I attended this year's Linux Kernel Summit in Santa Fe, NM, USA and made notes on some of the sessions that were relevant to Debian. LWN also reported many of the discussions. This is the second and last part of my notes; part 1 is here. Kernel Hardening Kees Cook presented the ongoing work on upstream kernel hardening, also known as the Kernel Self-Protection Project or KSPP. GCC plugins The kernel build system can now build and use GCC plugins to implement some protections. This requires gcc 4.5 and the plugin headers installed. It has been tested on x86, arm, and arm64. It is disabled by CONFIG_COMPILE_TEST because CI systems using allmodconfig/allyesconfig probably don't have those installed, but this ought to be changed at some point. There was a question as to how plugin headers should be installed for cross-compilers or custom compilers, but I didn't hear a clear answer to this. Kees has been prodding distribution gcc maintainers to package them. Mark Brown mentioned the Linaro toolchain being widely used; Kees has not talked to its maintainers yet. Probabilistic protections These protections are based on hidden state that an attacker will need to discover in order to make an effective attack; they reduce the probability of success but don't prevent it entirely. Kernel address space layout randomisation (KASLR) has now been implemented on x86, arm64, and mips for the kernel image. (Debian enables this.) However there are still lots of information leaks that defeat this. This could theoretically be improved by relocating different sections or smaller parts of the kernel independently, but this requires re-linking at boot. Aside from software information leaks, the branch target predictor on (common implementations of) x86 provides a side channel to find addresses of branches in the kernel. Page and heap allocation, etc., is still quite predictable. struct randomisation (RANDSTRUCT plugin from grsecurity) reorders members in (a) structures containing only function pointers (b) explicitly marked structures. This makes it very hard to attack custom kernels where the kernel image is not readable. But even for distribution kernels, it increases the maintenance burden for attackers. Deterministic protections These protections block a class of attacks completely. Read-only protection of kernel memory is either mandatory or enabled by default on x86, arm, and arm64. (Debian enables this.) Protections against execution of user memory in kernel mode are now implemented in hardware on x86 (SMEP, in Intel processors from Skylake onward) and on arm64 (PXN, from ARMv8.1). But Skylake is not available for servers and ARMv8.1 is not yet implemented at all! s390 always had this protection. It may be possible to 'emulate' this using other hardware protections. arm (v7) and arm64 now have this, but x86 doesn't. Linus doesn't like the overhead of previously proposed implementations for x86. It is possible to do this using PCID (in Intel processors from Sandy Bridge onward), which has already been done in PaX - and this should be fast enough. Virtually mapped stacks protect against stack overflow attacks. They were implemented as an option for x86 only in 4.9. (Debian enables this.) Copies to or from user memory sometimes use a user-controlled size that is not properly bounded. Hardened usercopy, implemented as an option in 4.8 for many architectures, protects against this. (Debian enables this.) Memory wiping (zero on free) protects against some information leaks and use-after-free bugs. It was already implemented as debug feature with non-zero poison value, but at some performance cost. Zeroing can be cheaper since it allows allocator to skip zeroing on reallocation. That was implemented as an option in 4.6. (Debian does not currently enable this but we might do if the performance cost is low enough.) Constification (with the CONSTIFY gcc plugin) reduces the amount of static data that can be written to. As with RANDSTRUCT, this is applied to function pointer tables and explicitly marked structures. Instances of some types need to be modified very occasionally. In PaX/Grsecurity this is done with pax_ open,close _kernel() which globally disable write protection temporarily. It would be preferable to override write protection in a more directed way, so that the permission to write doesn't leak into any other code that interrupts this process. The feature is not in mainline yet. Atomic wrap detction protects against reference-counting bugs which can result in a use-after-free. Overflow and underflow are trapped and result in an 'oops'. There is no measurable performance impact. It would be applied to all operations on the atomic_t type, but there needs to be an opt-out for atomics that are not ref-counters - probably by adding an atomic_wrap_t type for them. This has been implemented for x86, arm, and arm64 but is not in mainline yet. Kernel Freezer Hell For the second year running, Jiri Kosina raised the problem of 'freezing' kthreads (kernel-mode threads) in preparation for system suspend (suspend to RAM, or hibernation). What are the semantics? What invariants should be met when a kthread gets frozen? They are not defined anywhere. Most freezable threads don't actually need to be quiesced. Also many non-freezable threads are pointlessly calling try_to_freeze() (probably due to copying code without understanding it)). At a system level, what we actually need is I/O and filesystem consistency. This should be achieved by:

• Telling mounted filesystems to freeze. They can quiesce any kthreads they created.
• Device drivers quiescing any kthreads they created, from their PM suspend implementation.

The system suspend code should not need to directly freeze threads. Kernel Documentation Jon Corbet and Mauro Carvalho presented the recent work on kernel documentation. The kernel's documentation system was a house of cards involving DocBook and a lot of custom scripting. Both the DocBook templates and plain text files are gradually being converted to reStructuredText format, processed by Sphinx. However, manual page generation is currently 'broken' for documents processed by Sphinx. There are about 150 files at the top level of the documentation tree, that are being gradually moved into subdirectories. The most popular files, that are likely to be referenced in external documentation, have been replaced by placeholders. Sphinx is highly extensible and this has been used to integrate kernel-doc. It would be possible to add extensions that parse and include the MAINTAINERS file and Documentation/ABI/ files, which have their own formats, but the documentation maintainers would prefer not to add extensions that can't be pushed to Sphinx upstream. There is lots of obsolete documentation, and patches to remove those would be welcome. Linus objected to PDF files recently added under the Documentation/media directory - they are not the source format so should not be there! They should be generated from the corresponding SVG or image files at build time. Issues around Tracepoints Steve Rostedt and Shuah Khan led a discussion about tracepoints. Currently each maintainer decides which tracepoints to create. The cost of each added tracepoint is minimal, but the cost of very many tracepoints is more substantial. So there is such a thing as too many tracepoints, and we need a policy to decide when they are justified. They advised not to create tracepoints just in case, since kprobes can be used for tracing (almost) anywhere dynamically. There was some support for requiring documentation of each new tracepoint. That may dissuade introduction of obscure tracepoints, but also creates a higher expectation of stability. Tools such as bcc and IOVisor are now being created that depend on specific tracepoints or even function names (through kprobes). Should we care about breaking them? Linus said that we should strive to be polite to developers and users relying on tracepoints, but if it's too painful to maintain a tracepoint then we should go ahead and change it. Where the end users of the tool are themselves developers it's more reasonable to expect them to upgrade the tool and we should care less about changing it. In some cases tracepoints could provide dummy data for compatibility (as is done in some places in procfs).

Much has been written around the internet about this geeky kernel maintainer Sarah Sharp who left kernel development. I have now spent two hours reading through lkml posts, and want to summarize a few mails from the long thread, since most of the usual news sites just rewrap the original blog of hers without adding any background. The whole thread evolved out call for stable kernel review by Greg Kroah-Hartman where he complained about too many patches that are not actually in rc1 before going into stable: from where it developed into a typical Linus rant on people flagging crap for stable, followed by some jokes: and Ingo Molnar giving advice to Greg KH: with Greg KH taking a funny position in answering: Up to now a pretty decent and normal thread with some jokes and poking, nobody minded, and reading through it I had a good time. The thread continues with a discussion on requirements what to submit to stable, and some side threads on particular commits. And then, out of the blue, Social Justice Warrior (SJW) Sarah Sharp pops in with a very important contribution: Onto which Linus answers in a great way: On goes Sarah, gearing up in her SJW mode and starting to rant: Linus himself made clear what he thinks of her: It is easy to verify what Linus said, by reading the above two links and the answers of the maintainers, both agreed that it was their failure and were sorry. (Mauro s answer, Rafael s answer) It is just the geeky SJW that was not even attacked (who would dare to attack a woman nowadays?). The overall reaction to her by the maintainers can be exemplified by Thomas Gleixner s post: What follows is a nearly endless discussion with Sarah meandering around, changing permanently her opinion what is acceptable. Linus tried to explain to her in simple words, without success, she continues to rant around. Here arguments are so weak I had nothing but good laugh: Fortunately, she was immediately corrected and Ingo Molnar wrote an excellent refutation (starting another funny thread) of all her emails, statements, accusations (all of the email is a good read): (He retracted that last statement, though I don t see a reason for it) Last but not least, let us return to her blog post, where she states herself that: and she made lots of use of it, I counted at least 10 instances. She seems to remove or fart fart fart any comment that is not in line with her opinion. Further evidence is provided by this post on lkml. Everyone is free to have his own opinion (sorry, his/her), and I am free to form my own opinion on Sarah Sharp by just simply reading the facts. I am more than happy that one more SJW has left Linux development, as the proliferation of cleaning of speech from any personality has taken too far a grip. Coming to my home-base in Debian, unfortunately there is no one in the position and the state of mind of Linus, so we are suffering the same stupidities imposed by social justice worriers and some brainless feminists (no, don t get me wrong, these are two independent attributes. I do NOT state that feminism is brainless) that Linus and the maintainer crew was able to fend of this time. I finish with my favorite post from that thread, by Steven Rosted (from whom I also stole the above image!): Post Scriptum (after a bike ride) The last point by Linus is what I criticize most on Debian nowdays, it has become a sterilized over-governed entity, where most fun is gone. Making fun is practically forbidden, since there is the slight chance that some minority somewhere on this planet might feel hurt, and by this we are breaking the CoC. Emotions are restricted to the Happy happy how nice we are and how good we are level of US and also Japanese self-reenforcement society. Post Post Scriptum I just read Sarah Sharp s post on What makes a good community? , and without giving a full account or review, I am just pi**ed by the usage of the word microaggressions I can only recommend everyone to read this article and this article to get a feeling how bs the idea of microaggressions has taken over academia and obviously not only academia. Post³ Scriptum I am happy to see Lars Wirzenius, Gunnar Wolf, and Mart n Ferrari opposing my view. I agree with them that my comments concerning Debian are not mainstream in Debian something that is not very surprising, though, and I think it is great that they have fun in Debian, like many other contributors. Post⁴ Scriptum Although nobody will read this, here is a great response from a female developer: Nothing to add here!

(Thanks to Mauro for his nice thick-swirl design, fitting better than the traditional-swirl one.) The X Strike Force needs you! Thanks to the kernel team s work on getting DRM stuff backported to 2.6.32 kernels, and thanks to Sven s work on preparing both libdrm and xserver-xorg-video-nouveau, binaries are now available for users to try out! One should note I m a bit uncomfortable with publishing those binaries since I wasn t able to test those packages myself (I haven t got such hardware at the moment), but Sven reported it was working fine for him, and I received another successful report from a daring user (thanks, Duck!). Given the current ftp-master outage, I ve built i386 and amd64 binaries (using source from there), which are available through my people.debian.org page. libdrm* packages can be found in experimental, and 2.6.32-4-$arch kernels (built from linux-2.6 revision 2.6.32-10) in sid. Please keep in mind those are meant to be experimental packages. Depending on your hardware, you might have to download and install some firmware. Details can be read in this message, in that one, and in that other one (which arrived when I started writing this blog post, nice; that also means you may want to keep an eye on that thread). I guess versioning might be reworked at some point, you might have to manually select experimental or unstable packages once they hit the archive, but early testers probably are going to find their way, right? Feedback appreciated through debian-x@. Thanks already!

I've been watching several people drawing random figures with only CSS and letters, Rom n Cort s in particular, who made Homer Simpson, an Origami Crane (bird), a "3D" can of Coke among other stuff.
The other day I was bored and with some free time so I "drew" the Debian logo :-)

The logo above is a screenshot of how it looks using epiphany-webkit (2.29.3-1) which, btw, works better on every update. On the other hand, on Iceweasel (3.5.8-1) doesn't look that good but it looks good enough.

Well, if you want to see how it looks on your browser click here. Also, if you think you can improve the looks, leave me a comment or contact me and I'll update it.

Yesterday began the central america and caribbean MiniDebconf at Panama. Over 50 people from Mexico, Belice, Nicaragua, Guatemala, Costa Rica, Salvador, Colombia and Venezuela, among others, are here to share experiences around Free Software and Debian contributions. All this is possible to several sponsors from Panama and SPI, and the hard work from many people, specially Anto Recio, Mauro Rosero, Carolina Flores, Gunnar Wolf and the local team.

More info(in spanish), including live streaming url can be found on: http://softwarelibre.ca/wiki/MiniDebconf2010

update: Also, on a personal note, I'll take the chance of this event to start my transition to a stronger gpg key, so If you have signed my old one, please take a look at: http://people.debian.org/~alerios/key-transition-2010-03-20.txt

Finally, after almost 6 months of planing, this event is coming and will be start tomorrow, this is really great, There was a first attempt, and an idea to do a local(central-america based) Debian gathering on 2007 IIRC, now it will happen (almost 3 years later and at the same country). There was a lot of things that actually change since the fitst attempt, now Central-america has a more strong FLOSS Community, and now this event is possible, and it will happen this weekend yay! I really need to say thanks to Anto, Mauro Rosero, David, Caro and Gunnar, but I realize that doing all the orga stuffs was hard, I was quite involved since January, and I really say that you need a lot of work and energy to make a small event like this happen, but right now while I still sitting at home trying to finish to prepare my talks I realize that there was a lot of hard work put on this from everyone, and I m really happy to attend this gathering, also I hope that this event do something good on the local FLOSS people, since we have quite nice people here, but they are afraid to contribute, this is the chance to work together and push a bit to get more contributors from central-america.

Several months ago, around the Central American Free Software Encounter (ECSL) in Estel , Nicaragua, I started stirring the waters The Central American regions have vibrant, beautiful Free Software communities, but have mostly (with some very notable examples, of course) shied away from being active participants in major development projects. What was I to do about it? Of course, try to get them to become Debian contributors! During the following weeks, I talked about it with several friends from the region, and the result was an announcement and lots of arguments that followed it. Panam was decided as the host country, and many people have put a lot of work into making the MiniDebConf happen. Mauro Rosero and Anto Recio came up with what appears to be a wonderful local venue and a set of sponsored amenities, and the Debian project is sponsoring what is needed in terms of transportation for people from the whole region (spanning from Mexico to Ecuador and Venezuela IIRC). I am very sorry, however, that I cannot attend this meeting. This very same weekend, I will fly three hours, but in the opposite direction: I will go to Tijuana, where fate decided I will present my first round of CENEVAL equivalence exams (Acuerdo 286 Licenciatura). I expect that to be the topic of another post, to come soon. So, while my friends will be having a good time and talking about Debian and group work, I will sit through three periods of four hours, answering an exam for the first time in a very long time. Fun, hah? Anyway, I will meet Guillermo Amaral (thanks for hosting me! ;-) ), which ensures I will not miss all of the fun ;-)

A couple (?) of days ago, I uploaded wtop to the archives (more precisely, to experimental), but what does this little tool do? Quoting directly from the project's page:

"wtop is like "top" for your webserver. How many searches or signups are happening per second? What is the response time histogram for your static files? wtop shows you at a glance. "

So if you're in the mood to try -yet another- log parsing tool, please give it a try (it should work even on Lenny (with backports)), and if there's anything that didn't worked for you, the BTS is your friend :-)

Geocities may be closing today, but there's still Angelfire

Thank you Reddit
(sort-of-SFW, BTW)

Among other random-stuff, I have this mental-TODO list for quite some time, just in case we dissapear (probably it'll be just like in Y2K):

[ ] Form a Death-freaking-uber-grind-metal band and tour all over the world.
[ ] Travel to Japan
[ ] See Faith No More live
[X] See Racing Club win a championship.
[X] Shoot a cultish bizarre short-film about the (almighty) Cthulhu
[X] Make a living with free software
[X] See Opeth live
[X] Become a Debian Developer \o/

So I'd like to thank to those who helped me during and before the process (advocating, sponsoring, am-ing, etc).

/me waves to the crowd, grabs his oscar-award and leaves the scenario.

Almost a month ago, Mauro pointed towards acerfand, a daemon to keep the Acer Aspire One's fan quiet while not needed. Thanks, Mauro, you made my life more pleasant ;-)
Today I had some free time in my hands (of course, putting aside everything else I should be doing), so I decided to un-uglify my machine. I hate having random stuff in /usr/local! So I packaged Rachel Greenham's acerfand for Debian. It should hit unstable soon.
Of course, it will not make it to Lenny - which is a shame, giving how nicely Lenny recognizes everything in this sweet machine. So, I have set up a repository for it - Once the package is formally accepted in Debian, and once lenny-backports comes to life there, I will move it to backports.org. Anyway, you can add this to your /etc/apt/sources.list:

deb http://www.iiec.unam.mx/apt/ lenny acer
deb-src http://www.iiec.unam.mx/apt/ lenny acer

Note that in the future, this package might provide some more niceties... I decided to -at least for now- stash away acer_ec in /usr/share/acerfand, but it does open a nice window to the AAO's EC(?) registers... And could be useful for many other things.

• We took a chance and traveled to Boston during the weekend. We met there with Mario Carri n, Mauro Parra and some other friends. It is a beautiful city, we walked on Boston Commons, Newbury St and got up to the Prudential Building, it was a quick visit. We also wandered around the MIT. Boston has the kind of charming touch you (or at least I) cannot find in New York City anymore. Fifteen bucks for each ride on the Fung Wah Bus (a Chinatown one), it was nicely cheap but utterly awful.
• Even though this was Memorial Day weekend, we stayed most of the Monday at our place. It was nice to have a day off.
• I'm traveling to Mexico City again this next weekend to attend the wedding of Christian and Susan in Cuernavaca, who were in NYC two weeks ago. Depart on Friday, back on Sunday (all hungover, I bet).
  
• My Infinite Pig Theorem blog is back and live again. And lots and lots of pics on Flickr, go watch 'em now, go!
  

This is an updated translation into English of the one-question interview with pjorge (based on Darren Rowse’s one-question interviews idea) in which Javier Candeira (Barrapunto co-founder and editor among many other things, and a good, loved friend of mine) comments about an interesting game of his creation that’s being exhibited in Barcelona and that deals with the fears many parents have towards the Internet and the new enterntainment technologies and videogames. The game code will be released as GPL, even though the game data will have a non-free Creative Commons (with a non-commercial clause). The game has a really interesting approach, and mixes the concept of pinball games with that of graphics generated with “paper dolls” techniques, to try to make people think about the ideas mainstream media are pushing, and the way they try to tell everybody how to raise their kids. You might like it or not, but it will probably won’t leave you indifferent. That’s what art is about, in fact, isn’t it? What is ‘El rei de la casa’? ‘El rei de la casa‘ (an expression that in Catalan and Spanish means “the precious child”) is an exhibition and a videogame. The exhibition deals with the cultural construction of the idea of childhood, and can be visited until September 24 in the Palau de la Virreina in Barcelona. From there. Among other works, in the exhibition there are photos by Loretta Lux and Bego a Egurbide, paintings by Marc Ryden, Kiki Smith and James Reilly… it’s really worth a visit. The videogame is a commission from Andr s Hispano and Marc Roig, curators of the exhibition. They wanted to portray Internet and videogame arcades (or cybercafes, which are their modern equivalent) as one of the “new forests”, these places where parents don’t dare allow their children go alone for fear of the dangers (real or imagined) that may lie in ambush. The Internet has entered into the collective imagination, and one of the memetic niches that it has crept into is that of the bogeyman, the scapegoat that bears the brunt of all the evil that happens in society. It is enough to look at the news programmes from right-wing TV stations with their adversative Internet coverage: “it’s good, but…”. All over the media you see headlines like “gang of pedophiles arrested who sold child pornography *on the internet*”. They conveniently skip that pedophiles filmed those poor kids *in a flat*, and that they did it *on a bed* and used *videocameras* just like those used by the reporters now sounding the alarm. But no, what’s bad is *the Internet*.
The other theme that we wanted to touch on with the pinball game is how videogames are presumed to corrupt childhood. When pinball games were introduced, the North American authorities laid down the law: it was an infernal machine that incited gambling and even lust. From the religious right to the secular left, every moral guardian has denounced the supposed harmful effects of videogames on childhood: because of them children and teenagers engage in murder, robbery, truancy, bad school grades and even untidy bedrooms and doubtful personal hygiene. For this reason, the “new forest” of the Internet and videogames had to be a videogame, proving once more that games are cultural vectors, a form of artistic, political or commercial expression like any other. It also had to be a videogame about the a triangle: on one side the children, on the second one the children minders (parents and society at large), and finally the Great Scapegoat: the Internet. After many abandoned and reworked proposals we arrived at the present design for the game: an emulated pinball game presented on a panoramic TV screen, and having two levels: one set in the real world and named after the exhibition, and a second one set in a more or less conventional cyberspace. This second level is called “Prey of the Net”, and portrays the vision of the Internet that a Fox viewer may have: you have Spam, game-playing killers, kids making more money than their parents, S&M gear, dildos… in short, everything that is scary and nothing that is comforting, at least to some. All the illustrations for this pinball, both on the gameplay field and on the scoreboard, are by Mauro Entrialgo. For the scoreboard I asked him to prepare a set of drawings similar to KISS dolls (like the cut-up dolls that kids still played with in the last century). Thanks to these dress-up dolls the scoreboard shows more than the score (which grows randomly anyway); it also portrays the state of the boy or girl protagonist of the game. I say “boy” or “girl” because in the game, just like in real life, you have a 50/50 chance of starting the game of life with either sex. The fist level, ‘El rei de la casa’, portrays the stress that families feel when facing children’s media consumption. The targets trigger lines from the parents: “All day in front of the Idiot Box!” when you hit the tv, or “without a degree, you are nothing” when you hit the school. There are four targets on the right, which can be reached shooting the ball with the left flipper (the one representing the parents): school, museum, church and reading. On the left, and reachable from the right flipper, representing the kids’ id, are the TV, the kid’s peers and the videogame console; at the top of the playing field, towering above it, the internet-enabled computer. As the ball hits the different targets, the scoreboard dresses the kids in a housecoat, a leather jacket, and gives them a mortarboard or a saint’s halo. They are the pride of their parents, kids still not perverted by the Internet. It is cheap symbolism, I confess, two-dimensional sociology, but that was also something we aimed for. After all, pinballs have always been complicated allegories rather than complex ones. In a first design I planned to make computer accessible only under certain conditions, but that is not something that would have work in this exhibition: some people just play and play (which gives me an immense joy), but other people can’t or won’t give it much effort. It’s best to make it easier for everyone, so they can send the ball into the next level even without meaning to. The second level, “Prey of the Net”, is accessed when the player puts the ball through the PC’s screen. Here the character on the scoreboard keeps smiling while the game dresses them in a straightjacket, S&M headgear, or leaves them in their underwear, with their hands full of money, playing cards, bloody knives and sex toys… to their parents’ horror. The player has no fixed goal here, only to make the ball go through the pachinko and the spinning spider. These elements work as an atrocity generator and a rebuke distributor. Parents’ voices scold the player, faced with the horrors of the Internet. But the star is the scoreboard. Mauro rocks. Right now the code and content for downloadable game are done, and the people responsible for the ISO are giving it the final touches. It will be a bootable liveCD with some Debian variant that (hopefully) will run on any PC bought in the last two or three years. We will treat the computer as a games console, which may or may not be symbolic (if you want it symbolic, we can make it symbolic!). The game itself is under the GPL license (the pinball part is based on Henrik Enkvist’s Emilia, which is packaged in Debian), and only the graphic resources will be under a non-commercial Creative Commons license. The music is also under a non-free Creative Commons license because of the status of the original samples, but I recommend you download it and play it because its author is none other than man, the Barrapunto founder and sometimes editor.