LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Recently posted comments

DRM in HTML5 published in draft form

Posted May 23, 2013 11:15 UTC (Thu) by robbe (guest, #16131)
In reply to: DRM in HTML5 published in draft form by iabervon
Parent article: DRM in HTML5 published in draft form

Hasn't the best defense against XSS been whitelisting for a long time?

Of course, many websites prefer playing catching-up with their blacklists...

EFF: Vermont Is Mad as Hell at Patent Trolls

Posted May 23, 2013 11:10 UTC (Thu) by fergal (subscriber, #602)
In reply to: EFF: Vermont Is Mad as Hell at Patent Trolls by njwhite
Parent article: EFF: Vermont Is Mad as Hell at Patent Trolls

I don't really see why this should be limited in any way to trolls (companies who do nothing apart from bringing patent cases).

1 non-troll companies also act abusively with patents.
2 however you define it, it just seems to just invite creative ways of acting abusively with patent while avoiding being classed as a troll
3 it legitimises software patents by implying that they're not a problem except when trolls are involved
4 if you actually agree with software patents (I don't but some do) then selling your patent to some entity who is willing to do the leg work and take the risks is a perfectly legitimate way for an inventor to profit from their invention

The disease is patents, trolls are just the current symptom, if we make them go away, some other symptom will arise, there's too much money on offer for it not to.

Attacking the action (demanding money in bad faith, making them post bonds etc) does make a bunch of bad patents unprofitable and so attacks the disease (but only partially).

Google Code to deprecate downloads

Posted May 23, 2013 10:51 UTC (Thu) by nye (guest, #51576)
In reply to: Google Code to deprecate downloads by njwhite
Parent article: Google Code to deprecate downloads

>I wonder if this isn't some cynical attempt to force developers to use more varied parts of Google's infrastructure.

Google are strongly pushing people to use Drive.

Case in point: my Gmail account reached 95% capacity a few days ago, so now I have a permanent banner at the top of the page warning me about it. When I went to buy extra storage space, I discovered that they removed the ability to do so some months ago.

It used to be possible to buy Gmail storage space in sensible increments up to some crazy amount; now, the only way to get extra space is to pay for a Drive subscription, where they also throw in 25GB of Gmail space (no more, no less - it's a fixed amount no matter how much Drive space you pay for). Oh, and that costs 5 times as much, so that I can get something I will never, ever want.

EFF: Vermont Is Mad as Hell at Patent Trolls

Posted May 23, 2013 10:50 UTC (Thu) by njwhite (subscriber, #51848)
In reply to: EFF: Vermont Is Mad as Hell at Patent Trolls by robert_s
Parent article: EFF: Vermont Is Mad as Hell at Patent Trolls

> My point is - I worry that this problem will get swept under the carpet and people will consider the patent system "fixed".

I quite agree. The EFF did mention this at the end of their article; "While we admire these bills' creativity, the obvious takeaway from this fact is that there are a lot of areas of the patent system that are very, very broken. So let's take a step back and push for real, comprehensive change."

> I would personally like to see the definition of patent trolling in the legislature significantly expanded

I agree it is weird to call "bad faith" claims as properly addressing patent trolls. Undoubtedly it addresses a lot of what they do, but they can make a very good business out of making "reasonable" claims with the patents they've aquired. They are trolls by virtue of buying patents and using them to extort others, not by virtue of whether their infringement claims are applicable or not.

Bug class

Posted May 23, 2013 10:41 UTC (Thu) by error27 (subscriber, #8346)
In reply to: Bug class by cesarb
Parent article: An unexpected perf feature

Smatch theoretically can find buffer underflows.

In this case it missed for several reasons. 1) This wasn't getting marked as untrusted user data. 2) The cross function tracking wasn't working. 3) The underflow check was ignoring if we capped the upper value. *eyeroll*

I haven't pushed all the Smatch changes yet, but it's sort of working now to the point where it would have found this bug. It did find a couple problems in ATM network drivers as well.

Google Code to deprecate downloads

Posted May 23, 2013 10:41 UTC (Thu) by njwhite (subscriber, #51848)
In reply to: Google Code to deprecate downloads by dlang
Parent article: Google Code to deprecate downloads

> If people are using this service as a generic fileshare service containing content that causes Google to have to deal with DMCA letters, it's hard to blame them for trying to discourage such use while still keeping things usable for developers.

But if Google are encouraging developers to use Google Drive instead, they can't be too disuaded by DMCA letters and similar.

I wonder if this isn't some cynical attempt to force developers to use more varied parts of Google's infrastructure. It doesn't seem likely, but I can't see a convincing reason for this ridiculous change.

Google Code to deprecate downloads

Posted May 23, 2013 10:36 UTC (Thu) by njwhite (subscriber, #51848)
In reply to: Google Code to deprecate downloads by rfunk
Parent article: Google Code to deprecate downloads

You can download tarballs of tags from github, right from the tags page. Though as you mention you can't upload arbitrary stuff for downloading. It doesn't look like Google supports anything similar. Which is insane.

An "enum" for Python 3

Posted May 23, 2013 10:31 UTC (Thu) by ballombe (subscriber, #9523)
In reply to: An "enum" for Python 3 by gdt
Parent article: An "enum" for Python 3

See <http://en.wikipedia.org/wiki/Ordinal_arithmetic> for one of the mathematical views on the subject.

Google Code to deprecate downloads

Posted May 23, 2013 10:28 UTC (Thu) by kiko (subscriber, #69905)
In reply to: Google Code to deprecate downloads by imgx64
Parent article: Google Code to deprecate downloads

Launchpad hosts downloads just fine: https://help.launchpad.net/Projects/FileDownloads

Google releases a draft VP8 patent cross-license

Posted May 23, 2013 10:08 UTC (Thu) by gerv (subscriber, #3376)
Parent article: Google releases a draft VP8 patent cross-license

I don't think the lack of sublicensability is a problem at all.

Anyone can go to the Google site at any time, click, and be licensed for all future _and_past_ uses. So the only time anyone would ever actually need to do that is if they had been sued, and doing it would make the lawsuit go away. I actually think this is a pretty cunning solution if it's not possible to have a sublicensable licence (I suspect, with no evidence, that MPEG-LA didn't allow that).

As for the field-of-use restriction, expecting MPEG-LA to allow Google to give free licenses to all these patents without such a restriction is basically expecting them to blow up a substantial part of their H.264 licensing business. That seems somewhat unlikely.

Finally, comparing patent license agreements to the OSD is a category error IMO.

Gerv

GitHub also did this

Posted May 23, 2013 10:05 UTC (Thu) by Wummel (subscriber, #7591)
In reply to: GitHub also did this by bgilbert
Parent article: Google Code to deprecate downloads

On 30.4.2013 I used the github download API to create a release file. It worked without problems. It seems they decided not to pull the plug too soon.

Homebrew

Posted May 23, 2013 9:50 UTC (Thu) by man_ls (subscriber, #15091)
In reply to: Debian GNU/Hurd 2013 released by geofft
Parent article: Debian GNU/Hurd 2013 released

I'm using one right now, and honestly the only thing that really bothers me relative to Debian is the lack of a good packaging repository.
I have to use a Mac laptop for work sometimes, and there is an excellent packaging repository: Homebrew. In fact it is so good that I don't miss APT at all, unless with most other Linux distros. Also it has Bash which makes it feel almost like home.

But there are multiple annoyances with it: lousy keyboard layout, inconsistent keyboard shortcuts for most applications (next tab anyone?), slooow with a spinning rust disk, and very hungry for resources. I miss my XFCE/GNU/Linux desktop machine all the time. Otherwise it is very nice hardware, I guess it could use an SSD inside and some Debian in it.

An "enum" for Python 3

Posted May 23, 2013 9:37 UTC (Thu) by nix (subscriber, #2304)
In reply to: An "enum" for Python 3 by micka
Parent article: An "enum" for Python 3

Yeah, the link between 'enumerate' and 'number' is all the way back in Latin ("count out"). The fossil is still there in the word clearly enough for a native speaker to notice, though of course etymology is not destiny and there are *lots* of words whose etymology is a totally misleading guide to their meaning.

EFF: Vermont Is Mad as Hell at Patent Trolls

Posted May 23, 2013 9:29 UTC (Thu) by robert_s (subscriber, #42402)
In reply to: EFF: Vermont Is Mad as Hell at Patent Trolls by gerdesj
Parent article: EFF: Vermont Is Mad as Hell at Patent Trolls

My point is - I worry that this problem will get swept under the carpet and people will consider the patent system "fixed".

We only seem to be seeing action on this rather specific corner here & now because this behaviour is causing pain to organizations both large & small.

I mean, I would personally like to see the definition of patent trolling in the legislature significantly expanded. But we're not going to see that, because it would cover the way many large companies who have a lot of sway operate.

NetBSD 6.1

Posted May 23, 2013 9:27 UTC (Thu) by nix (subscriber, #2304)
In reply to: NetBSD 6.1 by Cyberax
Parent article: NetBSD 6.1

The testing methodology is ridiculous. If you're trying to test something filesystem-related, don't do something almost totally CPU-bound: you won't be testing the filesystem at all! Heck, they don't even pass -frandom-seed last I saw, so the CPU usage is going to vary between runs in any case, even if things like cache utilization were constant (which there is no *way* they will be: they're going to hugely dominate filesystem I/O in any reasonable analysis).

Debian GNU/Hurd 2013 released

Posted May 23, 2013 9:25 UTC (Thu) by nix (subscriber, #2304)
In reply to: Debian GNU/Hurd 2013 released by xtifr
Parent article: Debian GNU/Hurd 2013 released

Hear hear! Heck, I *started* with EMX and EPM on OS/2, moved to Emacs, and only years after that moved to Linux (in 1997, I think it was). GNU was a gateway drug to Linux, in my case, not vice versa. The same is probably true of most who came to Linux in the 90s.

Python and implicit string concatenation

Posted May 23, 2013 9:17 UTC (Thu) by intgr (subscriber, #39733)
Parent article: Python and implicit string concatenation

> possibly until Python 4

*cringe*

No more major revisions to the language, I beg you Python gods!

(But implicit concatenation *is* evil, maybe sneak it into a minor release)

An unexpected perf feature

Posted May 23, 2013 9:17 UTC (Thu) by dgm (subscriber, #49227)
In reply to: An unexpected perf feature by Cyberax
Parent article: An unexpected perf feature

There's no way to prevent memory corruption, as long as I can write to the wrong variable (ooops!). Memory protection is a feature of the underlaying machine, not the language.

Timely!

Posted May 23, 2013 9:05 UTC (Thu) by micka (subscriber, #38720)
In reply to: Timely! by smitty_one_each
Parent article: DeadDrop and Strongbox

Thank you, that was useful, now I understand.

Ktap — yet another kernel tracer

Posted May 23, 2013 9:05 UTC (Thu) by nix (subscriber, #2304)
Parent article: Ktap — yet another kernel tracer

I note that, unlike DTrace, the ktap language implements loops, which were intentionally left out of D (the DTrace language) because as soon as your language has loops and conditionals you cannot prove that execution will terminate in the general case without slamming into the halting problem, and that also constrains proof of all sorts of other properties about the code, since an awful lot of them reduce to the halting problem again. The most you can do in a constrained environment like the kernel is to impose a timeout on script execution.

Of course, in a privileged tracer there are lots of other ways to cause trouble inside the kernel, and there is not yet any DTrace port for Linux which implements unprivileged tracing -- but at least unprivileged tracing is implementable there. I don't see how it could be implemented in ktap without a crude timeout or something of that ilk. Nonetheless, ktap looks very interesting and I am cheering from the sidelines, since a bytecode interpreter is much more elegant than the module-compilation approach taken by SystemTap.

(one note: DTrace for Linux is available to everyone, not just paying customers, though you do need to use the UEK2 kernel. The source for the userspace component I work on is not available, though :( )

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds