This is unfortunate :-/ E.g. main #Fedora repositories don't have rtirq package.

http://ccrma.stanford.edu/planetccrma/software/

@Conan_Kudo @hopland @tbernard @vascorsd They said that GPL or even LGPL is "communist code". What actually has realized is that it is best possible way for e.g. a company be open source and at the same protect their IP rights in the current hostile environments with AI's and bots lurking every corner ;-)

@Conan_Kudo @hopland @vascorsd @tbernard I think commercially copyleft is the next thing growing up. Signal showed how AGPL can be turned into profitable business in an end user product and its governance properties tackle AI threats nicely.

On the other hand AI literally assrapes MIT/Apache code. IMHO Qt licensing is today even more optimal than it was maybe few years back.

@josh @osi I'm not sure what was the point of time when open source turned into individuals inventing great things together (or to be totally honest sometimes having a huge flame wars together) into companies making these weird announcements together.

I mean for instance Linux Foundation seems to have almost at least bi-monthly announcement where they say how they are driving innovation in whatever is the hot topic of the day accompanied with endorsements with your "usual suspects" companies from IT, finance etc. business sectors. For me they have turned more like a joke than something I would ever consider to take seriously.

Recently I did "acid test" to LF to see if there is any real meat in these announcements when they launched https://www.lfdecentralizedtrust.org/. I thought that since I'm a long-time kernel maintainer in security and I also work for a company whose founder Gavin Wood literally invented smart contracts and coined up the term "Web3", I would be a great participant to the discussions or possible conference calls.

So I dropped email to their general inquiries address info@lfdecentralizedtrust.org. After three weeks my inbox has been silent :-) This was my expectation as I'm an individual not e.g. VISA. I'm not personally disappointed, but I'm disappointed because my hypothesis realized in this empirical experiment.

I have voting right in e.g. LF TAB elections but I do criticize Finnish politics sometimes too so I guess I can say this ;-) As LF puts it "decentralized innovation built on trust"...

@shertson If I had to do blind guess I'd guess ACPI tables but could be some other thing

@shertson i'll root cause the bug and send bug report to fedora bugzilla :-)

@timojyrinki i got it from company i formatted the hard drive without looking what is in ;-)

i need to debug this when have time, it's just so frustrating that this same issue always comes up with any new laptop ;-)

5️⃣ Here's the 5th installment of posts highlighting key new features of the upcoming v257 release of systemd.

Since its beginnings systemd was a heavy user of the D-Bus IPC system. It provides D-Bus APIs, it calls D-Bus APIs it schedules activation of the D-Bus broker, and even provides its own C D-Bus client library.

However, since early on our use of D-Bus was not without various major problems. One of the biggest goes something like this:

Hmm... X1 Thinkpad does not have Wifi after waking up from suspend in Fedora 41. #fedora

Also this helped: https://frostyx.cz/posts/lsp-for-vim-boomers

;-)

After trying different approaches of using clangd with kernel my end game is to put O=./clangd for the “clangd build”, which is a host (as target) build with bunch of stuff that you want enable. This makes sense because kernel’s .gitignore has by default .*.

I also learned that for the “real Vim” (not “Gen Z vim”) there is actually quite decent set of plugins to make use of it. Here’s my vim-plug list:

  Plug 'mattn/vim-lsp-settings'
  Plug 'prabirshrestha/asyncomplete-lsp.vim'
  Plug 'prabirshrestha/asyncomplete.vim'
  Plug 'prabirshrestha/vim-lsp'

This is how I would ramp up clangd session while hacking Linux:

make ARCH=x86_64 O=./.clangd x86_64_defconfig
make ARCH=x86_64 O=./.clangd menuconfig
make ARCH=x86_64 O=./.clangd -j`nproc`
scripts/clang-tools/gen_compile_commands.py -d ./.clangd

@cmccullough It's from the guy who gave us WireGuard so it is first class bash quality code ;-)

I use it for like "root stuff", e.g. my password to 1Password. It's good to have something like that for small collection of passwords, pin-codes etc. And once you master OpenPGP with Yubikey, it's breeze to use and super secure. I always carry my subkeys in a yubikey and have a backup one at home.

@cmccullough the best of the best was not in the list: https://www.passwordstore.org/ ;-) TBH I use it in combination with 1Password, which I have no too many complains (the password obviously is in my pass store).

OpenWRT is great. I run it in my Turris Omnia, which is a great Czech made router that I love so dearly. I also love BuildRoot used to build OpenWRT images, which is IMHO the best embedded build system in the world. The whole no bullshit ecosystem resonates a lot to me really.

Thus, OpenWRT designing their own reference router called OpenWRT One is great news, and have to link the associated LWN article just to promote it:

https://lwn.net/Articles/994961/

#openwrt #buildroot #lwn

https://counterhate.com/research/musk-political-posts-x/

@itaru The single best decision in my life was to delete my Facebook account about 6 months ago (not deactivate, delete). I can only imagine how many moments of anxiety this has prevented so far :-)

The only remaining social media accounts I have is Mastodon and Bluesky.

Found a cool fabric brand while cleaning up some old boxes full of all kinds of shit. Have to learn how to sew and attach it to something. #acid #303

Trying to make a new version of my “TPM2 signers” patch set and stumbling into a weird problem.

Here’s the script I’m looking at:

#!/usr/bin/env bash

set -e

PRIMARY=0x81000001

function egress {
  keyctl clear @u
  tpm2_evictcontrol -C o -c $PRIMARY 2> /dev/null
  tpm2_getcap handles-transient
  tpm2_getcap handles-persistent
}
trap egress EXIT

openssl ecparam -name prime256v1 -genkey -noout -out ecc.pem
openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in ecc.pem -out ecc_pkcs8.der

tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt $PRIMARY

# EC parameters to TPM2 blob:
tpm2_import -C $PRIMARY -G ecc -i ecc.pem -u tpm2.pub -r tpm2.priv

# TPM2 blob to ASN.1:
tpm2_encodeobject -C $PRIMARY -u tpm2.pub -r tpm2.priv -o tpm2.pem
openssl asn1parse -inform pem -in tpm2.pem -noout -out tpm2.der

# Populate asymmetric keys:
tpm2_ecc_key=`keyctl padd asymmetric "tpm_ecc" @u < tpm2.der`
kernel_ecc_key=`keyctl padd asymmetric "kernel_ecc" @u < ecc_pkcs8.der`

echo "SECRET" > doc.txt

echo TPM2 ECC SIGN
keyctl pkey_sign $tpm2_ecc_key 0 doc.txt hash=sha256 > doc.txt.sig

echo TPM2 VERIFY
keyctl pkey_verify $kernel_ecc_key 0 doc.txt doc.txt.sig

The error message generated is:

keyctl_pkey_verify: Invalid argument

If I verify with the TPM2 ECC key /it will pass, in other words replacing the list statement with:

keyctl pkey_verify $tpm2_ecc_key 0 doc.txt doc.txt.sig hash=sha256

In the final version I’m going to remove signature verification from TPM2 ECC key as that is kind of the point here: sign certificate with a private key protected by TPM and allow any party verify the signature with the known public key.

#linux #kernel #tpm

@josh @osi For me this looked initially like as some sort of magic spell that a corp can say and then they just continue to do whatever shit they were doing before because they've just been "we're not doing evil stuff" stamped or something.