I had my first ever Mandela Effect experience, I recall seeing reports of his death like half years ago.

Anyway, congrats to Mr Tanenbaum, well deserved! Only thing that surprises me is that why he did receive ACM award earlier than this.

https://vu.nl/en/news/2024/andrew-s-tanenbaum-receives-acm-software-system-award

#minix #linux #acm

NUMA Emulation Yields "Significant Performance Uplift" To Raspberry Pi 5

Engineers at consulting firm Igalia are exploring NUMA emulation for ARM64 (AArch64) due to the potential of "significant" performance uplift as observed on the popular Raspberry Pi 5 single board computer...
https://www.phoronix.com/news/ARM64-NUMA-Emulation-RPi5

@mikebabcock i have zero plans to use hibernation in my hosts but i'm interested to test it as a kernel feature :-) and generally i want a common image that works for my host system and test targets (usually VM's ,sometimes NUC's).

@mikebabcock I'm doing this partly to research what would be optimal configuration to enable hibernate, and possibly try out encrypted hibernate patch set, which never landed to the mainline. So I'm doing both reconfiguration for my host system and designing something for test target VM's at the same time :-)

One observation is that probably it is better to encrypt per logical volume than encrypt the physical volume because then the partition is reachable for so called restore kernel. I've previously encrypted the physical volume and created logical volumes inside it.

@n0toose thanks!

@ljs i prefer curd after gym ;-)

When looking at #Github's front page, which looks like a shoot 'em up video game to me, I'm glad that I've consolidated my self-created active repositories to #Codeberg. Forks to stuff that I contribute to remain in #Github and #Gitlab obviously, and that is an acceptable compromise.

For me it feels sometimes that quite many commercial web sites reached their tip point maybe about 10-12 years ago. Since then they've started to add stuff that I don't want, and sometimes even quite controversial features, which I need to then proactively disable.

It's a bit same as with yogurt based food products. Yogurt is a product that does not really develop anymore but still food companies have new versions of this product for every season with supplements added and stuff like that.

So I guess I can draw the conclusion that commercial web reached the "yogurt state" around 2012 :-)

Would it be unorthodox for sbsign to use kernel crypto API (optionally) instead of OpenSSL?

One use case for this would be MOK private key that is encrypted while at rest with TPM, and never exposed to CPU.

This would be a great application for the kernel feature that I’m working on i.e. an asymmetric TPM2 key (patch set is slowly getting together, right now at iteration seven).

Just to name an example, this is how Ubuntu manages that key as of today: https://wiki.ubuntu.com/UEFI/SecureBoot/Signing. [for the record, Ubuntu is not doing worse job in this than anyone else, they just have awesome documentation, thus the example]

#linux #kernel #tpm

@mikebabcock I also realized that it makes sense to have swap as LVM2 volume because I have essentially two different swap configurations depending on use and purpose: 2GB (non-hibernate) and 60-80GB (hibenate). LVM2 will help in this case later on tune between these choices a bit...

@mikebabcock I’m going to use lvm2 after all. There is a useful commands depending on it: e2scrub. So it is a constraint then.

@vbabka That said, definitely going to check Heiko's work. i don't know him personally but often seems to have interesting takes on topics, and perhaps these tools might support better different workflows.

@vbabka https://archlinux.org/download/ this is where I found about sq. one large volume using it for signature checks instructions is a relevant ref for long-term applicability. And it seems to be already somewhat well defined product.

@vbabka thanks ill check it out. Would me nice to have fresh take on openpgp. E.g. something like export/import of whole database with clean primitives would be nice.

sq is #openpgp implementation: https://sequoia-pgp.org/

I wonder if sequoia can git tag -s?

Also need to test if smartcard support is already working https://sequoia-pgp.org/blog/2021/12/20/202112-openpgp-card-ci/

And most importantly has a gpg-agent implementation: https://lib.rs/crates/sequoia-gpg-agent. But have to check how stable that is.

These three are minimum set of features that any OpenPGP implementation needs to fully support in order to be compatible with kernel development workflows.

#gnupg

Temporary password is less secure because it usually allows SSH in default configuration.

In most distributions the best default for user account password would be empty password because the default configuration for SSH does not allow login with it anyway. Still sometimes validation often even prohibits it :-)

@ljs @lkundrak @pony Maybe a bit pointless but working image preview is a thing for me in kitty :-) There's also standard called Sixels for showing images on terminal but kitty's own protocol as widely supported (because it is the precursor of doing this) and generally just works better and is more efficient and glitch-free.

It even has tool called icat for raw shell.

@triskelion first that is both untrue argument.

second, it takes me less time to modify sbsign than mkosi for testing the features in question (e.g. tests tweak mok signing procedure).

sometimes, if you don't have anything constructive to say, it is best to say nothing.

two of the best feelings when programming are:
1. figuring out a really clever way to solve a problem
2. figuring out a really stupid way to solve a problem

@pid_eins I want to expirement at least with mok signing key stored as tpm2 private key asn1 blob to the drive and signing operation done tpm2_key_rsa instead of OpenSSL. Thus need to upscale from BuildRoot testing to something with packages 🙂