Bonum Certa Men Certa

A Code of Conduct Can Lead to Deterioration of Quality Control in Linux (Nobody Reprimanded for Technical Issues, Instead Critics at Times of Crisis Get Reprimanded)

posted by Roy Schestowitz on Dec 11, 2023,
updated Dec 11, 2023

Richard Harvey, ODESSA TOWNSHIP, Mich.

THE pertinent details about the latest Linux issue are not fully disclosed just yet, but it has been assigned a rare level of severity. We need to discuss this as Linux grew exponentially larger and now contains multiple programming languages, so many veteran Linux coders cannot even comprehend what certain parts of Linux do. Especially parts that have not matured. Their freedom of speech (expression, opinion, criticism) is curtailed further, as the culture of Rust is imported to the core of the system (criticising Microsoft is like "hate speech").

Let's be clear upfront.

This is an ongoing and still-developing story about a critical issue impacting Linux and thus many GNU/Linux distros. Debian, which many distros are derived from, is also affected. We've thus rebooted the server (IRC downtimes are unpleasant; IRC has no redundancy, as it's not spread across nodes) twice in the past day, loading the latest kernel and checking a whole bunch of stuff.

In this short post we will write primarily about what's known (this is still discussed a lot in our chats, with the "knowns" separated from the "unknowns"). The media will soon follow up (not just some blogs), so we too can follow up in the future with further details. As a C programmer myself, I can make sense of some of the code and defects. The media won't even cover those aspects as nowadays "tech" gets covered by people who just parrot buzzwords like "AI", not proficient programmers.

Having studied the Debian repositories, mailing lists (and LWN comments about those) et cetera, it seems safe to say that the issue isn't just a real issue (unlike mere hype, one might say dramatisation) and some people are already impacted. One associate had started to see accounts of trashed systems before rushing to update ours.

How did it all happen, whose fault, and what could be done to prevent it? We'll probably have more definitive answers in days to come.

There are almost no details about the problem available, as an associate explains. Debian apparently pushed out the tainted kernel many days after the problem was known and since Linus Torvalds is not in charge of the kernel anymore (he has just said he's not a manager), we cannot see him saying a word about it. There's no word from Linus about this as of today; I checked LKML and messages from Linus going as far back as weeks ago.

When did he find out about this and what did he know? "I AM SORRY" won't be enough in this case; many critical operations around the world may have silently lost some data; some won't be able to assure system integrity or even boot the system. It impacts both servers and desktops/laptops. Devices (like portable phones)? Maybe... if they use ext4.

Just about a month ago Linus complained about bad code making it into the kernel at the last minute: "If people then stop testing new kernels because they think new kernels might break their setup, we have lost something truly important."

Now we have a severe data issue. It cannot be undone, even if a fixed kernel gets installed. People are encouraged to check their data's integrity against backups, if any are available (RAID is no panacea here).

"Perhaps he knew and could not speak for fear of stepping on some corporation's CoC," an associate hypothesises. "Even the package descriptions and info were unclear as to which actual version was being deployed."

Some years ago we saw bad kernels (seldom a stable kernel, usually an RC) breaking some hardware, e.g. putting monitors or network cards at risk, but those can be replaced. Data cannot be. It's a truly complicated issue.

Confidence in Linux is the main casualty.

"The sick part is that it appears 1) Debian backported the broken patch 2) Debian deployed said broken patch even after it was known to be broken 3) they left the package up in the repository for days before pulling it," an associate alleges.

There too many uncertainties still, but getting the Git history helps check what happened and when exactly. "The fact that it was in Bullseye points to (1), (2) would be a matter of looking in the Git repository, and [regarding] (3) we installed it from the repository."

The tracking of the package can be done via this so-called "webapp" or the tracker (also security tracker), which has changes in the Git file.

Why was the public not informed until a weekend? This isn't like a security issue that can be exploited by hostile parties if revealed "too early"... or it is? Could this issue be triggered remotely with some network-bound request, taking advantage of some particular weaknesses in ext4?

Tracing back the communications about this, (timeline in the message bodies at [1, 2, 3]), the key powwow can be traced back to 6 days ago, the 5th of December, but discussion is going back to late November. We know that linux-image-6.1.0-14-amd64 was removed during the weekend from the package repository of Debian, but where was an official statement on the matter? There's still no official communication about it.

Torvalds used to be outspoken when bad code and bad practices were adopted and spread throughout the team. Now he says absolutely nothing and there's no sign that negligent/reckless acts will bear any consequences; instead, Jim Zemlin will blame the "opinionated" community - a term that he does not even understand and represent something he is hostile towards.

Quality control demands opinionated people, even blunt opinions at times.

In his latest "talk" (chat with Dirk) Linus admitted he no longer writes real code (just pseudocode portions) and that he just does a smell test of code he allows into his tree. He also admits he cannot understand Rust (but is learning a little as he goes along), so he essentially permits random people to toss large lumps of code without a vendor-neutral (independent from the vendor of origin) audit - i.e. an additional problem.

What will be done to ensure the above does not happen again? Rewrite the file systems in Rust? That would make things worse and less predictable.

Other Recent Techrights' Posts

A Week After a Worldwide Windows Outage Microsoft is 'Bricking' Windows All On Its Own, Cannot Blame Others Anymore
A look back at a week of lousy press coverage, Microsoft deceit, and lessons to be learned
 
Links 26/07/2024: Tesco Cutbacks and Fake Patent Courts
Links for the day
Links 26/07/2024: Grimy Residue of the 'AI' Bubble and Tensions Around Alaska
Links for the day
Gemini Links 26/07/2024: More Computers and Tilde Hosting
Links for the day
Links 26/07/2024: "AI" Hype Debunked and Elon Musk's "X" Already Spreads Political Disinformation
Links for the day
"Why you boss is insatiably horny for firing you and replacing you with software."
Ask McDonalds how this "AI" nonsense with IBM worked out for them
No Olympics
We really need to focus on real news
Nobody Holds the GNOME Foundation Accountable (Not Even IRS), It's Governed by Lawyers, Not Geeks, and Headed by a Shaman Crank
GNOME is a deeply oppressive institutions that eats its own
[Meme] The 'Modern' Web and 'Linux' Foundation Reinforcing Monopolies and Cementing centralisation
They don't care about the users and issuing a few bytes with random characters costs them next to nothing. It gives them control over billions of human beings.
'Boiling the Frog' or How Online Certificate Status Protocol (OCSP) is Being Abandoned at Short Notice by Let's Encrypt
This isn't a lack of foresight but planned obsolescence
When the LLM Bubble Implodes Completely Microsoft Will be 'Finished'
Excuses like, "it's not ready yet" or "we'll fix it" won't pass muster
"An escalator can never break: it can only become stairs"
The lesson of this story is, if you do evil things, bad things will come your way. So don't do evil things.
When Wikileaks Was Still Primarily a Wiki
less than 14 years ago the international media based its war journalism on what Wikileaks had published
The Free Software Foundation Speaks Out Against Microsoft
the problem is bigger than Microsoft and in the long run - seeing Microsoft's demise - we'll need to emphasise Software Freedom
IRC Proceedings: Thursday, July 25, 2024
IRC logs for Thursday, July 25, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Links 26/07/2024: E-mail on OpenBSD and Emacs Fun
Links for the day
Links 25/07/2024: Talks of Increased Pension Age and Biden Explains Dropping Out
Links for the day
Links 25/07/2024: Paul Watson, Kernel Bug, and Taskwarrior
Links for the day
[Meme] Microsoft's "Dinobabies" Not Amused
a slur that comes from Microsoft's friends at IBM
Flashback: Microsoft Enslaves Black People (Modern Slavery) for Profit, or Even for Losses (Still Sinking in Debt Due to LLMs' Failure)
"Paid Kenyan Workers Less Than $2 Per Hour"
From Lion to Lamb: Microsoft Fell From 100% to 13% in Somalia (Lowest Since 2017)
If even one media outlet told you in 2010 that Microsoft would fall from 100% (of Web requests) to about 1 in 8 Web requests, you'd probably struggle to believe it
Microsoft Windows Became Rare in Antarctica
Antarctica's Web stats still near 0% for Windows
Links 25/07/2024: YouTube's Financial Problem (Even After Mass Layoffs), Journalists Bemoan Bogus YouTube Takedown Demands
Links for the day
Gemini Now 70 Capsules Short of 4,000 and Let's Encrypt Sinks Below 100 (Capsules) as Self-Signed Leaps to 91%
The "gopher with encryption" protocol is getting more widely used and more independent from GAFAM
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 24, 2024
IRC logs for Wednesday, July 24, 2024
Techrights Statement on YouTube
YouTube is a dying platform
[Video] Julian Assange on the Right to Know
Publishing facts is spun as "espionage" by the US government and "treason" by the Russian government, to give two notable examples
Links 25/07/2024: Tesla's 45% Profit Drop, Humble Games Employees All Laid Off
Links for the day
Gemini Links 25/07/2024: Losing Grip and collapseOS
Links for the day
LWN (Earlier This Week) is GAFAM Openwashing Amplified
Such propaganda and openwashing make one wonder...
Open Source Initiative (OSI) Blog: Microsoft Operatives Promoting Proprietary Software for Microsoft
This is corruption
Libre-SOC Insiders Explain How Libre-SOC and Funding for Libre-SOC (From NLNet) Got 'Hijacked' or Seized
One worked alongside my colleagues and I in 2011
Why We're Revealing the Ugly Story of What Happened at Libre-SOC
Aside from the fact that some details are public already
Removing the Lid Off of 'Cancel Culture' (in Tech) and Shutting It Down by Illuminating the Tactics and Key Perpetrators
Corporate militants disguised as "good manners"
FSF, Which Pioneered GNU/Linux Development, Needs 32 More New Members in 2.5 Days
To meet the goal of a roughly month-long campaign
Lupa Statistics, Based on Crawling Geminispace, Will Soon Exceed Scope of 4,000 Capsules
Capsules or unique capsules or online capsules are in the thousands and growing
Links 24/07/2024: Many New Attacks on Journalists, "Private Companies Own The Law"
Links for the day
Gemini Links 24/07/2024: Face à Gaïa, Emacs Timers for Weekly Event, Chromebook Survives Water Torture
Links for the day
Why Virtually All the Wikileaks Copycats, Forks, and Rivals Basically Perished
Cryptome is like the "grandpa" of them all
A Total Lack of Transparency: Open and Free Technology Community (OFTC) Fails to Explain Why Over 60% of Users Are Gone (Since a Week Ago)
IRC giants have fallen
In the United Kingdom Google Search Rises to All-Time High, Microsoft Fell Nearly 1.5% Since the LLM Hype Began
Microsoft is going to need actual products or it will gradually vanish from the market
Trying to Put Out the Fire at Microsoft
Microsoft is drowning in debt while laying off loads of staff, hoping it can turn things around
GNU/Linux Growing at Vista 11's Expense
it's tempting to deduce many people who got PCs with Vista 11 preinstalled are deleting it, only to replace it with GNU/Linux
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 23, 2024
IRC logs for Tuesday, July 23, 2024