* Posts by NullNix

56 publicly visible posts • joined 12 Jan 2019


Systemd 249 release candidate includes better support for immutable OSes and provisioning images


What? sysv init scripts, both as originally implemented on sysv and as now present on (non-systemd) Linux distros are an almost wholly undocumented nightmare of barely-commented shell scripts rife with poor interactions and no error handling whatsoever. Even BSD single-rc-file was better: at least you could have conditionals that crossed multiple services easily.

sysv init scripts are a total mess and clearly crocked together from whatever pieces lay to hand at the time. No design was involved, and they're as far removed from the clean design of the Unix philosophy as the Windows kernel was.

I might not like systemd a great deal, but that doesn't mean I'm willing to engage in obvious lies to attack it. There are good reasons to dislike systemd. This is not one.


Re: Thinks I like about systemd

... why on earth are you editing things in /usr/lib and expecting them *not* to get changed by upgrades? That's got disaster written all over it, and has on every distro from Slackware on. Mess with /usr at your peril: it belongs to the distro's package manager. /etc is yours, as is /usr/local, but /usr is the distro's.

systemd has a whole scheme for letting you make changes like this and have them persist: copy /usr/lib/tmpfiles.d/tmp.conf to /etc/tmpfles.d/tmp.conf and edit that: those changes will override distro changes and will not be overridden by upgrades. This is the same for every single configuration file in systemd, and is spreading to other applications because it's such a good idea.

Writing this one off as user error.

New IETF draft reveals Egyptians invented pyramids to sharpen razor blades


Re: As Pratchett himself wrote:...

Yeah. You know what was missing in this RFC? An assignment for X-Clacks-Overhead and/or "GNU Terry Pratchett". (But the existing assignments were hilarious, and reminded me of nothing more than the oh-so-carefully-chosen keybindings for the immortal gnxt text editor.)

Linux laptop biz System76 makes its first foray into the mechanical keyboard world with dinky, hackable Launch


Ergonomic is a different price world thought

Of course, Maltron can basically charge what they like, because their customers are a captive market: they buy because they have to, because they're escaping a world of non-metaphorical pain. Well, OK, they could also buy a Kinesis if they didn't mind it wearing out in three years, but if you want a contoured keyboard that'll last a decade or so there is really only one choice.

I mean... all these firmware-updatable hackable keyboards look really nice to me and I'd be in the market for one in a shot, *but* it'd need to have Maltron/Kinesis's contouring, or for me it's not a keyboard, it's a portable agony device I can't use for more than five minutes at a stretch. And oddly almost all these keyboards are flat, flat, flat. Some of them have interesting key layouts, but still flat, flat, flat. I guess it's cheaper to make things that are flat. Shame the human hand isn't really bult for it...

Yep, the 'Who owns Linux?' case is back from the dead


It's a Californian Blue. Lovely plumage, look. Formerly owned by a mafia don's Organization, so look out, it might squawk out rather unfortunate, not to mention embarrassing, secrets...


Re: Follow the money

Microsoft is also one of the biggest Linux-using companies in the world, and its largest single cash cow these days, Azure, runs more Linux instances than Windows.

Microsoft attacking Linux would be shooting itself in the financial foot. This is a thing MS has never been accused of, therefore they aren't doing it. (The same thing applies to Oracle, which maintains its own Linux distro and values the ability to hack at the OS as needed. I should know, I work on it. Obvious disclaimers regarding not speaking for Oracle, having no actual idea what our lawyers are up to etc apply. I'd be extremely surprised if they were up to *this*, but of course I could be wrong.)

Linus Torvalds went six days without electricity, swears smaller 5.12 kernel is co-incidental


That's not what LTO does

> Among the big inclusions in 5.12 are Clang Link-Time Optimizations, which make for better compiler performance

No, it slows the compiler down (quite a lot actually). It can make for better compiler *optimization*, i.e. better *runtime* performance. (It can also make for larger binaries and worse runtime performance due to increased icache bloat, though this is somewhat rarer than it used to be.)

Co-founder of coronavirus vaccine biz holds in-person tech event... 20+ attendees later test positive for COVID-19


Re: Not me

Also the families of everyone at school. Just because children are almost entirely asymptomatic doesn't mean they can't pass it on. Members of five families in my sister's daughter's class caught covid-19 in the same week: obviously this means they almost certainly caught it from their children.

Linux 5.10 to make Year 2038 problem the Year 2486 problem


With the release of glibc 2.33 (install with care, I found several bugs and the fixes haven't hit the release branch quite yet), it has now trickled down! This has of course instantly broken OpenSSH because it didn't have all the necessary syscalls in its seccomp filter list... (patch submitted).


Re: Linux kernel

Can't do that. Real users might have used touch to set file times to any date in the currently-valid range, so we have to expand the range in a compatible fashion, not just slide it along. (Sure, maybe you could say "bugger any users doing such crazy things", but that's the difference between a hobby filesystem and a bulletproof one. :) )

There are also (mostly-invisible) timestamps in places like the quota format that needed handling (that one was handled by reducing its precision by a factor of four, quadrupling its range with almost certainly zero visible impact on any users ever).


Re: Glad to see the legacy of Silicon Graphics living on

Um... Darrick has been an XFS hacker at Oracle for over five years now. If nearly a thousand commits aren't enough to leach this of its irony, I don't know what is.


64-bit time_t on 32-bit platforms is not a thing which has been around for "ages": indeed the user interface (well, programmer interface, like -D_FILE_OFFSET_BITS) for 64-bit time_t on 32-bit was only finalized earlier this year and has basically not trickled out to anyone yet.

The major advantage of this fix is that it can be applied to existing filesystems with a single traversal over the inodes to fix them up. Going to true 64-bit time_t would require a mkfs (which means most systems would never do it).

Why, yes, you can register an XSS attack as a UK company name. How do we know that? Someone actually did it


In fact he just did, and I suspect he was planning to when he registered this company. Problem solved!


So I saw the 'crappy company name' and had a look. Registered in Bracknell, oh, wait, this is RevK isn't it? Look over at 'People', and yes, it is.

See https://twitter.com/TheRealRevK/status/1319869941819101186

Microsoft delays disabling Basic Authentication for several Exchange Online protocols 'until further notice'


Re: Modern authentication is not a standard

So... all of a sudden your email (possibly automated) stops working unless you log into a browser and tweak the password your automated systems are using on a frequent basis?

This sounds *terribly* impractical.

Fortunately, it's not actually quite that bad: if it works like other oauth2 implementations, you can get new tokens via a fairly simple curl call, i.e. automatically. You don't need a full web browser, JavaScript or any of that crap (but then again since you can do this automatically I'm not sure what actual security it brings). It's just that every single client needs changing, and with some, like getmail, not even up to migrating away from Python 2, this might be a fairly long wait for the "long tail". And I bet a bunch of MS's own employees are using said long tail of clients... hence the stay of execution.

How do you fix a problem like open-source security? Google has an idea, though constraints may not go down well


That's not what they meant when they said "unilateral", though, is it? The same section that talks about unilaterality also talks about all changes needing review, which *is* a good thing and isn't done remotely enough. Many of the projects cited are exceptions to this rule and do have someone not the author review every change: ffmpeg, for example.

Google aren't saying "these projects can't change without checking with us". They're saying "these projects are security-critical so more than one pair of eyes should look at all changes". Which is, well, good. Also a bit pie in the sky, I fear... :/

Passwords begone: GitHub will ban them next year for authenticating Git operations


Re: A self-defeating approach?

It's commonplace. Most banks have *ancient* systems, and this is just one of many ways that shows.

If you want ridiculous, until last year the Coventry had a scheme where you had an eight-char password, uppercase alphanumerics only, changeable on request -- they posted you a form with eight boxes in it which you filled out and posted back, and then a few days later the password was changed. This was obviously grossly insecure so they pasted other security challenges over the top of it over time (and lately have replaced it entirely).

I bet this is because the password in question was an actual mainframe account password of some sort, changeable only from an operator console. It had that smell. (This year, they changed to allowing really long passwords, and better yet passwords with no stupid restrictions on what characters must be present, so I can just use the result of a yubikey's HMAC-SHA1 challenge-response as the password. Finally.)


I'd bet that SSH keys will stick around, simply because they are ubiquitous in git usage and definitely not insecure -- but I suspect they'll start encouraging "sk"-format keys stored on U2F hardware tokens sooner or later, to prevent attackers stealing keys off client disks or out of client memory. (SK keys are new in OpenSSH 8.2+: it's the only hardware token mechanism I've ever found to be in any way usable. As long as both client and server are new enough -- a requirement, since this is a new key type -- I've found it as reliable as ordinary on-disk keys, something I could never have said of the old CCID-backed PIV or GPG-based nightmares.)

Who knew that hosing a table with copious amounts of cubic metres would trip adult filters?


Re: Wang Care

Not just American companies. None other than the great Jack Vance, perhaps one of the finest wordsmiths then alive, wrote a book titled _Servants of the Wankh_, silent h and all. Admittedly, he wanted the book's title to be different, but the Wankh *were* a pivotal species in the book and he definitely didn't see anything wrong with their name. Many years later he renamed them to the 'Wannek' after being told what 'wank' meant in Britain.

If Vance didn't know... it's safe to say that next to nobody in the US did other than immigrants from countries speaking British English variants, at least not a few decades back.

MongoDB loses its mind with marketing budget movie mania: Yep, it's choose-your-own-adventure Hackers with drop-down menus


Re: She doesn't test her software and there's data corruption

Back when I was working for excessively boring bottom-of-the-barrel no-name City firms... well, one of them decided to make a superhero graphic novel. Because *obviously* wrestling with databases is *just like* causing massive property damage in the streets of Manhattan.

Somewhere, some poor sod had to draw multiple frames of a character in a superhero costume... sitting at a keyboard doing electronic stock trading. HEROIC!

Here's a little Intel: Beware of Linux graphics vendors bearing gifts of shared code – open-sourcer


Re: Alternativly

Dave is the guy who has to deal with the integration problems this sort of throw-it-over-the-wall no-external-contributions code implies. It's a hell of a lot more work than it would otherwise be (and I can say this as someone who's been on both sides of that fence, both throwing code over the wall in a project my then bosses didn't allow me to open, and trying to integrate another such project with a larger system, which was much like trying to get blood out of a stone only less pleasant).

This isn't dogmatism, it's common sense.

X.Org is now pretty much an ex-org: Maintainer declares the open-source windowing system largely abandoned


Re: Then there's running an X session remotely.....

Apparently 'waypipe' is supposed to be able to do this. I mean yes it works by throwing bitmaps around, but in practice so does most X work now. (Except Emacs, which is probably a major reason to keep XWayland around. XWayland doesn't work with everything, but Emacs doesn't use the modern stuff like systrays etc that XWayland doesn't like, so you should be OK.)

Linus Torvalds hails 'historic' Linux 5.10 for ditching defunct addressing artefact


But then what was the thing being "made redundant by chipmakers"? As far as I can tell the only possible answer to this is "nothing": segment overrides still exist and still work just as well as they did last year. This change is not being implemented because of changes from "chipmakers" (Intel? AMD? the RISC-V Foundation? At this point it could be anyone).

The article is more than half nonsense.


But in that case the article makes no sense! Linux never *used* 286 protected mode: 286 protected mode is not "being removed by chipmakers" but rather (depending on your viewpoint) either is still here

or ceased to exist as soon as the 386 came along (386 protected mode is a strict superset except for 286 LOADALL, which was never documented). 386 protected mode is also not being removed, not for a very long time. Segment prefix overrides, ditto (heck, gas just had a bug fixed with regard to segment override printing), though many overrides do nothing in long mode.

Regardless, Linux never worked on the 286 in any case.

So... nothing has been "made redundant by chipmakers", this change has little or nothing to do with the 286 (on which %fs never existed, so set_fs obviously never worked there even back in the days when it used %fs)... and set_fs being removed is a purely kernel-internal thing that has no relationship with anything being made obsolete by Intel... or whichever "chipmaker" is being vaguely alluded to here. It stopped using the %fs register ages ago, but that doesn't mean %fs has been removed, just that this particular use for it has gone away. (It is in the ABI. It cannot be removed without breaking every program that uses thread-local storage. %fs is forever.)

My impression of an article written by someone who didn't know what he was talking about persists.


Re: RISC OS did this in the 1980s

The 64-bit time_t stuff has been landing for many releases now, and time_t has always been 64-bit on 64-bit platforms. This is all filesystem work, which is much harder because the data is persistent and people like not to lose it. In this case, XFS format v5 is gaining 64-bit stuff for filesystem timestamps, in a backwardly-compatible way that does not require a mkfs: that's all. (Bear in mind that the original XFS is a child of the early 90s, so not all that much newer than RISC OS.)


This article almost entirely wrong, to the point that I wonder whether the author has done any research whatsoever or knows anything at all about the x86, even the names of the registers in its register file.

%fs and %gs originated with the 386, not the 286, as ten seconds research would show. As Linus himself said in the very announcement you link to, the kernel hasn't used %fs to point to user memory since sometime before the start of git history, and it certainly hasn't been 'made redundant by chipmakers': %fs and %gs are the only two segment registers that are still useful in x86_64 long mode, and indeed the kernel still uses them, as does userspace.

It's just that the kernel no longer uses a function call that happens to still be called set_fs() (for purely historical reasons) to address userspace memory while in kernel mode, that's all. (Instead this security-sensitive thing is now done at the lowest possible level, in the smallest possible number of places, in the access primitives themselves, not scattered across all the individual drivers that do the accesses.)

NHS COVID-19 launch: Risk-scoring algorithm criticised, the downloads, plus public told to 'upgrade their phones'


Re: Two questions

Some versions of Android at least log when apps ask for location, and how finegrained it is. I have not (yet!) observed the NHS app making any such queries, and the source doesn't do any that I can see.


Re: Small houses

You can turn it off if you're alone at home. (It is probably not wise to do so if you are at home but not alone!)

It's pointlessly annoying to do so on Android (there should be a quick icon to do it, or a home-screen widget, or something, but no it's buried two or three screens deep), but it's doable and takes only a few seconds. Just remember to turn it on again (which is just as annoying).

Das Keyboard 4C TKL: Plucky mechanical contender strikes happy medium between typing feel and clackety-clack joy


Re: That's downright cheap!

I didn't say you couldn't get mechanical keyboards: I said they weren't going to be cheap. This is not a bad thing, as you still save money in the end because the thing'll take many times longer to wear out than a cheap keyboard would. It's Vimes's "Boots" theory of socio-economic unfairness applied to keyboards.

(Ergonomic *everything* is much more expensive. It doesn't matter: my trusty Maltron might cost a lot but I bought it in the early 2000s, have used it to the exclusion of everything else, and it still works. The keyswitches wore out once and were replaced: doing the replacement cost about £70, and was worth every penny. It *is* important that you have a method in place to avoid the possibility of ever spilling anything on the keyboard!)


That's downright cheap!

You can't get *decent* mechanical keyboards (the sort that'll live for a decade or more) for much less than this is going for. Ergonomic ones routinely cost two or three times as much.

It looks good to me (though I'm not interested in it because RSI means I'm forced to use ludicrously expensive ergonomic keyboards -- and, because spending that much money is a sort of mind control, I'm forced to evangelise them at every possible opportunity too QWERTY SUCKS even when it makes no sense and is SPLIT KEYBOARDS FOREVER obviously shoehorned into the FNORD conversation.)

Linux kernel maintainers tear Paragon a new one after firm submits read-write NTFS driver in 27,000 lines of code


Re: So?

> 27,000 lines of code isn't really that much, its a substantial chunk but it should break down into components that can be individually reviewed and tested.

Yes, and doing that was Paragon's job, not the reviewer's. It's not like it's hard to split a huge ugly pile of work into neat commits. Picking an example totally at random because it's one I'm familiar with: it's not quite as big perhaps, but I did that for 10,000-odd lines of work just last month, originally in perhaps 250 completely unreviewable use-git-as-a-backup-system commits with commit log messages reading things like "fix the fix" and "giant pile of unsplit work" (https://sourceware.org/pipermail/binutils/2020-June/112012.html). It took perhaps two days to split up six months or so of work.

If you can't be bothered to do even that much to make your code easier to follow, I don't think it says much about your likely long-term commitment to the contribution or about your consideration for the maintainer you're dumping this stuff on.

This NSA, FBI security advisory has four words you never want to see together: Fancy Bear Linux rootkit


Re: Get Root?

Not that I can see, which makes this whole thing a panic over nothing. Yes, if you run malicious code as root it *can* persist itself. This is nothing new. Don't run malicious code as root. (And keep your machine as safe as possible from holes that allow unprivileged users or network daemons to escalate to root.)

(Secure Boot only saves the boot process and firmware, anyway -- it won't save you from things that persist in network card firmware, disk controller firmware etc. Like, oh, the NSA uses, and since they do I'm sure the Russians can deploy that real soon now as well. Again, just don't run it as root and you're safe.)

Soft press keys for locked-down devs: Three new models of old school 60-key Happy Hacking 'board out next month


Re: Alternatives?

Yeah. I will admit I don't understand people who say they do a lot of typing and then insist on buying a cheap keyboard. If you do a lot of typing the keyboard is critical equipment, and it's critical stuff that your hands hit a lot. That means it's also health-critical. Why would you *not* spend a reasonable sum on something like that? Why aim for the cheapest thing you possibly can? I am mystified.

Also... if you buy a keyboard with good switches -- which means expense, I'm sorry -- you can expect it to not fail for decades. The Cherry keyswitches I'm using in the keyboard here did need replacement, but that was after *twenty years of continuous use*, and the thing about a keyboard that costs a lot is that if the vendor is still going after that long they'll probably be happy to replace the switches for you for less than the cost of a replacement keyboard.

Cheaper keyboards wear out much faster, and are nastier to type on as well.

Oh Hell. Remember the glory days of Demon Internet? Well, now would be a good time to pick a new email address


Re: "Another bemoaned the hammering of yet another nail in the coffin of Blighty's ISP past"

So, how does "ten addresses" compare to "infinite addresses and you can run your own mailserver, in fact you have to, here's one we configured for you: all the configurability you could possibly want"

Really worth moaning about (not that any of that good stuff survived the Vodaphony takeover).

OK brainiacs, we've got an IT cold case for you: Fatal disk errors on an Amiga 4000 with 600MB external SCSI unless the clock app is... just so


Re: Just a guess, TTL timing?

Similar example on the C64, which came directly down to driving the DRAM out of spec. This one wasn't diagnosed until a few years ago, and was of course first shown as a demoscene scroller with appropriate freshly-composed music.

Watch out, everyone, here come the Coronavirus Cops, enjoying their little slice of power way too much


Re: When people talk about the abuse of petty authority I ask

Oh come on she wasn't selected on that basis. She was selected on the basis of being pro-Brexit, just like everyone else in Cabinet. She just happens to combine that with being so right-wing that she makes Rees-Mogg look like Neil Kinnock, so short-tempered that she makes our recently-ex Speaker look like the kindest person who ever was, and "as thick as mince" (and that was from one of her *supporters*, off the record).

However, she didn't manage the biggest own-goal of this Cabinet so far, infecting half of it with SARS-CoV-2. That was probably Nadine Dorries' doing -- and that's another sign of a terrible low-competence cabinet: why the hell is she a health minister, even a lowly one? her only interest in public health historically has been to use every possible opportunity to try to ban abortion, even though doing so is *massively* unpopular in the UK outside Northern Ireland and would get any government that tried to do it turned out on its ear. Answer: she's pro-Brexit and they long ago run out of *competent* pro-Brexiteers, given that in order to be an enthusiastic Brexiteer you more or less have to be incapable of foresight or know nothing whatsoever about international trade while imagining that you know a lot.

Unfortunately Brexit is now an irrelevant sideshow and the Tory party is getting a sudden rude reminder of what sorts of threats the protective function of government is actually meant to protect us from, and it's not metric measurements.


Re: Cambridge Police are too busy with serious crime

They don't even bother to give you a crime number if a car outright demolishes your garden wall. Why not? Traffic accident, no numberplate! Oh yeah because I'm going to stay up in the middle of the night just in case someone demolishes my garden wall at 3am, then somehow catch the numberplate from the ill-lit street (due to council cutbacks in lamppost number of 50% to save money) before the miscreant drives off.


Re: Nothing to Heil nothing to Fear.

People with covid coughs are *not* going to be managing to contain all their coughing once the disease gets going. There's just too much of it, in huge horrible spasms minutes long.

UK enters almost-lockdown: Brits urged to keep calm and carry on – as long as it doesn't involve leaving the house


Re: Read the PDFs

A horrific disease happened to it. Panic if you can't stay indoors and away from anyone (who cannot also do that themselves) is *rational* when faced with something that spreads more easily than flu and hospitalizes a high proportion of those it infects -- and even if you survive that, the experience is reportedly horrible. Going on a ventilator is not an easy thing: it takes months to recover and often causes permanent damage. COVID-19 may well also cause permanent damage to the heart, liver, and kidneys. Being extremely worried seems sensible to me.

Incurable diseases with consequences like this are beyond the memory of almost everyone now living in the western world. Of *course* people are panicking.


Re: And use food delivery services where you can.

Err.. Russia, rationally, humanely run? It's *literally* organized on the principle of "suck up to the boss, you get everything: everyone else gets nothing".


Re: "One form of exercise a day"

Full guidance, quite detailed, is here


Re: And use food delivery services where you can.”

That's OK: every single UK supermarket has buckled under the load, and is either not accepting new registrations (Sainsburys) or hanging when you try to do it (Waitrose) or not allowing you to buy anything (Tesco) or simply not bothering with a website any more (Ocado). So I guess it's go out and try to pick what food there is off the nearly-bare shelves.

Food markets *are* still open, so those of us lucky enough to live in market towns can still use those as our primary fresh food supply. They seem to be a bit less stricken by panic-buying than the supermarkets.

From Amanda Holden to petrol-filled water guns: It has been a weird week for 5G


Re: Assume the Conclusion

Well, he's right-ish. 5G towers don't *just* have 5G on them: some of them will also contain the 4G for the area too. Burn them down and you will (if you pick the wrong/right tower) lose mobile coverage completely. The emergency services *do* rely on that, as do people making 999 calls. *National* security, perhaps not, but local safety? Sure.

Time to svn commit like it's the year 2000: Apache celebrates 20 years of Subversion


Without Karl I would be crippled. (But not because of Subversion: because he's one of the very few users of the Maltron keyboard, and back when my RSI started to bite I asked him if it was any good. He said it was. He was quite thoroughly correct.)

One thing Karl has is good taste. The interior of Subversion shows that: it's lovely, enormously extensible, and far more cleanly architected than the interior of Git. However... most of that complexity, in hindsight, is epicyclic: you don't need it if you start from the right place, and in hindsight, Git started from the right place, and Subversion didn't. Of course, Subversion *couldn't* start from the right place, given the design goals, and also one can hardly fault Karl or anyone for not having the insight that led to Git in the first place. You cannot force insights.

Total Inability To Service User Pulls: GitHub wobbles with a good old Thursday TITSUP


Re: If you store your project code on an online repository...

If you store your source code in an online repository, don't have an up to date local backup, *and are using git*, I don't know *what* you're doing, because all your local copies must be shallow clones -- are you *that* short of disk space?

It takes real effort to avoid having a local backup with git (which is why github is more or less dispensable to many of us oldtimers who prefer email: git gives you all the code hosting stuff in every local repo :) )

Google's OpenSK lets you BYOSK – burn your own security key


Re: It's all very fascinating

You always have at least two keys (in different places), and register both of them with everything. If you don't, you will sooner or later be regretting it: USB devices don't last forever even if you don't carry them on your keyring. Any site that doesn't allow registration of multiple tokens against a single user identity is arguably broken: don't use it for 2FA unless it provides some sort of fallback (and even then, the fallback serves as a lower-security way in, reducing the security benefits of the key).

(Currently, I have four, but that's more because I lost one and then found it long after, and my then-backup didn't have NFC and I found I needed NFC on at least two of them, than because having that many keys is actually sane.)

Ancient Ore Crusher or KillBot 2000? NASA gets ready to pick a name for its Mars 2020 Rover


Re: A Roger Zelazny reference - Ancient Ore Crusher - bravo!!

Uh... _Comes Now the Power_ was written in 1966. It's a very long way from being out of copyright.


Re: A Roger Zelazny reference - Ancient Ore Crusher - bravo!!

Strongly seconded. Hypnotic, brilliant, and quite entirely unexpected in this position.

This name has my vote. (If it were counted, which it won't be.)

GitLab reset --hard bad1dea: Biz U-turns, unbans office political chat, will vet customers


Ah yes, 'clarity'. Because when you completely reverse what you were saying only two days ago after huge controversy, calling the change a mere clarity increase is not going to make you look like a really flagrant liar at all.

(Some people, sheesh.)

The D in Systemd is for Directories: Poettering says his creation will phone /home in future


Re: SSH NOT a problem

Also, it doesn't have to get authorized_keys out of the home directory -- and actually if your $HOME is NFS-shared that's a bad idea, because it means an attacker with access to your $HOME on one machine can trivially leverage that into access to all of them.

Instead, use AuthorizedKeysCommand and/or AuthorizedKeysFile in sshd_config to pull your authorized_keys from a central location (it can just be done via curl :) ) which, sure, each user can modify -- but only if they have access to that central location anyway. (Perhaps the fileserver on which all this stuff is stored anyway.)