Profile

Cover photo
George Dunlap
Lives in England
176 followers|37,365 views
AboutPostsPhotosYouTubeReviews

Stream

George Dunlap

Shared publicly  - 
 
Article I wrote summarizing my talk at LinuxCon NA next Monday. Come hear me speak for the full details!
The Xen Project community had such a decision to make in the wake of the XSA-7 security issue about the project's security policy. Learn about how they handled making a community decision without reaching a consensus.
2
1
Add a comment...

George Dunlap

Shared publicly  - 
 
Going to LinuxCon North America in August? Come hear my talk: "Making Community Decisions Without Consensus"
1
Add a comment...

George Dunlap

Shared publicly  - 
 
Hmm, so apparently there's an update to Windows 2008 in which an updated virtio block driver from SuSE will replace the virtio block driver from RedHat, causing your VM not to be able to boot on RedHat systems any longer. 
Set Page Width: [ 80 ] [ 90 ] [ 100 ] [ 120 ]. Group: *BSD: aic7xxx appscript-changes appscript-dev bsdi-announce bsdi-users bsdinstaller-discussion calendarserver-changes calendarserver-dev calendarserver-users darwinbuild-changes darwinbuild-dev dragonfly-bugs dragonfly-commits dragonfly-docs ...
1
Add a comment...

George Dunlap

Shared publicly  - 
 
"Despite the inherently functional character of all computer code, the Copyright Act makes clear that such code can be copyrightable. Nothing about the declaring code at issue here materially distinguishes it from other computer code, and petitioner has identified no genuine conflict of authority concerning Section 102(b)’s applicability to circumstances like these." -- the US DoJ simultaneously demonstrates the knowledge and ignorance about computer programming
1
Add a comment...

George Dunlap

Shared publicly  - 
 
Spend all morning catching up on mail from xen-devel; finish just before lunch at 1pm.  By 3:30, 125 new unread messages. 
1
Add a comment...

George Dunlap

Shared publicly  - 
 
 
CVE-2015-3456 ("Venom") and Xen: why are you vulnerable?
#xen   #xenproject   #venom

Let me spend a few words on CVE-2015-3456, also known as "Venom". Poor choice of a false acronym, if you ask me. 

The vulnerability is caused by a bug in the QEMU floppy drive emulator.

This is exactly the sort of bugs that we are trying to prevent in Xen Project, by limiting, when not avoiding entirely, device emulation. This is why Xen on ARM does not do any emulation at all. This is also why Xen on x86 still provides the ability to boot good old PV guests, which do not come with a large, exploitable, emulated environment.

If you are using Xen on ARM, you are OK. If you are using Xen on x86 with just PV guests or PVH guests (the new, faster, flavour of PV guests), you are also OK. If you are using HVM guests (builder="hvm" in the VM config file), you are affected.

As you probably know, Xen HVM guests rely on QEMU for emulation. Nonetheless we still try to limit the surface of attack, by disabling as many device emulators as possible by default.

For example we disable the floppy drive emulator.

Yes, you have heard correctly: the Xen toolstack disables a bunch of QEMU devices, including the floppy drive emulator, to avoid security vulnerabilities like "Venom".

So is Xen really vulnerable? Unfortunately yes, because of another QEMU bug: QEMU does not actually disable floppy drives, even when you ask nicely.

Sigh. Oh well, at least we tried. :-/
1 comment on original post
1
Add a comment...

George Dunlap

Shared publicly  - 
 
I like Go (the programming language) a lot. But one of the things that seems really brain-dead to me is that the name of your PACKAGE is tied to the name of the PUBLIC GIT REPO where it's hosted. Host it on github personal account? Your package name is now "github.com/gwd/foo". Want to switch to gitorious? Move it from your personal account to a group project? Transfer maintenance to someone else? You have to RENAME your package -- every and every Go source file that refers to it must be changed. And if your package ended up in a Debian package named goland-github-gwd-foo, now the DISTRO PACKAGE needs to be renamed too.
1
George Dunlap's profile photoIan Campbell's profile photo
3 comments
 
Only a small amount of experience, but yes. It seems to have gone off on a different tack to other languages which follow a static-linking kind of ecosystem mindset, to its detriment as far as I can tell so far.

I was initially fairly enthusiastic about the core language but a bit of the shine has worn off over silly things like the packaging or for example I find it's equivalent to object-y type encapsulation/inheritance leads to quite a bit more code duplication than I would like (something which it seems to me the language positively encourages).

Or silly things like wanting to interact with a new socket address family and not being able to use the existing networking core functionality because it has hard coded switches across the socket type (even if you managed to fabricate an fd and wrap it up to pass it in it goes and introspects it then gives up when it doesn't understand). Cue a whole load of new code duplication...
Add a comment...

George Dunlap

Shared publicly  - 
 
What about XenSummit? Come hear my talk: "Patch review for non-maintianers"
1
Add a comment...

George Dunlap

Shared publicly  - 
 
"It turns out that some of those attempts to clear sensitive information (like private keys) out of memory using memset() and bzero() were optimized away by some compilers. Clang/LLVM and GCC 5 use an optimization known as "dead store elimination" that gets rid of store operations to memory that is never read again."

It's incredible to me that with all the advancements in safety in languages as a whole, and in important warnings for "risky behavior" in gcc itself, that these sorts of compiler security bugs are still tolerated.

And bugs -- design bugs -- is what they are. If the OpenSSH team -- one of the most paranoid, security-focused teams on the planet -- can trip over it, nobody si safe. No 0.5% performance improvement is worth opening up this kind of massive security hole.
2
Add a comment...

George Dunlap

Shared publicly  - 
 
So the SFC is doing a fundraiser. According to their blog post [1], "We have structured the campaign with two make-or-break levels: a lower level that will just sustain the organization for a "bare minimum" service plan to our member projects, and a separate, higher level to continue doing copyleft enforcement. If we don't meet these goals we'll be forced to radically restructure."

Why this sudden need for funding? According to the same blog post, "...since we launched the VMware suit some of our corporate funding has been pulled because we tackle important but controversial issues, like GPL compliance. We have even have had talks blocked or cancelled at conferences."

They haven't named any names, but according to some clever sleuths [2], only two companies have recently dropped their SFC membership: a company called appendto.com (who appears to have been acquired by another company), and the Linux Foundation.

VMWare is a silver member of the Linux Foundation. [3]

[1] http://sfconservancy.org/blog/2015/nov/24/faif-carols-fundraiser/

[2] https://lwn.net/Articles/665855/

[3] http://www.linuxfoundation.org/about/members
The Software Freedom Conservancy provides a non-profit home and services to Free, Libre and Open Source Software (FLOSS) projects.
1
Add a comment...

George Dunlap

Shared publicly  - 
 
"I do not want to be offensive.
I want to be helpful.
I believe this question needs to be asked."
[Haskell-cafe] how to make this work recursive ? Richard A. O'Keefe ok at cs.otago.ac.nz. Sun Mar 1 23:49:46 UTC 2015. Previous message: [Haskell-cafe] how to make this work recursive ? Next message: [Haskell-cafe] how to make this work recursive ? Messages sorted by: [ date ] [ thread ] ...
1
Add a comment...

George Dunlap

Shared publicly  - 
 
gpg is really easy to use if you do things the one exact way the author thinks you should do it.  For instance, if you want to sign someone's key and then publish your signatures directly to the keyservers, three simple commands; easy peasy.

If you want to sign someone's key and then just send them the signature, for them to do with what they want -- time to write a complicated script that involves creating a fake gpg root and importing and exporting things half a dozen times.  Even that's a bit redundant, because it includes all his own subkeys and self-signatures.  If you want a really minimal signature, you have to start manually splitting the file into bits and re-assembling it...
2
arsen stasic's profile photoGeorge Dunlap's profile photo
2 comments
 
Well there shouldn't have to be a script. :-)  But as it turns out, I had tried caff (the Debian keysigning party thing) some time before and it just failed with a mysterious error.  After going back and trying it again recently, I think I understand why it didn't work -- gpg2  has a bug where the code that spawns the agent doesn't pass on alternate home directories properly.  So if your master key is anywhere other than in your home directory, and you have a passphrase on it (which of course you should), then it will fail.
Add a comment...
Basic Information
Gender
Male
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
England
Links
Other profiles
Really good food - interesting unusual local foods, good local beers. Large portions - plan on taking some home.
Public - 2 years ago
reviewed 2 years ago
1 review
Map
Map
Map