Rik van Riel

ENGLISH

riel for questions and answers, you can go to #qc

riel remember that during the lecture, you can always ask questions in #qc

* leonardop is back (gone 00:33:36)

riel if you have any questions, you can ask them at any time during or after the lecture, in the #qc channel

FloodeR Question to riel: Don't you think that it be a little dangerous to "play" with stable kernel series?

riel FloodeR: ok, I'll answer that one ;)

FloodeR Thanks :)

JALH like changing the vm...

hensema riel: just for reference, what kernel was current in juli 2001? 2.4.9?

HoraPe (to be answered in #qc, what's UML?)

riel could you cut'n'paste on #qc what the last line was you got from me ?

hensema User Mode Linux

sarnold uml == user mode linux .. run linux on top of linus as a user process

riel bah, server problems it seems ;(

HoraPe riel, "the extra..."

Ap <riel> the extra stability and new features meant that many kernel developers started switching to Alan's kernel and making patches for Alan's kernel

dabeej the extra stability and new features meant that many kernel developers started switching to Alan's kernel and making patches for Alan's kernel

riel HoraPe,Ap: ok, thanks

dabeej hey riel, continue

HoraPe ok, i didn't get the acronym :-)

anders HoraPe: http://user-mode-linux.sourceforge.net/

Bugblue riel:we miss a much....

onki Bugblue: don't worry, I'm running a log

* Bugblue is doing the same

* Bugblue just did /ignore *!*@* (joins,modes,parts,quits)

onki riel, we have seen rumours about two vm's (on the kernel list it was suggested a.f.a.i.k) would that be a good idea in your opinion?

Bugblue that should look a bit better

Bugblue *it was a hint*

onki maybe a little advanced (my question)

riel onki: I'll try to answer that question ;)

onki k, thnx

HoraPe Bugblue, tnx

Bugblue HoraPe: smodes is also a good idea

bernardo hol

bernardo hola

bernardo alguién sabe el nombre de algún software serio para componer musica

hensema bernardo: english please

viZard bernardo, canal de preguntas para #umeet

setepo riel: what is happening with XFS? XFS will be added in 2.5?

HoraPe hensema, not needed to write in english...

HoraPe riel reads (more or less) spanish and portuguese

hensema Yeah, but not all people on this channel do and questions are copied to #linux by riel...

Bugblue in Xchat users can click on the conference button (the [c] right beside the inputline where you type text) just choose #linux and click on this button. It will automatically ignore everything that is not normal text

riel well, this is the first half of this lecture, if you have questions about what happened in 2.4 last year, please ask them in #qc

Ikarus Bugblue: it will show mode and nick changes

viZard he's gone, see ?

HoraPe hensema, when riel answers you can understand the answer... it's something :-)

Bugblue Ikarus: it will not show joins, parts and quits...

Ikarus Bugblue: correct

dabeej i have question!

dabeej the vm you had in earlier releases of 2.4

t00R__ viZard =)

thobias_ riel: what do you think about most distributions start using Alan's kernel

hensema riel: lots of people tend to be unhappy about the critical bugs in released kernels, like 2.4.11 and 2.4.15. Do you think anything can be done in order to prevent such bad releases?

thobias_ ?

dabeej which release would you call your best

wol riel: I've followed the 2.4 development and I'm nervous that critical bugfixes seem never to get integrated.  Do you think this will change now Marcelo is in charge?

Army Bugblue : when 'll they be online?

peter111 buenas

cox riel: the bugs you are talking about do affect "normal" servers?

viZard peter111, shhh

dabeej and would you continue working on your vm in future

manaha riel what are the major differences between yours and marcelo VM (i've had no time to look at marcelo VM :(  )

* fluxie is away. idle for 30m (time: 01:35pm)

Army manaha : its Andrea VM not Marcelo's

manaha excuses

velco Army: it's Marcelo's now ;)

manaha marcelo...

t00R__ riel: has the vm from AA been tested publicly ? (mjesus asks this)

dabeej ??

viZard jeje

Army velco : owkee velco scores one point :)

Folken that was like invoking a spirit...

dabeej marcelo isnt around riel

riel seems like it ;(

Folken "if you're here knock 3 times"

dabeej =(

dabeej riel: im gonna go sit in "the channel"

wol riel: (for instance: the periodic complaints about not being able to tell how Andrea's VM works, and recently it was said that this was because doc patches are discarded.)

dabeej i got someone logging for me

dabeej good job so far

viZard riel: somebody asks me, what's a VM?

wol viZard: virtual memory subsystem.

sarnold virtual memory system .. it handles running more programs at once than can fit in memory

viZard thx

peter111 riel: yo quiero aprender a cambiarme la Ip ¿tienes algun programa?

peter111 traducelo ahi viZard

t00R__ peter111: ifconfig ;-)

Folken riel , and what about the -rc proposed in LKML?

peter111 ifconfig ·· comando desconocido

fernand0 peter callese, por favor

Army riel : how is the janitor-project doing?

viZard peter111: ahora estamos en medio de una conferencia, dejalo para despues, si?

onki riel, additional question to hensema's question, is there some sort of list kernal hackers are using to test a new release?

cox a kernel QA team is being needed :)

Folken riel , but that give us the other problem discussed, no one will test -rc's

* hensema will

* Army will also when he has time

Rawsock i've been testing since 2.4.0 and got no prob

dmc The main thing is to have -preX kernels that are guaranteed not to have new features before they become a release...

Rawsock but can't test too well

velco velco is now known as Lorette

wol Might it make more sense (at least in 2.<odd> series) to give up on -pre and just keep incrementing the SUBLEVEL?

riel wol: maybe

AdamK A myriad of different release naming schemes has been discussed nearly to death on LKML

sarnold there are only 255 sublevels to play with in odd series (at least, as currently implemented..) .. using -pre allows more than 255 kernelseasily :)

AdamK Anyone whos interested, feel free to check an archive

Army wol : you meen something like 2.4.17.1 and 2.4.17.2?

JALH that's what zealos uses :>

HoraPe it's a port of linux to linux or to posix?

wol *shrug* I come from a universe where test releases are called "20010407 snapshot" and we spend _months_ testing each point release, so the kernel versioning system has never really worked for me.

velco HoraPe: to linux

HoraPe ie, can i run uml in a bsd (or nt) ?

JALH yes

JALH I believe it runs on bsd

velco HoraPe: has linux specific ptrace calls

JALH not sure about nt

JaL it's a linux-kernel patch

wol Army: no, just 2.4.17, 2.4.18, 2.4.19, ... keep bumping the smallest number until it works.

velco HoraPe: it could be _ported_ though

JALH HoraPe, talk to jdike on #kernelnewbies on irc.openprojects.net

Jae Will UML be added to the linux source tree?

JALH it was in the -ac ones

Bugblue riel: what are the advantages instead of using 'chroot' or in HP-linux so called: 'compartments' ?

dre this isn't like tue impletation of compaq on his tru64 that can run several o.s. at the same time ??

Bugblue riel: and could't we do it already with vmware (and others like that?)

dre (the uml )

onki riel, if you would provide a 'kernel instance' with UML would the admin still have control or would the user have to much freedom?

Jae riel: will UML be added to 2.5 ?

kroks but you have ulimit for preventing that kind of starving resources

hensema Jae: like he said: he cannot look into the future

lennert riel: jeff dike said at LK2001 he would submit uml for 2.5 any day now

* hensema counts on UML being added, though ;-)

JALH hey lennert!

* Bugblue bets hensema for a bbq-beer

Army kroks: ulimit is nothing compared with prm

lennert hey JALH

Army kroks : prm gives you more control about what every one is allowed todo

cox riel: what about the security provided by the NSA Linux distrib compared to UML?

FloodeR riel: The process of generate uml virtual enviroments, can starve the machine, or while you don't use it they are stoped? Imagine a university machine

Army FloodeR : prm is taking care of that

lennert running >5 umls on a moderate box will noticably slow it down

kroks Army: i dont know anything about prm, thank you for telling me about it

lennert (because of the uml timer tick)

FloodeR Um

Folken lennert , moderate box being what?

lennert Folken: pentium iii 800 or so

FloodeR I'm thinking in at least 50 umls

Folken lennert , not so bad...

lennert we need a tickless kernel.. :)

Army kroks: with prm the kernel can limit things, hopefully will it make 2.5

Bugblue or

TJ hey congratz for conference its very interesting

TJ :OP

lennert as it is, idle uml's take up too much resources

Sorvin riel : meaning, Inter-Mezzo is just .. well.. Offline Files for linux .. ? :)

Bugblue we need a IBM Z-series mainframe.... what can run about 40.000 concurent linux instances

Bugblue without any problem except the money

velco the overhead that uml instroduces is mostly due to the redirection of system calls, besides system calls slowdown all the rest works the same way, with the same speed.

Joselito1 who is -rc

MCArkan riel: won't intermezzo takes too much network resources if it duplicates files ?

Army Bugblue : money? just order it :)

* JALH hands riel cvs :-)

Army Bugblue : just say you want to see the machine running before you buy :)

cdub Joselito1, -rc means release candidate

Rawsock um JALH

sarnold joselito1: -rc == release candidate

HoraPe what happens when both the laptop and the server have modified the same file?

Bugblue Army: I did and they wanted to put a test machine here (for a month)

Rawsock Intermezzo is a transparent filesystem layer i suppose

JALH cvsfs

JALH :)

Rawsock lika a HURD translator i suppose

Army Bugblue : when can I come for a visit? :)

lennert HoraPe: intermezzo doesn't deal with that yet

Rawsock ( doh, said that word again )

HoraPe what does it does when that happens? croaks?

lennert Rawsock: yes, but does need some per-filesystem support code

lennert intermezzo uses either an own algorithm, or the rsync protocol (librsync)

lennert (for replication)

lennert replcation changes are tracked by keeping a KML, kernel modification log

JALH Leenooks S&M!

lennert this is a sort-of journal of modifications, but it's not circularly rewritten.

lennert it's more akin to db-style archive logging

JALH it uses a luser-space lib?

Rawsock um sweet

lennert JALH: it consists of two components, presto and lento

lennert JALH: presto is the kernel part, lento the userspace part

JALH ah

lennert JALH: lento takes care of forwarding changes

lennert JALH: lento is, incidentally, written in perl

Rawsock :) andante ma non troppo

JALH aiee

* JALH takes a look :)

Ikarus In PERL, sick

Sorvin riel : will it replace PAM ?

onki riel: could you explain the difference between iptables and LSM? is LSM arranging security on the user part?

mulix sorvin, it's a userspace component

mulix pam is userspace, lsm is kernel space

peter me voy...

Sorvin i know, but will it make PAM unneeded ?

peter chao a todos por aqui!!!!!

mulix not likely

mulix because some things are better checked in userspace

mulix and some are better checked in kernel space

Sorvin i see.

Sorvin thanks :)

mulix sure, dont mention it :)

cdub riel, sarnold: NSA (SELinux), standard POSIX.1e capabilities ;-)

Army riel: do you know if anything from example openwall or lids are going to be included in 2.5?

Folken SELinux bd included...

cdub iptables, is just network, LSM, uses iptables for some of the network hooks

cdub sorry, netfilter

onki cdub: thnx

cox did the NSA create the LSM?

onki netfilter indeed

sarnold <cox> did the NSA create the LSM?

Sorvin mulix : does that mean that all the security checks that are being done when open() is called, will be simply a list of LSM modules to be invoked ?

cdub NSA presented to 2.5 kernel summit.

rapid riel : code on linux kernel is a mess... its planed to fix

cdub but LSM is a combined effort of NSA and many others

Rawsock hum .. Loading magiclantern.o ?

rapid things around? move funcions etc..?

mulix Sorvin, i'm not sure about the lsm architecture

mulix if it's a series of modules, or a series of hooks or what

Sorvin k

mulix perhaphs some of the developers could tell you, or just check out the source :)

kroks does LSM  means that when you make a program you dont have to care about security?

* hensema laughs

Folken 'use the source Luke!' (TM)

mulix that's *always* the right answer, folken :)

onki kroks, that would be cool :)

MCArkan how reliable can the NSA members be ?

mulix sarnold, than how is it implemented?

Folken yeh :)

cdub kroks, no, in fact, you may want to make your app _aware_ of the new security features in the kernel module

cdub but, you can also use an LSM to confine code that you are unsure of.

sarnold <mulix> sarnold, than how is it implemented?

mulix sarnold, while we are at it, will lsm allow hijacking system calls?

Sorvin sarnold : of course not. but im asking this if developers could "plug-in" security checks of their own easily when open() is called

cdub or check http://lsm.bkbits.net ;-)

kroks cdub: ok, but ive read that if you want to open a file in a secure way, you have to do more thinks that only call open(). will LSM implement that kind of security matters?

mulix ok, sarnold, thanks very much.

sarnold <cdub> or check http://lsm.bkbits.net ;-)

kiwnix can LSM do kernel stack protections?

kiwnix as solaris do

hensema sarnold: can LSM be used to RAISE permissions, instead of denying access to certain resources?

cdub heheh, hesema, yes, but not at the same granularity as denying.

sarnold since we don't need the lecture to last forever, and it is supposed to be *riel's* lecture, I'll hang out in #lsm-dev on irc.openprojects.net to answer more questions :)

riel sarnold: if you want to, maybe we could even schedule an LSM lecture somewhere in the next 2 weeks? ;0

dreim0n sarnold:  we can make a second lecture on this net if you want

dreim0n :)

zuez speaking of filesystems, are you folks planing something like growfs for ext2 partitions?

setepo riel: XFS will be added in 2.5?

HoraPe riel, bsd people use something called softupdates, supposed to be a more rational way of ordering writes that has lot of the journaled fs without being so complex, will linux get some fs like that?

wol related, there's the buffer cache and the page cache, what is the difference? it seems like the buffer cache is slowly going away?

zuez yeah, i´d also like to point out that small difference :)

lennert correction, andreas dilger wrote the ext2 online resize patch (for ext2resize, ext2resize.sf.net)

lennert ted t'so is currently figuring out another way of doing online resizing without needing an offline prepare stage first

basilon buenas

lennert he wrote something about this in the LK2001 proceedings

velco HoraPe: with softupdates you may lose blocks, so have to run fsck sometimes, OTOH jornalled filesystems suffer from seeking to the journal (if it's on the same plate)

zuez or, you loose files that are cached.

lennert there are still recovery situations that softupdates doesn't deal with, that's why newer solaris has a logufs

lennert phase trees are awfully identical to 'shadow paging' as described f.e. in 'transaction processing' by Gray and Reuter (1970-something)

ninjalj what happened with the patent claim against Phillips?

lennert Gray basically concluded that shadow paging in system R was a failure

HoraPe why that conclusion?

lennert HoraPe: fragmentation

lennert ninjalj: patent claim?  from netapp?

vituco riel: Could you tell us about the Networking code in 2.5.x later? Will it change again?

lennert Transaction Processing : Concepts and Techniques (Morgan Kaufmann Series in Data Management Systems), by Jim Gray, Andreas Reuter

dreim0n hummm one aobut this phase if changes are done with a veryu little tiem in a file like the oracle.db  that is a large file this can mean that you are working with an out-of-phase db ?

lennert http://www.amazon.com/exec/obidos/ASIN/1558601902/ref=pd_bxgy_text_1/107-3063278-5990918

lennert <riel> the filesystem can simply let 10 fsync()s complete on the same phase change

lennert you can do the same with journalling, it's called batch commit or group commit

lennert bad for latency, but really good for performance

lennert from what i've read about WAFL, it's just another implementation of shadow paging

viZard riel: is or will be LIDS merged with 2.4 or 2.5 kernel ?

sarnold viZard -- no; one of the reasons why Linus proposed LSM is to avoid questions like this. :) The LIDS people have said they plan on porting LIDS to use LSM in the future, when they have omre free time

cdub viZard likely LIDS will be ported to LSM

MCArkan riel: what's the difference with intermezzo ?

HoraPe how is the hardware thing done?

cox how you can share the same disks between multiple boxes?

dmc fiberchannel.

dmc or any SAN.

cox aps

cox thx

zuez storage area network?

dmc yep.

zuez hm

dreim0n we use fier channel in a little network of 30 compiuters it seem enough

dreim0n the sotarge an hsg80 of sun with 19teras

FloodeR riel: What's about stability of opengfs? For production machines?

riel FloodeR: not quite there yet, but getting better fast

FloodeR Ok, thanks

dreim0n in what machines is ready to run ?? only  linux boxes ??

ninjalj Flooder, both intermezzo and opengfs are marked experimental right now

zuez how do you prevent us the Systems Administrators with Linux from tuning cahce sizes and stuff?

cox lol

zuez thing you don´t really need to worry about iwth fbsd.

peter11 buenas

zuez yeah

zuez indeed, riel, m.m is good with fbsd.

zuez however

zuez you can bot with 4Gb of RAM

zuez it should cause a panic tho

zuez 19990604-CURRENT has a fix for it, afaik.

wol you say this will happen outside the main kernel, but will it be intended to go back at some point, or will it remain a separate patch forever?

riel I guess this lecture has gone on for too long already ... if you have questions you can answer them in #qc

onki riel, this raises a lot of questions for me, be prepared to answer them within the next week :) thanx for the lecture, it was good

hensema riel: thank you for the informative lecture.

dmc riel: thanks.  Great talk.

MCArkan riel: thanks

mulix thanks, riel, it was very interesting

Mas información: