Profile

Cover photo
David Herrmann
312,344 views
AboutPostsPhotosVideos

Stream

David Herrmann

Shared publicly  - 
 
That feeling when you audit your own code and you're really not sure whether you wanna look behind that tree.
26
1
Drew Fustini's profile photo
Add a comment...
 
 
Please help us defend our trademark from Groupon and support GNOME!  

"GNOME" the trademark has been a familiar name for the past 17 years in the Free and Open Source Software community. The GNOME project has been a staple desktop for GNU/Linux and BSD desktops. It was the default desktop for Sun Microsystems workstation class machines, continues to be the default desktop for the Red Hat Enterprise Linux and SUSE Linux Enterprise Server distributions, and it is the default desktop of Fedora and Debian. SUSE Linux Enterprise Point of Service solution for the retail industry is based on GNOME. GNOME technology can be found in TVs, tablets, phones, consumer devices, and in common software everywhere.

Recently Groupon announced a product with the same product name as GNOME. Groupon’s product is a tablet based point of sale “operating system for merchants to run their entire operation." The GNOME community was shocked that Groupon would use our mark for a product so closely related to the GNOME desktop and technology. It was almost inconceivable to us that Groupon, with over $2.5 billion in annual revenue, a full legal team and a huge engineering staff would not have heard of the GNOME project, found our trademark registration using a casual search, or even found our website, but we nevertheless got in touch with them and asked them to pick another name. Not only did Groupon refuse, but it has now filed even more trademark applications (the full list of applications they filed is available on our groupon page linked). To use the GNOME name for a proprietary software product that is antithetical to the fundamental ideas of the GNOME community, the free software community and the GNU project is outrageous. Please help us fight this huge company as they try to trade on our goodwill and hard earned reputation.

We want to show that our brand matters and that you care. Of the 28 trademark applications Groupon filed, we have to file formal proceedings to oppose 10 of them by December 3, 2014. Help us raise the funds to fight back and most of all call public attention to this terrible behavior by Groupon. Help us make sure that when people hear about GNOME software they learn about freedom and not proprietary software. Our counsel has advised us that we will need $80,000 to oppose the registration of the first set of 10 applications. If we are able to defend the mark without spending this amount, we will use the remaining funds to bolster and improve GNOME. Please help us raise the money to protect GNOME's trademark and strengthen Free Software!

Please donate here:
http://www.gnome.org/groupon/
"GNOME" the trademark has been a familiar name for the past 17 years in the Free and Open Source Software community. The GNOME project has been a staple desktop for GNU/Linux and BSD desktops. It was the default desktop for Sun Microsystems workstation class machines, continues to be the default ...
69 comments on original post
2
Add a comment...

David Herrmann

Shared publicly  - 
 
A big thanks to BSD for introducing the safe strlcpy as replacement for strncpy. There's no unexpected behavior anymo-- wait, no.. oh god! strlcpy requires the source to be 0 terminated, even if its longer than the target size. Why? Of course, so the return-value can be the length of the string that was tried to be written, instead of the real written length.

Not the first time I see kernel-patches replacing the good old:
strncpy(kernel, from_user, len - 1) + kernel[len] = 0
with:
strlcpy(kernel, from_user, len)

This so not works well...
16
11
Jürgen Hanker's profile photoWilliam Dauchy's profile photoAntonio Bonanno's profile photogeorge oloo's profile photo
2 comments
 
The danger with strclpy() is that you could read from unmapped memory and cause an oops.  I have never heard of this happening in real life because memory is so full of NUL characters.

The one example I have seen where someone complained about strlcpy() was where in a place where it was totally safe.  He wouldn't give up even when I explained to him why strclpy() was safe in that context.

I would be interested to see a real bug even if it couldn't be triggered.
Add a comment...

David Herrmann

Shared publicly  - 
 
 
Most impressive keynote of the week, by a large margin.
4 comments on original post
20
5
Boris Kaul's profile photoMarkus Lobedann's profile photo
Add a comment...

David Herrmann

Shared publicly  - 
 
Cool! I didn't know there was a VT-ioctl to clear the... wait, no, WHAT?

Yes, switching between VTs is how 'security' is implemented on linux. Oh, and please don't break this precious feature by fixing scrollback buffers like this: https://lkml.org/lkml/2014/5/30/664
Man Page or Keyword Search: Man. All Sections, 1 - General Commands, 2 - System Calls, 3 - Subroutines, 4 - Special Files, 5 - File Formats, 6 - Games, 7 - Macros and Conventions, 8 - Maintenance Commands, 9 - Kernel Interface, n - New Commands. Debian 6.0 squeeze, Debian 7.0 wheezy ...
16
2
Lennart Poettering's profile photoDavid Herrmann's profile photoH. Peter Anvin's profile photogeorge oloo's profile photo
4 comments
 
+Lennart Poettering CSI-J is "erase in display / ED", that's only for on-screen buffers, not scrollback. xterm supports an extension to clear saved lines (ED 3), but I doubt that the kernel supports it. (EDIT: oh, it's indeed supported since 2.6.something)
Add a comment...

David Herrmann

Shared publicly  - 
 
 
Mars Panorama - NASA’s Curiosity Mars Rover selfie: Martian night
(Digital Art Compilation)
270 comments on original post
12
1
Артур Файзуллин's profile photoAditya Rachakonda's profile photo
 
perfect selfy! :)
Add a comment...

David Herrmann

Shared publicly  - 
 
"I � Unicode."
34
2
Ismael Castiñeira Álvarez's profile photoDaniel Mack's profile photoFlorian Echtler's profile photoMax Berger's profile photo
2 comments
 
Die Unicode Selbsthilfegruppe trifft sich heute im Gr¶nen Saal
 ·  Translate
Add a comment...

David Herrmann

Shared publicly  - 
 
memfd is merged, thanks to all involved! But lets not get nostalgic, but continue straight to the next task: revoke()
28
6
Brandon Philips's profile photoJohannes Löthberg's profile photoKrzysztof Wilczynski's profile photogeorge oloo's profile photo
3 comments
 
I think for device drivers at least, this revoke stuff needs a better way to handle mmap, in particular mmap of MMIO space.
Add a comment...

David Herrmann

Shared publicly  - 
 
Before sending v3 of the memfd+sealing patches, I wrote a short overview. We're close to getting this merged upstream, so it was time to get something we can refer people to:

http://dvdhrm.wordpress.com/2014/06/10/memfd_create2/
23
11
Conrad Meyer's profile photoFernando Apesteguía's profile photoBrandon Philips's profile photogeorge oloo's profile photo
21 comments
 
Just noticed its upstream, good work!
Add a comment...

David Herrmann

Shared publicly  - 
 
Linux Virtual-Memory gem: If your device-driver supports mmap(PROT_WRITE), you can never revoke access to those pages (no, not even unmap_mapping_range())!

How so, you ask? The villain is called get_user_pages() (GUP): For example, Direct-IO pins underlying pages until the write is finished. So if you use the memory-mapped pages as receive buffer to a direct-IO operation on some other object, the kernel pins your mapped pages and reads data into them asynchronously. Even if you munmap() that area, the kernel keeps these pages pinned for the ongoing operation. FUSE (or any network-based IO) can delay such operations for an indefinite period. Therefore, the actual write to the page can occur at any time.

Why should I care? It breaks nearly any feature that makes objects read-only during runtime or moves data between pages without freezing page->_count. This includes:
 * remounting a FS read-only
 * revoking access to a file
 * setting S_IMMUTABLE
 * DRM/TTM swapper
 * mandatory POSIX locks
 * file sealing
 * VESA/VGA hw handover (or other fbdev handovers)

I think I could extend this list indefinitely. The only protection I found so far is VM_IO, which prevents GUP (or, obviously, VM_PFNMAP).

Btw., there's no intention to fix this generically. If you want to forcibly deny write access to a page, there's nothing left but migrate it and let old I/O phase out on the old page (or set VM_IO!).
I'm still hoping for some magic solution to this.. spent far too much time digging into mm/
19
16
Hong Chen's profile photoJian-Jhong Ding (JJ)'s profile photoChekkizhar N's profile photoPatrick McFarland's profile photo
6 comments
 
...and this is the reason you don't want non-root users mounting network filesystems or playing with fuse.
Add a comment...

David Herrmann

Shared publicly  - 
 
Selten so gelacht! Gleiche Anzeige heute auch in der Zeit entdeckt.

Die 120.000€ für die Anzeigen hätte HOB lieber in einen Deutsch-Kurs für Herrn Brandstätter investieren sollen. Der Artikel liest sich wie ein Erlebnisaufsatz eines Grundschülers. Wobei das wahrscheinlich gewollt ist, wenn man bedenkt, dass er inhaltlich kaum an jemand anderes als Grundschüler gerichtet sein kann..
 ·  Translate
15
12
Daniel Wendler's profile photoWolfgang Walter's profile photoSven Gerstner's profile photoStefan Moises's profile photo
7 comments
 
"Die NSA weiß schon was sicher ist." :-D Fehlt nur noch das Merkel HOB-SSL ihr vollstes Vertrauen ausspricht. 
 ·  Translate
Add a comment...

David Herrmann

Shared publicly  - 
 
The +systemd project is pet-friendly.
13
Add a comment...
People
Basic Information
Gender
Male
Work
Occupation
Student