@larsmb @failedLyndonLaRouchite As far as I know, I am one of those people who has never has Covid. I've tried to be careful about it, and it seems to have worked.
I, though, feel that I can only be so confident in any pronouncements that I have never had the disease. I know other people who have been very careful and who have been nailed anyway... that and the prevalence of asymptomatic cases says that there is a reasonable chance that I've hosted that virus at some point.
Saying that I may have had it despite the lack of evidence to that effect doesn't strike me as offensive, it's just an acknowledgement of the uncertainties around this whole thing.
I, though, feel that I can only be so confident in any pronouncements that I have never had the disease. I know other people who have been very careful and who have been nailed anyway... that and the prevalence of asymptomatic cases says that there is a reasonable chance that I've hosted that virus at some point.
Saying that I may have had it despite the lack of evidence to that effect doesn't strike me as offensive, it's just an acknowledgement of the uncertainties around this whole thing.
3
0
3
Jonathan Corbet
corbet
On the radar: who gets on the linux-distros mailing list?
linux-distros is where vulnerabilities and fixes are discussed prior to public disclosure. Given the nature of the material discussed, it is unsurprising that membership is limited. I seriously doubt they would let me on it...
CIQ (Rocky Linux) would like to join:
https://lwn.net/ml/oss-security/20231001130223.GA6586@openwall.com/
There has been some opposition to this membership, seemingly based on the ideas that (1) Rocky Linux isn't doing much of the way of original distribution work, and (2) as a (relatively) community-oriented project, it lacks a way to keep secrets. This view is not universally held, though.
Meanwhile, openEuler also wants in:
https://lwn.net/ml/oss-security/ZSyUUSF_-3YbT14k@workstation/
The concern here is potential legal issues related to openEuler's Chinese origins.
linux-distros is where vulnerabilities and fixes are discussed prior to public disclosure. Given the nature of the material discussed, it is unsurprising that membership is limited. I seriously doubt they would let me on it...
CIQ (Rocky Linux) would like to join:
https://lwn.net/ml/oss-security/20231001130223.GA6586@openwall.com/
There has been some opposition to this membership, seemingly based on the ideas that (1) Rocky Linux isn't doing much of the way of original distribution work, and (2) as a (relatively) community-oriented project, it lacks a way to keep secrets. This view is not universally held, though.
Meanwhile, openEuler also wants in:
https://lwn.net/ml/oss-security/ZSyUUSF_-3YbT14k@workstation/
The concern here is potential legal issues related to openEuler's Chinese origins.
0
2
5