Bonum Certa Men Certa

A Code of Conduct Can Lead to Deterioration of Quality Control in Linux (Nobody Reprimanded for Technical Issues, Instead Critics at Times of Crisis Get Reprimanded)

posted by Roy Schestowitz on Dec 11, 2023,
updated Dec 11, 2023

Richard Harvey, ODESSA TOWNSHIP, Mich.

THE pertinent details about the latest Linux issue are not fully disclosed just yet, but it has been assigned a rare level of severity. We need to discuss this as Linux grew exponentially larger and now contains multiple programming languages, so many veteran Linux coders cannot even comprehend what certain parts of Linux do. Especially parts that have not matured. Their freedom of speech (expression, opinion, criticism) is curtailed further, as the culture of Rust is imported to the core of the system (criticising Microsoft is like "hate speech").

Let's be clear upfront.

This is an ongoing and still-developing story about a critical issue impacting Linux and thus many GNU/Linux distros. Debian, which many distros are derived from, is also affected. We've thus rebooted the server (IRC downtimes are unpleasant; IRC has no redundancy, as it's not spread across nodes) twice in the past day, loading the latest kernel and checking a whole bunch of stuff.

In this short post we will write primarily about what's known (this is still discussed a lot in our chats, with the "knowns" separated from the "unknowns"). The media will soon follow up (not just some blogs), so we too can follow up in the future with further details. As a C programmer myself, I can make sense of some of the code and defects. The media won't even cover those aspects as nowadays "tech" gets covered by people who just parrot buzzwords like "AI", not proficient programmers.

Having studied the Debian repositories, mailing lists (and LWN comments about those) et cetera, it seems safe to say that the issue isn't just a real issue (unlike mere hype, one might say dramatisation) and some people are already impacted. One associate had started to see accounts of trashed systems before rushing to update ours.

How did it all happen, whose fault, and what could be done to prevent it? We'll probably have more definitive answers in days to come.

There are almost no details about the problem available, as an associate explains. Debian apparently pushed out the tainted kernel many days after the problem was known and since Linus Torvalds is not in charge of the kernel anymore (he has just said he's not a manager), we cannot see him saying a word about it. There's no word from Linus about this as of today; I checked LKML and messages from Linus going as far back as weeks ago.

When did he find out about this and what did he know? "I AM SORRY" won't be enough in this case; many critical operations around the world may have silently lost some data; some won't be able to assure system integrity or even boot the system. It impacts both servers and desktops/laptops. Devices (like portable phones)? Maybe... if they use ext4.

Just about a month ago Linus complained about bad code making it into the kernel at the last minute: "If people then stop testing new kernels because they think new kernels might break their setup, we have lost something truly important."

Now we have a severe data issue. It cannot be undone, even if a fixed kernel gets installed. People are encouraged to check their data's integrity against backups, if any are available (RAID is no panacea here).

"Perhaps he knew and could not speak for fear of stepping on some corporation's CoC," an associate hypothesises. "Even the package descriptions and info were unclear as to which actual version was being deployed."

Some years ago we saw bad kernels (seldom a stable kernel, usually an RC) breaking some hardware, e.g. putting monitors or network cards at risk, but those can be replaced. Data cannot be. It's a truly complicated issue.

Confidence in Linux is the main casualty.

"The sick part is that it appears 1) Debian backported the broken patch 2) Debian deployed said broken patch even after it was known to be broken 3) they left the package up in the repository for days before pulling it," an associate alleges.

There too many uncertainties still, but getting the Git history helps check what happened and when exactly. "The fact that it was in Bullseye points to (1), (2) would be a matter of looking in the Git repository, and [regarding] (3) we installed it from the repository."

The tracking of the package can be done via this so-called "webapp" or the tracker (also security tracker), which has changes in the Git file.

Why was the public not informed until a weekend? This isn't like a security issue that can be exploited by hostile parties if revealed "too early"... or it is? Could this issue be triggered remotely with some network-bound request, taking advantage of some particular weaknesses in ext4?

Tracing back the communications about this, (timeline in the message bodies at [1, 2, 3]), the key powwow can be traced back to 6 days ago, the 5th of December, but discussion is going back to late November. We know that linux-image-6.1.0-14-amd64 was removed during the weekend from the package repository of Debian, but where was an official statement on the matter? There's still no official communication about it.

Torvalds used to be outspoken when bad code and bad practices were adopted and spread throughout the team. Now he says absolutely nothing and there's no sign that negligent/reckless acts will bear any consequences; instead, Jim Zemlin will blame the "opinionated" community - a term that he does not even understand and represent something he is hostile towards.

Quality control demands opinionated people, even blunt opinions at times.

In his latest "talk" (chat with Dirk) Linus admitted he no longer writes real code (just pseudocode portions) and that he just does a smell test of code he allows into his tree. He also admits he cannot understand Rust (but is learning a little as he goes along), so he essentially permits random people to toss large lumps of code without a vendor-neutral (independent from the vendor of origin) audit - i.e. an additional problem.

What will be done to ensure the above does not happen again? Rewrite the file systems in Rust? That would make things worse and less predictable.

Other Recent Techrights' Posts

Debian Developer at Sirius Was Under the Wrong Impression That Staff Must Check or Should See E-mail All the Time (24/7 Work Attention is an Occupational Health Hazard)
My personal and professional experience with a Debian Developer (DD) at work
Techrights More Productive Than Ever Before
Today we finally crossed the 1,900-page milestone
Europe's Adoption of GNU/Linux, by Country (Now About 6%)
in Switzerland, for instance, adoption of GNU/Linux has been profoundly low
Not Only Has Adoption of Windows Vista 11 Flatlined/Plateaued, Now It is Going Down!
Did many people delete Vista 11 and install GNU/Linux instead?
 
Links 04/03/2024: Old Crisis Looming, UPC Already in Infringement of Article 6 ECHR
Links for the day
The Right to Disconnect (Meme and Very Recent References)
relatively new press
Links 04/03/2024: Techno-Babble in Tech Job Ads and Vision Pro Already Breaking Apart
Links for the day
[Meme] 'Debating' People by Subscribing Them to Lots of SPAM
Rebuttal? No, spam.
From Sexual Harassment of Women to Yet More Cybercrimes
They can be prosecuted
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 03, 2024
IRC logs for Sunday, March 03, 2024
Venezuela: Windows Below 70% (Laptops and Desktops), GNU/Linux Up to 7%
It's a lot higher in Cuba
ICYMI: ZDNet Financially Controlled by Microsoft
a history of censoring SJVN's Microsoft-critical articles
Argentina Joining the 4% 'Club' (GNU/Linux on Desktops and Laptops)
Data as ODF
Transparency Sets Society Free
"Convenient delusions" aren't bliss but temporary relief
[Meme] The EPO, Europe's Second-Largest Institution, Which is Contracting With Belarus
Socialist EPO
The European Patent Office's (EPO) Illegal Ban on Mass Communication Gets in the Way of Democracy
The scientific process (patents apply to science) must allow scrutiny, both from within and from the outside
Links 03/03/2024: Depression in Hong Kong, Sex 'Apps' and STIs
Links for the day
Links Gemini 03/03/2024: NixOS and NextCloud, Back Into Ricing
Links for the day
The Debian family fallacy
Reprinted with permission from Daniel Pocock
GNU/Linux Peaking in Europe, Android Measured as Higher or More Prevalent Than Windows
Android topping Windows
For Every Action There's a Reaction
Gates lobbying Modi
Like in Africa, Android Takes Control, Raking in Almost All the 'Chips' in Asia
So Microsoft has no OS majority except in Japan and Russia (and tiny Armenia).
Links 03/03/2024: Goodbye, Navalny (Funeral Reports)
Links for the day
Gemini Links 03/03/2024: A Wild Devlog Appeared and GrapheneOS Ramble
Links for the day
Gemini at 3,800+
total number of known capsules at above 3.8k
Be a Navalny
We salute Mr. Navalny
Mozilla Firefox is Back in ~2% Territories, Jeopardising Its Status as Web Browser to Test/Target/Validate With
Some new stats
[Meme] Russian Standards of Law: The Executive Branch Decides Everything
the president's kangaroo court
Up Next: The Tricky Relationship Between the Administrative Tribunal of the ILO and the European Patent Organisation (EPO)
We've moved from presidents who run a republic by consent to corrupt, unqualified, dictatorial officials who bribe for the seat (buying the votes)
IRC Proceedings: Saturday, March 02, 2024
IRC logs for Saturday, March 02, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Beware Imposter Sites of Techrights (Not Techrights.com or Techrights.org)
Only trust pages accessed through the domains controlled by us
Italy visa & residence permit: Albanian Outreachy, Wikimedia & Debian tighten control over woman
Reprinted with permission from Daniel Pocock
Links 02/03/2024: Actual Journalists Under Attack, More Software Patents Being Challenged
Links for the day
Gemini Links 02/03/2024: NixOS on GPD, Meson Woes
Links for the day
statCounter March 2024 Statistics (Preliminary)
Notice Asia
Links 02/03/2024: More Lawsuits Against Microsoft, Facebook Killing Hard-To-Find News
Links for the day
ZDNet (Red Ventures) Works for Microsoft (Redmond), Many Of Its Pages Are Spam/Advertisements Paid for by Microsoft
Here is the "smoking gun"
Wikipedia Demotes CNET Due to Chatbot-Generated Spew as 'Articles'; It Should Do the Same to ZDNet (Also Red Ventures, Also Microsoft Propaganda)
Redmond Ventures?
IBM Sends Money to Microsoft
Red Hat basically helps sponsor the company that's a attacking our community
The Direction WordPress (GPL) Has Taken is an Embarrassment
it comes with strings attached
When the Cancer 'Metastasises'
We had a red flag
March in Techrights (EPO Litigation and More)
One theme we'll explore a lot when it comes to GNU/Linux is the extent to which communities truly serve communities
Don't Forget to Also Follow Tux Machines
We've split the material
Yandex Usage Has Surged Since the Invasion of Ukraine, Microsoft Fell to 0.7% (It Was 1.7% Before the 'Bing Chat' Hype Campaign)
In Soviet Russia, Bing searches user
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, March 01, 2024
IRC logs for Friday, March 01, 2024
Sellout Completed: Linux Foundation Converging With the Gates Foundation
not a joke
Hitler Rants Parodies on Steve Ballmer
Parody created using clips from Downfall (Der Untergang)
With Windows This Low (27% of the "OS" Market), Steve Ballmer Would Have Thrown Another Chair
The media produced many puff pieces about Nadella at 10 (as CEO), but what has he done for Windows? Nothing.
[Meme] The Naked President
EPO Suffers From Shrinkage
Attacks on the EPC: Reality and Fiction
EPO leaks