Spoiling Linux Kernel with "sanctioned" code
printserver.inkFTA: "The code can't be merged into Linux kernel unless the contributor can verify they're not working in a sanctioned company of said country (guilty until proven innocent)"
That's explicitly not true, according to the Linux foundation. OFAC sanctions restrict providing a service, so here the violation would be two-way collaboration, not the receipt of information.
The kernel could review & merge the patch without running afoul of sanctions. What they cannot do is have dialogue with the sanctioned contributor.
Logic is not subject to sanctions, and anyone also may look at the submission and implement a matching fix.
https://www.linuxfoundation.org/blog/navigating-global-regul...
> unless the contributor can verify they're not working in a sanctioned company of said country
How does one prove a negative?
> Logic is not subject to sanctions
... and vice versa.
> Other people who would like to have this bug fixed can't commit it from their name or reuse the code present in the mail list from assumingly sanctioned entity
> The bug is forced to be fixed in some other way, not in a way it has been fixed by the bug fix contributor
I'm not quite following, why is this the case? If another non-Russian contributor submits the same fix, why wouldn't it be merged? If the project is GPL-licensed, surely that means the author of the fix doesn't retain any "patent" rights as the author describes it?
I suppose it's not about patents or copyright but rather the fear that a re-submitted patch can't be trusted because the original patch is considered not trustworthy, or that the resubmission is carried out by the sanction person itself or a friend under an email address that doesn't fall under the sanctions. Either way, it could be seen as a liability.
Suppose the issue was an incorrect constant used, e.g. a change from a 0 to a 1.
As long as somebody verifies that is the correct thing to do and submits a patch, I can't see anybody would complain about that. How else would you fix it?
But that's not what the article is complaining about. From their description, they removed a simple workaround, introduced a whole different approach to sending a message, relying instead on a watchdog timer. That's not a trivial refactor, and there could easily be a bug hidden in the change, intentional or not. That is the real issue.
Aside from anything else, the author was complaining about something going from no delay to having a 1ms delay, which broke his device. His solution was to rewrite it such that there was a variable delay, from 0ms to 275ms. That sounds even less desirable. A quarter of a second delay could easily be enough to cause data corruption on a drive after unmounting and before unplugging, if its logic on how to ensure data was flushed relied on that feature.
Such a major change needs extensive testing on basically most USB devices before it's randomly integrated into the kernel, especially when the fix it's undoing is over 20 years old, so the hardware it affects must be even older than that (and nobody else has used it in the last 20 years) and so most of the maintainers won't even be able to test whether the fix works anyway. It's just a big change explained away by a "trust me bro".
So here’s the thing. The author thinks that Greg K-H is under some sort of obligation to respond to the patch they submitted. But that’s just not how free software works.
Greg K-H is a fully autonomous human being and he doesn’t work for the author of tfa. It sucks that we live in a world where nation states try to put exploits into the linux kernel and other foss projects but we very much do live in that world. It sucks that that means the author doesn’t get to contribute to the Linux kernel because their government (who they presumably have little control over) are very active in doing that, but that too is a fact of life.
Either way Greg K-H doesn’t owe you or me or the author anything and people need to stop being so entitled about free software.
> So here’s the thing ...
That was very much not the thing. He's raising an interesting point, if true. Namely that sanctioned countries could severely damage the progress of Linux by supplying good patches.
With AIs submit every possible reasonable patch alternative. Essentially locking these solutions out. Doesn't even matter if AI is allowed or not.
> damage the progress of Linux by supplying good patches
Suffering from success
Greg K-H is one of the original author of OHCI implementation, and the current USB subsystem maintainer. Another USB subsystem maintainer told me he won't merge the code without Greg's approval (he's OK with my code and reviewed it, as you can see in the mail list).
This is not the first case anyway.
>author doesn’t get to contribute to the Linux kernel because their government
I guess you're missing the point: nobody has asked me anything. The whole assumption that I'm Russian, from Russia, and a possibly designated, comes from using my .ru email.
I used to have .cn and .be domains as well during my life, should have been Chinese or Belgian to send kernel patches :D
But you are Russian, right? I obviously have no idea to the extent GregKH has verified this, but a trivial scan of your online presence revealed to me you at minimum speak Russian and there's decent evidence you live/lived in Russia.
I've been thinking lately that what underpinned the FOSS golden age was not actually decentralized VCS and high-quality forges, nor even ZIRP, but rather peacetime.
After a period of branches and patchsets, full national hard forks are going to become de rigeur, and linux-derived OSes across the world are going to bloom necessarily, as we no longer have the kind of ambient trust required to collaborate across borders.
Look forward to Euro-linux, Sino-BSD, and I guess probably some sort of GCC-area build as well.
Patches will be accepted across national boundaries with only the highest scrutiny, which itself will likely be provided by nationalized AI platforms.
Gods I hate this era
It's even worse: the same logic is already starting to fracture the internet at large.
I mean the capabilities of the internet aren't something you really want to have aimed AT you when you're fighting in a war. The internet grew after the cold war ended and it will change as another cold/hot war starts.
OpenSuse is (or will be) "Euro-Linux".
Mageia's also a fine European distro.
Suse has more packages in their repo. But, I prefer Mageia's control center to yast.
This is a great thing for innovation though? Nations/blocs protecting their tech interests will result in more jobs to go round in the industry, more unique ideas, and less centalisation, surely?
The globalised, hyper-centralised world is a bit boring, tbh.
I forecast that you will not be bored, and may have other, stronger feelings. Ask Ukrainians
I spent like 20% of my adult life in Ukraine and Russia. They overwhelmingly don't like the globalosed world.
Ukraine might be a fashion symbol in the west, but when I was volunteering out there in the first year, the points of view where mainly wanting to be like Poland; not absorbing the values of the wider west.
Can't you change the domain? If you want to work within any project, enterprise or open source, you have to obey their rules. If you do not like to do that, you do not have to work with them.
> Think about that.
I thought and I do not think this article is anything else but a rant.
Russians are responsible for their leaders
I watch american politics with great interests to see if their will overthrow their own tyrant. That would be interesting though I am not sure if good for the rest of the world.
Nobody can know for certain ahead of time if someone they are voting for will turn authoritarian or not after they are in power.
You realize that russian govenment was overwhelmingly re-elected each time since inception of russian federation in 1991, and invaded neighbours regularly with land grabs since 94?
Russia invaded their neighbors forever, not just since 94.
America invades everywhere, Russia only neighbors, that's what you learn in school.
Rollout the whataboutism!
russian federation was created in 1991.
Since then russia occupies entirety of Ichkeria, parts of Moldova, parts of Georgia, and parts of Ukraine
What lang grabs does US got since 91?
If you want to go before, russian occupation called 'ussr' and 'russian empire' caused pretty much unparalleled suffering and extinsions of peoples. But also, we are talking about current events. Past brutality is poor justification of current actions
I think the same could be said for North Korea, but that doesn't mean they're voting honestly.
Not even close.
The story remotely reminds me about this gold:
What is this: does not ring, and does not fit in the ass..? Soviet device for ringing in the ass.
Infinitely more funny if you lived on the east side of the iron curtain.
I guess the Russians will have to learn the Chinese way and perhaps the Chinese language as well?
Perfect usecase for AI, by US legal doctrine, copyright is gone after you feed it through and so should sanctions /s
This post is apparently not publicly shown on the main page for some reason.
Why should it be? It has low rating (yet).
It is on the front page.
Obvious attack vector for Russia: Submit fixes to severe bugs that can't realistically be fixed any other way.
…and that’s an attack vector because?
There’s literally nothing stopping them from fixing the bug in either this case or the hypothetical. The maintainer just doesn’t respond to email from .ru domains. He could still choose to take the patch. He may just have decided not to accept this patch because changing something quite obscure to fix a weird printer used by one guy is likely to cause more problems than it solves. We don’t know because he didn’t respond.
That certainly doesn’t mean he wouldn’t fix a serious bug just because he heard about it from a .ru address.
He's saying that they can not accept the same patch, even from someone else, once it's been submitted by a sanctioned country. It's little to do with getting a reply.
I haven't verified if what he's saying is true though.
Is there a CVE for this?
Why would there, it doesn't sound like a security issue?
If it's true, it's a way for Russia to find security flaws and ensure they're not patched in good ways.
Yeah, it sucks.
> This adds ~1ms latency per transfer cycle for rapid bidirectional communication which leads to half the USB 1.1 speed for smaller packets at best.
Still, I don't think this patch should be applied /for everyone/. Maybe compile out-of-tree and load as a kernel module, if possible?
The patch removes this latency and improves transfer speed, without any drawbacks.
I still have a MB with just a USB 1.1 controller. I would hate it if the USB stopped working after this fix. I think a config option for the delay would be best.