* Posts by chasil

156 posts • joined 18 Jul 2014


Workstation, server, IoT? No worries. Fedora 36 is out – all 13 editions of it


btrfs and xfs

'we're just moving carefully on it to ensure folks don't get bitten by the vaunted "btrfs stability problems".'

I don't think that an "enterprise" Linux distribution will be able to solely base itself on btrfs.

Oracle specifically prohibits database installations on this filesystem in 2290489.1: "Oracle DB has specifically said that they do not support using BTRFS filesystems... BTRFS is optimized for *non-database* workloads."

XFS also dominates the TPC benchmarks (at tpc.org) for Linux. There is no way that btrfs is going to supplant that status within the next few years. SGI definitely contributed an extremely valuable asset.

I'm also a bit surprised that Fedora's boot is ext4, as it's XFS under CentOS (7).

OpenBSD 7.1 is out, including Apple M1 support



OpenBSD is unique in that the X server does not run as root. This alone makes it makes it safer than most everything else that implements X11.

After the switch of malloc() from sbrk() to mmap(), several use-after-free bugs were found and fixed in the X server, which benefitted all platforms that implemented the patches.

OpenBSD is a great place to run X-Windows.


Re: OpenBSD is Faaast!

Linux is [currently] far more able to run fragments of the kernel on multiple CPUs at the same time.

OpnBSD started out with one large kernel lock that was a bottleneck (as did Linux 2.2), but has proceeded much more slowly in allowing kernel features out from behind that lock.

That being said, there are some things that feel much faster in OpenBSD 7.1.

OpenSSH takes aim at 'capture now, decrypt later' quantum attacks


NTRU is not a finalist.

The NTRU situation is actually more complex than this article implies.

NIST is conducting a competition for post-quantum key exchange and signature algorithms. NTRU Prime did not make the cut as a key exchange finalist.

It appears that NTRU Prime is going ahead in OpenSSH, without any formal endorsement from NIST.


In the notes listing NTRU Prime as an alternate (and rejection as a finalist), Daniel J. Bernstein filed a complaint with his experience at NIST:


"Formal complaint regarding 8 June 2021 incident - 2021.06.15, Daniel J. Bernstein..."

"Executive summary. A week ago Dr. Daniel Apon from NIST publicly accused me of professional misconduct. Specifically, he accused me of initiating private contact with NIST so as to provide false information to NIST regarding the timing of an upcoming announcement relevant to NIST’s ongoing decisions..."

It is unfortunate that this disfunction has a practical impact upon OpenSSH.

The long-term strategy behind IBM's Red Hat purchase


Phones run in homes, and might be set on a desktop. Does that count?

Amazon tablets seem to be the market leaders for non-iPad options.

It is a shame that most of the mass-market Linux environments are locked down and running malware.


Most Ubuntu users would not put up with an ancient kernel like this:

$ uname -sr

Linux 3.10.0-1160.42.2.el7.x86_64

$ cat /etc/redhat-release

Red Hat Enterprise Linux Server release 7.9 (Maipo)

You can get a more modern kernel for this platform, but that is very much frowned upon depending upon where it came from and what is done with it.

Another major problem is XFS, which is getting a formal deprecation because of this issue:

# grep xfs.*2038 /var/log/messages | head -1

Mar 7 04:55:30 kernel: xfs filesystem being remounted at / supports timestamps until 2038 (0x7fffffff)


Oracle creates new form of free Solaris


Re: OpenIndiana

You might try SmartOS.

The whole thing runs on a USB flash drive, and lets you offer all your storage as ZFS pools with no footprint of the hypervisor OS.

KVM has been grafted into the Illumos kernel for running Linux VMs, but you can also run Zones.

It's likely possible to run an Oracle database on it, but you probably have other preferences in that arena.


Re: digression

I wonder if the cow is quite so large these days, as it is not being fed by Apple, Sony, Microsoft, and Nintendo.

These were major markets that stayed for a time with Power, but found reasons to depart.

Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user


Re: Eyes

Perhaps following OpenBSD's approach, and ignoring the standards on all POSIX platforms might generally improve security?

It would have caught this.

"...but OpenBSD, he said, is not affected because the kernel won't execve() – execute a program by its pathname – if argc is 0."

SUSE announces 'tech and support' product Liberty Linux



Implementing BtrFS in CentOS can be accomplished with either the Oracle UEK, or the El Repo Mainline.

I am assuming that SuSE will not disable this functionality, so now there may be a third "drop in" option.


Intel rolls out new Alder Lake chips for laptops, desktops


AMD does the same thing...


...and they do it using ARM's design, inside an ARM core.


If you want a commercial CPU that is clean and open, then you will have to buy a SPARC. I think that the T2 is the best available.


Db2, where are you? Big Blue is oddly reluctant to discuss recent enhancements to its flagship database


Re: Throwaway society mentality comes to IT

Version 10g introduced a new in-place shrink, enabled by "alter table x enable row migration;" followed by "alter table x shrink space;".

If you were using a prior version, then the method to defragment/consolidate a table was only by the 8i "alter table x move tablespace y;" which does unpleasant things to indexes. It would be well-worth an upgrade to 10g just to get the in-place shrink functionality rather than rely on the 8i method.

And as far as sticking with Itanium, that's because migrating to a new platform means exp/imp (maybe with data pump). I have also done this from HP-UX to x86, and it is also not pleasant. I think that Exadata is the biggest iron available, and it runs on Oracle Linux.


Db2 platforms, PL/SQL, and ROI

There are actually three independent implementations of Db2: the mainframe version, the AS/400/i-Series OS service, and the Linux/Windows port. Each of these is a separate source repository, and they are not bug compatible (AFAIK).

IBM has licensed a version of PL/SQL (Oracle's ADA-like language for procedural SQL) from Enterprise DB. I don't know if this has been implemented on all of the Db2 platforms. Oddly, Microsoft has not arranged for PL/SQL support, instead adhering to Transact-SQL. This suggests that Db2 is a better choice for porting away from Oracle.


Still, SQLite and Postgres offer enough features that $15-25k for a core-based proprietary DB license demands justification for return on investment, and cloud services will make this judgement stark.

Alpine Linux 3.15 bids a fond farewell to MIPS64 support



MIPS remains firmly established in low end routers.

Support will likely be maintained in OpenWRT for a long, long time.




MIPS eccentricities

MIPS has a lot of oddities in it's design that were hard-coded from the early architecture. Branch delay slots and register timing are what I remember from the blog post below.

Apple could likely have bought MIPS when they were ready to go 64-bit, instead of using AArch64. Their M1 now beats Intel by several metrics.

Also, the top supercomputer is AArch64.

It looks like ARM really put some thought into enterprise performance, and removed similar scalability problems from Furber & Wilson's original ARM design.


"MIPS is the worst offender. It deliberately omits a feature which is so fundamental to CPU architecture that software people don't even think about it. The architecture leaves out the mechanism in the CPU pipeline which would otherwise stall execution until the data was ready. A register access which would have created a minor inefficiency on any other architecture instead creates a "hazard" on MIPS. You can read from a register before that register is ready. If you are writing or debugging MIPS code, you have to know how this works...

"Both SPARC and MIPS share another horrid feature - delayed branches. These create a dependency between instructions, in which the branch takes effect after the next instruction, rather than immediately. When using assembly code, you have to know which instructions have a delayed effect, and what rules apply to the instruction (or, sometimes, instructions) in the "delay slot" following it. The delay slot is restricted in various ways: for instance, you can't put another delayed branch there."

FYI: If the latest Windows 11 really wants to use Edge, it will use Edge no matter what


Poison Pill

Microsoft ought to be careful.

In outsourcing their browser engine to Google, they have now placed significant power over their OS in the hands of people who are now growing upset with them.

Google could, for example, inject a Go runtime into Chrome, get it endorsed as a web standard over Microsoft's objections, and force Go into Windows with the public intention of killing the .NET environment.

Should these two companies engage in serious disagreements, Windows will suffer badly.

System at the heart of scaled-back £30m Sheffield University project runs on end-of-life Oracle database


upgrade gymastics

I'll say that 32-bit is part of an upgrade that I have been asked to plan.

Moving from that to 19.3 or higher is a problem - DBUA does not (appear to) handle 32-bit databases, and it must be done with the dbupgrade command-line tool.

I am wondering what my options are for the catdwgrd.sql script to revert, and I've been advised not even to offer it as an option. Dropping back down from 64 to 32-bit would be asking for a disaster.


Re: Other RDBMS are available

You are essentially describing EnterpriseDB.


You actually mean 8i, the final release of which was

The "grid" part didn't come until Oracle licensed the VMS clustering code, and bundled it into 10g as RAQ.

Red Hat 8.5 released with SQL Server and .NET 6 ... this is Linux, right?


TPC.org says otherwise.

If you examine Microsoft's reported scores, everything is on XFS.

The XFS filesystem appears to be a sweet spot for database performance. Several other top scores are also on it (Exasol being the most prominent).

Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software


ROP Gadgets

What is more interesting is that a ROP gadget exploit was used to attack the server.

OpenBSD goes to great lengths to defeat ROP gadget attacks. The compiler is modified to exclude certain machine instructions at the ends of functions, and the ASLR runs so deep that the kernel and C libraries are relinked at every boot to randomize locations in memory.

"Tracked as CVE-2021-35211, the Serv-U vuln allowed an attacker to achieve remote code execution through what Microsoft described as a Return Oriented Programming attack, as we reported at the time."

For SFTP services, OpenBSD is in the top tier for security.


Awkward. At Chrome summit, developer asks: Why should anyone trust Google?


Remeber IE

This situation is preferable to Internet Explorer v6.

Going back to "Best Viewed with IE" would likely cause resignations of 3/4ths of all web designers.

SQL Server on Linux: Canonical offers official support, AWS Babelfish helps users move to Postgres


Re: Why?

The article asserts that "differences are not dramatic" between the Windows and Linux platforms, but this does not hold true with a careful observation of TPC-H benchmarks.

Locating the top benchmarks for SQL Server on tpc.org, nearly all of them are on Linux. The few that are on Windows do not perform as well.

My suspicion is that XFS has a great deal to do with this performance.

Ubuntu also runs SQL Server, usually on ext4. An interesting point about Ubuntu is that Oracle offers free KSplice kernel patches for it, so a high-availability OS platform with current patches is possible to obtain at zero licensing cost. The Windows equivalent does not exist.

The performance and availability characteristics would likely be compelling for SQL Server administrators who live in dread of Patch Tuesday.

Oracle loses appeal against $3bn payment to HPE over withdrawal of Itanium support



An Oracle acquisition of HPE might be a more straightforward solution.

I don't think there is anything left that could be considered anticompetetive.

Oracle flexes its hardware muscles with beefed-up Exadata X9M appliance



A casual browse of the TPC-C top scores will show a stark fact:

OceanBase v2.2 - 707,351,007

Oracle Database 11g R2 - 30,249,688

The age of Oracle's performance leadership appears to have come to an end.

Microsoft wonders if disabling just-in-time compilation of JavaScript improves browser security


Android: easy fixes

The "Bromite" browser, a Chromium fork that removes privacy-averse functionality, has the following setting:

"Disable JIT: Improve security at the expense of performance by not compiling JavaScript to native code (requires browser restart)."


Gee, I wonder where Microsoft came up with the idea.

If you want focused control over JavaScript, use the "Privacy Browser" from F-Droid or Play, where it is disabled by default. A simple toggle will allow interactive code, or halt bad behavior.


Huawei says its latest flagship smartphones lack 5G, blames US sanctions



Doesn't Mediatek make a 5g modem? I remember it being suggested for Apple. Kirin and Mediatek 5g makes the most architectural sense.


Oracle accused of eating software maker's lunch with hostile hiring, trade secret theft


Equal blame.

To be fair, Oracle is no more at fault here than Adobe Systems, Apple, Google, Intel Corporation, Intuit, Lucasfilm, and Pixar.

They all illegally colluded in non-poach agreements, as the parent article documents.

I'd rather live in a world where Oracle is allowed to do this, but abide by legal non-compete agreements (which I myself despise).

Qualcomm hopes to attract devs to Windows 10 on Arm with new testbed, spins up 2nd-gen 7c cheapbook chips



I don't know if many Chromebooks have LTE in addition to WiFi, but the 4G cellular modem (Snapdragon X15) is not often seen in PI-class machines.

It would be interesting to swap my simcard into one of these for occasional remote support. It would also be nice to have a SODIMM socket, with no RAM included, so I can decide what I want and when.

Is it still possible to run malware in a browser using JavaScript and Rowhammer? Yes, yes it is (slowly)


Ubuntu Chromium snap

In my last Ubuntu upgrade, my native Chromium install was converted to a snap package, both of which I assume were completely open-source.

Perhaps Windows users might be confused by a Chromium vulnerability which is likely exploitable in close-source Chome; Firefox production/esr releases are perhaps slightly more straightforward.

Does anyone even package Chromium for Windows?

Island in the Stream: AlmaLinux project issues first stable release of CentOS replacement


Oracle OS support

If we are being pragmatic, RedHat has terminated two major distributions, the original Red Hat Linux that ended at v9, and now CentOS v8.

Oracle ended OpenSolaris when Sun was acquired, and also terminated Oracle Linux 6 for SPARC after two beta releases.

Objectively, Oracle has supported their Linux offerings far more reliably than RedHat.


Conversion scripts

CentOS can now be converted to the following peer distributions...

RHEL: https://access.redhat.com/articles/2360841

Oracle: https://github.com/oracle/centos2ol

Alma: https://github.com/AlmaLinux/almalinux-deploy

I doubt option 1 is exercised often.

Shedding the 'bleeding edge' label: If Fedora is only going to be for personal use, that doesn't work for Red Hat


Options in the RPM world

Oracle has run a fully-supported clone of RHEL since the JBoss purchase, and Oracle does provide some very useful additions (the UEK, and their EPEL mirror are my favorites).

The reaction to Red Hat originally dropping their free product first saw WhiteBox Linux, then Tao Linux as free rerolls of RHEL, finally evolving to CentOS, while maintaining Scientific Linux for v7.

Rocky Linux and AlmaLinux are two new CentOS 8 clones. There is already a simple migration for CentOS to the Oracle yum repos, and migrations are likely to emerge to these new distros as well. Any CentOS user who wants a supported platform today can have it (even Red Hat has a converter).

IBM may have an agenda for Fedora, but it is unlikely as extreme as CentOS. For those who have truly had enough, but prefer RPM, SUSE is also an option.

Tired: Linux fans using the Edge browser. Wired: Linux fans using a Microsoft account to sign into the Edge browser


Microsoft contributions to the Linux kernel

Unfortunately, if you cannot tolerate Microsoft code, you will be unable to run Linux.

Microsoft has contributed code into the Linux kernel source tree for a number of reasons (HyperV comes to mind):


Microsoft has also contributed code to OpenSSH, so you might need to switch out your SSH clients and servers (although I don't know if any Microsoft code has made it all the way up to OpenBSD's /usr/src):


100% avoidance of Microsoft's code can require profound changes to software infrastructure.

Micron: We're pulling the plug on 3D XPoint. Anyone in the market for a Utah chip factory?


fab for Honda?

Honda just announced that all manufacturing is halted in the U.S. and Canada. Semiconductors are cited as critical.

Can a nand fab make logic parts, at lower densities?

Would any upgrades be cost-effective?

Although Intel itself may soon be conducting a fire sale on logic fans.

With computer brains in short supply, President Biden orders 100-day probe into semiconductor drought


nation/state foundaries

I think that the correct response would be for both the EU and the US to negotiate with Intel and/or Global Foundries for the purchase of 45nm, or perhaps 22nm facilities.

I know that AMD/Global Foundries had semiconductor fabs both in Dresden DE, and East Fishkill, NY. Intel's Chandler, AZ site might have an older fab that they might also be willing to sell.

We know that the US NSA has their own fab. An expansion of their management, over a buyout of East Fishkill or Chandler could guarantee 45nm production for the US automobile industry. Europe might feel the same about Dresden.

This is a big enough problem that government(s) could/should address.

Huawei loses attempt to rescue CFO Meng from US clutches despite using 140-year-old law in High Court


exculpatory evidence

Checking google, it appears that U.S. criminal prosecution is required to share evidence with defense due to a law passed in 1963:


I don't know if the prosecution is required to share any requested evidence before extradition (I would think that Huawei council would have acted if so).

We also know from the Flynn proceedings that much exculpatory evidence was "misplaced" and not reported, which dims the hopes of a fair trial.

Decade-old bug in Linux world's sudo can be abused by any logged-in user to gain root privileges



I know that the article specifically says that ASLR was defeated, but I wonder if these other compiler/linker mitigations prevent (some of) these vulnerabilities?

The "hardening-check" perl script is available from EPEL on redhat platforms. Here I use it to report mitigations in an old FWTK component that I use for an internal legacy system.

$ hardening-check /home/fwjail/usr/local/etc/ftp-gw


Position Independent Executable: yes

Stack protected: yes

Fortify Source functions: yes (some protected functions found)

Read-only relocations: yes

Immediate binding: yes

$ rpm -qi hardening-check | grep ^URL

URL : http://packages.debian.org/hardening-wrapper

Qualcomm pays $1.4bn to acquire ex-Apple and AMD Arm server chip engineers (and the biz they set up)


Krait & Kryo

"It may mean Qualcomm relies less on licensing off-the-shelf CPU cores from Arm, and instead produces its own highly optimized Arm-compatible CPU designs from scratch, much like Apple has done and succeeded with its A-series in iThings and the M1 in its laptops."

I thought that Krait & Kyro were already in-house designs.

If I remember, the Snapdragon 810 was the only stock ARM, and it had real problems (the Nexus 6p would run hot enough to burn out the CPU).

Open-source contributors say they'll pull out of Qt as LTS release goes commercial-only


Red Hat

Why not fork this one? It's under full support.

$ rpm -qi qt

Name : qt

Epoch : 1

Version : 4.8.7

Release : 9.el7_9

Architecture: x86_64

Install Date: Thu 12 Nov 2020 12:55:44 PM CST

Group : System Environment/Libraries

Size : 17895063

License : (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT

Signature : RSA/SHA256, Tue 10 Nov 2020 11:39:49 AM CST, Key ID 72f97b74ec551f03

Source RPM : qt-4.8.7-9.el7_9.src.rpm

Build Date : Tue 10 Nov 2020 11:32:07 AM CST

Build Host : jenkins-172-17-0-2-3664c536-7d7d-4ac4-8b0e-26767e19daa3.blddevtest1iad.osdevelopmeniad.oraclevcn.com

Relocations : (not relocatable)

Vendor : Oracle America

URL : http://qt-project.org/

Summary : Qt toolkit

Description :

Qt is a software toolkit for developing applications.

Red Hat defends its CentOS decision, claims Stream version can cover '95% of current user workloads'


RHEL switch

I have only done this once, with RHEL v4 onto Oracle Linux. The switch just changed my update provider, and Oracle supported the previous OS packages that had been shipped by Red Hat.

Red Hat now has a script to convert an installed CentOS or Oracle Linux to RHEL; previously a wipe and reinstall was required ("have fun reinstalling your system" is still on Oracle's CentOS site). The description looks much more thorough in replacing all possible packages with Red Hat versions:


I don't know of any other current repo conversion options for a CentOS install, but some will likely emerge (Rocky and Scientific Linux come to mind).

Oracle's CentOS notice, with (some) recent updates:


New CentOS conversion blog entry:


New repo conversion script, supposedly works with CentOS 8:


After conversion from CentOS to Oracle Linux, free updates are available indefinitely. For those who desire paid support, there are several (yearly) price tiers ($119; $499; $1,199; $1,399; $2,299). I will say that I've had more problems with Oracle support this year than ever before.

For those uncomfortable with "free" products from Oracle, bear this in mind: in the last two decades, Red Hat has terminated two Linux distributions, while Oracle has terminated none.

Rocky Linux is go: CentOS founder's new project aims to be 100% compatible with Red Hat Enterprise Linux


Red Hat decapitates another product

Many years ago, I fondly used and documented the free and open Red Hat distribution, which ended with release 9 in 2003. I still have a hard drive with the original Red Hat 6 based on System V init, not the later v6 based on Upstart.

There was a great feeling of abandonment then that is nostalgic in the death of CentOS now.

In the years that have passed, I saw a few licenses purchased in my workplace, then support suddenly stopped by corporate sources who instructed all license holders to convert our installs to Oracle Linux support.

I remembered my feeling of abandonment by Red Hat, ran the script without complaint, and all was well.

In later years, focus returned to Red Hat licensing, and I was strongly encouraged to reinstall my Oracle Linux systems (which had grown greatly, as they were free). I resisted vehemently, objecting to an inferior kernel (compared to the UEK), reduced hardware support, and the pointless inconvenience of license keys, activation, and renewals for a product of generally lower quality.

Fortunately, I have avoided this inconvenience.

In light of the decades of Red Hat's behavior, I will say one thing: you reap what you sow.

Banking software firm tiptoes off to the cloud with MariaDB after $2m Oracle licence shocker



This is not actually true.

Prior to China, Oracle dominated the TPC-C benchmark with SPARC and 11g. Yes, SPARC.

"OceanBase" has put an end to that.

I don't speak Chinese, and I can't read the documentation. However, second-best is still what you have to use when you really, really need it.


Red Hat tips its Fedora 33: Beta release introduces Btrfs as default file system, .NET on ARM64, plus an IoT variant



Many are likely aware of "btrfs-convert - convert from ext2/3/4 or reiserfs filesystem to btrfs in-place."

I'm assuming that this is possible with the new Fedora release, but there are several important warnings, among them: "The conversion utilizes free space of the original filesystem. The exact estimate of the required space cannot be foretold. The final btrfs metadata might occupy several gigabytes on a hundreds-gigabyte filesystem."

Consolidating databases has significant storage benefits – and therefore everyone should be doing it


Err, no.

I deal with a couple of legacy databases, Oracle RDB, and a hierarchical database that originated on UNIVACs.

Neither of those is going to be on the table for consolidation.

Funny story, a developer brought me a SQL-Server backup, and asked for a Linux recovery. I downloaded the RPMs, initialized it, and the developer loaded the backup.

My next surprise was a call from management on an emergency SQL-Server conversion to Linux - turns out my newly-installed database was 100x faster than the production VM farm.

There are a few reasons for consolidation, but there are many reasons to refrain. Packing your favorite bowl or cup in your attic chest of porcelain means that you will constantly dis/reassemble the contents, and things will likely get broken. Certain architectural aspects become brittle and very difficult to change.

GnuTLS patches huge security hole that hung around for two years – worse than Heartbleed, says Google cryptoboffin


2008 GnuTLS criticism.

This chatter has been going on for quite a long time.


When a deleted primary device file only takes 20 mins out of your maintenance window, but a whole year off your lifespan


Another way to do this

There might have been a less traumatic way of accomplishing this.

As I remember, Sybase was able to mirror device files, and the free verson ( was capable of doing this.

Assuming a mirror operation could be launched that could read the unlinked file, Sybase itself would copy the device file to a new location.

Oracle has the ability to "alter database rename file," and Sybase device file mirroring was the way to accomplish the same thing.

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'


VAX Telnet

We still have VAXes running on emulators for our plant, and they are critical.

Corporate security forced us to get off cleartext telnet, so we looked at SSH. The Microfocus Reflections terminal clients were going to cost us hundreds of thousands, and not really offer any visible feature improvements.

Instead, we wrapped our old Reflections with stunnel clients, served by a set of Linux stunnel servers, and left our old software in place with cleartext telnet wrapped in TLS. I generated the keys and wrote the configs.

This decision gets criticized from time to time. Attempting alternatives has revealed other systemic problems, beyond expense.

Eclipse boss claims Visual Studio Code is an open-source poseur – though he would say that, wouldn't he?


Re: Open Rewrap - VS-Codium

Actually, when I do rare work on Windows, I usually rely on the Busybox port of vi.

I still login to HP-UX systems on occasion, and I imagine that I am using the real Bill Joy code there.


Open Rewrap - VS-Codium

Similar to Chromium ports of Google Chrome on various platforms, there is a completely open and free rewrap known as VS-Codium that only includes the open-source telemetry variant.

I have installed the RPM version of this, and I have tinkered with it. I don't use it regularly, as a full blink/v8 stack is really too much of an attack surface for simple editing. Vim is more to my tastes.



Biting the hand that feeds IT © 1998–2022