Bonum Certa Men Certa

A Code of Conduct Can Lead to Deterioration of Quality Control in Linux (Nobody Reprimanded for Technical Issues, Instead Critics at Times of Crisis Get Reprimanded)

posted by Roy Schestowitz on Dec 11, 2023,
updated Dec 11, 2023

Richard Harvey, ODESSA TOWNSHIP, Mich.

THE pertinent details about the latest Linux issue are not fully disclosed just yet, but it has been assigned a rare level of severity. We need to discuss this as Linux grew exponentially larger and now contains multiple programming languages, so many veteran Linux coders cannot even comprehend what certain parts of Linux do. Especially parts that have not matured. Their freedom of speech (expression, opinion, criticism) is curtailed further, as the culture of Rust is imported to the core of the system (criticising Microsoft is like "hate speech").

Let's be clear upfront.

This is an ongoing and still-developing story about a critical issue impacting Linux and thus many GNU/Linux distros. Debian, which many distros are derived from, is also affected. We've thus rebooted the server (IRC downtimes are unpleasant; IRC has no redundancy, as it's not spread across nodes) twice in the past day, loading the latest kernel and checking a whole bunch of stuff.

In this short post we will write primarily about what's known (this is still discussed a lot in our chats, with the "knowns" separated from the "unknowns"). The media will soon follow up (not just some blogs), so we too can follow up in the future with further details. As a C programmer myself, I can make sense of some of the code and defects. The media won't even cover those aspects as nowadays "tech" gets covered by people who just parrot buzzwords like "AI", not proficient programmers.

Having studied the Debian repositories, mailing lists (and LWN comments about those) et cetera, it seems safe to say that the issue isn't just a real issue (unlike mere hype, one might say dramatisation) and some people are already impacted. One associate had started to see accounts of trashed systems before rushing to update ours.

How did it all happen, whose fault, and what could be done to prevent it? We'll probably have more definitive answers in days to come.

There are almost no details about the problem available, as an associate explains. Debian apparently pushed out the tainted kernel many days after the problem was known and since Linus Torvalds is not in charge of the kernel anymore (he has just said he's not a manager), we cannot see him saying a word about it. There's no word from Linus about this as of today; I checked LKML and messages from Linus going as far back as weeks ago.

When did he find out about this and what did he know? "I AM SORRY" won't be enough in this case; many critical operations around the world may have silently lost some data; some won't be able to assure system integrity or even boot the system. It impacts both servers and desktops/laptops. Devices (like portable phones)? Maybe... if they use ext4.

Just about a month ago Linus complained about bad code making it into the kernel at the last minute: "If people then stop testing new kernels because they think new kernels might break their setup, we have lost something truly important."

Now we have a severe data issue. It cannot be undone, even if a fixed kernel gets installed. People are encouraged to check their data's integrity against backups, if any are available (RAID is no panacea here).

"Perhaps he knew and could not speak for fear of stepping on some corporation's CoC," an associate hypothesises. "Even the package descriptions and info were unclear as to which actual version was being deployed."

Some years ago we saw bad kernels (seldom a stable kernel, usually an RC) breaking some hardware, e.g. putting monitors or network cards at risk, but those can be replaced. Data cannot be. It's a truly complicated issue.

Confidence in Linux is the main casualty.

"The sick part is that it appears 1) Debian backported the broken patch 2) Debian deployed said broken patch even after it was known to be broken 3) they left the package up in the repository for days before pulling it," an associate alleges.

There too many uncertainties still, but getting the Git history helps check what happened and when exactly. "The fact that it was in Bullseye points to (1), (2) would be a matter of looking in the Git repository, and [regarding] (3) we installed it from the repository."

The tracking of the package can be done via this so-called "webapp" or the tracker (also security tracker), which has changes in the Git file.

Why was the public not informed until a weekend? This isn't like a security issue that can be exploited by hostile parties if revealed "too early"... or it is? Could this issue be triggered remotely with some network-bound request, taking advantage of some particular weaknesses in ext4?

Tracing back the communications about this, (timeline in the message bodies at [1, 2, 3]), the key powwow can be traced back to 6 days ago, the 5th of December, but discussion is going back to late November. We know that linux-image-6.1.0-14-amd64 was removed during the weekend from the package repository of Debian, but where was an official statement on the matter? There's still no official communication about it.

Torvalds used to be outspoken when bad code and bad practices were adopted and spread throughout the team. Now he says absolutely nothing and there's no sign that negligent/reckless acts will bear any consequences; instead, Jim Zemlin will blame the "opinionated" community - a term that he does not even understand and represent something he is hostile towards.

Quality control demands opinionated people, even blunt opinions at times.

In his latest "talk" (chat with Dirk) Linus admitted he no longer writes real code (just pseudocode portions) and that he just does a smell test of code he allows into his tree. He also admits he cannot understand Rust (but is learning a little as he goes along), so he essentially permits random people to toss large lumps of code without a vendor-neutral (independent from the vendor of origin) audit - i.e. an additional problem.

What will be done to ensure the above does not happen again? Rewrite the file systems in Rust? That would make things worse and less predictable.

Other Recent Techrights' Posts

Doing My Share to Tackle Online Slop and SPAM
Trying my best to 'fix' the Web
Slopwatch: Fakes, FUD, Duplicates, and Charlatans Galore
The Web as we once know it is collapsing. Some opportunists try to replace it with low-quality slop.
The Register UK Seems to Have Become American and Management is Changing (Microsofter as Editor in Chief)
The Register 'UK' is now controlled by the Directions on Microsoft guy
Microsoft Windows Lost 400 Million Users in a Few Years, Why Does The Register Double Down on Windows With New US Editor?
days ago they hired a new US editor
 
Links 26/07/2025: Amazon Shutdown in China, Russian Economy Slows
Links for the day
Gemini Links 26/07/2025: History of Time (1988) and Gemini Games
Links for the day
Links 26/07/2025: 50 Percent Tariffs in Amazon, Dying Intel Offloads Network and Edge Group (NEX)
Links for the day
Blaming Programming Languages for Users' and Developers' Bad Practices
That's like blaming cars for drivers who crash into things
Many People Still Read Techrights Because It Says the Truth, Produces Evidence, and Does Not Self-Censor
Unlike so many other sites
The Register is Desperate for Money, According to The Register
I decided to check how they're doing as a business
Microsoft Finally Finds a Use Case for Slop?
Create low-quality chaff to shift the media's attention?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 25, 2025
IRC logs for Friday, July 25, 2025
For Libel Reform One Must First Bring (or Raise) Awareness to the Issues and Their Magnitude
I myself know, from personal experience
Links 26/07/2025: Rationed Meals in the US and TikTok Repels Investments (Too Toxic)
Links for the day
Gemini Links 26/07/2025: "Bloody Google" and New People in Geminispace
Links for the day
Response to Solderpunk (Father of Gemini Protocol) About the Gemini Community
Solderpunk responds to non-sequitur
HTML and the Web Used to be Something a Child Could Learn, "Modern" Web is a Puzzle of Frameworks, Bloat, and Worse
When the Web was more like Gemini Protocol
New US Editor in The Register is 84% Microsoft/Windows Booster
It'll be worrying if it carries on like this
Links 25/07/2025: Slop Blunders and China Has Code of Conduct for Lawmakers in HK
Links for the day
Gemini Links 25/07/2025: Some Books and Babies and Capital
Links for the day
Links 25/07/2025: NOAA Cuts Endanger Lives, "Europe's Self Inflicted Cloud Crisis"
Links for the day
They Try to Lecture Us on Ethics
They even removed "master" from Microsoft GitHub
The Future of the Web is One Rendering Engine or 'Flavours' of Chrome
The future of the Web does not look bright at all
Best Sites Are Not Optimised for Any Browser, They Work Equally Well With All of Them
Red Hat (IBM) is making rubbish sites
YouTube is a Spamfarm, Slopfarm, and Clickfarm (a Lot of Numbers There Are Fake)
Those who don't fake look unpopular and unimportant
We Don't Do JavaScript and Pages Are Small
Thankfully Gemini Protocol has nothing like JavaScript
'Tech' is Not Technology
Some people use terms like 'Old Tech'
IBM's Debt Rose by Almost 10 Billion Dollars in the Past 6 Months Alone
The "hey hi" circus is coming to an end
Yes, Master
Gaslighting by actual racists
Microsoft Bribes and Buys Politicians to Tell Europe What to Do About Free Software (Which It's Attacking)
Microsoft: we speak for the thing that we are attacking! Follow the money...
Making Backups Quickly and Reliably
Backups are imperative, more so in an age of uncertainty, unpredictable weather, and worsening standards (quality of products going down while prices go up)
Techrights Investigation: Estimating the Point in Time LinuxIac Turned Into LLM Slop (Part of the Time)
Bobby Borisov got lazy
10th Month, Ten Weeks From Now, at Ten AM
In Wentworth Institute of Technology in Boston
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 24, 2025
IRC logs for Thursday, July 24, 2025
A Nadella Memo Distracts From Microsoft's Cheapening Of the Workforce
Right now the "MSM" (mainstream media) is flooded/overwhelmed by garbage pieces that relay lies for Nadella
Vanishing Faces of GNU/Linux
Free software projects do not depend on any one person or company to still exist
Microsoft Says It Lost 400 Million Windows Users, Now It's Waiting for GNU/Linux to Stop Booting on 'Old' PCs
When it comes to Windows, Microsoft is fully aware of the issue and statements it made earlier this summer suggest it lost 400 million Windows users
Slopwatch: LinuxTechLab, linuxsecurity.com, LinuxIac, and More
Also: The Register's Microsoft agenda (new editor)
Gemini Links 25/07/2025: Gemtext Aware Titan Editor and Gemini Protocol Comeback
Links for the day
Links 24/07/2025: Convicted Felon Quits UNESCO, "Vibe Coding Goes Wrong", and Signalgate Gets Worse
Links for the day
Gemini Links 24/07/2025: Forgejo Woes and Smolnet Directory Week
Links for the day
Misinformation is Not Intelligence
It's low-grade plagiarism and it fails to show any signs of intelligence
Links 24/07/2025: Storage Tapes Still Kicking, Windows TCO 'on Steroids' (Microsoft-Induced Catastrophes)
Links for the day
Bobby Borisov (LinuxIac) Has Apparently Begun Experimenting With LLM Slop, So We Cannot Trust LinuxIac Anymore
So did LinuxIac become a slopfarm? Maybe not yet, but it's getting there
Informa TechTarget's ITProToday is Becoming a Slopfarm Generated by Microsoft Chatbots
Busted.
'Tech' Gimmicks Are for Advertising, Not for Usability
In the case of Microsoft, they latched onto slop
BetaNews Sacked Brian Fagioli and Deleted His Comments, But He Still Tries to Use the "BetaNews" Brand for Self-Affirmation
Fagioli takes the work of other people
[Meme] Hard to Be a Better Person?
Sooner or later they'll realise that for each pound I spend they need to spend about 1,000 times more
The LLM Con Artists Are Highly Destructive
Who will ever be held accountable for this scam?
Too Bribed by Microsoft to Move to Free Software?
Microsoft lies and Microsoft bribery (in politics)
New US Editor for The Register is a Microsoft Booster
"Avram Piltch has served as US editor for The Register since July 2025."
Microsoft Hiring European Politicians is Another Form of Bribery; There Should be a European Investigation
When Microsoft bribed people in Europe for OOXML (there's no denying this!) a European government delegate said that Microsoft operated like a cult
Reda Demanded That FSF Removes Its Founder, Now Reda Works Directly for Microsoft
A sellout and a traitor, first working for GAFAM, now Microsoft
PCLinuxOS is Raising Money to Support Development After Fire Incident at the Host
PCLinuxOS has not had announcements lately
Speed of the Site Should be Better Now
The "bot attacks" impact the speed of the sister site too
Getting More From AnalogNowhere
Recently we used many images from AnalogNowhere
Microsoft, Microsofters and 'Secure' Boot Shills Already Storming the LWN Report About Expiring Certificate, Shooting the Messenger
LWN has clearly stuck a nerve
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 23, 2025
IRC logs for Wednesday, July 23, 2025
Disable "Secure" Boot Today (the Only Better Time to Do So Was Yesterday)
Don't trust anything Red Hat tells you about security
Links 23/07/2025: Windows Killed Company After 150+ Years, US Government Mimics Russia's Attacks on the Media
Links for the day
Freedom Generally Wins at the End, History Shows (But It's Constantly Attacked, Too)
At the moment people realise "Linux" (e.g. Android) isn't enough to guarantee any freedoms
Over 3 Months Later Brett Wilson LLP Still Unable to Recruit a Media Lawyer?
"Immediate start", but not found... still unfilled