Saturday, November 9, 2024

Ready-to-boot, fresh & experimental Gentoo QCOW2 disk images

Recently I've been experimenting with Catalyst, the tool that generates stages and iso files for Gentoo's Release Engineering team. The first, still very experimental result is now available for download - a bootable hard disk image in QEmu's qcow2 format that immediately drops you into a fully working Gentoo environment.

Feel free to download it and try it out, either this first upload or any future weekly build from the amd64 release file directories. The files are not linked on the www.gentoo.org webserver since I consider them not really finished yet, but instead experimental and under development. You can use a QEmu commandline as for example

qemu-system-x86_64 \
       -m 8G -smbios type=0,uefi=on -bios /usr/share/edk2-ovmf/OVMF_CODE.fd \
       -smp 4 -cpu host -accel kvm -vga virtio -drive file=di.qcow2 &

where the last "file" argument specifies the file that you downloaded, for testing.

The current download initially does not start any network login services such as sshd, but has an empty root password for logging in on the console - this is why I call it a "console" type disk image. Future variants I'm planning include for example a "cloud-init" type, which sets up log-in credentials and further configuration as supplied by a cloud provider.

Cheers and enjoy!



Wednesday, September 18, 2024

Rating scientific (or not so much) conferences

If you work in research, nowadays you can be sure to get swamped with "conference invitation" e-mails. A large part of these is, in effect, spam - attempts to get you (or your funders) to pay for meetings of highly questionable scientific worth.

So, let's introduce a rating scale for scientific (or not) conferences, from 0 to 10. All examples have really happened.

0 - Trash

  • You ask a friend who is listed in the organizing committee, and get the response "what conference?"
  • Advertising mostly mentions the location (Maledives!) and the proceedings (Indexed by Google Scholar!)
  • You arrive at the location and there is no conference.
  • If there is one, you can barely find it because it's in the back room of some hotel conference center.
  • Instead of a conference organizer's desk you encounter a pile of badges and participation certificates.
  • The "hybrid session" consists of you, the AV technician, and some poor guy on zoom talking to a non-existing audience.
  • There's a talk on the "memory of water".
  • A remote talk is given by someone in a car while driving.
  • There are less posters than talks.

3 - We do this for the money, but hey, we're trying!

  • The conference organizing committee contains the one or two well-known professors who are in every organizing committee. Everyone else is from countries you've never heard of.
  • The meeting has taken place before and the website is somewhat professional.
  • The conference secretary is called Elsa, Belle, or Jasmine and sends you an e-mail every week, offering an invited talk for a "small reduction" of the conference fee (hint, the size of the reduction can be up to negotiation!)
  • Between sign-up and actual conference date, the number of days and sessions mysteriously shrinks.
  • The conference organizer's desk is handled by a bunch of undergrads who barely speak English and have no clue.
  • The welcome address is skipped since the speaker doesn't turn up. Same for the chairman of the first session. After the first regular speaker starts their talk, the chairman hurries in - "sorry, sorry, I ended up at the wrong conference..."
  • You meet a few colleagues from home who find the situation similarly amusing as you, and have a good time at lunch.
  • Eventually things become somewhat more regular, and sessions and talks take place, but you have quite some doubts about the scientific quality of some of them.
  • Focus? What focus?

6 - Yes I'm gonna establish a conference, mark my words!

  • 5th or 6th installment of a conference series, typically by the same scientific organizer or organization.
  • You find the conference without problems, and there is actually a well-organized conference desk. Maybe even the scientific organizer greets you in person.
  • The location is only moderately flashy, function starts to gain over form.
  • Most of the participants are from serious scientific institutions and present work that can be interesting.
  • Main problem is still the focus - the topics are too broad, the number of participants too small, such that it's not so likely you will meet someone whose work is really relevant to your own.
  • If the main organizer has a good hand, they will accumulate a circle of regular participants and the event will grow over time.
  • Can, e.g., be a professor establishing an international conference on their topic in their home country...
  • Typically 2-3 companies are present trying to sell their lab supplies.

9 - Congratulations, it's a great scientific conference

  • Either wide focus and a huge number of participants, or narrow focus and a small number of participants
  • Organized by a scientific society (DPG, EPS, APS, ...) or by a group of internationally well-known experts in one specific field
  • True invited talks are comparatively rare, and come with (depending on the financial situation of the host) either no reduction of fees at all, or even funding of travel expenses.
  • You know nearly everyone in the organizing committee, at least from their publications.
  • Many more poster contributions than talks.
  • You can be sure to meet many of your scientific colleagues.
  • Large commercial presence of companies sponsoring the meeting and advertising their high-tech equipment.

10 - Summa cum laude

  • Small meetings organized by few top experts of a research area, or (very rare) large meetings consisting of several such high-quality sessions in combination.
  • Organized by top level scientists in the field worldwide
  • Participation by invitation only, true selection of conference participants (more applicants than places)
  • In some cases, even free participation and accommodation
  • Recent examples: Gordon Research Conferences, Heraeus seminars, the QuantuMatter 2024, ... 
 Thoughs?

 

Monday, July 22, 2024

The GNU C Library version 2.40 is now available

The GNU C Library
=================

The GNU C Library version 2.40 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2017.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.40 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

Distributions are encouraged to track the release/* branches
corresponding to the releases they are using.  The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.

NEWS for version 2.40
=====================

Major new features:

* The <stdbit.h> header type-generic macros have been changed when using
  GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
  in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
  with arbitrary precisions when supported by the target.

* The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
  enable features from the ISO C23 standard.  Only some features from
  this standard are supported by the GNU C Library.  The older name
  _ISOC2X_SOURCE is still supported.  Features from C23 are also enabled
  by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
  -std=gnu23, -std=c2x or -std=gnu2x.

* The following ISO C23 function families (introduced in TS
  18661-4:2015) are now supported in <math.h>.  Each family includes
  functions for float, double, long double, _FloatN and _FloatNx, and a
  type-generic macro in <tgmath.h>.

  - Exponential functions: exp2m1, exp10m1.

  - Logarithmic functions: log2p1, log10p1, logp1.

* A new tunable, glibc.rtld.enable_secure, can be used to run a program
  as if it were a setuid process. This is currently a testing tool to allow
  more extensive verification tests for AT_SECURE programs and not meant to
  be a security feature.

* On Linux, the epoll header was updated to include epoll ioctl definitions
  and the related structure added in Linux kernel 6.9.

* The fortify functionality has been significantly enhanced for building
  programs with clang against the GNU C Library.

* Many functions have been added to the vector library for aarch64:
    acosh, asinh, atanh, cbrt, cosh, erf, erfc, hypot, pow, sinh, tanh

* On x86, memset can now use non-temporal stores to improve the performance
  of large writes. This behaviour is controlled by a new tunable
  x86_memset_non_temporal_threshold.

Deprecated and removed features, and other changes affecting compatibility:

* Architectures which use a 32-bit seconds-since-epoch field in struct
  lastlog, struct utmp, struct utmpx (such as i386, powerpc64le, rv32,
  rv64, x86-64) switched from a signed to an unsigned type for that
  field.  This allows these fields to store timestamps beyond the year
  2038, until the year 2106.  Please note that applications are still
  expected to migrate off the interfaces declared in <utmp.h> and
  <utmpx.h> (except for login_tty) due to locking and session management
  problems.

* __rseq_size now denotes the size of the active rseq area (20 bytes
  initially), not the size of struct rseq (32 bytes initially).

Security related changes:

The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:

  GLIBC-SA-2024-0004:
    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
    sequence (CVE-2024-2961)

  GLIBC-SA-2024-0005:
    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

  GLIBC-SA-2024-0006:
    nscd: Null pointer crash after notfound response (CVE-2024-33600)

  GLIBC-SA-2024-0007:
    nscd: netgroup cache may terminate daemon on memory allocation
    failure (CVE-2024-33601)

  GLIBC-SA-2024-0008:
    nscd: netgroup cache assumes NSS callback uses in-buffer strings
    (CVE-2024-33602)

The following bugs were resolved with this release:

  [19622] network: Support aliasing with struct sockaddr
  [21271] localedata: cv_RU: update translations
  [23774] localedata: lv_LV collates Y/y incorrectly
  [23865] string: wcsstr is quadratic-time
  [25119] localedata: Change Czech weekday names to lowercase
  [27777] stdio: fclose does a linear search, takes ages when many FILE*
    are opened
  [29770] libc: prctl does not match manual page ABI on powerpc64le-
    linux-gnu
  [29845] localedata: Update hr_HR locale currency to €
  [30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64
  [31316] build: Fails test misc/tst-dirname "Didn't expect signal from
    child: got `Illegal instruction'" on non SSE CPUs
  [31317] dynamic-link: [RISCV] static PIE crashes during self
    relocation
  [31325] libc: mips: clone3 is wrong for o32
  [31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4
    multi-arch version
  [31339] libc: arm32 loader crash after cleanup in 2.36
  [31340] manual: A bad sentence in section 22.3.5 (resource.texi)
  [31357] dynamic-link: $(objpfx)tst-rtld-list-diagnostics.out rule
    doesn't work with test wrapper
  [31370] localedata: wcwidth() does not treat
    DEFAULT_IGNORABLE_CODE_POINTs as zero-width
  [31371] dynamic-link: x86-64: APX and Tile registers aren't preserved
    in ld.so trampoline
  [31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller-
    saved registers
  [31383] libc: _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of
    0 and zero size types
  [31385] build: sort-makefile-lines.py doesn't check variable with _
    nor with "^# variable"
  [31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on
    s390{,x}
  [31405] libc: Improve dl_iterate_phdr using _dl_find_object
  [31411] localedata: Add Latgalian locale
  [31412] build: GCC 6 failed to build i386 glibc on Fedora 39
  [31429] build: Glibc failed to build with -march=x86-64-v3
  [31468] libc: sigisemptyset returns true when the set contains signals
    larger than 34
  [31476] network: Automatic activation of single-request options break
    resolv.conf reloading
  [31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may
    result in a loss of rseq acceleration
  [31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx
  [31518] manual: documentation: FLT_MAX_10_EXP questionable text, evtl.
    wrong,
  [31530] localedata: Locale file for Moksha - mdf_RU
  [31553] malloc: elf/tst-decorate-maps fails on ppc64el
  [31596] libc: On the llvm-arm32 platform, dlopen("not_exist.so", -1)
    triggers segmentation fault
  [31600] math: math: x86 ceill traps when FE_INEXACT is enabled
  [31601] math: math: x86 floor traps when FE_INEXACT is enabled
  [31603] math: math: x86 trunc traps when FE_INEXACT is enabled
  [31612] libc: arc4random fails to fallback to /dev/urandom if
    getrandom is not present
  [31629] build: powerpc64: Configuring with "--with-cpu=power10" and
    'CFLAGS=-O2 -mcpu=power9' fails to build glibc
  [31640] dynamic-link: POWER10 ld.so crashes in
    elf_machine_load_address with GCC 14
  [31661] libc: NPROCESSORS_CONF and NPROCESSORS_ONLN not available in
    getconf
  [31676] dynamic-link: Configuring with CC="gcc -march=x86-64-v3"
    --with-rtld-early-cflags=-march=x86-64 results in linker failure
  [31677] nscd: nscd: netgroup cache: invalid memcpy under low
    memory/storage conditions
  [31678] nscd: nscd: Null pointer dereferences after failed netgroup
    cache insertion
  [31679] nscd: nscd: netgroup cache may terminate daemon on memory
    allocation failure
  [31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer
    strings
  [31682] math: [PowerPC] Floating point exception error for math test
    test-ceil-except-2 test-floor-except-2 test-trunc-except-2
  [31686] dynamic-link: Stack-based buffer overflow in
    parse_tunables_string
  [31695] libc: pidfd_spawn/pidfd_spawnp leak an fd if clone3 succeeds
    but execve fails
  [31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
    with -Wl,--enable-new-dtags
  [31730] libc: backtrace_symbols_fd prints different strings than
    backtrace_symbols returns
  [31753] build: FAIL: link-static-libc with GCC 6/7/8
  [31755] libc: procutils_read_file doesn't start with a leading
    underscore
  [31756] libc: write_profiling is only in libc.a
  [31757] build: Should XXXf128_do_not_use functions be excluded?
  [31759] math: Extra nearbyint symbols in libm.a
  [31760] math: Missing math functions
  [31764] build: _res_opcodes should be a compat symbol only
  [31765] dynamic-link: _dl_mcount_wrapper is exported without prototype
  [31766] stdio: _IO_stderr_ _IO_stdin_ _IO_stdout should be compat
    symbols
  [31768] string: Extra stpncpy symbol in libc.a
  [31770] libc: clone3 is in libc.a
  [31774] libc: Missing __isnanf128 in libc.a
  [31775] math: Missing exp10 exp10f32x exp10f64 fmod fmodf fmodf32
    fmodf32x fmodf64 in libm.a
  [31777] string: Extra memchr strlen symbols in libc.a
  [31781] math: Missing math functions in libm.a
  [31782] build: Test build failure with recent GCC trunk (x86/tst-cpu-
    features-supports.c:69:3: error: parameter to builtin not valid:
    avx5124fmaps)
  [31785] string: loongarch: Extra strnlen symbols in libc.a
  [31786] string: powerpc: Extra strchrnul and strncasecmp_l symbols in
    libc.a
  [31787] math: powerpc: Extra llrintf, llrintf, llrintf32, and
    llrintf32 symbols in libc.a
  [31788] libc: microblaze: Extra cacheflush symbol in libc.a
  [31789] libc: powerpc: Extra versionsort symbol in libc.a
  [31790] libc: s390: Extra getutent32, getutent32_r, getutid32,
    getutid32_r, getutline32, getutline32_r, getutmp32, getutmpx32,
    getutxent32, getutxid32, getutxline32, pututline32, pututxline32,
    updwtmp32, updwtmpx32 in libc.a
  [31797] build: g++ -static requirement should be able to opt-out
  [31798] libc: pidfd_getpid.c is miscompiled by GCC 6.4
  [31802] time: difftime is pure not const
  [31808] time: The supported time_t range is not documented.
  [31840] stdio: Memory leak in _IO_new_fdopen (fdopen) on seek failure
  [31867] build: "CPU ISA level is lower than required" on SSE2-free
    CPUs
  [31876] time: "Date and time" documentation fixes for POSIX.1-2024 etc
  [31883] build: ISA level support configure check relies on bashism /
    is otherwise broken for arithmetic
  [31892] build: Always install mtrace.
  [31917] libc: clang mq_open fortify wrapper does not handle 4 argument
    correctly
  [31927] libc: clang open fortify wrapper does not handle argument
    correctly
  [31931] time: tzset may fault on very short TZ string
  [31934] string: wcsncmp crash on s390x on vlbb instruction
  [31963] stdio: Crash in _IO_link_in within __gcov_exit
  [31965] dynamic-link: rseq extension mechanism does not work as
    intended
  [31980] build: elf/tst-tunables-enable_secure-env fails on ppc

Release Notes
=============

https://sourceware.org/glibc/wiki/Release/2.40

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adam Sampson
Adhemerval Zanella
Alejandro Colomar
Alexandre Ferrieux
Amrita H S
Andreas K. Hüttel
Andreas Schwab
Andrew Pinski
Askar Safin
Aurelien Jarno
Avinal Kumar
Carlos Llamas
Carlos O'Donell
Charles Fol
Christoph Müllner
DJ Delorie
Daniel Cederman
Darius Rad
David Paleino
Dragan Stanojević (Nevidljivi)
Evan Green
Fangrui Song
Flavio Cruz
Florian Weimer
Gabi Falk
H.J. Lu
Jakub Jelinek
Jan Kurik
Joe Damato
Joe Ramsay
Joe Simmons-Talbott
Joe Talbott
John David Anglin
Joseph Myers
Jules Bertholet
Julian Zhu
Junxian Zhu
Konstantin Kharlamov
Luca Boccassi
Maciej W. Rozycki
Manjunath Matti
Mark Wielaard
MayShao-oc
Meng Qinggang
Michael Jeanson
Michel Lind
Mike FABIAN
Mohamed Akram
Noah Goldstein
Palmer Dabbelt
Paul Eggert
Philip Kaludercic
Samuel Dobron
Samuel Thibault
Sayan Paul
Sergey Bugaev
Sergey Kolosov
Siddhesh Poyarekar
Simon Chopin
Stafford Horne
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Wilco Dijkstra
Xi Ruoyao
Xin Wang
Yinyu Cai
YunQiang Su

We would like to call out the following and thank them for their
tireless patch review:

Adhemerval Zanella
Alejandro Colomar
Andreas K. Hüttel
Arjun Shankar
Aurelien Jarno
Bruno Haible
Carlos O'Donell
DJ Delorie
Dmitry V. Levin
Evan Green
Fangrui Song
Florian Weimer
H.J. Lu
Jonathan Wakely
Joseph Myers
Mathieu Desnoyers
Maxim Kuvyrkov
Michael Jeanson
Noah Goldstein
Palmer Dabbelt
Paul Eggert
Paul E. Murphy
Peter Bergner
Philippe Mathieu-Daudé
Sam James
Siddhesh Poyarekar
Simon Chopin
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Xi Ruoyao
Zack Weinberg

--
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, releng)
https://wiki.gentoo.org/wiki/User:Dilfridge
https://www.akhuettel.de/

Tuesday, July 2, 2024

Update on German bureaucracy, or Mitteilungsverordnung hooray!

I've recently posted about the requirement of a German tax id for all reimbursements even of foreign seminar guests, or more precisely, about my frustration thereof. In the meantime I've been talking to colleagues, our faculty administration, read up some legalese texts, and last but not least contacted friends induced in the relevant higher Bavarian mysteries for their opinion and knowledge. The result is interesting, and here's a summary of it.

First of all, while the federal Mitteilungsverordnung ("notification regulation") has not changed recently, it will change as of 1 January 2025 (most relevant, its §8). And indeed it then requires electronic transmission of the notifications and that every payment notification is accompanied by the German tax id of the recipient. Since payments during 2024 are reported beginning of 2025, that change affects us already now. What has not changed is the "Bagatellgrenze", i.e., the fact that payments below 1500,- € per person and year do not require any payment notification and thus also no tax id.

Second, as proposed by the State of Bavaria, the Bundesrat (our second chamber of parliament that represents the states) has requested to raise the "Bagatellgrenze" to 3000,- € per person and year, since even the higher mysteries are of the opinion that the current situation is not really productive (the number was initially fixed as 3000,- DM in 1993 and then converted to 1500,- € ... now how much inflation did we have in the meantime?). The federal government is assessing the situation.

Third, I got the comment that University of Regensburg seems to hand in quite some unnecessary (because of the "Bagatellgrenze") payment notifications. Which is somewhat unsurprising since our central administration (not the Physics department) insists on sending a record of every payment, not just the ones above 1500,- € per person and year. Lovely. #Provinzuniversität #UniversitätRegensburg

At the moment our foreign guests get the application form for the German tax id during their visit together with the remaining reimbursement forms, and need to hand in a passport copy with it. The generated tax id is directly sent to us; once it has arrived the normal reimbursement process is started. Things could be worse. Still, first, the process delays the reimbursement (potentially by weeks, depending on the load of our local tax office), second, requiring all international guests to leave a passport copy and file for a German tax id just to get their plane tickets paid is borderline...

Tuesday, May 28, 2024

German bureaucracy, or: things going downhill, part 1 of n

[Update at end]

I've been working in university research now for quite some time, and one of the great things about it is international cooperation. The sciences live and breathe via cooperation visits, seminar invitations, ... One of the fixtures at probably nearly every university is the faculty colloquium, where each week, covering a wide range of topics, a renowned expert is invited to speak. Then there are locally organized conferences, regular seminars connected to research programs...  And "invited" is the real word here; while typically no remuneration is paid to the speakers, the travel expenses from tickets to hotel costs are reimbursed (within reasonable limits given by guidelines and rules), and of course we strive to make the visit as easy and pleasant for the guest as possible.

Enter Germany, or in this case more precisely Bavaria. Starting 1 January 2024, travel expenses can only be reimbursed to persons with a German tax id number ("Steueridentifikationsnummer"). How about international guests, not German citizens, not living in Germany, you may ask? Well, obviously, they most likely don't have one. So they need to get one! This involves sending a filled-out form with personal data and passport copies by paper mail to our local tax office well in advance, after all processing and assigning this life-long id (and adding them to the German tax register) can take up to 4 weeks. Seriously, I am ashamed to ask this of our international guests who don't intend to stay here long or take up employment here, just so they can get their plane tickets reimbursed, and can fully understand if someone is not happy about it.

And then, once you got over that, you realize that you can't even pre-book some arrangements since the university still has no credit card and thus can't do online bookings.

It's getting worse year by year. Blargh.

Update. So I've been informed in the meantime that here the faculty administration can take care of it (during the visit of the guest? unclear), that it is a matter of 10min and no problem, and that I should not worry about it. (?) Also, it's apparently due to some EU regulation (?) and Berlin is apparently already doing the same as Bavaria. ?!?

Monday, April 1, 2024

The interpersonal side of the xz-utils compromise

While everyone is busy analyzing the highly complex technical details of the recently discovered xz-utils compromise that is currently rocking the internet, it is worth looking at the underlying non-technical problems that make such a compromise possible. A very good write-up can be found on the blog of Rob Mensching...

"A Microcosm of the interactions in Open Source projects"