Profile

Cover photo
Olof Johansson
Works at Google
Attended Luleå University of Technology
Lives in Belmont, CA
3,163 followers|1,944,200 views
AboutPostsCollectionsPhotosYouTube
People
Have him in circles
3,163 people
Sylvain Gagnon's profile photo
Kaali Aankhain's profile photo
Dovydas Kezelis's profile photo
Eduardo Gorio's profile photo
Eric Chen's profile photo
Abu abdullah's profile photo
Hagit “Vickie” Katzenelson's profile photo
JHECA Twelve's profile photo
Muralidharan J's profile photo
Work
Occupation
Google ChromeOS. Mostly linux kernel stuff.
Employment
  • Google
    2010 - present
  • Agnilux
    2009 - 2010
  • Apple
    2008 - 2009
  • PA Semi
    2005 - 2008
  • IBM
    2000 - 2005
  • Effnet
    1997 - 2000
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Belmont, CA
Previously
Austin, TX - Luleå, Sweden - Skellefteå, Sweden
Story
Tagline
Swede in California
Education
  • Luleå University of Technology
    1992 - 1998
  • Balderskolan
    1989 - 1992
Basic Information
Gender
Male
Relationship
Married

Stream

Olof Johansson

Shared publicly  - 
 
Hey, it's summer, let's bring on the surströmming videos again, or something.

The can in this video is indeed disgusting, and I love the dish. Why? Something bad happened to that it, not sure what. It's not supposed to be a soup of fish and entrails like that. I've heard of it happening in transport sometimes.

Ideally it's supposed to be fairly firm (headless) fishes in the can.
23
Bill Richardson's profile photoOlof Johansson's profile photoPackSwede's profile photoAnders Öhlund's profile photo
8 comments
 
+Olof Johansson Yeah this can has probably been sitting unrefrigerated for quite some time allowing the fermentation process to continue until there is nothing but mush left of the fish. I wouldn't eat that and I love the hell out of surströmming. That... did not look good.
Add a comment...

Olof Johansson

Shared publicly  - 
 
Achievement unlocked: Faster and cheaper internet service in vacation home than in regular home.
21
Drew Fustini (pdp7)'s profile photoOlof Johansson's profile photoLeif Lindholm's profile photo
10 comments
 
Probably not - holiday account somewhat depleted... But at least we brought people excellent weather for midsummer.
Add a comment...

Olof Johansson

Shared publicly  - 
 
Interesting, Freescale is going lower-end with i.MX7, not higher-end.
9
2
Måns Rullgård's profile photoRob Herring's profile photoJeshwanth Kumar N K's profile photoDrew Fustini (pdp7)'s profile photo
10 comments
 
Race to the bottom.
Add a comment...

Olof Johansson

Shared publicly  - 
 
Switching from offlineimap to mbsync, and hitting gmail bandwidth limits on download. Grmbl. This will take several days.

mbsync is so much faster though, well worth the transition.
7
Kashyap Chamarthy's profile photoMichael Ellerman's profile photoTom Rini's profile photoMark Brown's profile photo
8 comments
 
It's got a database (like offlineimap). Definitely worth the effort to transition, it's moved downloading mail from being CPU constrained (!) to bandwidth constrained, it was especially noticeable when I was using an Atom machine for a while.
Add a comment...

Olof Johansson

Shared publicly  - 
 
Looking to play with parallel programming this summer? Adapteva's Parallella-16 is on sale on Amazon for $99!
8
1
Lewin Edwards's profile photoArun Bhanu's profile photo
 
The new transputer?
Add a comment...

Olof Johansson

Shared publicly  - 
 
Hey, now you can all partake in some of these sometimes quite creepy images. It's really interesting to see how they turn out, and what properties of an image you end up seeing "hallucinated" through it.
 
All of these images were computer generated!

For the last few weeks, Googlers have been obsessed with an internal visualization tool that Alexander Mordvintsev in our Zurich office created to help us visually understand some of the things happening inside our deep neural networks for computer vision.  The tool essentially starts with an image, runs the model forwards and backwards, and then makes adjustments to the starting image in weird and magnificent ways.  

In the same way that when you are staring at clouds, and you can convince yourself that some part of the cloud looks like a head, maybe with some ears, and then your mind starts to reinforce that opinion, by seeing even more parts that fit that story ("wow, now I even see arms and a leg!"), the optimization process works in a similar manner, reinforcing what it thinks it is seeing.  Since the model is very deep, we can tap into it at various levels and get all kinds of remarkable effects.

Alexander, +Christopher Olah, and Mike Tyka wrote up a very nice blog post describing how this works:

http://googleresearch.blogspot.com/2015/06/inceptionism-going-deeper-into-neural.html

There's also a bigger album of more of these pictures linked from the blog post:

https://goo.gl/photos/fFcivHZ2CDhqCkZdA

I just picked a few of my favorites here.
24 comments on original post
10
1
Vladimir Pantelic's profile photoRicardo Salveti (rsalveti)'s profile photo
 
so a computer generates my dreams, interesting...
Add a comment...

Olof Johansson

Shared publicly  - 
 
The pairing with dodocase for first person view seems interesting. I have no idea how well it'll work in practice though. :)

Still, $125 for the super early bird deal is cheap enough that I'll take the gamble. :)
It’s small, smart and streams HD footage to your phone, that’s just the beginning of Micro Drone 3.0 | Crowdfunding is a democratic way to support the fundraising needs of your community. Make a contribution today!
4
2
Mikko Rantalainen's profile photoDavid Miller's profile photo
Add a comment...
Have him in circles
3,163 people
Sylvain Gagnon's profile photo
Kaali Aankhain's profile photo
Dovydas Kezelis's profile photo
Eduardo Gorio's profile photo
Eric Chen's profile photo
Abu abdullah's profile photo
Hagit “Vickie” Katzenelson's profile photo
JHECA Twelve's profile photo
Muralidharan J's profile photo

Olof Johansson

Shared publicly  - 
 
Cheap low-end nvidia chromebooks on Amazon! (4G/32G are still at higher prices)
7
Dennis Gilmore's profile photogreg nwosu's profile photoMarc Herbert's profile photoAlexander Graf's profile photo
10 comments
 
+Marc Herbert mostly because I would use it for non-ChromeOS eat-your-own-dogfood work where I like to not invest into legacy architectures :).
Add a comment...

Olof Johansson

Shared publicly  - 
 
In Sweden, surveillance is by camera and WiFi. For your safety.
6
Benoit Chesneau's profile photoOlof Johansson's profile photo
2 comments
 
Unlogged surveillance isn't really useful, is it?
Add a comment...

Olof Johansson

Shared publicly  - 
 
#opticalexperiments from space!
15
Brandy Johansson's profile photo
 
Happy Father's day with fancy space beer!
Add a comment...

Olof Johansson

Shared publicly  - 
 
This is a really interesting look at LXC (via +Kees Cook).

Besides the conclusion that nobody has really looked at this closely, another obvious one is that seem to lack adequate test coverage. The rootfs ro one, for example, is so obviously testable that I'm baffled.
 
I lately happen to had the opportunity to look at LXC's code base. I was mostly interested in how it makes use of the kernel's namespaces and its usage of seccomp. It took a while to find the relevant code as there are quite a few levels of indirection but I eventually found it ...and even a few issues while playing around. Lets focus on those.

1/ LXC gets r/o rootfs bind mounts wrong

Maybe this is not a use case for LXC or I'm just using it wrong as I'm not an LXC user (yet) but the following config just does not do what one would expect it to: chrooting to /chroot/wheezy using a r/o bind mount:

,- [ lxc.conf ] -
| lxc.rootfs = /chroot/wheezy
| lxc.rootfs.options = ro
`---

# lxc-execute -n wheezy -f lxc.conf /bin/bash
(wheezy)root@alpha:/# touch /foo
(wheezy)root@alpha:/# ls foo
foo

Okay. Not nice. The reason for this is LXC tries to do the bind mount and change the mount flags with just a single call to mount(). Well, that won't work. It's badly documented behaviour of the Linux kernel (see [1]), but the kernel does it this way "since forever" so IMHO LXC should handle it gracefully by calling mount() twice to get it right.

Reported as [3]. Lets see where this leads to... ...which brings us to the next issue.

2/ LXC's seccomp support is "quirky"

Starting with version 1.0.0 LXC got an actually usable seccomp filter interface. It allows to specify a policy and a list of syscalls to filter. It even allows to distinguish the filters depending on the architecture. For example the following (not very useful) policy would forbid calling open_by_handle_at() for 32bit and 64bit processes on a x86-64 kernel but would allow calling kexec_load() for 32bit processes. 64bit processes OTOH would get an error value of 1 (EPERM) instead. All other syscalls would be allowed as it's a blacklisting policy.

,- [ lxc.seccomp ] -
| 2
| blacklist
| [x86-64]
| open_by_handle_at errno 1
| kexec_load errno 1
| [x86]
| open_by_handle_at errno 1
`---

So far, so good. But if one looks at the code that does the seccomp filter parsing one can see it handles the case were the syscall numbers for the compat and the native arch equals special (see [4]). In this case it only adds the syscall to the native seccomp filter context -- for bogus reasons as we'll see soon. It's odd, because it handles the following cases wrong:

,- [ lxc.seccomp ] -
| 2
| blacklist
| [x86]
| syslog
`---

This filter will generate a BPF program that'll blacklist the syslog syscall for x86-64 instead of blacklisting it for x86. Not quite what was intended by the filter.

Yet another example:

,- [ lxc.seccomp ] -
| 2
| blacklist
| [all]
| reject_force_umount
`---

That filter -- similar to the common seccomp filter shipped with LXC since v1.1.0 -- tries to blacklist forced umounts for all supported architectures, that is, prevent calls to umount2() with the MNT_FORCE flag set. That's a nice goal to achieve but, apparently, LXC does not fully reach that goal. Best explained with the BPF program generated by the above seccomp policy:

 line  OP   JT   JF   K
=================================
 0000: 0x20 0x00 0x00 0x00000004   ld  $data[4]
 0001: 0x15 0x00 0x09 0xc000003e   jeq 3221225534 true:0002 false:0011
 0002: 0x20 0x00 0x00 0x00000000   ld  $data[0]
 0003: 0x35 0x07 0x00 0x40000000   jge 1073741824 true:0011 false:0004
 0004: 0x15 0x00 0x07 0x000000a6   jeq 166  true:0005 false:0012
 0005: 0x20 0x00 0x00 0x0000001c   ld  $data[28]
 0006: 0x15 0x00 0x05 0x00000000   jeq 0    true:0007 false:0012
 0007: 0x20 0x00 0x00 0x00000018   ld  $data[24]
 0008: 0x54 0x00 0x00 0x00000001   and 0x00000001
 0009: 0x15 0x00 0x02 0x00000001   jeq 1    true:0010 false:0012
 0010: 0x06 0x00 0x00 0x0005000d   ret ERRNO(13)
 0011: 0x15 0x00 0x01 0x40000003   jeq 1073741827 true:0012 false:0013
 0012: 0x06 0x00 0x00 0x7fff0000   ret ALLOW
 0013: 0x06 0x00 0x00 0x00000000   ret KILL

The first instructions (0000-0002) do the architecture check for x86-64. If that test fails (we're not using the x86-64 syscall API) we'll jump to 0011 which tests for the x86 architecture. If that succeeds (we're using the x86 syscall API) we'll continue at 0012. But ... there's no syscall filter there! Just the default policy with 'ret ALLOW'.

This confirms that x86 processes get a free pass to do forced umounts while x86-64 processes do not. Well, you still have to trust me that the x86-64 specific part of the BPF program actually does the umount2(...,MNT_FORCE) filtering. But it does, believe me, at least for some variants of the umount2(...,MNT_FORCE) calls. Which ones it may not catch is left as an exercise for the reader ;)

Thus, the seccomp support in LXC still has room for improvement. Reported as [5].

...but wait! Looking further at the generated BPF program one can see (well, if you're brave enough to read and understand BPF bytecode ;) that there is a code path that leads to unintended behaviour. Namely the architecture check for the x32 architecture at 0003 looks bogus. If it succeeds, i.e. detects that this syscall is using the x32 API, it'll jump to the next architecture check at 0011. But that is wrong for two reasons. First: The seccomp filter has no support for x32 -- it just handles x86-64 and the "compat arch", x86 in this case. Second: That architecture test instruction wouldn't check for the x86 architecture. The accumulator register it uses for the test was already overwritten with the syscall number -- to do the x32 architecture check. So, this test will likely fail, unless there is a syscall having a syscall number matching the x86 architecture value. And, in fact, there is one. The x32 close() call has the value 0x40000003 -- just what the instruction at 0011 tests for. On a successful test it just falls through to the default policy: ALLOW. But even if the filter would contain a blacklist of x86 syscalls those would all fail to match as the syscall numbers for the x86 syscall ABI are way below 0x40000003. This makes the x32 close() call always fall though to the default policy which is, in this case, ALLOW. However, the attempt should have been handled by the KILL instruction at line 0013 instead as x32 is an unsupported architecture regarding that policy. So, yet another flaw. Yay! :( In this case, though, it's not a bug of LXC but of libseccomp instead.

To bring this bug into the right perspective: Allowing x32 syscalls to close() is not a big deal as you can't do much with close() alone. But still, it's unexpected behaviour.

No bug report this time but a fix instead. It even made it into the git repo as [6] already.


Summarizing the above: That's 3+ bugs just by looking at the code, trying to understand what it does. Not bad. But all that makes me wonder: How many people are actually looking at the code, looking for flaws or proving correctness, compared to how many actually rely on it to function correctly, i.e. rely on it to provide a solid security barrier? Well, I guess, not so many. Which makes me sad. There goes the "many eyeballs" argument... :/


[1] https://lwn.net/Articles/281157/ (Please note that the workaround in the LWN article is wrong. [2] gets it right, though.)
[2] https://lwn.net/Articles/637501/
[3] https://github.com/lxc/lxc/issues/570
[4] https://github.com/lxc/lxc/blob/ccb17e9f8a9d2dba34e94bcf6a58afd4ca1a02d1/src/lxc/seccomp.c#L433-L442
[5] https://github.com/lxc/lxc/issues/571
[6] https://github.com/seccomp/libseccomp/commit/8868f7eb0c343cfcb9bbe28736928a7f7e108b97
3 comments on original post
8
1
Hoang Tran's profile photo
Add a comment...

Olof Johansson

Shared publicly  - 
 
 
Today at the Open Network Summit we showed how we've been running our datacenter networks for the past decade.  (For full details you'll have to wait for a paper we'll publish at SIGCOMM 2015 in August.)  

Great networking has long been a key ingredient in having a great cloud platform, and of course you get to use these same networks on +Google Cloud Platform. 
11 comments on original post
8
2
Karim Yaghmour's profile photoBenoit Chesneau's profile photo
Add a comment...
Olof's Collections