Tuesday, February 11, 2020

Back to 500+ mails to dig through. Life at Red Hat

Happy Birthday Florent

Today is the 50th birthday of my "little" brother Florent. Maker of things. Computer arithmetic guru. We don't talk nearly often enough.

Kata containers

Some ongoing progress in turning the current prototype into a product. The primary effort is on security (support for SELinux, being able to encapsulate qemu in libvirt), as well as some missing features or things that were added recently, e.g. IPv6, stuff that I shared with the Kata architecture team last week.

Kata architecture meeting discussed how to download images into an encrypted VM, which implies using encrypted container images, and more complicated, doing the image unpacking inside the VM. This was in parallel with another internal meeting, so I could not really listen too carefully.

A few topics to explore for me:

• CoreOS
• OSTree, described by the docs as "git for operating system binaries".
• Universal Base Image (aka UBI), which I need to explore a bit.

I also need to do a review of the still unpackaged Kata components,

ZFS again

Trying to test a small idea for the Linux kernel, I run into some trouble because the latest release of ZFS (0.8.3) does not build.

There is a fix for changes introduced to remove timespec64_trunc. But it's not in a released version yet, so need to suspend dkms temporarily.

This reminded me of the discussion about ZFS at DevConf and another one at FOSDEM. My personal viewpoint is that there is nothing close to ZFS in the Linux world, anywhere, notably in its most important aspect, which is that it's portable (e.g. there is a FUSE implementation that works well on macOS).

BTRFS left me a very bad taste of immaturity in the mouth last time I tried it intensively (data loss, with btrfsck crashing, which led me to sending a patch to the frigging fsck tool...) And of course, it is Linux only as far as I know.

LWN subscription

Something with the Red Hat auto-proxy setup I had put in place fails. File .lwn.net.prox.pac does look good, proxy is reachable. I'd like to know why it fails.

Actually, it's relatively simple. The set of subscriptions has been extended, and a new script is required, which for some reason changes the proxy's port (and adds a few hosts). Fixed.

Well, not quite. Apparently, what really "fixes" it is to login from a Linux machine that is connected to the Red Hat VPN with full proxying. Then, once I accessed the site "once", I can disconnect and re-login from another machine, and it "magically" remembers that I can benefit from the Red Hat subscription. I don't know how they implement the subscription, but it's not working quite right.

The article I was really interested in reading relatively rapidly was this one about Git SHA-1 updates. SHA-1 has reportedly been broken, so I want to understand the implication with respect to git histories. The bottom line seems to be that there isn't much of a problem.

Long-lost friends

We had the visit of a couple of friends we had not seen in literally 25+ years, basically since our sudent years / wedding. It was really strange to see how my wife and I immediately reconnected. There are some values that unite us across time.