thank you mr showerhead for giving this freedom my US comrades (pun intended).

https://www.whitehouse.gov/presidential-actions/2025/04/maintaining-acceptable-water-pressure-in-showerheads/

container hack for build: unshare + chroot. unshare guarantees unmounts, given a ephemeral file system namespace :-)

#!/bin/sh

set -eu

rootfs_dir=$1
adm_user=$2

if [ "$#" -eq 3 ]; then
  proxy_address=""
  cmdline=$3
else
  proxy_address=$3
  cmdline=$4
fi

sudo unshare --mount --pid --fork sh -c "
  mount --bind /sys '$rootfs_dir/sys'
  mount --bind /dev '$rootfs_dir/dev'
  mount -t proc proc '$rootfs_dir/proc'
  mount -t devpts devpts '$rootfs_dir/dev/pts'
  chroot '$rootfs_dir' su - '$adm_user' -c 'export PUAVO_CACHE_PROXY=\"$proxy_address\"; $cmdline'
"

@oleksandr or at most only cosmetic changes for this patch per se.

@oleksandr not likely but i'll have to hear if this needs additional fixes

@Conan_Kudo BTW, so we do have machine keyring and MOK keys. What is the problem?

@Conan_Kudo There's this irony in shared data (in general) that even if your blob lives for the whole power cycle, it must be prepared for sudden death that could happen in the next time quantum :-)

@Conan_Kudo This work is for key_put() :-) How to make it less sensitive overall.

In the case of procfs I'll check if this strategy would allow to relax locking requirements for /proc/keys.

Anyone interested on keyring:

https://web.git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/commit/?h=keys-graveyard

If this would work out then possibly also radiate to /proc/keys.

I.e. it could also similarly "knock for reference" but that is not within scope of this patch.

#linux #kernel #keyring

Happy International Asexuality Day!

@anneroth Danke

30 tips zu mach dich digital unabhängig von @kuketzblog

Link https://www.kuketz-blog.de/unplugtrump-mach-dich-digital-unabhaengig-von-trump-und-big-tech/

#unplugtrump

@liw retooted because want to try it out some day...

My fourth Obnam 3 development session. Put into place the scaffolding to add chunk encryption, but didn't have the time to actually implement the encryption.

Small steps and tea is the way to reach goals while having fun.

(Obnam 3 is my Sunday project to experiment with implementing fundamental components for backup software.)

https://obnam.org/blog/2025/obnam3-04

#obnam #backupImplementation

BREAKING: The C++ committee imposes tariffs on non-US locales.

Telegram asked me pin, which was 26214, which is same as the number of colors on #Amiga 1200 ;-)

That at least what I recall...

Quite cool, I have to say. fwupdmgr managed to update my HP USB-C Dock G5.

with refcount_inc_not_zero() trial in GC to fully sequence the time window of key_put(): https://lore.kernel.org/keyrings/20250403153809.213535-1-jarkko@kernel.org/

recycle is now free, the program to create .rex loops: https://www.reasonstudios.com/recycle

fun Linux fact: because MAP_SHARED|MAP_ANONYMOUS is actually a file-backed mapping under the hood, unmapping part of such a mapping does not discard the data stored in that part:

$ cat mremap.c
#define _GNU_SOURCE
#include <err.h>
#include <stdio.h>
#include <sys/mman.h>
int main(void) {
  char *p = mmap(NULL, 0x2000, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0);
  if (p == MAP_FAILED) err(1, "mmap");
  p[0x1000] = 'X';
  if (munmap(p+0x1000, 0x1000)) err(1, "munmap");
  // that 'X' we just wrote... is it gone?
  // nope, let's bring it back!
  p = mremap(p, 0x1000, 0x2000, MREMAP_MAYMOVE);
  if (p == MAP_FAILED) err(1, "mremap");
  printf("p[0x1000]='%c'\n", p[0x1000]);
}
$ gcc -o mremap mremap.c
$ ./mremap
p[0x1000]='X'
$

It's actually somewhat similar concurrency dance as with SGX driver's page reclaimer... I think that refcount_inc_not_zero(&key->usage) should balance shit out but have to wait and see what David thinks...