Rendered at 05:20:31 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
thewebguyd 7 hours ago [-]
FTA: "The code can't be merged into Linux kernel unless the contributor can verify they're not working in a sanctioned company of said country (guilty until proven innocent)"
That's explicitly not true, according to the Linux foundation. OFAC sanctions restrict providing a service, so here the violation would be two-way collaboration, not the receipt of information.
The kernel could review & merge the patch without running afoul of sanctions. What they cannot do is have dialogue with the sanctioned contributor.
Logic is not subject to sanctions, and anyone also may look at the submission and implement a matching fix.
So here’s the thing. The author thinks that Greg K-H is under some sort of obligation to respond to the patch they submitted. But that’s just not how free software works.
Greg K-H is a fully autonomous human being and he doesn’t work for the author of tfa. It sucks that we live in a world where nation states try to put exploits into the linux kernel and other foss projects but we very much do live in that world. It sucks that that means the author doesn’t get to contribute to the Linux kernel because their government (who they presumably have little control over) are very active in doing that, but that too is a fact of life.
Either way Greg K-H doesn’t owe you or me or the author anything and people need to stop being so entitled about free software.
ghusto 8 hours ago [-]
> So here’s the thing ...
That was very much not the thing. He's raising an interesting point, if true. Namely that sanctioned countries could severely damage the progress of Linux by supplying good patches.
Ekaros 2 hours ago [-]
With AIs submit every possible reasonable patch alternative. Essentially locking these solutions out. Doesn't even matter if AI is allowed or not.
arxari 6 hours ago [-]
> damage the progress of Linux by supplying good patches
Suffering from success
ValdikSS 2 hours ago [-]
Greg K-H is one of the original author of OHCI implementation, and the current USB subsystem maintainer. Another USB subsystem maintainer told me he won't merge the code without Greg's approval (he's OK with my code and reviewed it, as you can see in the mail list).
This is not the first case anyway.
>author doesn’t get to contribute to the Linux kernel because their government
I guess you're missing the point: nobody has asked me anything. The whole assumption that I'm Russian, from Russia, and a possibly designated, comes from using my .ru email.
I used to have .cn and .be domains as well during my life, should have been Chinese or Belgian to send kernel patches :D
cmeacham98 3 minutes ago [-]
But you are Russian, right? I obviously have no idea to the extent GregKH has verified this, but a trivial scan of your online presence revealed to me you at minimum speak Russian and there's decent evidence you live/lived in Russia.
NicuCalcea 10 hours ago [-]
> Other people who would like to have this bug fixed can't commit it from their name or reuse the code present in the mail list from assumingly sanctioned entity
> The bug is forced to be fixed in some other way, not in a way it has been fixed by the bug fix contributor
I'm not quite following, why is this the case? If another non-Russian contributor submits the same fix, why wouldn't it be merged? If the project is GPL-licensed, surely that means the author of the fix doesn't retain any "patent" rights as the author describes it?
Simran-B 9 hours ago [-]
I suppose it's not about patents or copyright but rather the fear that a re-submitted patch can't be trusted because the original patch is considered not trustworthy, or that the resubmission is carried out by the sanction person itself or a friend under an email address that doesn't fall under the sanctions. Either way, it could be seen as a liability.
egamirorrim 7 hours ago [-]
Russians are responsible for their leaders
npodbielski 47 minutes ago [-]
I watch american politics with great interests to see if their will overthrow their own tyrant. That would be interesting though I am not sure if good for the rest of the world.
ranger_danger 2 hours ago [-]
Nobody can know for certain ahead of time if someone they are voting for will turn authoritarian or not after they are in power.
12 minutes ago [-]
npodbielski 51 minutes ago [-]
Can't you change the domain? If you want to work within any project, enterprise or open source, you have to obey their rules. If you do not like to do that, you do not have to work with them.
> Think about that.
I thought and I do not think this article is anything else but a rant.
kunley 6 hours ago [-]
The story remotely reminds me about this gold:
What is this: does not ring, and does not fit in the ass..?
Soviet device for ringing in the ass.
Infinitely more funny if you lived on the east side of the iron curtain.
1attice 1 days ago [-]
I've been thinking lately that what underpinned the FOSS golden age was not actually decentralized VCS and high-quality forges, nor even ZIRP, but rather peacetime.
After a period of branches and patchsets, full national hard forks are going to become de rigeur, and linux-derived OSes across the world are going to bloom necessarily, as we no longer have the kind of ambient trust required to collaborate across borders.
Look forward to Euro-linux, Sino-BSD, and I guess probably some sort of GCC-area build as well.
Patches will be accepted across national boundaries with only the highest scrutiny, which itself will likely be provided by nationalized AI platforms.
Gods I hate this era
eqvinox 11 hours ago [-]
It's even worse: the same logic is already starting to fracture the internet at large.
pixl97 2 hours ago [-]
I mean the capabilities of the internet aren't something you really want to have aimed AT you when you're fighting in a war. The internet grew after the cold war ended and it will change as another cold/hot war starts.
V__ 11 hours ago [-]
OpenSuse is (or will be) "Euro-Linux".
nosioptar 10 hours ago [-]
Mageia's also a fine European distro.
Suse has more packages in their repo. But, I prefer Mageia's control center to yast.
gaiagraphia 17 hours ago [-]
This is a great thing for innovation though? Nations/blocs protecting their tech interests will result in more jobs to go round in the industry, more unique ideas, and less centalisation, surely?
The globalised, hyper-centralised world is a bit boring, tbh.
1attice 14 hours ago [-]
I forecast that you will not be bored, and may have other, stronger feelings. Ask Ukrainians
gaiagraphia 7 hours ago [-]
I spent like 20% of my adult life in Ukraine and Russia. They overwhelmingly don't like the globalosed world.
Ukraine might be a fashion symbol in the west, but when I was volunteering out there in the first year, the points of view where mainly wanting to be like Poland; not absorbing the values of the wider west.
Svoka 5 hours ago [-]
This is great. I am happy to hear that russians get ostracized as they should be.
Quick reminder - sanctions are there because their army is currently is involved in brutal invasion, mass state sanctioned rapes, murders, bombings of civilians with hundreds of missiles and drones launched on cities, kidnapping children and putting them for adoption to russian families. Each penny paid to them will fuel their war machine. Every open project will be used in their war crimes.
Do not reply to russians. They are not victims in this. They are perpetrators of this brutal war.
indrora 4 hours ago [-]
A person is not responsible for the actions of their government. All governments wage war and cause suffering.
I have many close friends who are Russian by nationality. Russian by crime of accident of birth. So many of my friends in this situation abhor the actions of their government.
The Mentor stated it best. Phrack 7, 1986:
"We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals."
thefounder 1 days ago [-]
I guess the Russians will have to learn the Chinese way and perhaps the Chinese language as well?
gmerc 12 hours ago [-]
Perfect usecase for AI, by US legal doctrine, copyright is gone after you feed it through and so should sanctions /s
BrenBarn 1 days ago [-]
[flagged]
dented42 1 days ago [-]
I’m gonna hazard a guess and say that I don’t think the author has any troops anywhere, let alone in Ukraine.
BrenBarn 1 days ago [-]
Then he should probably move out of Russia. As near as I can tell, pretty much everyone in Russia should be trying to leave at the earliest opportunity.
tuhriel 19 hours ago [-]
So with that logic, pull requests from the US should also be ignored until they stop their attacks in the straight of hormuz?
BrenBarn 11 hours ago [-]
The US is not nearly as bad as Russia (yet), but it's worth considering.
ronsor 11 hours ago [-]
I'm sure millions of people will rearrange their lives in due consideration of your morality overlord status.
robobully 2 days ago [-]
This post is apparently not publicly shown on the main page for some reason.
ValdikSS 2 days ago [-]
Why should it be? It has low rating (yet).
Svoka 6 hours ago [-]
It is on the front page.
mike_hock 1 days ago [-]
Obvious attack vector for Russia: Submit fixes to severe bugs that can't realistically be fixed any other way.
seanhunter 10 hours ago [-]
…and that’s an attack vector because?
There’s literally nothing stopping them from fixing the bug in either this case or the hypothetical. The maintainer just doesn’t respond to email from .ru domains. He could still choose to take the patch. He may just have decided not to accept this patch because changing something quite obscure to fix a weird printer used by one guy is likely to cause more problems than it solves. We don’t know because he didn’t respond.
That certainly doesn’t mean he wouldn’t fix a serious bug just because he heard about it from a .ru address.
ghusto 8 hours ago [-]
He's saying that they can not accept the same patch, even from someone else, once it's been submitted by a sanctioned country. It's little to do with getting a reply.
I haven't verified if what he's saying is true though.
flashmozzg 1 days ago [-]
Is there a CVE for this?
eqvinox 11 hours ago [-]
Why would there, it doesn't sound like a security issue?
ghusto 8 hours ago [-]
If it's true, it's a way for Russia to find security flaws and ensure they're not patched in good ways.
_user_account 1 days ago [-]
Yeah, it sucks.
> This adds ~1ms latency per transfer cycle for rapid bidirectional
communication which leads to half the USB 1.1 speed for smaller packets
at best.
Still, I don't think this patch should be applied /for everyone/. Maybe compile out-of-tree and load as a kernel module, if possible?
ValdikSS 1 days ago [-]
The patch removes this latency and improves transfer speed, without any drawbacks.
M95D 11 hours ago [-]
I still have a MB with just a USB 1.1 controller. I would hate it if the USB stopped working after this fix. I think a config option for the delay would be best.
That's explicitly not true, according to the Linux foundation. OFAC sanctions restrict providing a service, so here the violation would be two-way collaboration, not the receipt of information.
The kernel could review & merge the patch without running afoul of sanctions. What they cannot do is have dialogue with the sanctioned contributor.
Logic is not subject to sanctions, and anyone also may look at the submission and implement a matching fix.
https://www.linuxfoundation.org/blog/navigating-global-regul...
Greg K-H is a fully autonomous human being and he doesn’t work for the author of tfa. It sucks that we live in a world where nation states try to put exploits into the linux kernel and other foss projects but we very much do live in that world. It sucks that that means the author doesn’t get to contribute to the Linux kernel because their government (who they presumably have little control over) are very active in doing that, but that too is a fact of life.
Either way Greg K-H doesn’t owe you or me or the author anything and people need to stop being so entitled about free software.
That was very much not the thing. He's raising an interesting point, if true. Namely that sanctioned countries could severely damage the progress of Linux by supplying good patches.
Suffering from success
This is not the first case anyway.
>author doesn’t get to contribute to the Linux kernel because their government
I guess you're missing the point: nobody has asked me anything. The whole assumption that I'm Russian, from Russia, and a possibly designated, comes from using my .ru email.
I used to have .cn and .be domains as well during my life, should have been Chinese or Belgian to send kernel patches :D
> The bug is forced to be fixed in some other way, not in a way it has been fixed by the bug fix contributor
I'm not quite following, why is this the case? If another non-Russian contributor submits the same fix, why wouldn't it be merged? If the project is GPL-licensed, surely that means the author of the fix doesn't retain any "patent" rights as the author describes it?
> Think about that.
I thought and I do not think this article is anything else but a rant.
What is this: does not ring, and does not fit in the ass..? Soviet device for ringing in the ass.
Infinitely more funny if you lived on the east side of the iron curtain.
After a period of branches and patchsets, full national hard forks are going to become de rigeur, and linux-derived OSes across the world are going to bloom necessarily, as we no longer have the kind of ambient trust required to collaborate across borders.
Look forward to Euro-linux, Sino-BSD, and I guess probably some sort of GCC-area build as well.
Patches will be accepted across national boundaries with only the highest scrutiny, which itself will likely be provided by nationalized AI platforms.
Gods I hate this era
Suse has more packages in their repo. But, I prefer Mageia's control center to yast.
The globalised, hyper-centralised world is a bit boring, tbh.
Ukraine might be a fashion symbol in the west, but when I was volunteering out there in the first year, the points of view where mainly wanting to be like Poland; not absorbing the values of the wider west.
Quick reminder - sanctions are there because their army is currently is involved in brutal invasion, mass state sanctioned rapes, murders, bombings of civilians with hundreds of missiles and drones launched on cities, kidnapping children and putting them for adoption to russian families. Each penny paid to them will fuel their war machine. Every open project will be used in their war crimes.
Do not reply to russians. They are not victims in this. They are perpetrators of this brutal war.
I have many close friends who are Russian by nationality. Russian by crime of accident of birth. So many of my friends in this situation abhor the actions of their government.
The Mentor stated it best. Phrack 7, 1986:
"We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals."
There’s literally nothing stopping them from fixing the bug in either this case or the hypothetical. The maintainer just doesn’t respond to email from .ru domains. He could still choose to take the patch. He may just have decided not to accept this patch because changing something quite obscure to fix a weird printer used by one guy is likely to cause more problems than it solves. We don’t know because he didn’t respond.
That certainly doesn’t mean he wouldn’t fix a serious bug just because he heard about it from a .ru address.
I haven't verified if what he's saying is true though.
> This adds ~1ms latency per transfer cycle for rapid bidirectional communication which leads to half the USB 1.1 speed for smaller packets at best.
Still, I don't think this patch should be applied /for everyone/. Maybe compile out-of-tree and load as a kernel module, if possible?