• 0 Posts
  • 10 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle


  • It happened to me when I was configuring IP geoblocking: Only whitelist IP ranges are allowed. That was fetched from a trusted URL. If the DNS provider just happened to not be on that list, the whitelist would become empty, blocking all IPs. Literally 100% proof firewall; not even a ping gets a pass.


  • Technical debt means how much work it takes to update legacy solution to a modern solution. E.g. each time a new C++ standard is used, all code written with the old standard should be checked. The work time needed to do this is paying up the technical dept.

    Now, if you are lazy, and didn’t clean up the code, used the easy and sloppy solution, next time you have twice the work to be done. So the dept gets worse, if you do nothing.






  • I almost posted comment about this but I had to keep it short. The Nvidia has an problem with their driver tainting the customers kernel/system which renders the customer in bad situation. (Of not being able to get support from kernel devs)

    The proprietary taint is there for exactly for this reason:

    • You load an proprietary module and all bets are off.
    • For starters, you cannot tell there isn’t a backdoor engineered into it.
    • Even if the module behaves well, you now cannot debug the rest of the system any more, because all trust is gone.
    • You cannot (at least easily) audit such system.

    Nvidia solution to this is breaking the kernel license terms and acting like illegal smugglers in-order to access those sweet sweet GPL-only kernel APIs as lazily as possible. I would say that this is just arrogant and greedy way of doing software development. On top of this the kernel devs get all the blame for their vigilantly of trying to exercise their own license terms.

    I think if nvidia would not be this arrogant and vile to the kernel devs, they would already have an proper kernel module that could co-exist between the GPL and proprietary code. If the proprietary code is implemented only in user-space/firmware they can keep their secrets: The user-space <-> kernel-space is an boundary where kernel GPL ends. Implementing such thing would not be easy, but I don’t regard it being impossible: look at android.

    In extreme: If the hostility continues, kernel devs just might be forced to go invent an corporate blacklist that goes against all principles of co-operation.

    Others slightly more sane hw vendors, probably thought: fuck it. It is more profitable to push some FOSS code into the public than keeping the entire thing an trade secret. (I assume this results in the weirdly large firmware blobs that obfuscate and separate the actual hardware from the FOSS drivers)

    EDIT: I read more about this issue. From proprietary code vendors viewpoint the current kernel is kind of “GPL or gtfo” situation. Linux kernel doesn’t really have an internal stable ABI for modules/drivers. Implementing such thing would require (partly) dropping the monolithic design of the Linux kernel… Such interface would be then able to added to the GPL exemption of syscall users. This would open such big can of worms that it looks to be impossible.