Archive for April 29, 2021

Thursday, April 29, 2021

30 Years of Linux

Jeremy Andrews (via Hacker News):

Thirty years ago, Linus Torvalds was a 21 year old student at the University of Helsinki when he first released the Linux Kernel. His announcement started, “I’m doing a (free) operating system (just a hobby, won’t be big and professional…)”. Three decades later, the top 500 supercomputers are all running Linux, as are over 70% of all smartphones. Linux is clearly both big and professional.

Linus Torvalds:

I’m 100% convinced that the license has been a big part of the success of Linux (and Git, for that matter). I think everybody involved ends up being much happier when they know that everybody has equal rights, and nobody is special with regards to licensing. […] The right to fork and do your own thing is important, but the other side of the coin is equally important - the right to then always join back together when a fork was shown to be successful.

[…]

I use this abomination called “micro-emacs”, which has absolutely nothing to do with GNU emacs except that some of the key bindings are similar. I got used to it at the University of Helsinki when I was a wee lad, and I’ve not been able to wean myself from it, although I suspect I will have to soon enough.

[…]

But that “mailing list as an archive” model works very well, and works seamlessly together with the whole “send patches between developers as emails” and “send problem reports as emails”.

[…]

If anything, what is interesting about the last decade is how we’ve actually kept the actual development model really smooth, and what hasn’t changed. […] So for the last decade, we’ve made absolutely huge changes (Git makes it easy to show some statistics in numbers: about three quarters of a million commits by over 17 thousand people).

[…]

So one of the main things the VFS layer does is really handle all the locking and caching of pathname components, and handle all the serialization and the mount point traversal, and do it all with mostly lock-free algorithms (RCU), but also with some really clever lock-like things (the Linux kernel “lockref” lock is a very special “spinlock with reference count” which was literally designed for the dcache caching, and it’s basically a specialized lock-aware reference count that can do lock elision for certain common situations). […] The Linux dcache is simply in a class all its own.

See also: 25 Years Later: Interview with Linus Torvalds (via Hacker News).

Previously:

Update (2021-05-07): Linus Torvalds (via Hacker News):

The other big thing is that you have to be open. And I mean that in multiple ways. It’s really easy to create some kind of “clique” of people, where you have an inner cabal that discusses things in private, and then you see really only the end result (or the fringe work) in the open, because all the important stuff happened inside a company or within a core group of people, and outsiders have a hard time breaking into that clique, and often have a hard time even seeing what is going on in that core group because it was so private and exclusive.

It’s one of the reasons I really like open mailing lists. Not some “by invitation” list. Not something you even have to sign up to participate in. Really open. And pretty much all the development discussions should be there.

[…]

But is it sustainable? Yes. I’m personally 100% convinced that not only is open source sustainable, but for complex technical issues you really need open source simply because the problem space ends up being too complex to manage inside one single company. Even a big and competent tech company.

[…]

I don’t have a “30-year plan”. I don’t even have a 5-year plan. In fact, I don’t plan ahead more than a release or two (which is obviously just a few months).

As an engineer, I have this strongly held opinion that “details matter”. Details are almost the only thing that matters. If you get the details right, the rest will follow.

Apple’s Q2 2021 Results

Apple (Hacker News):

The Company posted a March quarter record revenue of $89.6 billion, up 54 percent year over year, and quarterly earnings per diluted share of $1.40.

[…]

“We are proud of our March quarter performance, which included revenue records in each of our geographic segments and strong double-digit growth in each of our product categories, driving our installed base of active devices to an all-time high,” said Luca Maestri, Apple’s CFO.

Jason Snell (transcript):

It’s Apple’s best non-holiday quarter ever, with all its major product categories way up versus the year-ago quarter.

Mac revenue was $9.1B, up 70% versus last year’s second quarter, and seems to be an all-time record for the Mac. iPad revenue was $7.8B, up 79% versus the year-ago quarter. iPhone revenue, which is typically pretty sleepy in the fiscal second quarter, was up 66% to $47.9B.

The flashy new revenue lines, Services and Wearables, turned in (relatively) modest jumps: Services made $16.9B, up 27%, and Wearables made $7.8B, up 25%.

MacRumors:

Gross margin for the quarter was 42.5 percent, compared to 38.4 percent in the year-ago quarter, with international sales accounting for 67 percent of revenue. Apple

Juli Clover:

Apple saw all-time revenue records for the App Store, cloud services, apple Music, payments services, and more. Apple TV+, Apple Arcade, Apple Fitness+, Apple News+, Apple Card, and Apple One are all “continuing to scale across users” and are contributing to overall growth.

Apple saw 40 million paid subscriptions added during the quarter, reaching a total of 660 million paid subscriptions across all services, which is up 145 million from the year-ago quarter.

Previously:

Update (2021-05-05): Michael E. Cohen and Josh Centers:

That said, Apple is on perhaps the firmest footing it has ever been on. The iPhone, iPad, and Mac are more popular than ever. The risky switch from Intel processors to Apple’s own M1 chip in the Mac has been nothing short of a smashing success, both critically and commercially. And Apple’s Services business seems to have unlimited room for growth. So, while Apple may not exceed these results next quarter—Cook noted that Apple would be “supply-gated, not demand-gated” in the coming quarter, having burned through much of its material reserves to counter supply constraints in Q2—the demand for Apple goods and services seems only to be accelerating, a prospect even sweeter than one of Ted Lasso’s famous biscuits.

Rust at Facebook

Kathy Kam (via Hacker News):

Facebook Open Source is excited to announce our support of Rust Foundation at its highest member tier. Alongside the other fellow foundation members, Facebook is committed to sustaining and growing the Rust open source ecosystem and community.

Facebook (via Hacker News):

Alongside fellow members including Mozilla (the creators of Rust), AWS, Microsoft, and Google, Facebook will be working to sustain and grow the language’s open source ecosystem.

[…]

Our oldest Rust codebase dates to 2016, when the rate of source code changes in Facebook’s monorepo started to encroach on the maximum commit rate that the Mercurial source control management tool could keep up with. In response to this, Facebook’s Source Control team launched a rewrite project called Mononoke with the goal of increasing Mercurial’s commit rate by some additional orders of magnitude to serve Facebook’s thousands of developers and automated processes.

[…]

At the end of 2020, we re-upped our commitment by launching a Rust team in our Programming Languages organization, the same org responsible for Facebook’s C++ standards work and toolchains.

Previously:

Daniel Kaminsky, RIP

Nicole Perlroth (via Hacker News):

He was a respected practitioner of “penetration testing,” the business of compromising the security of computer systems at the behest of owners who want to harden their systems from attack. […] When Daniel was 11, his mother said, she received an angry phone call from someone who identified himself as a network administrator for the Western United States. […] Without her knowledge, Daniel had been examining military websites. The administrator vowed to “punish” him by cutting off the family’s internet access. Mrs. Maurer warned the administrator that if he made good on his threat, she would take out an advertisement in The San Francisco Chronicle denouncing the Pentagon’s security.

[…]

In 2005, after researchers discovered Sony BMG was covertly installing software on PCs to combat music piracy, Sony executives played down the move. Mr. Kaminsky forced the issue into public awareness after discovering that Sony’s software had infected more than 568,000 computers.

Wikipedia:

In 2008, Kaminsky discovered a fundamental flaw in the Domain Name System (DNS) protocol that could allow attackers to easily perform cache poisoning attacks on most nameservers[…]. With most Internet-based applications depending on DNS to locate their peers, a wide range of attacks became feasible, including website impersonation, email interception, and authentication bypass via the “Forgot My Password” feature on many popular websites. After discovering the problem, Kaminsky initially contacted Paul Vixie, who described the severity of the issue as meaning “everything in the digital universe was going to have to get patched.” Kaminsky then alerted the Department of Homeland Security and executives at Cisco and Microsoft to work on a fix.

Kaminsky worked with DNS vendors in secret to develop a patch to make exploiting the vulnerability more difficult, releasing it on July 8, 2008. To date, the DNS design flaw vulnerability has not been fully fixed.

[…]

The actual vulnerability was related to DNS only having 65,536 possible transaction IDs, a number small enough to simply guess given enough opportunities. Dan Bernstein, author of djbdns, had reported this as early as 1999. djbdns dealt with the issue using Source Port Randomization, in which the UDP port was used as a second transaction identifier, thus raising the possible ID count into the billions. […] Kaminsky’s attack bypassed this TTL defense by targeting “sibling” names like “83.example.com” instead of “www.example.com” directly. Because the name was unique, it had no entry in the cache, and thus no TTL. But because the name was a sibling, the transaction-ID guessing spoofed response could not only include information for itself, but for the target as well.

Update (2024-07-29): Claroty:

Luta Security founder, security entrepreneur, and vulnerability disclosure pioneer Katie Moussouris joins the Aperture Podcast to talk about influential researcher Dan Kaminsky, who died April 23 at 42 years old. Katie discusses the breadth of Dan's work as a researcher, and his friendship, empathy, and outreach within the security community.