Links: Git remote branches and Git's missing terminology (and more)
Mark Jason Dominus's Git remote branches and Git's missing terminology (via) is about what it sounds like. This is an issue of some interest to me, since I flailed around in the same general terminology swamp in a couple of recent entries. Dominus explains all of this nicely, with diagrams, and it helped reinforce things in my mind (and reassure me that I more or less understood what was going on).
He followed this up with Git's rejected push error, which covers a
git push' issue with the same thoroughness as his first
article. I more or less knew this stuff, but again I found it useful
to read through his explanation to make sure I actually knew as much
as I thought I did.
Link: The evolution of Unix's overall architecture
Diomidis Spinellis has created a set of great resources for looking at Unix's history. He started with the Unix history rep and has then used that to create block diagrams of Unix's structure in V1 and modern FreeBSD. His article Unix Architecture Evolution Diagrams (via) explains the interesting story of how he put these diagrams together. He also has a site on where manpages appear over Unix versions.
Link: Rob Landley's Linux Memory Management Frequently Asked Questions
Rob Landley's Linux Memory Management Frequently Asked Questions is what it says in the title (via). As of writing this pointer to it, the current version of the FAQ appears to be from 2014, but much of its information is relatively timeless.
Landley's FAQ is good for a lot more than Linux specific information. It's a good general overview of a number of hardware MMU concepts and general Unix MMU concepts. Things like page tables, TLBs, and even memory mappings are basically universal, and the FAQ has a nice solid explanation of all of them and much more.
Link: Introduction to Certificate Transparency for Server Operators
Alex Gaynor's Introduction to Certificate Transparency for Server Operators (via) is what it says in the title, and taught me some things about certificate transparency in practice. Sadly, one of the things it taught me is that once again Lighttpd seems to be coming up short as far as modern TLS goes. I really should switch over my personal site to using Apache, even if it will kind of be a pain because Fedora fumbled good Apache configuration.
(I also hadn't known about Cert Spotter, which has the advantage that you don't need a Facebook login to use it and thus don't have to helpfully (for Facebook) tie one or more domains to your Facebook login. All you need is an email address and on the modern Internet, you already need a source of individualized disposable ones.)
Link: The Unix Heritage Society now has the 8th, 9th, and 10th editions of Research Unix
Today in an email message with the subject of [TUHS] Release of 8th, 9th and 10th Editions Unix, Warren Toomey announced that the Unix Heritage Society has now gained permission to make the source code of Research Unix's 8th, 9th, and 10th editions available for the usual non-commercial purposes. This apparently is the result of a significant lobbying campaign from a variety of Unix luminaries. The actual source trees can be found in TUHS' archive area for Research distributions.
Most people are familiar with Research Unix versions through V7
(the 7th Edition), which was the famous one that really got out
into the outside world and started the Unix revolution. The 8th
through 10th editions were what happened inside Bell Labs after
this (with a trip through BSD for the port to Vaxen, among other
things; see the history of Unix), and because Unix
was starting to be commercialized around when they were being worked
on by Bell Labs, they were never released in the way that the 7th
Edition was. Despite that they were the foundation of some significant
innovations, such as the original Streams and
/proc, and for various
reasons they acquired a somewhat legendary status as the last
versions of the true original strain of Research Unix. Which
you couldn't see or run, which just added to the allure.
You probably still can't actually run these editions, unless you want to engage in extensive hardware archaeology and system (re)construction. But at least the Unix community now has these pieces of history.
Link: Four Column ASCII
Four Column ASCII (via) is a reformatted version of this Hacker News comment that presents the ASCII chart in four columns of 32 characters instead of the usual presentation of eight columns of 16 (as seen eg here). A four column representation makes a number of patterns in ASCII (both bit-wise and otherwise) much clearer, for example why Ctrl-Space, Ctrl-@, and Ctrl-` all generally generate a null byte.
(I suspect that ASCII is traditionally presented in an 8 column by 16 row table because that fits into an 80x24 terminal or terminal window.)
Link: Let's Stop Ascribing Meaning to Code Points
Manish Goregaokar's Let's Stop Ascribing Meaning to Code Points starts out with this:
I've seen misconceptions about Unicode crop up regularly in posts discussing it. One very common misconception I've seen is that code points have cross-language intrinsic meaning.
He goes on to explain the ways that this is dangerous and how tangled this area of Unicode is. I knew little bits of this already, but apparently combining characters are only the tip of the iceberg.
Link: RFC 6919: Further Key Words for Use in RFCs to Indicate Requirement Levels
If you read RFCs, you may know about the standard use of the MUST, SHOULD, and so on key words that come from RFC 2119. RFC 6919, issued April 1st 2013, adds some useful additional key words like "MUST (BUT WE KNOW YOU WON'T)", "REALLY SHOULD NOT", and the like.
By itself this would be amusing and interesting. But what really makes RFC 6919 rewarding to read is that it shows usage examples for each of its new key words that are drawn from existing RFCs. If you have much exposure to how RFCs are actually implemented in the field, this will make you alternate laughter and sad sighs. To quote myself from when I first saw it:
RFC 6919 makes me laugh but it's sad laughter. Such honesty had to be published Monday.
Link: Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms
Adrian Colyer's Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms (via) is a very readable and very interesting summary of an ultimately depressing academic paper on the security vulnerabilities that get induced in C code simply by migrating from 32-bit platforms to 64-bit platforms.
In theory I sort of knew about all of this, but it's one thing to vaguely have heard about it and another thing to see handy comparison charts and examples and so on of how relatively innocent C code introduces real vulnerabilities simply when you rebuild it on 64-bit machines and then expose it to attackers.
Here's a depressing quote from the academic paper to finish up with and motivate reading at least Colyer's summary of the whole thing:
Finally, we make use of this systematization and the experience thus gained to uncover 6 previously unknown vulnerabilities in popular software projects, such as the Linux kernel, Chromium, the Boost C++ Libraries and the compression libraries libarchive and zlib—all of which have emerged from the migration from 32-bit to 64-bit platforms.
That's, well, unfortunate. But not unexpected, I suppose. Maybe all future languages should not have any limited-range numeric types that can have different sizes on different platforms, even if it's theoretically an attractive idea for 'optimization'.
(I don't know what Rust does here, but Go does have
which are either 32 or 64 bits depending on the platform.)
Link: Linux containers in 500 lines of code
Lizzie Dixon's Linux Containers in 500 lines of code is exactly what it says in the title, namely an example of setting up a relatively complete Linux container in 500 lines of code or so. The whole thing is interesting, but for me the really useful bits are the code examples and careful discussion of things like dropping capabilities and installing seccomp filters to block system calls.
(I feel I have a broad understanding of how Linux containers work and the general kernel pieces used to set them up, but I haven't really done anything with either capabilities or seccomp.)
Also, it turns out that reading the footnotes here was very
useful because it led to me discovering the Ubuntu sysctl
kernel.unprivileged_userns_clone, which lets you turn off
unprivileged use of user namespaces. I've wanted this for
some time so it's great to find
out that we can get it on most of our Ubuntu machines.