| Tweetovi |
|
Lennart Poettering
@pid_eins
|
14 h |
|
That's why god gave us Packstationen and Spätis which will happily accept all packages for you!
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
2. velj |
|
i remember some discussions i had about this that some ancient archs had memory read ops that supported only lookups in style of base pointer plus signed offset and others base pointer plus unsigned offset. Making chars one or the other hence had benefits for char table lookups
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
2. velj |
|
To make C programming more exciting and adventurous and fuel the business model behind static checkers?
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
31. sij |
|
Ah, the pointers to functions thing is a good one. That indeed does mean this is an API break, because the ptrs to functions would stop being compatible.
Thanks for the pointer (haha!), this resolves the question: yes, adding the "const" *is* an API break, though not ABI break.
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
31. sij |
|
Well, the q is about more than just symbol mangling ultimately. is this an OK change to do without declaring this a compat breakage in general? i.e. would the C++ func prototype compat checker complain about this in some condition? or do the same thing with and without the const?
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
31. sij |
|
I know that C++ mangles "const" decorators and such into their symbol names, so adding it in C++ code would be compat borkage I guess. But do C++ compilers care if I change this in C prototypes?
Tell me, Internet!
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
31. sij |
|
… compat breakage and I can just make the change without bumping soversion or such, since I reduce the expectations on the type, not increase it. But what if this C API is used by C++ apps? i.e. enclosed in "extern "C"" kind of stuff?
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
31. sij |
|
So, let's say I have a C library exposing a function "void foo(int *array)". And now I realize that I should have added a "const" to the "int*", since the array is input and never modified by the func, and that should be in the contract. I figure in C changing this is not a…
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
28. sij |
|
I am a developer, not someone who wants to maintain web services that could match GitHub. Also network effect matters, and drive-by patches are important to us.
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
28. sij |
|
We got hit by some @github issue spamming in the systemd repo. Being a good citizen I tried to report the spam accts to GH since they are still alive. Turns out while GH wasn't good at detecting the spamming itself, it is very good at misdetecting my report attempts as spam… :-(
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
And i am very sure we should build a secure OS first and foremost to the point this is possible and deliverable.
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
Which means that in a trusted system you need to establish some of trust *before* you mount stuff. Which means crypto/verity/integrity stuff must be *below* the fs and doing it above (as fscrypt and zfs crypto do it) means its unusable on trusted, secure environments...
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
Well. Doing crypto above the fs means you never establish trust on the validity of the fs image itself. Our kernel people made very clear that they are not interested in ensuring our kernel fs implementations are safe to exploiting via rogue fs images.
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
Oh and of course: homes has multiple backends, including an fscrypt one too and even a plain directory one. I think the security properties of fscrypt make it a questionnable choice though, but we still support it perfectly. The backend i think people should use is the luks one.
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
backing pool but at login time you get enforced allocations and guarantees we never got before. So its a hybrid model of common pool allocations but with temporal guarantees if you so will. And thats a good thing.
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
... we set things up. Never have. Quota is an admin tool only. With the homed stuff we for the first time have clear restrictions enforced on what the OS gets and what the users get and they are enforced and commited at login time. I.e. allocations still van happen from the same
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
Well the OS is in control. In the traditional model we all (os AND users) allocate from the same pool and disk space restrictions are not enforced thus having the OS components and the user code fight for disk space entirely unrestricted. Yes, there is quota but its not how...
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
Moreover I think the we actually handle the high density case OK too, because we can fstrim on logout now and fallocate on login. Which means you can overcommit disk space if you like but during the time you are actually logged in you have a fully commit disk space allotment.
|
||
|
|
||
|
Lennart Poettering
@pid_eins
|
27. sij |
|
Overcommiting disk space is something you want to reach high densities. I.e. many parallel users at the same time. But thats not a usecase I care about. I care about laptop cases, i.e. where you typically have one user, maybe two, but definitely less than ten.
|
||
|
|
||
| Lennart Poettering proslijedio/la je tweet | ||
|
Micah Abbott
@rageear
|
26. sij |
|
|
||
|
|
||