LWN: Comments on "The 4.13 kernel is out"

DocBook replacement

corbet — Fri, 08 Sep 2017 15:11:50 +0000

See this article for details, along with various other updates that can be found here.

The 4.13 kernel is out

NightMonkey — Fri, 08 Sep 2017 15:07:24 +0000

Is there some sort of replacement for DocBook? Not that I used its output much, but I do like options in reading the kernel code and commentary.

Bad default, but be careful if you stop anybody's pig from dancing

NightMonkey — Fri, 08 Sep 2017 15:05:33 +0000

I think you and I might be supporting the same users? It's like you are writing entries in my diary. Especially the last paragraph.

The 4.13 kernel is out

jani — Wed, 06 Sep 2017 07:18:46 +0000

So long, DocBook! I'm somewhat surprised by your swift departure, I was expecting you to linger a bit longer. I don't think I'll shed a tear for you, though.

Bad default, but be careful if you stop anybody's pig from dancing

tialaramex — Tue, 05 Sep 2017 14:04:35 +0000

There is a balance here, because of Dancing Pigs a large proportion of people whose device ceases to work because of security will label that as "Your thing is broken" not "Hooray for protecting me". It makes no sense for Linux to deliberately put up a fence where the equivalent Windows systems just shrug "Eh, who needs security when you can have compatibility?". However it looks as though Microsoft is moving in the same direction, there's no need for us to be _worse_ than them about security holes they're responsible for.

There's a "First Mover" penalty which is why the Web Browser Vendors sometimes behave like a cabal - if they all make your pig stop dancing at roughly the same time, you might shake your fists and blame the cabal, but at least you won't switch to the least secure option just because it keeps your pig dancing. This avoids the Powers That Be looking at the situation and deciding by fiat that there won't be any more security fixes, all pigs must be permitted to continue dancing even if it hairlips the governor.

There's also "Last change gets the blame" at work. In many cases the reason an organisation (or home) needs SMB1 is some obsolete third party device they've become dependent on. But they bought that years ago, and humans have learned to blame the new thing, for completely rational reasons, so even though the _right_ fix might be to replace that 10 year old printer or WiFi router, the actual fix may be to return the shiny new secure Linux appliance and get the insecure alternative instead.

The 4.13 kernel is out

claudio — Tue, 05 Sep 2017 10:04:35 +0000

I would also add that on Linux 4.13 SCHED_DEADLINE switched from the CBS to the GRUB algorithm, allowing to reclaim CPU bandwidth unused by other blocked deadline tasks.

The 4.13 kernel is out

ledow — Tue, 05 Sep 2017 00:17:25 +0000

Does it matter? SMB 1 is broken and inherently insecure, so it's a bad default.

If people need it, they can change it back. If you're reliant on such extension working, you'll test and/or change the default and suffer the consequences.

Meanwhile, people who just have a Linux PC that they mount a network drive / NAS device / their laptop files from the network on aren't exposing themselves to serious compromise.

The 4.13 kernel is out

jlayton — Mon, 04 Sep 2017 14:10:53 +0000

Unix extensions are still a WIP on SMB2/3. The good news is that they aren't needed as much as they were with SMB1. A lot of the core protocol already maps reasonably well to POSIX semantics. It's not perfect by any stretch of the imagination, but it's good enough for most purposes.

The 4.13 kernel is out

joib — Mon, 04 Sep 2017 10:04:21 +0000

> The change in question is simply changing the default cifs behavior: instead of defaulting to SMB 1.0 (which you really should not use: just google for 'stop using SMB1' or similar), the default cifs mount now defaults to a rather more modern SMB 3.0.

How does this interact with Samba and the CIFS Unix Extensions? I thought the equivalent for SMB2/3 was still a work in progress?