* Posts by TJ1

170 publicly visible posts • joined 16 Jun 2011

Page:

Azure networking snafu enters day 2, some services still limping

TJ1
Joke

A.Z.U.R.E.

Absolutely Zero Uptime Reassurance Ever

Icon-ed as a joke but I'm not so sure now!

Beijing claims it's found 'underwater lighthouses' that its foes use for espionage

TJ1
Stop

It's a Liquid Robotics Wave Glider

Looking at the detail I think it could be a Liquid Robotics "Wave Glider" that includes an optional "Solar electric thruster" , see

https://www.liquid-robotics.com/wave-glider/how-it-works/

The handle at the front of the floating solar electric thruster in the banner photo (left side) and the circular 'stub' behind it matches the right side of the Chinese photograph as do the three solar panels and central antenna/warning beacon.

TJ1
Mushroom

They Probably Won't - come back Sir Humphrey Appleby!

Appleby: It's a deterrent.

PM Hacker: It's a bluff. I probably wouldn't use it.

Appleby: Yes, but they don't know that you probably wouldn't.

PM Hacker: They probably do.

Appleby: Yes, they probably know that you probably wouldn't. But they can't certainly know.

PM Hacker: They probably certainly know that I probably wouldn't.

Appleby: Yes, but even though they probably certainly know that you probably wouldn't, they don't certainly know that, although you probably wouldn't, there is no probability that you certainly would.

PM Hacker: What?

You brought back to my mind this famous and fabulous repartee that Anthony Jay scripted for Yes Prime Minister! Always makes me laugh but it is spot on.

Regarding Ukraine; early in the full-scale war when Russian officials were talking up nuclear weapons threats US SecDef had a "quiet word" with Shoigu (Russian minister of war). Various sources, paraphrased, report that essentially the Russians were told that if they used any kind of nuclear weapon against Ukraine, including contriving a nuclear "accident" at Zaporizhzhia nuclear power plant, a large number of Ukraine's allies (not necessarily under the NATO umbrella) would use conventional weapons to take out the entire Russian black sea fleet and all Russia's command, control and logistics facilities in occupied territories.

GNU screen 5 proves it's still got game even after 37 years

TJ1
Stop

Back to front?

"Screen puts a rerouting layer between your terminal window and the computers you're talking to. So, before you connect, you run Screen, then connect"

>

"Screen puts a rerouting layer between your terminal window and the *process(es) you're using*. So, *after* you connect, you run Screen, then run your process(es)"

Surely if you want the remote processes to continue running on (accidental) disconnect, screen (tmux, and similar) are executed on the target where the processes are running. As in:

localhost -> ssh me@remotehost -> remotehost: "screen", "process-to-keep-running" ... 8-< disconnect

localhost -> ssh me@remotehost -> remotehost: "screen -r" *happy-face*

Black horse down: Lloyds online banking services go dark

TJ1
Joke

When is a plus a minus?

** On the plus side **, payments and standing orders appear to be working normally

Those are debits not credits!

NASA confirms who is flying and who is not on SpaceX Crew Dragon

TJ1
Joke

Ping? It's pin(g)ing for the Fjords!

But as to whether it's a Dead Parrot or not... I guess we'll find out in a few days time

Rust for Linux maintainer steps down in frustration with 'nontechnical nonsense'

TJ1
Stop

There is no static internal API/ABI

"Filho's request to get information to statically encode file system interface semantics in Rust bindings"

Unless I'm missing something this seems like an impedance mismatch between long-established kernel development practices where the internal API/ABI can and does change frequently, and a relative newcomer wanting to extend the reach of their new internal interfaces and to do that requiring predictable interface semantics (the bindings).

From what I can see Ted and other's, who have been responsible for the code in the major kernel sub-systems for eons, are fundamentally opposed to suddenly having to consider unrelated domain code (Rust isn't really a sub-system since it aspires to be used across the kernel but not sure how else to describe it) that would require either:

1. update the Rust code and bindings if they change the semantics of their sub-system API/ABI themselves - implying needing to master the Rust side to do so

2. be delayed in implementing changes in their sub-system API/ABI waiting for a Rust-domain developer to implement changes in sync with them

I suspect the mismatch is due to the Rust developers background possibly being in higher level library and application coding where static ABI/API are almost guaranteed.

NASA pushes decision on bringing crew back in Starliner to the end of August

TJ1
Boffin

Suit SL != Capsule Dragon

Regarding suits: It is likely as simple as the life support and communications connections to join suits to capsules are specific to the (different manufacturer's) capsules and likely also the suit is tailored to the seat and harness points (I seem to recall each suit is specific to the wearer, too - not one size fits all). It isn't like there is (yet) a need for an RFC, ISO, or BS standard for life-support couplings... or is there?

Former Autonomy CFO banned from chartered accounting group until 2038

TJ1
Joke

Re: That's a fairly high budget

They're accountants - they know how to make 2 + 2 = 450,000

ITER delays first plasma for world's biggest fusion power rig by a decade

TJ1
Facepalm

Re: Bummer

Just look to the east every morning and west every evening

Perseverance pays off as Mars rover's SHERLOC brought back from the brink

TJ1
Joke

Keep IT Simple

Go for the cheap option and fix a can of WD40 to the arm!

(and this may not be a Joke)

Uncle Sam sanctions Kaspersky's top bosses – but not Mr K himself

TJ1
Joke

Re: Something is missing

You don't think the "intelligence" agencies are open-source do you? - they always protect their methods and sources !

systemd 256.1: Now slightly less likely to delete /home

TJ1

Re: Why would anything in /home be in tmpfiles.d?

I wondered that too since as a Debian dev I saw the initial reports of this on IRC and initially thought it was due to some Debian specific packaging, but it turns out this config was added upstream NINE years ago in 2015. Reading between the lines of the commit messages I suspect this is part of the systemd focus on creating/generating, and starting the host with immutable full disk images that include partition table and all file-systems.

Looking at the 2 commits it looks like the original intention was simply to ensure these directories are present on boot, but a side-effect of a --purge is they're also all cleared! Not nice that it could include remote file-system mounts since this specific file includes /srv/ but there's other vital directories listed in the commits (`/var/ anyone ?)

systemd$ git l tmpfiles.d/home.conf

822cd60135 2015-10-22 01:59:25 +0200 N Lennart Poettering tmpfiles.d: change all subvolumes to use quota

fed2b07ebc 2015-04-21 17:43:55 +0200 N Lennart Poettering tmpfiles: make /home and /var btrfs subvolumes by default when booted up with them missing

git show 822cd6013 fed2b07ebc tmpfiles.d/home.conf

commit 822cd601357f6f45d0176ae38fe9f86077462f06

Author: Lennart Poettering <lennart@poettering.net>

Date: Wed Oct 21 19:47:28 2015 +0200

tmpfiles.d: change all subvolumes to use quota

Let's make sure the subvolumes we create fit into a sensible definition

of a quota tree.

diff --git a/tmpfiles.d/home.conf b/tmpfiles.d/home.conf

index aa652b197f..9f25b83392 100644

--- a/tmpfiles.d/home.conf

+++ b/tmpfiles.d/home.conf

@@ -7,5 +7,5 @@

# See tmpfiles.d(5) for details

-v /home 0755 - - -

-v /srv 0755 - - -

+Q /home 0755 - - -

+q /srv 0755 - - -

commit fed2b07ebc9e8694b5b326923356028f464381ce

Author: Lennart Poettering <lennart@poettering.net>

Date: Tue Apr 21 17:28:16 2015 +0200

tmpfiles: make /home and /var btrfs subvolumes by default when booted up with them missing

This way the root subvolume can be left read-only easily, and variable

and user data writable with explicit quota set.

diff --git a/tmpfiles.d/home.conf b/tmpfiles.d/home.conf

new file mode 100644

index 0000000000..aa652b197f

--- /dev/null

+++ b/tmpfiles.d/home.conf

@@ -0,0 +1,11 @@

+# This file is part of systemd.

+#

+# systemd is free software; you can redistribute it and/or modify it

+# under the terms of the GNU Lesser General Public License as published by

+# the Free Software Foundation; either version 2.1 of the License, or

+# (at your option) any later version.

+

+# See tmpfiles.d(5) for details

+

+v /home 0755 - - -

+v /srv 0755 - - -

VMware revenue plunges $600M, but Broadcom assures investors growth plan is on track

TJ1

Re: Strong growth, huge cost cuts

I doubt it; more likely is that instead of booking a single sale of $1200 the customer switches to subscription and is paying $300 for the quarter, so instant quarterly revenues will appear to be down but, as the article quotes:

"annualized booking values – a metric of commitment to long-term contracts – which rose from $1.2 billion last quarter to $1.9 billion this time around."

Starlink offers 'unusually hostile environment' to TCP

TJ1

Starlink are actively working on this

Earlier in 2024 Starlink published a document [0] summarising work they're doing on latency - the aim is for an average of less than 20ms. I wrote a reply to a similar article on Hacker News recently that details how Starlink works for those making uninformed comments about it [1] - I'll repeat it here since it makes the unique challenges clear:

For those not aware of how Starlink operates: The customer antenna is called the User Terminal (U.T.) a.k.a. "dish" although all production models are rectangular - only the pre-production beta model is round and dish-like.

The U.T. contains a phased array antenna that can electronically 'steer' the bore-sight (aim) of the transmitted (and received) signal at the current satellite that is in view. In ideal circumstances the U.T. antenna has approximately 110 degrees field of view (~ 35 degrees above each horizon).

The satellites pass from west to east and take approximately 15 seconds to pass through the field of view of the U.T. The satellite forms a beam aimed at a fixed location on the ground - this is called a 'cell'. All U.T. within that area share the radio link that has a fixed bandwidth, so contention is managed by the satellite.

The path length to a satellite directly overhead would be around 550km (in most cases the satellite is slightly north, or slightly south, of the U.T. but for round numbers sake assume 550km).

The path length to a satellite appearing 35 degrees above the horizon (the slant range) is ~ 2568km.

Satellites relay the packets from the U.T. to the (nearest) Earth ground station, so the path length and therefore travel-time will vary enormously over just 15 seconds.

The round-trip for the minimum case is 4 x 550km = 2200km but for the maximal case is 4 x 2568km = 10272km. These equate to a travel time of between 1.8 and 3.6ms per leg, so that gives a hard physical minimum of 4 x 1.8ms = 7.2ms to 4 x 3.6ms = 14.4ms

As more satellites are added to the constellation so the gap between satellites decreases and the angle above horizon at which a satellite is acquired can increase thus shortening the maximum path and lowering the latency.

Starlink has a publicly stated goal of less than 20ms round trip latency and published a report in March 2024 about the engineering efforts to achieve this [0]. Much of the effort that customers see focuses on two issues:

1. reducing latency between ground station and Internet connection point

2. scheduling the radio links between satellite and all U.T.s in its beam area

Starlink balances contention by sometimes restricting and sometimes promoting activation of new U.T.s in each area - this is why on occasion a fully subscribed cell will impose a waiting list on new activations. At other times Starlink will, and does, dynamically change the monthly subscription cost. Recently some areas had their residential price reduce from US$120 to US$90 where others in congested areas had an increase from US$90 to US$120 (in the USA).

[0] https://api.starlink.com/public-files/StarlinkLatency.pdf

[1] https://news.ycombinator.com/item?id=40384959#40388007

Starlink geofence appears to have some gaping holes

TJ1
Stop

Misunderstanding?

Having followed this issue relatively closely the article seems to have gotten the wrong end of the stick on this.

The problem Starlink has is three-fold; it needs government authorised ground-stations in each territory it provides services due to:

1. International Telecommunications Union (ITU)_international agreements and regulations governing Earth-to-Space frequency bands

2. Keeping paths as short as possible via local ground-stations for low latency (aims for < 30ms Round-Trip Time)

3. Avoiding over-subscribing down/up-links to ground-stations from/to satellites

Starlink has either had permissions not yet authorised, refused, or revoked in several countries; amongst them South Africa and Zimbabwe.

As of end of 2023 seven countries were available with another twenty-five scheduled by end of 2024, out of a total of fifty-four countries. [0] It has a global availability map showing status in each country [1]

Due to wanting to avoid confrontation with governments and resultant delays Starlink is warning customers with *static* User Terminal locations, even if on the Roaming Mobile Regional Plan [2], that the plan's terms of service is "... intended for temporary travel and transit — not for permanent use in a location". In particular, "Mobile Regional" is for use within the same continent.

In respect of each User Terminal knowing its own position: they have embedded GNSS receiver and 3-axis compass. In the motorised generation 1 and 2 'standard actuated' User Terminals these are used to aim the bore-sight of the antenna. In the generation 3 and high-performance static units the same is used to direct the placement of the antenna. The location is constantly monitored so that the phased-array beam steering aims and tracks the satellites as they pass from west to east. Each satellite is in view across about 120 degrees of the sky in ideal conditions and its pass lasts no more than 2 minutes before the beam switches to the next satellite.

The location is also used to ensure that ground "cells" (hexagonal areas) are not over-subscribed since that would lead to link contention on the satellite-to-ground-station down/up-links.Satellites aim a beam at each cell; all user-terminals in that cell contend for the fixed bandwidth of the beam.

In respect of dealing with GNSS spoofing, jamming, and interference, there is independent research into using the Starlink satellite signalling to augment GNSS or partially replace it. It is also known that Starlink has, and maybe still is, working on a positioning signal service for the U.S. Department of Defence.

[0] https://nairobichronicle.com/2023/12/10/a-list-of-african-countries-where-starlink-is-either-available-or-soon-to-be-launched/

[1] https://www.starlink.com/map

[2] Starlink {Roaming) Plans

Voyager 1 regains sanity after engineers patch around problematic memory

TJ1
Boffin

Just look at their whiteboard!

No DevOps here - maturity and hundreds of years of experience!

Take a look at the scribbles on their whiteboard - looks like they have the signal clock (SC freq) and data bit pulse width calculations along with some amplitude compression recovery.

https://www.jpl.nasa.gov/news/nasas-voyager-1-resumes-sending-engineering-updates-to-earth

Nice to see them putting the ACE back in hACkEr !

Musk's latest X-periments: No more headlines, old posts vanish, block gets banned

TJ1
Facepalm

Accessibility?

I don't use the thing but as described in the article this sounds like information generally used by accessibility support tools such as screen readers will be lost - is that the case? In many jurisdictions there is a legal requirement to ensure equal access to services for those with accessibility needs.

Moscow makes a mess on the Moon as Luna 25 probe misses orbit, lands with a thud

TJ1
Joke

BIRCS?

Reading this I thought that it puts India ahead of Russia in space capability. Naturally that led to re-ordering Russia's importance in the world:

BRICS -> BIRCS

Note: not sure how Brazil got to be first but it must be something to do with Carnaval

After fears that Europe's space scope was toast, its first images look mighty fine

TJ1
Facepalm

Spot the gap!

ESA publishes some really good high resolution photographs of the STM (Structural and Thermal Model) and in some of them it is possible to see there is a platform that the tubular sunscreen connects to, then a gap, then below it the instruments (this organisation can be seen in some sketch/CAD diagrams of the instruments found elsewhere).

The gap between instruments and platform appears to be covered with flaps of gold foil which in some photographs are unclipped and others partially clipped. It looks likely that when the telescope is oriented such that the solar panels aren't aimed perpendicular to the sun, light can pass the edge of panels and is supposed to be reflected away by the tube and these foil flaps. It is possible that one or more foil flaps isn't correctly overlapping - that would explain why light pollution only occurs at specific angles to the sun.

See this and its list of "Related" images:

https://www.esa.int/ESA_Multimedia/Images/2019/09/Structural_and_thermal_model_of_the_Euclid_satellite12

Oracle pours fuel all over Red Hat source code drama

TJ1

The way the rest of of us do - by the statements made by the originators of the license(s) and what has become "custom and practice" for publishers (developers/programmers) that choose those licenses.

Rocky Linux claims to have found 'path forward' from CentOS source purge

TJ1
Stop

Most is GPL 2.0

linux$ grep --exclude-dir=.git -rn '^// SPDX' | cut -f 3 -d \ | tr -d \(\) | sort | uniq --count | sort -rn

11993 GPL-2.0

9562 GPL-2.0-only

5926 GPL-2.0-or-later

3322 GPL-2.0+

511 BSD-3-Clause

309 MIT

273 ISC

120 LGPL-2.1

50 BSD-3-Clause-Clear

29 GPL-1.0+

13 LGPL-2.1+

13 Apache-2.0

7 Zlib

4 LGPL-2.1-or-later

4

3 BSD-2-Clause

2 LGPL-2.0+

Lawyers who cited fake cases hallucinated by ChatGPT must pay

TJ1
FAIL

Re: One word

"Fiction"

When it comes to Linux distros, one person's molehill is another's mountain

TJ1
Boffin

Snaps and the fin' FOSS....

... stands for Freedom.

No matter how much freedom of choice you give, someone will always want more. Don't give them that freedom and they'll happily just get on with what they're given (e.g: Apple, Microsoft).

Tinkering with the desktop stuff always strikes me as rearranging the deck-chairs on the Titanic whilst it's sinking :)

Snap is there to allow software publishers to push out frequent changes to their software including more recent library dependencies than are in the 6-monthly Ubuntu releases, and to avoid having to learn Debian style packaging or deal with the discipline of getting their project accepted into Debian (Ubuntu's upstream) so that it flows into Ubuntu.

Some of the issues with snaps and specifically Ubuntu:

0. Critical vulnerabilities in core libraries are fixed once in the apt world and managed by a distro-wide team of maintainers. In Ubuntu there is a dedicated paid security team; in the snap world if multiple snaps embed their own versions of the affected library firstly you may not know, secondly you're reliant on swift and correct fixes and publishing of updates, and thirdly the 'team' responsible for doing those things may only be a single person publishing in their free time.

1. Core packages moving from apt repository to snap, making life difficult if one choses to remove snapd (affects -server (e.g. lxd) as well as -desktop (e.g. gnome))

2. Delivery system (snap store) is closed source. Unable to set up alternatives, or local 'stores', as is possible with apt repositories

3. Canonical controls the delivery mechanism and acts as gatekeeper

3. Mixing of open and closed source packages in the same repository (no pockets so one can easily avoid closed-source for example)

4. Lots of manual work required to obtain source code of open-source packages (see https://merlijn.sebrechts.be/blog/2020-08-17-verify-snap/ ) in contrast to: "apt-get source $package"

5. No easy way to replicate the build environment of a snap and do reproducible builds, in contrast to "apt-get build-dep $package; apt-get source $package; cd $package-$version; fakeroot debian/rules binary"

6. Reporting of bugs is not centralised via bugs.launchpad.net as it is with all Ubuntu apt packages (which also includes all package version build histories, build logs, changelogs, and source repositories)

7. Variable or lack of (professional) support. Ubuntu Advantage / Pro paid support packages do not cover snaps in the same way as they cover the apt repositories. Pro covers 2,300 packages in the Ubuntu Main repo, plus an additional 23,000+ packages in the Ubuntu Universe repository for 10 years. ( https://ubuntu.com/pro )

Autonomy's Mike Lynch loses battle against extradition to the US on fraud charges

TJ1
Stop

Caveat Emptor (Buyer Beware) ?

The whole episode doesn't look good for either side. Some facts that often don't get stated make the current status more understandable.

Although originally a UK company (Autonomy Corporation PLC) it listed its shared on the US NASDAQ exchange so financial oversight was a US concern as well.

Evidence from the various trials and audit reports appears to show that HP C-level and directors curtailed or ignored due diligence reports and advice from their own financial people regarding value

HP offered a 79% premium on the share price when it made its offer in August 2011 (share price ~ US$23.50, offer US$42.11)

In October 2011 HP bought 87.3% of the shares (~242,222,749) for US$10.2 billion (giving the balance sheet valuation of ~US$11.7 billion)

If HP hadn't offered and paid the premium then the value of the company at time of offer was ~US$6.5 billion

HP C-level and directors must have decided that paying 79% premium was worth it based on projected revenues.

Evidence seems to show that methods, information and supporting data for recognising sales, and projected revenues ,was manipulated within Autonomy senior leadership.

Auditors for Autonomy signed off on the accounts that incorporated the disputed methods and information.

Starlink opens final frontier for radio astronomers

TJ1
Facepalm

Ironic naming

So Go-Low will be ultra "high" whereas 'star'link has gone very low in Earth orbit.

The hunt for catchy names goes on :)

Rebel without a clause: ISP promises broadband with no contract

TJ1
FAIL

!no contract

Of course there is a contract - what there may not be is a commitment to a minimum length of contract, with the minimum being what you pay in advance for, which is usually a month. In this case the cancellation notice required is 30 days (section 18).

https://www.rebelinternet.uk/hubfs/TermsandConditions.pdf

Boeing signs off design of anti-jamming tech that keeps satellites online

TJ1
Facepalm

Re: How it works!

It replaces the Jam with Honey, so they use percussive honey instead.

TJ1

How it works!

"Data protection is achieved by using a bit-cover process before frames are grouped into information blocks for encoding. The DVB-S2 short block code [4] is used as the primary forward-error-correction (FEC) mechanism. This provides a fixed 16,200 bit encoded block length based on a combination of LDPC and BCH techniques with resulting rates ranging from 0.19 to 0.88 and supporting approximately 10 dB of link SNR fluctuation for a given symbol rate and modulation.

Codeword data is grouped into symbols and multiplexed across many hops, where a hop is the duration of time a transmission stays at one frequency before “hopping” away to another frequency. The hops are then permuted in time. Together, these features provide increased resistance to transient jamming or interference."

Implementation and Testing of the Protected Tactical Waveform (PTW) Brian J. Wolf, Member, IEEE, and Jacob C. Huang

Linux kernel 6.2 promises multiple filesystem improvements

TJ1
Mushroom

ZSYS due to be removed from Ubuntu installer

See "[FFe] Remove zsys from installer " https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1968150

Arrest warrant issued for Do Kwon – the man blamed for 'crypto winter'

TJ1
FAIL

s/investors/gamblers/

Nothing more need be said.

AMD admits its Ryzen mobile naming scheme is a mess, promises to clean it up

TJ1
Facepalm

AMD - ever heard of semantic versioning?

So we'd go from Ryzen v5.19 to v6.0 around now? :D

Japan's NTT claims it's built 1.2Tbit/s optical comms that sip power

TJ1
Go

Scpetical? No way! 1000km!?

I was expecting there to be a catch in all this since NTT doesn't mention the ACTUAL distance record they broke, but after a bit of ducking (DDG) I find that the the distance record for 800Gbps was 970km in September 2020 [0] and that has probably been surpassed since, so this new technology from NTT is definitely a significant advance - especially as it seems to be out of the R&D stage and looking for scaling into production.

[0] https://opticalconnectionsnews.com/2020/09/ciena-breaks-800g-distance-record/

Oh no, that James Webb Space Telescope snap might actually contain malware

TJ1
Alien

Re: Aliens

Who needs UFOs when you can hitch a ride on a JWST image from just after the Big Bang (or should that be the Insipid Flatulence -IFO )?

US Army drone crashes hours ahead of breaking flight duration record

TJ1
Joke

That's FSD for you!

Who decided to pay the $10,000 extra for the Tesla full-self-driving (FSD) option AND allowed an over-the-air, in-the-air, upgrade!?

Google shuts off IoT Core services shortly after announcing API stability commitments

TJ1
Alien

Another successful outcome...

... for Google.

With each passing product it becomes ever more abundantly clear that the only purpose of those products and services is to Vacuum up data about people, things, places, and the relationships between them, to feed the Google advertising engine.

Once they've wrung the good stuff out of a product or service they cancel it - it was never about providing service to a user (or possibly - gasp - even a customer!)

Dinobabies latest: IBM settles with widow of exec who killed himself after layoff

TJ1
Unhappy

Lawyers decide

I suspect the lawyers make the decision, not the complainant.

If the case is taken on a contingent basis with no-win,no-fee then the lawyers get to decide. I doubt the complainant is paying the lawyers out-of-pocket for this.

Upgrading what might be the world's oldest running Linux install

TJ1

Re: LVM over RAID over LVM

If this OS install has grown over time with in-place incremental upgrades it makes a lot of sense. Logical Volume Management (LVM) has gained features over the years that probably were not available when LVM was first adopted.

Physical > LVM > RAID >LVM is probably due to LVM not supporting RAID modes originally so likely it is Multiple Device (MD) RAID - probably RAID-1 mirror.

My guess would be originally the install was on a single HDD. As more storage is required it is far easier to manage it flexibly via OS (e.g. LVM) services rather than hardware RAID. So, add in more physical HDD/SSD, "pvcreate ; vgextend" and then "lvextend" for those volumes needing more space.

So over time, without any major OS re-installation, using several physical HDD/SSDs, the host has a RAID mirror with OS and data volumes on top.

Nowadays LVM supports RAID modes natively (using the kernel Device Mapper (DM) MD RAID functionality under the hood) so the additional layer could be removed whilst the OS is operating without too much trouble (I've done this on multiple systems over the years). This is one of the delights of using LVM - being able to re-shape storage architecture quite fundamentally whilst the system is live (including more exotic options like adding iSCSI block devices as LVM PVs to create remote mirrors).

I've also done a similar live migration from 32-bit to 64-bit in-place (original 2007 install, host still in operation). Once the kernel is switched to 64-bit it supports both 32-bit and 64-bit user-space. At that point you can create a 64-bit chroot install with all the required packages followed by copying over configuration files package by package and switching the running service from the 32-bit to 64-bit in the chroot.

Eventually you've a 64-bit kernel with a base 32-bit core running all 64-bit services. At that point the boot configuration can be pointed at the 64-bit root file-system (a Logical Volume) and the system rebooted.

When doing this it helps to actually upgrade the 32-bit packages to the target OS version first so that the package upgrade scripts handle most of the per-package configuration file changes for you. If skipping several OS releases it's unlikely we could rely on that to correctly handle all changes and would have to manually check and review each package configuration. Once that's done the switch from 32-bit to 64-bit should be straight-forward.

NASA's CAPSTONE silence down to a software flaw

TJ1
Joke

Re: Whats Happens If

That's due to those Turtles - there is no evidence that any Turtle ever wrote a software bug!

Arm's $66bn sale to Nvidia is off: Deal collapses after world's competition regulators raise concerns

TJ1
Stop

making this the biggest *non*-deal in the semiconductor market

Corrections brought to you via ARM (Automatic Reframing of Meaning)

'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug

TJ1
Go

Not distro specific; Linux kernel before v5.16.2

Distros will be backporting the fix from mainline [0] and/or the v5.16.2 stable tree [1]

author Jamie Hill-Daniel <jamie@hill-daniel.co.uk> 2022-01-18 08:06:04 +0100

committer Linus Torvalds <torvalds@linux-foundation.org> 2022-01-18 09:23:19 +0200

vfs: fs_context: fix up param length parsing in legacy_parse_param The "PAGE_SIZE - 2 - size" calculation in legacy_parse_param() is an unsigned type so a large value of "size" results in a high positive value instead of a negative value as expected. Fix this by getting rid of the subtraction.

[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de29310e8aa03fcbdb41fc92c521756

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.16.2&id=8b1530a3772ae5b49c6d8d171fd3146bb947430f

JavaScript dev deliberately screws up own popular npm packages to make a point of some sort

TJ1

Re: Quantity of Downloads vs Requires

Agreed about the numbers - but my primary point is the sheer complexity of verifying the combined effect of the sheer number of dependencies in most large applications, especially where there is a frequent commit cadence across the application and its dependencies.

Also, in respect to CI/CD those won't be doing a rebuild and test cycle on each commit or PR on all those dependencies - or randomising the test harness to reflect real-world client connections.

I can easily imagine one of the many dependencies introducing subtle, conditional, behavioural changes that don't do anything different when in a test environment but could trigger malicious payloads on very specific request parameters (IP address, referrer, user-agent, date/time, request parameters, etc.).

TJ1
Go

Widen the horizon - also affects live web, GoLang, Perl, Rust, etc.

I fully agree with sentiments regarding the typical Javascript eco-systems with regard to pulling in miscellaneous dependencies without review although I feel the language itself (sans strong typing) is as good or bad as any other, depending on the project requirements.

I get most upset by 'live' dependencies in web-sites to third party served code - the code being served can be trivially modified by the server based on the requesting user agent identity, IP address, and other heuristics, to deliver a highly targeted malicious payload that the web-site/application developers could never trigger.

For $deity's sake copy and serve the verified code/resource to your own server on the same domain as the primary resource!

However, a similar dependency eco-system exists with Rust crates and GoLang imports.

I was quite interested in certain GoLang projects until I dug deeper and two things stood out in particular to me and my requirements:

1. On Linux, code making syscalls needed (at the time I reviewed it - may have changed) to run a C-language co-process to call into the kernel. This aspect introduced some 'interesting' complexities and rather spoiled some of the GoLang promise (and performance - learned via 'crun' - the C-language alternative to 'runc').

2. In typical projects the source-code has an alarming number of "import "github/user/project" which relate to external dependencies fetched using "go get ..." so these external dependencies (and the graph of dependencies in a typical application-level project) have a similar security/review cycle issue.

Similar issue for point 2 in Rust Crates. Each Cargo.toml may well include lines of the form "some_external_library = { git = "https://github.com/SomeRandomAccount/SomeExternalLibrary" }"

Same applies to Perl with CPAN and others.

It seems to me there's a seesaw sliding-scale between Convenience and Trust and currently the scale is tipped too far in favour of Convenience.

Trust comes from reviewing the code - either yourself or your team, or by people you trust (typical web of trust). For example in Linux distributions we typically favour the package maintainers with implicit Trust when installed dependencies.

The problem, and challenge, for 'import the latest from $pseudo_random source' is the lack of a web of trust for each version/release/commit.

TJ1
Stop

Quantity of Downloads vs Requires

Slight tangent, but related to a point that BinkyTheMagicPaperclip brings up previously: "Never, ever, blindly pull the latest version into your product without thorough testing"

"colors.js is incorporated into almost 19,000 other npm packages and gets 23 million downloads a week."

This scares/worries the systems engineer in me.

If on a WEEKLY basis 23,000,000 downloads (requires/imports) are being done across ~19,000 dependencies, and if a similar relationship holds for other critical dependencies, that seems to suggest a huge number of projects frequently iterating builds and deployments.

Bearing in mind this is a single package the security vulnerabilities of this practice seems stark across the Node.js ecosystem.

Nothing's working, and I've checked everything, so it must be YOUR fault

TJ1
Facepalm

That's one heck of a long day out!

"One of our lot promptly did so within 5 years of the start..."

Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

TJ1
Black Helicopters

Re: no C Band 5G within 15 miles of an airport f

Apparently not that simple - helicopters frequently fly at or near the 500 foot minimum altitude and rely on ARNS altimeter to avoid CFIT (Controlled Flight Into Terrain).

TJ1
Boffin

Underlying Technical Details

It's important to understand that ARNS (Aeronautical Radio-Navigation Service) operates in the 4200 - 4400 MHz range for transmit and receive. The issue appears to be a combination of ARNS receivers being sensitive to (strong) signals outside the immediate band and the cellular base-station signal strength in 3700 - 4000 MHz.

Historically the band has been used for low-power services that do not suffer 'bleed' so ARNS receiver design especially didn't require tight band-pass filtering.

Frequency Allocations: [2] slide 7

3700-4000MHz Fixed Mobile

4000-4200MHz Fixed Satellite

4200-4400MHz Aeronautical Radio-Navigation

"It should be understood then that any interference that is unpredictable and that can mix with the linear FM waveform, thereby causing the radio altimeter to mistake the mixed signal as terrain has the potential to cause a radio altimeter to report a false altitude. "

[0] page 9 "1.1 Radio altimeter modulation and receiver sensitivity"

Affected Fleet:

"All FAA Part 135 helicopters are now required to have an operational radio altimeter

◦ Approx. 22,000 operational civil rotorcraft

◦ Some FAA Part 91 aircraft require altimeters for certain operations such as Cat II ILS, etc.

◦ Approx. 34,000 general aviation/private aircraft

◦ All large passenger aircraft

◦ Approx. 7000 US based civil aircraft

◦ Plus international carrier"

[1] slide 5 "Equipage and operation US National Example"

[0] ITU-R M.2059-0 "Operational and technical characteristics and protection criteria of radio

altimeters utilizing the band 4 200-4 400 MHz" https://www.itu.int/dms_pubrec/itu-r/rec/m/R-REC-M.2059-0-201402-I!!PDF-E.pdf

[1] "Radio Altimeter Interference" https://www.icao.int/NACC/Documents/Meetings/2018/RPG/RPGITUWRC2019-P08.pdf

[2] "FAA Radar Altimeter and Compatibility with 5G presentation" https://rotor.org/wp-content/uploads/2021/08/FAA-Presentation-RA-5G-Industry-Forum-July-2021.pdf

Expired cert breaks Windows 11 snipping tool, emoji panel, S Mode features, other stuff

TJ1
FAIL

Re: Good job MS hasn't heard of Let's Encrypt

It was a joke, but seeing as you missed that part, I never mentioned contacting letencrypt.org (shouldn't that be letSencrypt.org) but "phoning home" as almost all Microsoft software seems to do - to Microsoft.

If the signing certificate expired every 3 months and the system hadn't phoned home to Microsoft to fetch updates in that time things would get 'interesting'.

Scary that this appears to pre-suppose all Windows systems must be online regularly, and have to re-fetch signed applications even if the code hasn't changed (unless the signatures are detached and it can just fetch the new signature).

That could equate to a lot of bandwidth!

TJ1
Joke

Good job MS hasn't heard of Let's Encrypt

Don't phone home for 3 months? Sorry, your applications will not start!

(not sure how much of a joke this actually is!)

Page: