Christine Spang: Real Life Accessibility










pahole
: finds alignment holes in structs and classes in languages such as C/C++, CPU cacheline alignment. Helps repack those structures to achieve more cache hits.codiff
: a diff like tool to compare the effects changes in source code generate on the resulting binariespfunct
: displays all sorts of information about functions, inlines, etc.pdwtags
: pretty-prints DWARF informationpglobal
: lists global symbolsprefcnt
: counts DWARF tags usagesyscse
: system call sign extenderdtagnames
: lists tag names"Looks like the outer solar system, with late heavy bombardment, would have come together nicely if there was another Neptune out there to begin with."Basically, it appears as though there is a planet or substellar companion star out in the Oort cloud. This is not likely to be the Nemesis object of Hut's/Muller's theory, but would have been responsible for the Kuiper belt. Most of the discussion is about brown dwarfs, but following links leads to a paper by Gomes et al., simulating the possibility of outer Neptunes or Jupiters at 4000 AU or 5000 AU. The thread is all about the dynamics of such bodies, but what would they look like?
security.debian.org
now, which is superior to the one
we had before (you can use the command dig security.debian.org
to inspect the DNS record). My thanks go to our security and system
administration teams for recovering from the recent overload problem
provoked by an xfree86
package security update. Being
somewhat familiar with that package, I can understand how its large size
combined with Debian's ever-growing userbase starved the security host of
bandwidth.
Secondly, while I was in Oldenburg, Joey Schulze gave me a lot of
insight into what a challenge one particular package is — the thing
sucks up at least half of his time, dwarfing all other stable security
update efforts. You've probably guessed that this package is the Linux
kernel. Due in part to its success, and in part due to OS kernels being
inherently attractive exploitation targets, the Linux kernel is getting a
significant amount of scrutiny from a security perspective. Taking Red Hat
Enterprise Linux as an example, we can see two advisories in the past two
weeks: one on 28 September and one on 5 October. The one on 28 September addressed
eighteen (18) different vulnerabilities as catalogued by MITRE's CVE project, and the one on 5 October — that's
one week later — addressed fourteen (14) vulnerabilities, of which
eight (8) were distinct from the previous advisory. (There was some
overlap because the earlier advisory was for Red Hat's Linux 2.4.x
kernel series, and the latter was for the 2.6.x series.) Those
Debian developers who have ever handled a security vulnerability in one of
their own packages can likely imagine the labor burden this is. Then
reflect that Debian ships and supports a lot more Linux kernel trees than
Red Hat does — this only magnifies the problem.
The good news is that a team of developers focused on stable kernel
security updates has been established. One of its members said to me
today that he has seen a "very positive increase in kernel-related security
activity". It is too soon to declare this problem resolved, but I perceive
no lack of talent or dedication on the part of our developers. I am there
to assist them in resolving the organizational and workflow issues so that
our users can see the fruits of their energy directly.
Similarly, I'm interested to see how the
security.debian.org
round-robin arrangement holds up after a
reasonable period of real-world loads, particularly since I expect kernel
package updates to sock the machines about as badly as an X Window System
update.
These issues are not over and done with, so an announcement declaring
these problems vanquished would be premature. At the same time, the
developers and users at large need to know whether or not people have their
attention on them. I am wary of leaders or managers who declare issues
resolved too soon, or proclaim optimism that later turns out to be
unfounded, and have sought to avoid this vice. I apologize if I have
tacked too far in the opposite direction.
I perceive progress in this area. Let me know what you think,
what you need to see, and by what metrics you measure
progress and accomplishment on the security front. You can reach me at leader@debian.org
(the
address is already blitzed with so much spam there seems little sense in
obfuscating it).
(After getting some feedback on this entry, it's my intention to post it
with any applicable revisions to the debian-devel-announce
mailing list; please take this opportunity to "patch" this "beta", if
you're so inclined.)
![]() |
![]() |
![]() |
![]() |
Next.