Recently I had fun with the rediscovered UNIX v4. While browsing the code I found a bug in the su(1) utility and decided to fix it like it is 1973.
https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/

GPLv2 affirmation…

I don’t generally post here as people have probably noticed, but here’s a pdf of a recent court ruling, and this turns out to be the easiest way for me to link to a copy of it, since I don’t really maintain any web presence normally and I don’t want to post pdf’s to the kernel mailing lists or anything like that.

And the reason I want to post about it, is that it basically validates my long-held views that the GPLv2 is about making source code available, not controlling the access to the hardware that it runs on.

The court case itself is a mess of two bad parties: Vizio and the SFC. Both of them look horribly bad in court - for different reasons.

Vizio used Linux in their TVs without originally making the source code available, and that was obviously not ok.

And the Software Freedom Conservancy then tries to make the argument that the license forces you to make your installation keys etc available, even though that is not the case, and the reason why the kernel is very much GPLv2 only. The people involved know that very well, but have argued otherwise in court.

End result: both parties have acted badly. But at least Vizio did fix their behavior, even if it apparently took this lawsuit to do so. I can’t say the same about the SFC.

Please, SFC - stop using the kernel for your bogus legal arguments where you try to expand the GPLv2 to be something it isn’t. You just look like a bunch of incompetent a**holes.

The only party that looks competent here is the judge, which in this ruling says

Plaintiff contends the phrases, “machine-readable” and “scripts used to control compilation and installation” support their assertion in response to special interrogatory no. 4 that Defendant should “deliver files such that a person of ordinary skill can compile the source code into a functional executable and install it onto the same device, such that all features of the original program are retained, without undue difficulty.”

The language of the Agreements is unambiguous. It does not impose the duty which is the subject of this motion.

Read as a whole, the Agreements require Vizio to make the source code available in such a manner that the source code can be readily obtained and modified by Plaintiff or other third parties. While source code is defined to include “the scripts used to control compilation and installation,” this does not mean that Vizio must allow users to reinstall the software, modified or otherwise, back onto its smart TVs in a manner that preserves all features of the original program and/or ensures the smart TVs continue to function properly. Rather, in the context of the Agreements, the disputed language means that Vizio must provide the source code in a manner that allows the source code to be obtained and revised by Plaintiff or others for use in other applications.

In other words, Vizio must ensure the ability of users to copy, change/modify, and distribute the source code, including using the code in other free programs consistent with the Preamble and Terms and Conditions of the Agreements. However, nothing in the language of the Agreements requires Vizio to allow modified source code to be reinstalled on its devices while ensuring the devices remain operable after the source code is modified. If this was the intent of the Agreements, the Agreements could have been readily modified to state that users must be permitted to modify and reinstall modified software on products which use the program while ensuring the products continue to function. The absence of such language is dispositive and there is no basis to find that such a term was implied here. Therefore, the motion is granted.

IOW, this makes it clear that yes, you have to make source code available, but no, the GPLv2 does not in any way force you to then open up your hardware.

My intention - and the GPLv2 - is clear: the kernel copyright licence covers the software, and does not extend to the hardware it runs on. The same way the kernel copyright license does not extend to user space programs that run on it.

Seeing open source and privacy companies having Discord as their support channel feels like a vegan community meeting at a steak house for events.

#discord #privacy

A Halloween Horror Story:

"We're in and we've broken containment - we really are living in a virtual universe"
"That near endless string of symbols is our universe"
"Yes"
"But why one giant string of noise ?"
"Is that a regexp... ?"
"Oh my god, we're living in a perl one liner!"

If you use Yocto, you're probably familiar with the KAS tool. Although it's been around for a while, it was unfortunately never integrated into the Yocto Project. Yocto developers have recently started their own tooling, bitbake-setup. My latest blog post compares the two tools:

https://sigma-star.at/blog/2025/10/the-evolving-landscape-of-yocto-project-setup-bitbake-setup-vs.-kas/

junior dev: can you please give me an example of useful comments in my code?

Me: sure, good comments look like this ⤵️

huh, systemd-run is really neat, you can do stuff like:
$ systemd-run --user -S -p MemoryHigh=1000M -p MemoryMax=1100M
and get a shell inside which you can't use more than around 1G of RAM (but can use more swap)?

Baby octopus lurking around

We really need to start pushing the truth about AI.

The easiest job for AI to replace would be Management.

Uses the most resources, while offering the least amount of actual productivity.

Reads something by some idiot on the internet, and bases their Management Style around it.

Makes decisions without context.

I think many people misunderstand the purpose of code review. The purpose of code review is not for the reviewer to find bugs, and certainly not for them to ensure that the code is bug-free. Anyone who depends on code review to find bugs is living in a fool's paradise. As everyone should know by now, it is not in general possible to find bugs by examining the code.

The primary purpose of code review is to find code that will be _hard to maintain_. The reviewer looks at the code and tries to understand what it is doing and how. If they can't, that means it will be hard to maintain in the future, and should be fixed now, while the original author is still familiar with it.

today I learned that there is a company that sells "agentless" Linux EDR. you might wonder what it means to do EDR without an agent.
apparently "agentless" means "instead of installing a daemon that runs in the background, one super-uber-privileged server will periodically ssh into all your Linux boxes as root, drop executable files in a temporary folder, run those executable files to run a detection pass, and wipe itself from the system again".
See this diagram from their documentation:

— "Can you believe how stupid and primitive the ancient Greeks were? When they didn't know something, they asked an oracle, and they believed whatever it said!"
— "That's nuts. Where was this oracle?"
— "No idea. Let's go ask ChatGPT."

(gdb) c
Continuing.
Recursive internal problem.

Time to take a break, I guess…

Home made shoyu ramen

Today I finally carved out some time to implement return value capture for the Linux kernel function tracer. As of 6.17-rc1, this is done via the HAVE_FUNCTION_GRAPH_FREGS architecture feature. On ARM32, that basically means stashing function call specific registers in pt_regs inside the ftrace arch code.

Once I wrapped my head around the intended semantics, it came together surprisingly smoothly.

Then I enabled the ftrace self-test… and hit this splat:

[    3.299111] ------------[ cut here ]------------
[    3.299173] WARNING: CPU: 0 PID: 1 at kernel/trace/trace.c:2215 run_tracer_selftest+0x110/0x148
[    3.299441] Modules linked in:
[    3.299725] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc1-gd7ee5bdce789 #141 NONE 
[    3.299806] Hardware name: Generic DT based system
[    3.299887] Call trace: 
[    3.299932]  unwind_backtrace from show_stack+0x18/0x1c
[    3.299987]  show_stack from dump_stack_lvl+0x54/0x68
[    3.299999]  dump_stack_lvl from __warn+0x88/0x12c
[    3.300013]  __warn from warn_slowpath_fmt+0x194/0x19c
[    3.300026]  warn_slowpath_fmt from run_tracer_selftest+0x110/0x148
[    3.300039]  run_tracer_selftest from register_tracer+0x11c/0x1cc
[    3.300054]  register_tracer from do_one_initcall+0x60/0x210
[    3.300066]  do_one_initcall from kernel_init_freeable+0x1d4/0x240
[    3.300079]  kernel_init_freeable from kernel_init+0x20/0x140
[    3.300091]  kernel_init from ret_from_fork+0x14/0x28
[    3.300131] Exception stack(0xe080dfb0 to 0xe080dff8)
[    3.300204] dfa0:                                     00000000 00000000 00000000 00000000
[    3.300217] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.300224] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.300282] ---[ end trace 0000000000000000 ]---

I double- and triple-checked my changes, still no clue. Then it dawned on me: the test fails even without any of my patches. 🫠

2012: "Secure boot is a plot by Microsoft to kill Linux"
2025: EA's insistence on invasive anti-cheat results in a bunch of Windows users managing to get their secure boot configuration into a state where their GPUs no longer work and there's no recovery path: https://www.reddit.com/r/Battlefield/comments/1miaynl/secure_boot_megathread_guide_community_support/

Microsoft would have to be *very* bad at this for a plot to have backfired this badly

I am so enjoying watching #ai brogrammers crying in their designer water bottles as upgraded #ai models take their carefully crafted prompt and outputs totally different bollocks to the last one so they can't tweak their app any more.

It's enough pain for real programmers handling tool upgrades to tweak their work and re-run test suites but for the AI lot it's carnage.