The only thing being added in this commit is the warning presented to users that they're at risk of instability, including data corruption with their current kernel as since 6.12, there is a new default configuration for scheduling behavior, which is worth paying attention to and so a valid concern. Debian trixie (stable) uses the 6.12 kernel for context.
ZFS is an out of tree filesystem, so one can not expect everything to go smoothly with kernel upgrades (it's recommended to hold kernel upgrades for production with ZFS, and test thoroughly, but here 6.12 is already a default for trixie), so this commit is a good road-sign to throw up infront of users to stop and think. Debian's opt-in usage stats (popcon) suggests that ZFS usage is a bit of niche, but I figured it is post worthy here, as some of us are in exactly that kind of niche.
> This option reduces the latency of the kernel by adding more "explicit preemption points" to the kernel code. These new preemption points have been selected to reduce the maximum latency of rescheduling, providing faster application reactions, at the cost of slightly lower throughput.
> This allows reaction to interactive events by allowing a low priority process to voluntarily preempt itself even if it is in kernel mode executing a system call. This allows applications to run more 'smoothly' even when the system is under load.
It is possible to boot with preempt=none on 6.12, and on 6.13 preempt=lazy was introduced, where "the task gets one HZ tick time to yield itself" before being forced.
The video doesn't even have to load to know it's AI generated. The channel profile thumbnail and the video description are dead giveaways. The first frame of the video has too many errors to be worth repeating here. The first 0.5 seconds of the video has implausible movement.
The obfuscation hardware vendors do is so trivial, why do they even bother?
One of the current vendor provided consumer SSD firmware update utilities for Linux as a live-usb decrypts the firmware and writes it out to disk decrypted before uploading it, so simply using seccomp to fail a rmdir syscall nets you the decrypted version without having to reverse engineer any of the updater/decryption code.
I deleted my own negative rant about SSD manufacturers not opting in to lvfs/fwupd when drives have a high risk of bricking without firmware updates.
Except that DMCA 512 (notice and takedown) is a different section than DMCA 1201 (anti-circumvention) and you don't have to be using any DRM of any kind to use the former because they're unrelated.
Also, wouldn't someone trying to distribute "illicit copies" just distribute the original unmodified file since it's a self-extracting binary with no license check? And what reason would anyone have to do that when they already publish it for free on their own site, and why should they care if someone did?
From people who have been using Linux since the 90s, the long term view is that nvidia has always been mostly fine since the early 2000s for hw acceleration if you didn't mind a binary blob. Yes, there have always been driver bugs - but that was never unique to a specific platform, i.e. nvidia on macos had opengl driver bugs that went unfixed for eternity until support was dropped, then the bug reports could be closed.
Comparatively the leading alternative was a dumpster fire of a broken mess for the longest time on Linux. All through the 2000s, ATi provided a binary blob driver known as fglrx which some people joked was a half-baked codebase from somemthing that started on HP-UX, passable enough for running sales demos and then was thrown at an intern to port it to Linux. If you went with ATi and tried to do much with foss opengl programs, you could expect daily or weekly kernel panics and performance that was <50% of that of the windows driver for an identical build. The solution was always to buy nvidia if you wanted stability.
Nothing has really changed for Nvidia on Linux, it still continues to perform adequetly. Plenty of people, including myself have used the binary blob for games and other 3D software with wine through the late 2000s, 2010s and proton in the 2020s without much comment because it works fine. The exception being that if you buy a used card, coming up on 10+ years old because your requirements are minimal - don't expect current driver support. Nvidia drop support for old cards on Windows too.
AMD is definitely night and day in terms of meeting the free software ecosystem properly, and so arguably the reason to go with a new AMD card is voting for that kind of support with your wallet.
They really are, though. Security is all-encompassing, including not just programming languages, libraries, programs, but also systems, humans and their processes. Don't forget physical security either.
There are no silver bullets, and if the Rust Hype Squad told you there were and all you had to do was buy their product, they were just bamboozling you to push adoption of their pet language.
Write in whichever language you like. Including Rust. Including C. Even PHP. You can write secure software if you put your mind to it.
That's not a great analogy. There are no pick-proof locks (...that are mechanically operated and admit keys; I'm presuming you didn't mean "pick-proof" in that there is no keyhole to pick but is defeated some other way, e.g. a keypad, you meant maximally pick-resistant in contrast to "easily picked")
And honestly? No! If someone can kick your door down, don't waste your money on a super-secure lock, they will just kick your door down. And if you're having your door kicked down on the regular, don't even focus on bolstering the door (they'll either start using power tools or take some other tact like smashing your windows or drilling through the floor or roof). Leave the door open if you like, but move whatever's attracting the attention of intruders somewhere more defensible. Focusing on the securing the wrong thing is also a security flaw!
Ah...these security issues are perfectly cromulent because my shiny new magical beans language let's me screw up in brand new ways, not the old and busted boomer screwups. New is always awesome.
How many CVEs in coreutils over the years? The project has the advantage of being old enough for them to be fixed. Call me when the rust rewrite has been there that long and still has more CVEs than the GNU counterpart.
Maybe coreutils is so old that most security vulnerabilities was solved before CVE even existed. But I think this is also a good argument why we are replacing a solid piece of C code to Rust just because it is "memory safe" and then have lots of CVEs related to things like TOCTOUs (that Rust will not save you).
I'm not against rewriting it in Rust because I believe it really may help in certain class of bugs, but indeed it should not be replacing the old version instantly for that reason. Both could co exist, even tho you still need some guinea pigs to test it out and find issues.
Other than security, Rust brings major improvement to the tooling and may help bring fresh members that wouldn't want to contribute to C code. I understand why some projects go that route
> Other than security, Rust brings major improvement to the tooling and may help bring fresh members that wouldn't want to contribute to C code. I understand why some projects go that route
But it loses old members who don't program in rust, already know the projects, all the reasons of why "this thing" was done "that way". and introduces a new set of bugs, plus now you have two versions of the same thing to maintain.
People thinking that using a superior tool (on paper) enables them to automatically write better tools than the ones who are battle tested over the years baffles me to no end.
Yes, you can go further, possibly faster. OTOH, nothing replaces experience and in-depth knowledge. GNU Coreutils embodies that knowledge and experience. uutils has none, and just tries to distill it with tests against the GNU one.
...and they get 44 CVEs as a result in their first test.
There was an article posted to HN recently that enumerated bugs in the rust rewrite.
Iirc the bugs had to do with linux system details like fs toctou and other things you'd only find out about in production.
Ideally we'd have a better way of navigating platform idiosyncrasies or better system APIs, so that every project doesn't have to relearn them at runtime. But the rewrite isn't pure downside.
I'm personally not against Rust rewrites in principle. But doing them in this drive-by hostile manner, esp. with non-GNU licenses smells "hostile takeover" for me, and dismantling core free software utilities is not nice in general.
> Ideally we'd have a better way of navigating platform idiosyncrasies or better system APIs
I believe trying to make something idiot-proof just generates better idiots, so I prefer having thinner abstractions on the lower level for maintenance, simplicity and performance reasons. The real solution is better documentation, but who values good documentation?
Graybeards and their apprentices, mostly from my experience. I personally still live with reference docs rather than AI prompts, and it serves me well.
My read on those was basically that the classic filesystems are hopelessly broken and we need ACID guarantees in the next-gen filesystems, like 20 years ago.
Not saying all of them were about FS TOCTOU bugs but once I got to these, that was my takeaway.
Obviously just using Rust cannot fix _all_ bugs, and I reject any criticisms towards Rust rewrites that tear down this particular straw man (its goal being to make it impossible to argue against). That's toxic and I get surprised every time people on HN try to argue in that childish way.
But if we can remove all C memory safety foot guns then that by itself is worth a lot already.
Losing decades-old knowledge on how the dysfunctional lower-level systems work would be regrettable and even near-fatal for any such projects. That I'd agree with. But it also raises the question on whether those lower-level systems don't need a very hard long look and -- eventually -- a replacement.
I like rust as a language, but boy, the violent, zero-sum proselytising gets on my nerves. It's not enough for Rust to win, but C must be beaten to a pulp and its head mounted on a pike.
New projects wearing an another project's skin have always bothered me - regardless of language. Ubuntu did a similar thing way back with libav masquerading as ffmpeg.
How dramatic. I'll ask you as well: any proof for those colorful pictures you're drawing? Or are the people advocating for Rust a convenient target to vent other, very likely completely unrelated, frustrations?
I'm very happy to work with multiple programming languages without getting religious about any of them. They all have drawbacks, Rust included of course.
However, just my mere skepticism about the existence of the "violent proselytizing for Rust" of course immediately had me put in some imaginary group of fanatics. Which is of course normal. People love their binary camps and nuance and discission about merits be damned.
As another data point, I have gone through enough flame wars, incl. the usual ones, and Rust.
There's certainly a fanatic group of Rust developers who really want to eradicate C and C++ from the people's knowledge and all codebases in this universe, so far so openly hating the developers and designers of the said languages.
Same was (or still is) true for some LLVM/clang people w.r.t. GCC.
This is why I use neither.
I'm always happy to discuss PLT and merits of programming languages with neutral parties, even in lively fashion, but when open-mindedness gets thrown out of the window, I do leave the room.
These kinds of healthy discussions will benefit both parties. Hubris, ego, closed-mindedness and fanaticism won't.
Well, I don't see them in HN is what I am saying. Obviously not scanning 24/7 but every time I enter an HN thread where Rust is even loosely mentioned, I brace for the inevitable bullies imagining they are victims. And this thread is exactly the same, sadly.
I am genuinely curious where this fanatic group is. Where are you witnessing them?
> I brace for the inevitable bullies imagining they are victims.
As a person who is bullied physically, verbally and emotionally for years, I'd not throw words bully/victim like wrapping paper like that. Moreover, I'd never bully anyone. I'm not that.
> I am genuinely curious where this fanatic group is. Where are you witnessing them?
Discord servers, mailing lists, issue threads, discussions, here and there. They are very vocal and abrasive minority, but it's enough to make me stay away from them. A special-ops group of these people claim that Rust needs no official specification and they can just ad-hoc develop the language and spec as the compiler evolves, as a side-product of compiler itself (i.e. spec is the compiler).
Last time I encountered them as functional programming fanatics in mid 2000s to 2010s. They successfully made me dislike the community so much that I didn't touch any functional programming language to this day.
Make no mistake: My favorite languages have the same fanatics, and I stay away from them, too. For example, C++ fanatics are an interesting bunch. They don't bully other languages, but new C++ developers who doesn't code like them or the way they like.
Maybe one day I'll start writing Rust, after gccrs stabilizes (they're going well) or really start writing lisp, but I'm sure that I'll never ask a question to a mere mortal about programming in either language.
> As a person who is bullied physically, verbally and emotionally for years, I'd not throw words bully/victim like wrapping paper like that. Moreover, I'd never bully anyone. I'm not that.
I was bullied as well. Knowing karate and aikido helped but not much, those people just hated me for reasons I never quite understood and kept coming in groups even. Some days I wondered whether I'll go back home from school alive. However, me entering middle age has me almost not caring anymore about the reasons they were like that, so I got that going for me which is nice.
I am not "throwing" words. I believe I know what I am talking about because I witnessed a few bullies wisening up to losing prestige and status for being rightfully called out and learning to pretend they are the victims... and it worked in part. It was sickening then, it's sickening now, wherever I spot it. HN is one of those places.
> Discord servers, mailing lists, issue threads, discussions, here and there. They are very vocal and abrasive minority, but it's enough to make me stay away from them.
OK, I'll admit ignorance because I don't go to any of those places or at least it's very rare.
One thing jumps at me: you are avoiding those people which is 100% fair and I would as well. But why avoid Rust itself? Why look down on any rewrite-in-Rust initiatives? Why do you allow yourself be emotionally manipulated? Would you stop believing in your favorite alternative-energy or alternative-engine approaches if they had the 0.1% toxic zealots screaming for attention on events dedicated to those areas?
I can somewhat relate, mind you. One example: I hated how everyone was trying to make me read some book classics and basically made it a point to avoid them just based on that. I was fully aware that was an irrational reaction that was likely robbing me of enjoying good art. I take big pride in myself for finally overcoming this some 2-3 years ago and starting to go through those books. They were nothing special, mind you, and I still couldn't see why people deem most of them classics but at least now my opinion is my own and built with my own two eyes and brain.
> Make no mistake: My favorite languages have the same fanatics, and I stay away from them, too.
Well, that by itself seems to close the discussion. You are aware of this nuance.
> Maybe one day I'll start writing Rust, after gccrs stabilizes (they're going well) or really start writing lisp, but I'm sure that I'll never ask a question to a mere mortal about programming either language.
I refuse to feel shame about wanting to learn and absorb other people's expertise. If somebody is being an arse about it then it's them who are embarrassing themselves; not me. But I do agree it's a waste of time and I'll admit nowadays I start with an LLM session and only then branch out to people if I feel unsatisfied. But that's a function of how awfully busy I am and not that I am becoming more antisocial. (Which also explains I dissociated for 1-2h and preferred to read HN or a book.)
> But why avoid Rust itself? Why look down on any rewrite-in-Rust initiatives?
It's not avoiding, but choosing not to work with it, and it boils down to a couple of reasons. First, I don't work with a language which doesn't have a native GCC frontend. This is part due to supporting GCC & Free Software, and part don't liking rugpulls like license changes and whatnot. My personal weight is beyond negligible in changing outcomes of big currents, but at least I have my principles and stick to them. It's worth noting that I'm not "burning inside" to keep this stance. It's natural for me to do this, and I already like and write C++ and I'm somewhat experienced in that preventing race conditions and memory safety, so that keeps me covered. For smaller stuff I like Go these days. It's a goofball of a language which is very performant and excellent for what it's designed for.
I like to have a tool belt covering a wide gamut of scenarios, and what I use most covers all the needs I have. So Rust is interesting, I don't need it for now.
For the rust rewrites, while I'm not against them in principle, rewriting GPL software with MIT and other permissive licenses is against my values, so I don't support any of them. Writing GPL software with Rust is very possible, and I might do that in the future, but currently I have a couple of heavyweight C++ projects I'd rather work on (in the caliber of material simulations running on HPC systems).
> I refuse to feel shame about wanting to learn and absorb other people's expertise.
My reasons for not interacting with communities are very different. I'm not ashamed of failing, doing mistakes or whatnot. The reasons of I'm tired of interacting with rude people who gets their dopamine from putting people down, so I don't want to navigate all the thorns of the people to get a small bit of knowledge from them. Second, I'm relatively good with reading language references and documentation. I can ingest API documentation with ease and work from first principles.
If required, I can fight the good fight in any arena. I just don't see value of doing it for anything and everything.
In short, I'm not that hopeless to play that game. I'll rather die on hills which are worthy of the fight.
> I start with an LLM session
I don't use LLMs because I don't condone how they are trained, and again reading the reference is much better than a chat interface for me.
> maybe all this should just be thrown away and we should invent an FS with ACID semantics.
You're describing WinFS, which looked into and ultimately abandoned Microsoft 20 years ago. I'm sure other groups have looked into this as well, but there's no such thing as free lunch.
> I'm all for gradual improvements but at one point and on we should zoom even further out and pick our battles well.
That sounds a lot like picking up more battles, yet we all still have 24 hours a day. Recursively trying to perfect lower layers will have you like Hal changing the lightbulb https://youtu.be/AbSehcT19u0
Well, recursively trying to perfect lower layers is what I am advocating for us to not do.
As a guy who prefers to stop and think before coding, to me a lot of the older UNIX / GNU primitives seem broken (like the env vars process inheriting discussion that was here a while ago) and should be completely rethought. I also think people overreact and believe "everything will break". And we have libraries and runtimes that only implement small parts of libc and the deployed apps that use them are running mostly fine for years.
My broader point was: shall we not start breaking away from all this legacy? Must we always rely on corporations to lead the charge?
But yes, I do of course agree with the only 24h a day thing. And likely nobody would want to pay for such a trail-blazing work anyway. Sad world.
If we are going so far to only guarantee correctness if we are using a FS that implements ACID semantics, why not just reinvent the whole kernel and remove all footguns, including memory safety? We could have a OS that each syscall to memory allocation can only be done through safe API.
Otherwise, it doesn't really make sense. The only reason we have things like Rust and other memory safe languages is because we want to create safer programs in the existing imperfect OSes that we have currently.
Yes, this is why I am saying your idea of just reinventing the FS doesn't make sense. You don't get neither the wider ecosystem you get by having an OS compatible with e.g., POSIX semantics nor all the benefits you could get if you reinvent the whole OS.
> The project has the advantage of being old enough for them to be fixed.
That's exactly the point though - replacing established projects is inherently risky no matter how many safety buzzwords the replacement can cram into its GitHub tags.
ZFS is an out of tree filesystem, so one can not expect everything to go smoothly with kernel upgrades (it's recommended to hold kernel upgrades for production with ZFS, and test thoroughly, but here 6.12 is already a default for trixie), so this commit is a good road-sign to throw up infront of users to stop and think. Debian's opt-in usage stats (popcon) suggests that ZFS usage is a bit of niche, but I figured it is post worthy here, as some of us are in exactly that kind of niche.
https://www.kernel.org/doc/html/v6.12/admin-guide/kernel-par...
The defconfig for applicable platforms sets preempt=voluntary https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...
At boot, on Debian trixie the preempt setting is printed: May 28 22:58:07 foo kernel: Dynamic Preempt: voluntary
Description from the 6.12 Kconfig: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...
> This option reduces the latency of the kernel by adding more "explicit preemption points" to the kernel code. These new preemption points have been selected to reduce the maximum latency of rescheduling, providing faster application reactions, at the cost of slightly lower throughput.
> This allows reaction to interactive events by allowing a low priority process to voluntarily preempt itself even if it is in kernel mode executing a system call. This allows applications to run more 'smoothly' even when the system is under load.
It is possible to boot with preempt=none on 6.12, and on 6.13 preempt=lazy was introduced, where "the task gets one HZ tick time to yield itself" before being forced.
https://www.kernel.org/doc/html/v6.13/admin-guide/kernel-par... https://lwn.net/Articles/994322/
Linux 7.0 retains preempt=lazy and preempt=full, and there was a recent HN discussion of PostgreSQL navigating the change on the LKML:
https://news.ycombinator.com/item?id=47644864 https://lore.kernel.org/lkml/yr3inlzesdb45n6i6lpbimwr7b25kqk...
reply