@vitaut Chat at ICQ and use Symbian OS to keep in phase in 2024: https://symbianfoundation.org/ Wonder why this is still online 🤷

@ojrask Tunnen monesta puolueesta porukkaa, myös kommunisteista (itse en ole minkään jäsen), ja ainakin Suomessa monesti ongelma on, että ei uskalleta olla omiaan kohtaan kriittisiä. Voi olla, että muuallakin. Ei yksi kirjoitus siis koko puoluetta pilaa, tai ton perusteella tuomitse, mut toi oli vaan nyt hiton yliampuva.

Se on se aivojen palkitsemislohko mitä vastaan ihmisen mun mielestä kantsis eniten taistella vastaan, jotta pystyy kriittiseen ajatteluun. Se on se osa aivoista, joka saa ajattelemaan itseään vähän älykkäämpänä kuin muut, ja lapsiaan vähän lahjakkaampina kuin toisten lapset ja jopa omaa puoluettaan vähän totuudenmukaisemmaksi kuin muut puolueet :-) Et joo, tarkoitus on siis antaa ihan rakentavassa mielessä kritiikkiä.

@ojrask Ei mulla siis muuta sanottavaa ole, tai siis vastusta tjsp., tai edes tuomitse yhden kirjoituksen takia mitään poliittista liikettä, mutta toi oli silti vähän kohtuutonta. Eli en ole minkään liikkeen kategorinen vastustaja :-) Mut joo toi meni multa pahasti yli.

@ojrask Tää oli noilta mulle vähän liikaa https://skp.fi/artikkelit/kiinaa-oppimassa-skpn-edustajat-vierailevat-kiinassa

On hieman epäkorrektia alkaa vertailemaan saamelaisten kohtelua Suomessa ja uiguurien kohtelua Kiinassa samaan koriin.

We're hiring a policy analyst in Europe #OpenSource #Policy
https://opensource.org/about/team/vacancy-osi-policy-analyst

@vbabka @ljs @oleksandr don't go to modular, it's a trap ;-) worse than heroin

I wish it had been titled "Swaptraction Layer" :-/ Article was interesting tho.

@ljs Yeah, I wanted to add this because my point was not to say that they were stupid or "lower". Smart people that the system was exploiting, that is what I wanted to say :-)

@ljs Those uneducated people became educated and smart so you need to pay them. And thus we just now have a new generation of crap.

Probably it meant for something more advanced like scheduler than I'm working on right now but I'm not sure if I get in my use (emphasis on this) these scoped allocations.

They feels as bad and confusing as the cleanup stack in Symbian. So I just use regular gotos for exceptions. That is more transparent.

So I guess they are just for different application than I have.

ECC creation for ECDSA:

tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
openssl ecparam -name prime256v1 -genkey -noout -out private.pem
tpm2_import -C 0x81000001 -G ecc -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`

@bluca @pid_eins I wonder if makes sense for you: https://lore.kernel.org/linux-integrity/20240523212515.4875-1-jarkko@kernel.org/

It is somewhat practical feature: never have.private keys stored in plain text, neither in drive nor memory. TPM2 can open it but not publish it, and the public key is available for clients for encryption and verifying signatures. TPM2 decrypts and signs. So it is kind of “private halve in hardware” and “public halve in software”.

Only when the key is first created it is in plain text like:

tpm2_createprimary --hierarchy o -G rsa2048 -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
tpm2_getcap handles-persistent
openssl genrsa -out private.pem 2048
tpm2_import -C 0x81000001 -G rsa -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der

The final priv.der can be only decrypted by the TPM when it opens it:

serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`

So the point of all this is that you can use this to sign and encrypt wifi credentials (iwd), root keyrings (e.g. gnome-keyring) and sign x.509 certificates without exposing the private key once first created or acquired.

For 6.11 tpm2_key_rsa is planned and right after that tpm2_key_ecdsa (not sure whether in 6.11 or 6.12). Not sure if this makes sense for systemd but I thought it might.

@ljs This is 2nd coming of AI BTW :-) First coming was based on uneducated human labor in masses in the early 00's. It played well then...

Is it me or why akcipher has two undocumented parameters: "algo OID" and "params length". They are still considered as ABI but not even their size types are documented, let alone the semantics.

Only module I can find that uses algo OID is crypto/testmgr.h, or sets a value into it.

From crypto/asymmetric/public_key.c I found that they are u32's.

And I set them zero by looking my call chain layer by layer where in all layers they are ignored:

1. tpm2_key_rsa_encrypt
2. pkcs1pad_set_pub_key
3. rsa_set_pub_key

And I found the actual call chain by tracing with kprobes.

So I just memset 8 bytes after my key data to zero given that everything is undocumented but by tracing and grepping I've managed to nail them hopefully stable values.

Feels flakky tbh to have documentation based on reverse engineering o_O I wonder why there is no even some struct for those last magical 8 bytes...

#linux #kernel #crypto

https://thenewstack.io/c-gordon-bell-father-of-the-pdp-8-and-vax-has-died/

So the gist of is_module() would be that it would have different semantics than IS_MODULE(): it could be used to e.g. check modules in a loop.

Compilation would generate a new ELF section with following entries:

<ASCIIZ string><0 or 1>

The string would contain module name.

Also, it would enabled to add lsmod -b to enumerate built-in modules, which give nice way to carve up more information about a running test kernel. This would obviously need perhaps a new file to procfs for built-in modules (for regular there is /proc/modules).

I guess recent crypto bug can be sorted otherwise but this feels useful enough to document it.

#linux #kernel #kmod #module

I guess not required for the bug fix but as an idea this type of thing for kmod could be perhaps useful:

https://lore.kernel.org/linux-crypto/D1GXRKNG42V4.1ZHV4H7HVNXHO@kernel.org/

#linux #kernel

Removed #LSP shenanigans from my #nvim config. I don't really care about it and I hate to need external demons to make text editor do its job. It is even worse than plugins, which I neither love. And I never use auto-complete because it does stuff faster than my head can keep up.

Overall for me #ctags is still best possible experience when indexing source code. It crawls deep, does not do anything automatically and does not require external 3rd party prgrams.

And yeah it is stupid as hell, and thus can index whole #Linux tree without trying to understand it. With LSP indexing is build config dependent, which makes it crippled.

With #Rust I use rusty-tags: https://github.com/dan-t/rusty-tags

We are pleased to announce the release of Alpine Linux 3.20.0, the first in the v3.20 stable series.

This is the first stable release that includes Risc-V 64 support thanks to Milk-V.

Upgrades includes among others:

- Rust 1.78
- Python 3.12
- KDE 6

https://www.alpinelinux.org/posts/Alpine-3.20.0-released.html

Thanks to all the contributors who worked hard on getting this release out!

#AlpineLinux

Good news and this is what I use (before that #vim).

Still, I would take editor any day with zero plugins and best picks of the plugins as additional features :-) And by heart compatibility with the familiar vim commands.

https://neovim.io/doc/user/news-0.10.html

#neovim