Teddy Astie

@_Nidouille_ @alpinelinux Tant qu'il y a des utilisateurs de Alpine Linux, il n'y a pas de raison que ça s'arrête du jour au lendemain. C'est si les gens décident "pour des raisons" d'arrêter de l'utiliser qu'on peut arriver à terme des problèmes. Mais c'est loin d'être le cas.

@_Nidouille_ Il y a bien plus que 2 personnes pour @alpinelinux (si tu considère les "developpers"). Après, le risque est partout, i.e Clear Linux; et il existe aujourd'hui un intérêt autour de Alpine Linux (containers), il y a peu de chance que ça disparaisse du jour au lendemain.

Je crois que j'ai une vrai raison technique pour refuser Alpine Linux en production. Alpine Linux n'est maintenu que par 2 personnes dixit l'ANSSI. Je dis pas que la distribution soit mauvaise, c'est le risque d'un soucis de maintien de la distribution en cas de soucis humains.

@ponceto91 Pas sûr, le code C original a eu plus de 10 CVE dont une qui date d'il y a à peine 2 mois.

Quitte à faire du Rust unsafe et rajouter des failles là où il n'y en n'avait pas, autant faire du C

@filpizlo @LundukeJournal But that doesn't help with the DoS vulnerabilities

@LundukeJournal Good thing it works great in Fil-C

LibXML2 — an open source library used by many of the most well known applications— has been officially abandoned and is now marked as “unmaintained”. As of yesterday: “This project is unmaintained and has known security issues. It is foolish to use this software to process untrusted data.” LibXML2 is used by Steam, Chromium, VirtualBox, Inkscape, FFmpeg, VLC, GNOME, MS Edge, and many others. gitlab.gnome.org/GNOME/libxml2/…

@LundukeJournal @prisma So now you are a JavaScript fan ?!?

It appears that Javascript is faster than Rust… at least for some things. The @Prisma ORM Database system has dropped the Rust programming language entirely… resulting in a speed increase, and lower memory usage. The Prisma team is reporting: - 3X faster queries - 90% smaller bundle output - “Significantly lower CPU and memory utilization” With those gains primarily achieved, reportedly, by removing the Rust code from previous versions… in favor of a Javascript / TypeScript implementation. prisma.io/blog/announcin…

@oxcrowx @vaxryy To be fair, it sounds like CoC is weaponized (to "solve" a organisation disagreement) rather than used for its actual purpose. He needs to give much more explanations and context.

@vaxryy I think you're missing a bigger issue. This person just falsely accused Brodie of being responsible for alleged actions of his viewers to "turn threads toxic, send death threats, and harass them". Such false accusations and lies should be called out and denounced. Not excused.

There is something in this post you should absolutely notice because it shows how FDO (and many other FOSS communities nowadays) think of themselves. Just one line. "He has been told by the CoCC that this behavior is a problem." Brodie is a youtuber. He doesn't engage in FDO's discussions, he merely makes videos about them. Why in god's name is FDO's CoCC even approaching Brodie then? He does no business with their platform. Simple, because FDO's CoCC thinks they are the only objectively good and righteous people in the universe, and they know best, so it's obviously natural they'll go to unrelated people and tell them how much of a "problem" they are. It's also another thing that they adamantly dick-swing their "power" as a CoCC member. It'd be very different if someone from FDO privately reached out to Brodie and said "hey man, you sure this a good idea?", versus "HEY I AM COCC AND YOU ARE A PROBLEM, HAVE I MENTIONED I AM COCC?".

@teromee @BrodieOnLinux It's not exclusive to Rust to have abstractions that hide "raw memory allocations". Most C projects relies on libraries to do things like hashmaps, dynamic arrays, whatever else... Even the OS abstracts you a lot on what happens behind the scenes with memory allocations.

Taking away a programmer's ability to think about memory allocation and understand the constraints of their project before they start leads to lower-quality code. When you remove this requirement, programmers become overly reliant on tools like Rust and its compiler. A programmer from the 1970s figured out how to introduce exploits through these kinds of systems. Because Rust can be so obfuscated and abstracts away so much of the underlying process, if you are new to programming, you might never notice the exploits happening right under your nose.

You don't need memory safety if your code is safe You don't need a seatbelt if you drive safe You don't need protection if your pull game is strong You don't need good brakes if you don't drive fast You don't need to be careful carrying that, just don't drop it

@aderumier ça me fait penser à peut-être se pencher sur DPDK à la place des drivers de l'OS pour notamment mitiger ce genre de problème

#proxmox intel, c'est vraiment devenu de la merde .... leak dans les drivers "ice" sur leurs carte réseaux 10gb. forum.proxmox.com/threads/slow-m… Go mellanox !

@BrodieOnLinux Everyone forgot that Debian just dropped i386/i686 machine support a few weeks ago.

Debian The "Universal Operating System" Except for all the architectures not supported

@filpizlo What about (compiler-induced) double-fetch vulnerabilities and memory TOCTOU (Rust tries hard to prevent these outside unsafe code) ?

Fil-C is safer than Rust. Happy Halloween

@msimoni Fil-C is way too young to be able to be taken seriously. Also, Git and Linux starts adopting Rust for various reasons, but not definetely for power; note that such effort driven/acknowledged by main project maintainers, not by "random people".

Nobody would have a problem with Rust if it was promoted organically and purely based on technical merit. But now that Fil-C demonstrates memory safety, we can already see Rust advocates pivoting to the next doomsday scenario. Instead of "C's lack of memory safety is killing people", it's now "C programmers are ageing out of the workforce". I can't really shake the feeling that they're -- at least in part -- motivated not by building the best tech but by controlling important chokepoints of IT like Linux and Git. Which is unacceptable to somebody like me who's in it for the tech.

@errellion I don't observe any issues with PVH related to CD drive (as there is none), but Viridian causes it to instantly crash.

@errellion There is PVHVM and PVH (showing up as "pvh" in Xen Orchestra). PVHVM is quite quirky and has issues related to Viridian and cd drive. PVH is setup like for PV (provision netbsd-GENERIC.gz (or installer one)), the only special thing is xe vm-param-set uuid={UUID} domain-type=pvh

NetBSD na XCP-NG 8.3+ czyli jak uruchomić PVHVM gdy PV już nie działa netbsd.pl/netbsd-na-xcp-…

@errellion If you boot from the kernel file directly (i.e not through pygrub); you should be able to use the netbsd-GENERIC kernel and boot with PVH instead. Latest updates in 'testing' improves PVH and I managed to make NetBSD 10.1 work (though documentation still lacks on that area).

@errellion Sorry for the unfortunate experience of NetBSD PV on XCP-ng 8.3. For the PV-in-PVH case, I will try to see if we can improve the situation as PV-in-PVH is supposed to be a compatibility shim for these cases.

@_Nidouille_ Bon, ceci dit, les prérequis de Windows 11 restent tout de même une vaste blague (TPM 2.0 notamment). C'est pas comparable à exiger l'UEFI ou un processeur d'au moins 2010.

Je n'ai pas du tout le même point de vu lié à l'évolution des choix lié à la sécurité des postes Windows. On parle de machine qui ont plus de 7 ans. Fedora exclu bien les machine sans UEFI et ça ne semble émouvoir personne que du vieux matériel ne puissent être utilisé. 1/2

@spendergrsec Maybe the time for rc reviews should be longer, and people that actually cares about stable branches needs to put more effort on reviewing (instead of assuming everything will always be done perfectly).

@spendergrsec I don't think it is a AI problem but more a process problem (and eventually C language one for some aspects). Regardless on how the backport patch is made, it needs to be promptly reviewed by 3rd parties (not only the backporter) so that buggy backports don't slip through.

You too can crash today's 6.12.43 LTS kernel thanks to a stable maintainer's AI slop. All you need is CAP_SYS_RESOURCE, modern systemd, and this: 40 b7 40 c1 e7 18 83 ef 08 57 57 31 ff 40 b7 07 31 c0 b0 a0 48 89 e6 0f 05 5e ff ce 31 ff b0 21 0f 05 Look at all this extra space!

@aderumier iodepth=1 🤔

#ceph j'ai déjà dit que les ssd consumer c'était du caca ? 😅

@aderumier QEMU multi-ioqueues ?

#proxmox #pve9 500000 iops 4k avec 1 seul disque dans la vm :)