FTA: "The code can't be merged into Linux kernel unless the contributor can verify they're not working in a sanctioned company of said country (guilty until proven innocent)"
That's explicitly not true, according to the Linux foundation. OFAC sanctions restrict providing a service, so here the violation would be two-way collaboration, not the receipt of information.
The kernel could review & merge the patch without running afoul of sanctions. What they cannot do is have dialogue with the sanctioned contributor.
Logic is not subject to sanctions, and anyone also may look at the submission and implement a matching fix.
> Other people who would like to have this bug fixed can't commit it from their name or reuse the code present in the mail list from assumingly sanctioned entity
> The bug is forced to be fixed in some other way, not in a way it has been fixed by the bug fix contributor
I'm not quite following, why is this the case? If another non-Russian contributor submits the same fix, why wouldn't it be merged? If the project is GPL-licensed, surely that means the author of the fix doesn't retain any "patent" rights as the author describes it?
I suppose it's not about patents or copyright but rather the fear that a re-submitted patch can't be trusted because the original patch is considered not trustworthy, or that the resubmission is carried out by the sanction person itself or a friend under an email address that doesn't fall under the sanctions. Either way, it could be seen as a liability.
Suppose the issue was an incorrect constant used, e.g. a change from a 0 to a 1.
As long as somebody verifies that is the correct thing to do and submits a patch, I can't see anybody would complain about that. How else would you fix it?
But that's not what the article is complaining about. From their description, they removed a simple workaround, introduced a whole different approach to sending a message, relying instead on a watchdog timer. That's not a trivial refactor, and there could easily be a bug hidden in the change, intentional or not. That is the real issue.
Aside from anything else, the author was complaining about something going from no delay to having a 1ms delay, which broke his device. His solution was to rewrite it such that there was a variable delay, from 0ms to 275ms. That sounds even less desirable. A quarter of a second delay could easily be enough to cause data corruption on a drive after unmounting and before unplugging, if its logic on how to ensure data was flushed relied on that feature.
Such a major change needs extensive testing on basically most USB devices before it's randomly integrated into the kernel, especially when the fix it's undoing is over 20 years old, so the hardware it affects must be even older than that (and nobody else has used it in the last 20 years) and so most of the maintainers won't even be able to test whether the fix works anyway. It's just a big change explained away by a "trust me bro".
So here’s the thing. The author thinks that Greg K-H is under some sort of obligation to respond to the patch they submitted. But that’s just not how free software works.
Greg K-H is a fully autonomous human being and he doesn’t work for the author of tfa. It sucks that we live in a world where nation states try to put exploits into the linux kernel and other foss projects but we very much do live in that world. It sucks that that means the author doesn’t get to contribute to the Linux kernel because their government (who they presumably have little control over) are very active in doing that, but that too is a fact of life.
Either way Greg K-H doesn’t owe you or me or the author anything and people need to stop being so entitled about free software.
That was very much not the thing. He's raising an interesting point, if true. Namely that sanctioned countries could severely damage the progress of Linux by supplying good patches.
Greg K-H is one of the original author of OHCI implementation, and the current USB subsystem maintainer. Another USB subsystem maintainer told me he won't merge the code without Greg's approval (he's OK with my code and reviewed it, as you can see in the mail list).
This is not the first case anyway.
>author doesn’t get to contribute to the Linux kernel because their government
I guess you're missing the point: nobody has asked me anything. The whole assumption that I'm Russian, from Russia, and a possibly designated, comes from using my .ru email.
I used to have .cn and .be domains as well during my life, should have been Chinese or Belgian to send kernel patches :D
But you are Russian, right? I obviously have no idea to the extent GregKH has verified this, but a trivial scan of your online presence revealed to me you at minimum speak Russian and there's decent evidence you live/lived in Russia.
I watch american politics with great interests to see if their will overthrow their own tyrant. That would be interesting though I am not sure if good for the rest of the world.
You realize that russian govenment was overwhelmingly re-elected each time since inception of russian federation in 1991, and invaded neighbours regularly with land grabs since 94?
Since then russia occupies entirety of Ichkeria, parts of Moldova, parts of Georgia, and parts of Ukraine
What lang grabs does US got since 91?
If you want to go before, russian occupation called 'ussr' and 'russian empire' caused pretty much unparalleled suffering and extinsions of peoples. But also, we are talking about current events. Past brutality is poor justification of current actions
Can't you change the domain? If you want to work within any project, enterprise or open source, you have to obey their rules. If you do not like to do that, you do not have to work with them.
> Think about that.
I thought and I do not think this article is anything else but a rant.
This is great. I am happy to hear that russians get ostracized as they should be.
Quick reminder - sanctions are there because their army is currently is involved in brutal invasion, mass state sanctioned rapes, murders, bombings of civilians with hundreds of missiles and drones launched on cities, kidnapping children and putting them for adoption to russian families. Each penny paid to them will fuel their war machine. Every open project will be used in their war crimes.
Do not reply to russians. They are not victims in this. They are perpetrators of this brutal war.
A person is not responsible for the actions of their government. All governments wage war and cause suffering.
I have many close friends who are Russian by nationality. Russian by crime of accident of birth. So many of my friends in this situation abhor the actions of their government.
The Mentor stated it best. Phrack 7, 1986:
"We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals."
> A person is not responsible for the actions of their government. All governments wage war and cause suffering.
That is true, but one of the reasons for imposing sanctions after diplomatic processes fail to get the government change their course of action, beyond just causing economic harm to the government, is specifically to apply pressure on population such that they don't want to support their government any more and vote them out, or where that isn't possible cause an insurrection.
Whether it is right for another country to influence another country in that way is debatable, but as sanctions are only effective if basically every other country adheres to them, by that point it's clear that every other country disagrees with the target country under sanctions (or values their relationship with the countries that do more than the target), so perhaps it's not unreasonable.
In any case, it's clear that partly from the Russian government restricting the flow of information inside Russia, but also from opinions that the population already had, there's still a lot of support within Russia for continuing the war. Perhaps, sanctions will help influence popular opinion against the war, perhaps not, but that is one of the main goals of sanctions. Just saying "oh, but they're just ordinary citizens, they're not responsible for government actions" misses the point of what sanctions are trying to achieve.
It is not “crime of birth” it is crime of choice of supporting war machine which invaded and occupied neighbour for hundreds of years; colonizing and exterminating peoples.
It is not russian ELECTED government raping thousands and killing tens of thousands. It is not govenment which launched over 60 000 drones and missiles in Ukrainian cities last month. It is russians, it is tens of millions in russian military, trice that supporting the military and each paying taxes being complicit.
They don't get to play victim while butchering people
P.S. before you claim 'not fair election' a quick reminder thet russians voted for this government each time since inception of russian federation in 1991, with the very clear track record of invading neighbouring countries with land grabs
So does that mean my girlfriend is also to blame for the war just because she happened to be born in Russia? She’s against Putin herself, but there’s not much she can do about it because, as a trans woman, she’s persecuted by that shitty state simply for existing. If she protested, they’d kill her. Why should she now be barred from at least pursuing her hobby and submitting patches for software projects?
I understand that your girlfriend is a victim of same regime (and I am sorry for that, genuinely), but she may or may not be a part of it depending on circumstances.
Make no mistake - this has nothing to do with nationality or ethnicity, and everything with ones actions. Just answer me this - you say "She’s against Putin". What does it mean? Does she fight with other russian volunteers for Armed Forces of Ukraine? Does she sabotage logistics alongside partisans? Provide intelligence? Does she pay taxes in russia? Like, how is her 'being against Putin' is reflected on reality?
P.S.You nickname says 'Random German', so you should know a thing or two about systemic complicity, clean Wehrmacht myth etc. I would love to hear your opinion on what is her role in it.
I've been thinking lately that what underpinned the FOSS golden age was not actually decentralized VCS and high-quality forges, nor even ZIRP, but rather peacetime.
After a period of branches and patchsets, full national hard forks are going to become de rigeur, and linux-derived OSes across the world are going to bloom necessarily, as we no longer have the kind of ambient trust required to collaborate across borders.
Look forward to Euro-linux, Sino-BSD, and I guess probably some sort of GCC-area build as well.
Patches will be accepted across national boundaries with only the highest scrutiny, which itself will likely be provided by nationalized AI platforms.
I mean the capabilities of the internet aren't something you really want to have aimed AT you when you're fighting in a war. The internet grew after the cold war ended and it will change as another cold/hot war starts.
This is a great thing for innovation though? Nations/blocs protecting their tech interests will result in more jobs to go round in the industry, more unique ideas, and less centalisation, surely?
The globalised, hyper-centralised world is a bit boring, tbh.
I spent like 20% of my adult life in Ukraine and Russia. They overwhelmingly don't like the globalosed world.
Ukraine might be a fashion symbol in the west, but when I was volunteering out there in the first year, the points of view where mainly wanting to be like Poland; not absorbing the values of the wider west.
Then he should probably move out of Russia. As near as I can tell, pretty much everyone in Russia should be trying to leave at the earliest opportunity.
There’s literally nothing stopping them from fixing the bug in either this case or the hypothetical. The maintainer just doesn’t respond to email from .ru domains. He could still choose to take the patch. He may just have decided not to accept this patch because changing something quite obscure to fix a weird printer used by one guy is likely to cause more problems than it solves. We don’t know because he didn’t respond.
That certainly doesn’t mean he wouldn’t fix a serious bug just because he heard about it from a .ru address.
He's saying that they can not accept the same patch, even from someone else, once it's been submitted by a sanctioned country. It's little to do with getting a reply.
I haven't verified if what he's saying is true though.
I still have a MB with just a USB 1.1 controller. I would hate it if the USB stopped working after this fix. I think a config option for the delay would be best.
FTA: "The code can't be merged into Linux kernel unless the contributor can verify they're not working in a sanctioned company of said country (guilty until proven innocent)"
That's explicitly not true, according to the Linux foundation. OFAC sanctions restrict providing a service, so here the violation would be two-way collaboration, not the receipt of information.
The kernel could review & merge the patch without running afoul of sanctions. What they cannot do is have dialogue with the sanctioned contributor.
Logic is not subject to sanctions, and anyone also may look at the submission and implement a matching fix.
https://www.linuxfoundation.org/blog/navigating-global-regul...
> Logic is not subject to sanctions
... and vice versa.
> unless the contributor can verify they're not working in a sanctioned company of said country
How does one prove a negative?
> Other people who would like to have this bug fixed can't commit it from their name or reuse the code present in the mail list from assumingly sanctioned entity
> The bug is forced to be fixed in some other way, not in a way it has been fixed by the bug fix contributor
I'm not quite following, why is this the case? If another non-Russian contributor submits the same fix, why wouldn't it be merged? If the project is GPL-licensed, surely that means the author of the fix doesn't retain any "patent" rights as the author describes it?
I suppose it's not about patents or copyright but rather the fear that a re-submitted patch can't be trusted because the original patch is considered not trustworthy, or that the resubmission is carried out by the sanction person itself or a friend under an email address that doesn't fall under the sanctions. Either way, it could be seen as a liability.
Suppose the issue was an incorrect constant used, e.g. a change from a 0 to a 1.
As long as somebody verifies that is the correct thing to do and submits a patch, I can't see anybody would complain about that. How else would you fix it?
But that's not what the article is complaining about. From their description, they removed a simple workaround, introduced a whole different approach to sending a message, relying instead on a watchdog timer. That's not a trivial refactor, and there could easily be a bug hidden in the change, intentional or not. That is the real issue.
Aside from anything else, the author was complaining about something going from no delay to having a 1ms delay, which broke his device. His solution was to rewrite it such that there was a variable delay, from 0ms to 275ms. That sounds even less desirable. A quarter of a second delay could easily be enough to cause data corruption on a drive after unmounting and before unplugging, if its logic on how to ensure data was flushed relied on that feature.
Such a major change needs extensive testing on basically most USB devices before it's randomly integrated into the kernel, especially when the fix it's undoing is over 20 years old, so the hardware it affects must be even older than that (and nobody else has used it in the last 20 years) and so most of the maintainers won't even be able to test whether the fix works anyway. It's just a big change explained away by a "trust me bro".
So here’s the thing. The author thinks that Greg K-H is under some sort of obligation to respond to the patch they submitted. But that’s just not how free software works.
Greg K-H is a fully autonomous human being and he doesn’t work for the author of tfa. It sucks that we live in a world where nation states try to put exploits into the linux kernel and other foss projects but we very much do live in that world. It sucks that that means the author doesn’t get to contribute to the Linux kernel because their government (who they presumably have little control over) are very active in doing that, but that too is a fact of life.
Either way Greg K-H doesn’t owe you or me or the author anything and people need to stop being so entitled about free software.
> So here’s the thing ...
That was very much not the thing. He's raising an interesting point, if true. Namely that sanctioned countries could severely damage the progress of Linux by supplying good patches.
With AIs submit every possible reasonable patch alternative. Essentially locking these solutions out. Doesn't even matter if AI is allowed or not.
> damage the progress of Linux by supplying good patches
Suffering from success
Greg K-H is one of the original author of OHCI implementation, and the current USB subsystem maintainer. Another USB subsystem maintainer told me he won't merge the code without Greg's approval (he's OK with my code and reviewed it, as you can see in the mail list).
This is not the first case anyway.
>author doesn’t get to contribute to the Linux kernel because their government
I guess you're missing the point: nobody has asked me anything. The whole assumption that I'm Russian, from Russia, and a possibly designated, comes from using my .ru email.
I used to have .cn and .be domains as well during my life, should have been Chinese or Belgian to send kernel patches :D
But you are Russian, right? I obviously have no idea to the extent GregKH has verified this, but a trivial scan of your online presence revealed to me you at minimum speak Russian and there's decent evidence you live/lived in Russia.
Russians are responsible for their leaders
I watch american politics with great interests to see if their will overthrow their own tyrant. That would be interesting though I am not sure if good for the rest of the world.
Nobody can know for certain ahead of time if someone they are voting for will turn authoritarian or not after they are in power.
You realize that russian govenment was overwhelmingly re-elected each time since inception of russian federation in 1991, and invaded neighbours regularly with land grabs since 94?
Russia invaded their neighbors forever, not just since 94.
America invades everywhere, Russia only neighbors, that's what you learn in school.
Rollout the whataboutism!
russian federation was created in 1991.
Since then russia occupies entirety of Ichkeria, parts of Moldova, parts of Georgia, and parts of Ukraine
What lang grabs does US got since 91?
If you want to go before, russian occupation called 'ussr' and 'russian empire' caused pretty much unparalleled suffering and extinsions of peoples. But also, we are talking about current events. Past brutality is poor justification of current actions
I think the same could be said for North Korea, but that doesn't mean they're voting honestly.
Not even close.
The story remotely reminds me about this gold:
What is this: does not ring, and does not fit in the ass..? Soviet device for ringing in the ass.
Infinitely more funny if you lived on the east side of the iron curtain.
Can't you change the domain? If you want to work within any project, enterprise or open source, you have to obey their rules. If you do not like to do that, you do not have to work with them.
> Think about that.
I thought and I do not think this article is anything else but a rant.
This is great. I am happy to hear that russians get ostracized as they should be.
Quick reminder - sanctions are there because their army is currently is involved in brutal invasion, mass state sanctioned rapes, murders, bombings of civilians with hundreds of missiles and drones launched on cities, kidnapping children and putting them for adoption to russian families. Each penny paid to them will fuel their war machine. Every open project will be used in their war crimes.
Do not reply to russians. They are not victims in this. They are perpetrators of this brutal war.
A person is not responsible for the actions of their government. All governments wage war and cause suffering.
I have many close friends who are Russian by nationality. Russian by crime of accident of birth. So many of my friends in this situation abhor the actions of their government.
The Mentor stated it best. Phrack 7, 1986:
"We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals."
Author of the article did not say where he pays taxes and spends his money on goods, which are taxed too.
Estimates are that 30 percent of taxes go to war in Russia.
So if he is in Russia, and not left for some deep forest or like, he helps Russian War effort.
> A person is not responsible for the actions of their government. All governments wage war and cause suffering.
That is true, but one of the reasons for imposing sanctions after diplomatic processes fail to get the government change their course of action, beyond just causing economic harm to the government, is specifically to apply pressure on population such that they don't want to support their government any more and vote them out, or where that isn't possible cause an insurrection.
Whether it is right for another country to influence another country in that way is debatable, but as sanctions are only effective if basically every other country adheres to them, by that point it's clear that every other country disagrees with the target country under sanctions (or values their relationship with the countries that do more than the target), so perhaps it's not unreasonable.
In any case, it's clear that partly from the Russian government restricting the flow of information inside Russia, but also from opinions that the population already had, there's still a lot of support within Russia for continuing the war. Perhaps, sanctions will help influence popular opinion against the war, perhaps not, but that is one of the main goals of sanctions. Just saying "oh, but they're just ordinary citizens, they're not responsible for government actions" misses the point of what sanctions are trying to achieve.
What a pile of horse shit.
It is not “crime of birth” it is crime of choice of supporting war machine which invaded and occupied neighbour for hundreds of years; colonizing and exterminating peoples.
It is not russian ELECTED government raping thousands and killing tens of thousands. It is not govenment which launched over 60 000 drones and missiles in Ukrainian cities last month. It is russians, it is tens of millions in russian military, trice that supporting the military and each paying taxes being complicit.
They don't get to play victim while butchering people
P.S. before you claim 'not fair election' a quick reminder thet russians voted for this government each time since inception of russian federation in 1991, with the very clear track record of invading neighbouring countries with land grabs
So should we stop talking to Americans, Israeli or Iranians then?
So does that mean my girlfriend is also to blame for the war just because she happened to be born in Russia? She’s against Putin herself, but there’s not much she can do about it because, as a trans woman, she’s persecuted by that shitty state simply for existing. If she protested, they’d kill her. Why should she now be barred from at least pursuing her hobby and submitting patches for software projects?
I understand that your girlfriend is a victim of same regime (and I am sorry for that, genuinely), but she may or may not be a part of it depending on circumstances.
Make no mistake - this has nothing to do with nationality or ethnicity, and everything with ones actions. Just answer me this - you say "She’s against Putin". What does it mean? Does she fight with other russian volunteers for Armed Forces of Ukraine? Does she sabotage logistics alongside partisans? Provide intelligence? Does she pay taxes in russia? Like, how is her 'being against Putin' is reflected on reality?
P.S.You nickname says 'Random German', so you should know a thing or two about systemic complicity, clean Wehrmacht myth etc. I would love to hear your opinion on what is her role in it.
I've been thinking lately that what underpinned the FOSS golden age was not actually decentralized VCS and high-quality forges, nor even ZIRP, but rather peacetime.
After a period of branches and patchsets, full national hard forks are going to become de rigeur, and linux-derived OSes across the world are going to bloom necessarily, as we no longer have the kind of ambient trust required to collaborate across borders.
Look forward to Euro-linux, Sino-BSD, and I guess probably some sort of GCC-area build as well.
Patches will be accepted across national boundaries with only the highest scrutiny, which itself will likely be provided by nationalized AI platforms.
Gods I hate this era
It's even worse: the same logic is already starting to fracture the internet at large.
I mean the capabilities of the internet aren't something you really want to have aimed AT you when you're fighting in a war. The internet grew after the cold war ended and it will change as another cold/hot war starts.
OpenSuse is (or will be) "Euro-Linux".
Mageia's also a fine European distro.
Suse has more packages in their repo. But, I prefer Mageia's control center to yast.
This is a great thing for innovation though? Nations/blocs protecting their tech interests will result in more jobs to go round in the industry, more unique ideas, and less centalisation, surely?
The globalised, hyper-centralised world is a bit boring, tbh.
I forecast that you will not be bored, and may have other, stronger feelings. Ask Ukrainians
I spent like 20% of my adult life in Ukraine and Russia. They overwhelmingly don't like the globalosed world.
Ukraine might be a fashion symbol in the west, but when I was volunteering out there in the first year, the points of view where mainly wanting to be like Poland; not absorbing the values of the wider west.
I guess the Russians will have to learn the Chinese way and perhaps the Chinese language as well?
Perfect usecase for AI, by US legal doctrine, copyright is gone after you feed it through and so should sanctions /s
[flagged]
I’m gonna hazard a guess and say that I don’t think the author has any troops anywhere, let alone in Ukraine.
Then he should probably move out of Russia. As near as I can tell, pretty much everyone in Russia should be trying to leave at the earliest opportunity.
So with that logic, pull requests from the US should also be ignored until they stop their attacks in the straight of hormuz?
The US is not nearly as bad as Russia (yet), but it's worth considering.
I'm sure millions of people will rearrange their lives in due consideration of your morality overlord status.
This post is apparently not publicly shown on the main page for some reason.
Why should it be? It has low rating (yet).
It is on the front page.
Obvious attack vector for Russia: Submit fixes to severe bugs that can't realistically be fixed any other way.
…and that’s an attack vector because?
There’s literally nothing stopping them from fixing the bug in either this case or the hypothetical. The maintainer just doesn’t respond to email from .ru domains. He could still choose to take the patch. He may just have decided not to accept this patch because changing something quite obscure to fix a weird printer used by one guy is likely to cause more problems than it solves. We don’t know because he didn’t respond.
That certainly doesn’t mean he wouldn’t fix a serious bug just because he heard about it from a .ru address.
He's saying that they can not accept the same patch, even from someone else, once it's been submitted by a sanctioned country. It's little to do with getting a reply.
I haven't verified if what he's saying is true though.
Is there a CVE for this?
Why would there, it doesn't sound like a security issue?
If it's true, it's a way for Russia to find security flaws and ensure they're not patched in good ways.
Yeah, it sucks.
> This adds ~1ms latency per transfer cycle for rapid bidirectional communication which leads to half the USB 1.1 speed for smaller packets at best.
Still, I don't think this patch should be applied /for everyone/. Maybe compile out-of-tree and load as a kernel module, if possible?
The patch removes this latency and improves transfer speed, without any drawbacks.
I still have a MB with just a USB 1.1 controller. I would hate it if the USB stopped working after this fix. I think a config option for the delay would be best.