Spaghetti Code Strikes Again

“During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which as its name implies, notifies of module loading.
 
The thing is, after registering a notification routine for loaded PE images with the kernel the callback may receive invalid image names.
 
After digging into the matter, what started as a seemingly random issue proved to originate from a coding error in the Windows kernel itself.
 
This flaw exists in the most recent Windows 10 release and past versions of the OS, dating back to Windows 2000.”
 
See Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)
Despite decades of work M$ still copies its own mistakes and, buried in a pile of spaghetti, these nightmares come back to torment people decades later.

These episodes continue to convince me I was right to choose GNU/Linux as my operating system. Instead of motivation by greed and abuse of power of monopoly the authours of my OS are working to create the best OS they can. That’s a recipe for success whereas M$ continues to paint itself and all its users into a corner where there’s no easy exit except starting over and they foolishly resist that as more work than the infinite pain of using spaghetti code forever.

I recommend Debian GNU/Linux if you want a good OS that works for you and not against you.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.

This entry was posted in technology and tagged , , , , , , , , . Bookmark the permalink.

41 Responses to Spaghetti Code Strikes Again

  1. oiaohm says:

    But, getting yourself into a huge project to fix something? Please. Very, very few would actually do it. Chances that someone comes up with another solution are higher. See, as a proof, how JS libraries and frameworks come and die every day. Why? Because going into someone else’s code to fix and then merge is hard. Too hard.
    Even that is very few the number is still in the million+ who do. There is 3.2 billion people on-line. We are talking about 1/2000 do this. Million+ still not a highly common number. Yes it about 1/2000 because it not easy.

    But you are talking to a person who has. Ok my patches did not end up included in wine but I did a lot of testing with the developer to get stuff fixed and my incorrect patches did lead the developer to the fault.

    Having the source code of a software library is priceless for developers. It lets them peek into the black-box, and fill-in for themselves the blanks of the documentation.
    This is kind of on the correct line but you have not include all the people who direct benefit from the source code access. As a support person having source code access allows support person to-do a few more tests when something does not work. Support person has option of the following with source using automated code quality tools, running the test suite on used parts, rebuilding with different complier/ complier flags and having full debugger symbols.

    Automated code quality tools can be used when you have two different open source programs that do the same thing to choose what one you should use. Closed source you don’t have this option.

    Running the test suite on used parts this may sound not important but it can be that you have a hardware issue of some form not a software one. Running the test suite that works for other uses with the same libraries and so on can point to a hardware problem not a software one. So source code access does help in diagnosis. You do want the source code of the test suite to make sure it does not have a if statement that changes what it does based on what is running on so giving a false impression.

    Rebuilding with different complier/ complier flags this is at times required because there is nothing wrong with the programs source code itself but the complier used to build it upstream was broken. With closed source this is normally stick to the older version until developer remakes the binary. If the problem is a currently exploited security fault this is really not healthy. Support personal do need to be able to fix items fairly quickly. Source can help here.

    Having full debugger symbols you may not be able to fix the fault but you can trace to what part caused the issue. So is it a library is it a core application fault is it the complier. Reporting to the right department/project does help. Source helps support people work out what department/project bugs should be reported to. It does help support people when paying for support as well to confirm that the fix was not hack that just hid the fault.

    The ones who get no direct benefit form source get the option of better developed programs because as you said the application developers were able to look behind and see exactly what was being done. They have access to support personal who have more options due to support personal having access to source code. When something is said that is fixed they can have more than 1 group confirm that is properly fixed.

    So source access benefits some people directly being developers and support personal. Source access benefits those who are just end users indirectly but it still provides benefits. Those who attempt to say source code does not benefit end users have never bothered checking the indirect effects.

  2. Deaf Spy says:

    WP is written in several languages including PHP, HTML, CSS, JavaScript

    Gee, are HTML and CSS Turing-complete to call them “languages”? 🙂

    But, thanks again. Your entire posts is nothing else but a proof that having access to the source code of a project is of little good to people.

    Having the source code of a software library is priceless for developers. It lets them peek into the black-box, and fill-in for themselves the blanks of the documentation.

    But, getting yourself into a huge project to fix something? Please. Very, very few would actually do it. Chances that someone comes up with another solution are higher. See, as a proof, how JS libraries and frameworks come and die every day. Why? Because going into someone else’s code to fix and then merge is hard. Too hard.

  3. oiaohm says:

    As Jerkface once said, the million man army scouring open source code for bugs and making the occasional bug fix is a myth. Even popular projects like The GIMP have 2 or 3 developers who know the code deeply.
    This is true to a point but if the code was not open source many different groups would not be running their automated assessment software on it.

    Until you look into the Linux kernel and you find that 10 percent of the kernel recorded developers who have just done one time patches. One time patches is being a developer who submit 1 patch that fixed a fault and that is all they ever did. So there are millions who from time to time fix 1 fault across the open source world.

    So the million+ man army fixing random bugs is real but they are not the most productive developers many of those patches have solved some very strange faults that at times the main developers could not work out how to solve. Of course the patches from the million man army do need to be reviewed by maintainers for sanity there are quite a few that get rejected.

    Kurkosdr really quoting idiot jerkface who does not know how to-do research and repeating one of his mistakes is a real idiot move. Apparently you are now grasping at straws.

    Now, will you admit that your article is meaning less and you have no idea how this bug in some obscure Windows kernel-mode function affects “millions of users”?
    Deaf Spy of course you will not admit it you have no clue either. Millions of users are effected by this fault one of the programs that use that function is world of warcraft. So we are talking 10 million users just in that 1 application. So that function might be kind of obscure in documentation but its usage is very common.

    Stub for PsSetLoadImageNotifyRoutine was added to wine in 2011 to allow a long list of applications to work. Lot of applications don’t care if they never get answered. But there are ones out there that do.

    Deaf Spy I am the C coder here. I gave sample code why using undefined memory under Linux is not a random data source.

    Second, Windows has been having tools to send reports since, hm, a decade?
    Debian had that feature first. To be correct reportbug debian is over 20 years old.

    Its one thing to collect reported bugs it another thing to have the personal to process and handle them.

    https://www.theguardian.com/technology/blog/2008/aug/19/howmanypeoplemakewindows7
    There is about 1000 people working on all of Windows. The Linux kernel alone has more personal than that.

    And, introduce a few new bugs or vulnerabilities along. Further, it is possible to fix a bug by patching the binary directly.
    Deaf Spy there is a problem with this logic. Directly patching binaries yes can be used but can you audit your modification correctly without access to what is used in developer most cases no. Reality is to audit a patch you need the source code so you can do more complex checks of your modifications. Full Source code of a program should include the matching test suite as well.

    Remember I gave how it simple to inject code into binaries if you had watched video on topic the person mentions that yes at times the injection fails due to some action that he failed to guess the binary would do and that is because he did not have source code access or test-suite access.

    Nowadays, starting Windows 10, you have your Feedback Hub. Finally, you have the Windows Insider Program.
    Deafspy have you even bothered to watch the feedback hub actions.
    http://winsupersite.com/windows-10/windows-10-build-10525-headed-windows-insiders-microsoft-explains-deleted-feedback

    Something is a little hard to fix instead of leaving it in public view as a problem. Microsoft archives it. So Microsoft has won’t fix just they will not publicly tell you that what you have requested is won’t fix instead archives it to hide what their intention is. Even if Microsoft told you directly that the fault you have reported on feedback hub is won’t fix what could you do about it. Not like you can contract or talk to other parties that are not Microsoft to get it fixed.

    Deaf Spy really about time you do research before attempting to use something to win a point.

    The big advantage of having source code is not being locked to a single vendor if a defect is critical to your operation.

    Really Deaf Spy and Kurkosdr need to learn to do research. Jerkface was not better. Anti-Linux people are so Dependant on made up crap it not funny. There is a true story to tell but its not the story they like to spread.

  4. Deaf Spy threw out some irrelevant myths to support himself: “WordPress, as you know well, is in PHP, which is a scriptie every idiot can learn in 10 minutes.”

    WP is written in several languages including PHP, HTML, CSS, JavaScript and a few other things I forget. I used to tweak the PHP to get WP to work the way I want, like eliminating the “http:” in the URI boxes in which I would paste real URIs with their own “http:”s… Eventually, WP fixed that problem and I mostly leave it alone now as my tweaks would get overwritten occasionally in updates and my tweaks kept getting harder to place. For instance, I had to do the same tweaks in two places, just because… So, now, I do as little as I can with that code as long as it continues to work for me somewhat.

    It may be true that anyone can learn some PHP in minutes but to produce reliable useful code takes weeks of study and years of practice. Even then security may be lacking.

    Here’s a listing of one directory of WP, for illustration:
    ls wp-admin
    about.php edit.php load-styles.php nav-menus.php revision.php
    admin-ajax.php edit-tag-form.php maint network setup-config.php
    admin-footer.php edit-tags.php media-new.php network.php term.php
    admin-functions.php error_log media.php options-discussion.php theme-editor.php
    admin-header.php export.php media-upload.php options-general.php theme-install.php
    admin.php freedoms.php menu-header.php options-head.php themes.php
    admin-post.php images menu.php options-media.php tools.php
    async-upload.php import.php meta options-permalink.php update-core.php
    comment.php includes moderation.php options.php update.php
    credits.php index.php ms-admin.php options-reading.php upgrade-functions.php
    css install-helper.php ms-delete-site.php options-writing.php upgrade.php
    custom-background.php install.php ms-edit.php plugin-editor.php upload.php
    custom-header.php js ms-options.php plugin-install.php user
    customize.php link-add.php ms-sites.php plugins.php user-edit.php
    edit-comments.php link-manager.php ms-themes.php post-new.php user-new.php
    edit-form-advanced.php link-parse-opml.php ms-upgrade-network.php post.php users.php
    edit-form-comment.php link.php ms-users.php press-this.php widgets.php
    edit-link-form.php load-scripts.php my-sites.php profile.php

    There are 19K lines of code in that directory in PHP files. Trying to understand the whole thing or where a tweak should be placed to change one thing is a daunting task. Then there is the CSS which is a nightmare. The principle of CSS is that styles should cascade and the local spec applies yet WP defeats that everywhere. You can put all the CSS you want into a post and only a fraction of it will survive the process. That’s for security from users no doubt but it’s a curse to admins. I’m not out to sabotage my blog. I just want it to appear the way I want. Is that too much to ask? Want to tweak WP’s CSS? There are hundreds of .css files…

    So, no, it’s not minutes to figure out WP.

  5. Deaf Spy says:

    Now, will you admit that your article is meaning less and you have no idea how this bug in some obscure Windows kernel-mode function affects “millions of users”?

  6. Deaf Spy says:

    Robert, Robert… You are wrong in basically every sentence, except for the mythical part, which is too theoretical to be worth attention. 🙂

    A piece of code may indeed only be familiar to a few people but it only takes one motivated person to fix a bug or to discover a vulnerability.

    And, introduce a few new bugs or vulnerabilities along. Further, it is possible to fix a bug by patching the binary directly.
    Finally, I find it strange you are not motivated enough to fix you issues with Linux, WordPress and other floss “gems”. Just saying “I don’t code in C” is lame. WordPress, as you know well, is in PHP, which is a scriptie every idiot can learn in 10 minutes. Except for Fifi, perhaps.

    FLOSS is used by many millions of users and they do have a means to send reports upstream unlike in That Other OS.

    First, what means do these many millions of users have? Please specify.

    Second, Windows has been having tools to send reports since, hm, a decade? Connect launched in 2005 or so. Nowadays, starting Windows 10, you have your Feedback Hub. Finally, you have the Windows Insider Program.

    Your knowledge in IT is both very limited and very obsolete, Robert.

  7. Kurkosdr wrote, “the million man army scouring open source code for bugs and making the occasional bug fix is a myth”.

    The myth is that it’s only a million people. There are way more FLOSS developers than that. A piece of code may indeed only be familiar to a few people but it only takes one motivated person to fix a bug or to discover a vulnerability. FLOSS is used by many millions of users and they do have a means to send reports upstream unlike in That Other OS.

  8. Kurkosdr says:

    I don’t code in C.

    No worries, even if you did, you probably wouldn’t understand the typical FOSS C code, which is mostly nested ifdefs, gotos, and pointers called descriptive things such as pp and ppp.

    As Jerkface once said, the million man army scouring open source code for bugs and making the occasional bug fix is a myth. Even popular projects like The GIMP have 2 or 3 developers who know the code deeply.

  9. Deaf Spy wrote, “Thank you, Robert, for admitting that having the source code is useless.”

    Thank you, Deaf Spy, for showing your lack of vision by even considering source code is useless. Perhaps your “nym” should be Deaf and Blind Spy. No offence meant to the afflicted but this guy’s handicaps are self-inflicted.

  10. oiaohm says:

    Deaf Spy reality
    Thank you, Robert, for admitting that having the source code is useless.
    Robert did not say that. He said others fixed it. The reality is you can not ask other people to fix a program for you if those people cannot access the source code.

    Now you might even admit that your article is meaning less and you have no idea how this bug in some obscure Windows kernel-mode function affects people.

    https://forum.winehq.org/viewtopic.php?t=7798
    Deaf Spy really you have no clue how PsSetLoadImageNotifyRoutine used either. Because the number of programs that access either by loading a driver or by other means is quite a few.

    The reality about being around wine you see all the creative ways application developers doing game protection access all kinds of windows kernel features.

    PsSetLoadImageNotifyRoutine information end up in userspace is quite down right common. With that information being wrong or missing causing errors as well.

    Please note this is a case reading Microsoft documentation will not help you. Working on a project like wine that able to run applications contained and see what application developers have done is required to understand how big of effect PsSetLoadImageNotifyRoutine has. The issue is the number of applications Microsoft will break if they fix PsSetLoadImageNotifyRoutine is a lot more than many people will be thinking. So its not obscure but a go to function for those making copyright protection and anti-cheat systems.

  11. Deaf Spy says:

    That’s right.

    Thank you, Robert, for admitting that having the source code is useless.

    Now you might even admit that your article is meaning less and you have no idea how this bug in some obscure Windows kernel-mode function affects people. Don’t let Fifi distract you or speak for you, he is an renown idiot.

  12. Deaf Spy wrote, “You have the very source code and you can’t fix it?”

    That’s right. I don’t code in C. Others do and they apparently have fixed some problems. I still don’t like how Poettering’s stuff works but it’s now working.

  13. oiaohm says:

    Top this with sound and Wi-Fi not working (something unimaginable in Apple and Windows lands). Bwa-ha-ha-ha-ha!
    Deaf Spy sorry the wi-fi issue under Linux happens to be a common block of code shared with Windows. So Wi-fi working but being unstable under particular network loads is common to Linux and Windows.

    https://www.drivereasy.com/knowledge/laptop-speakers-crackling-on-windows-10-solved/

    Audio trouble happens in Windows interesting enough fairly much it changing equal settings on Windows that you have to change in pulseaudio with the same problems.

    Basically Deafspy stop pretending windows is perfect with audio and wifi the answer is its not. Its interesting how a identical the faults Linux suffers from with wifi and audio as Windows yet some how Linux is bad at it compared to windows.

    Please note one of the wifi encryption issues that turned up when systemd appeared effecting nfs and smb sharing caused kernel lockups in Windows and Linux. So Robert and Linux really was not alone with the problem.

    On wifi and audio the only one without known breakages is Apple stuff but that is because they really restricted the hardware.

    He can’t even explain which domain would be affected, because it is pretty obvious that user applications will be not.
    Sorry Deafspy try again you have it wrong.
    Here’s where Microsoft introduced PsSetLoadImageNotifyRoutine, in Windows 2000. This mechanism, notifies registered drivers, from various parts in the kernel, when a PE image file has been loaded to virtual memory (kernel\user space).
    This is kernel modules and user dll file load notification. So a user application checking when dll loaded could call this function and get a invalid answer.

    http://www.osronline.com/showthread.cfm?link=253156 and people have complained about PsSetLoadImageNotifyRoutine being a inconstant mess for quite some time.

    No point asking robert question when Deaf Spy cannot read what was posted with a clear description of what was effected.

    So some user applications are effected by issues with PsSetLoadImageNotifyRoutine in ntdll.dll not always returning valid information. So PsSetLoadImageNotifyRoutine is a function used in kernel space and exported to user-space with all the security risks that could cause.

  14. Deaf Spy says:

    They made my system resemble TOOS in so many ways, not working and no way to fix it… re-re-reboots

    What?!? You have the very source code and you can’t fix it? You are locked in?!? Re-re-reboots?

    Let’s see. We have:
    1. Having the source code doesn’t help at all.
    2. Locked-in (to systemd).
    3. Re-re-reboots.

    Robert, do you realize you just blew all your anti-MS and anti-closed-source weapons?

    Top this with sound and Wi-Fi not working (something unimaginable in Apple and Windows lands). Bwa-ha-ha-ha-ha!

  15. Deaf Spy says:

    “What is really pathetic is thinking that an esoteric bug that is fixed or will be fixed is going to be the sole motivation for someone to dump an otherwise working set of applications and experience to implement linux as ones replacement desktop”

    This, and the fact that Robert still can’t explain how this bug would affect developers and users. He can’t even explain which domain would be affected, because it is pretty obvious that user applications will be not. (This is a kernel function)

  16. oiaohm says:

    Robert Pogson I come from the wine project background doing support. You can see the direct drop off in wine audio bugs after Pulseaudio was introduced. Reality is before pulseaudio the audio stack was broken. Lot of people had works for me combinations. Please remember wine project remained using alsa output for a very long time so the project was on the receiving end of direct effect of Pulseaudio on the kernel audio drivers. So running pure ALSA setup today is better than the time before pulseaudio.

    We are seeing the same thing with systemd. Where the cgroup and namespace system were not ready to be used when systemd appears. But due to systemd being a default and having to work the cgroup and namespace system has got reworked and is being fixed.

    On NFS over wireless got interesting. Systemd did expose a kernel driver bug with NFS over wireless to be correct encrypted wireless that still has not been fully fixed. Did explain the odd cases where with sysvinit where wifi and NFS would fail. Just systemd made that fault way more repeatable.

    Firefox demanding pulseaudio kind of makes sense.
    1) Firefox own code for sound mixing on Linux only support 2.1 at best.
    2) On android, windows and os x the used the system provided mixing.
    3) the old Linux firefox audio code contain workarounds for fault that no longer existed in alsa due to the effect of pulseaudio.
    4) Pulseaudio is a stable ABI so you can use apulse to have pulseaudio dependent applications work without a pulseaudio server.
    5) Killer feature of the Pulseaudio ABI is the ability to configure audio mixing on fly compared to default ALSA that is configure audio mixing on application start. Yes apulse provides that feature on top of ALSA to allow application to on the fly mixer configuration.

    Really with all these points I cannot say firefox/mozilla has done the wrong thing going pulseaudio abi only. Allows alsa quirks to be managed in two places either apulse or pulseaudio instead of each individual application. NIH syndrome you really do have to watch out for. Yes pushing for applications to directly support ALSA can cause a lot of NIH where each application is duplicate what other applications are doing.

    Maybe people would have been less upset if firefox had gone gstreamer or the like instead the big but here is that the pulseaudio ABI has less ABI breakage than most of the other choices. I would complain about that change if I could find points correctly justify complaining. The reality if you check everything firefox choice was a very valid one. The fact other options like gstreamer have been having more ABI breakage for a party providing binaries like Mozilla does is not a tolerable problem. Yes there is less ABI breakage using pulseaudio ABI than using the raw alsa ABI.

  17. oiaohm wrote, “Is pulseaudio improvement over what came before on Linux yes. Is pulseaudio perfect no its not.”

    The trouble with Poettering’s works are not that they are not good but that they were made defaults before they were ready. I think it was several years before I could get PA to work for me. It seems fine today but just a year or two it would crash, freeze or just refuse to work. I was really annoyed when some browsers insisted on using PA. I actually went without sound from the browsers for more than a year simply because PA did not work for me. Now it installs and works pretty well as far as I can tell, with no issues. I wish systemd would evolve a little faster too. It was a step backwards when both were introduced. They made my system resemble TOOS in so many ways, not working and no way to fix it… When I was trying to get NFS to work on the late notebook PC, systemd seemed to require re-re-boots just to start NFS over wireless. I was glad when the system’s WiFi finally died. TLW is quite comfortable with NFS over copper on ARM these days.

  18. oiaohm says:

    kurkosdr I don’t look at pulseaudio as bad as you do. I remember artsd and esound before pulseaudio existence. Both artsd and esound suffered from ABI breakage this was one of the choices if you wanted to run kde applications you had to have artsd and if you wanted to run gnome applications you had to have esound and both were incompatible with each other.. Pulseaudio got rid of sound server and desktop environment being linked.

    Is pulseaudio improvement over what came before on Linux yes. Is pulseaudio perfect no its not.

    There is a lot of complaining about Pulseaudio that most not looking at Pulseaudio on it merits compared to what it replaced. So Poettering has a history of putting up better that what existed just not perfection.

    kurkosdr you missed on of the big ones about sysinit design that is defective. Linux kernel recycles PID numbers. Sysv the OS never did. So two init scripts running the same process name if 1 has crashed it is possible for the second one to be run with the same PID number under Linux so now status on both appears that they are both running when only one is. The idea of using PID file to track services has to die.

    I would like to see more work on like openrc and other init systems support cgroups/namespaces that don’t fail from PID recycling. Of course the biggest yell against doing this is this is no covered by the posix standard. Reality the posix standard does not include enough to write a init system that works on any OS that does PID recycling. If we want posix standard init system that work the Posix standard need to be revised.

  19. kurkosdr says:

    We did until Poettering made GNU/Linux a moving target.

    BTW, I am starting to look at one of Poettering’s works with more respect than before (systemd that is, pulseaudio is still unsalvageable).

    Init.d has the following fatal flaw:
    If I have a certain init.d script and I launch a bunch of processes from that script, init.d cannot stop the processes launched from that script. Sure, most init.d scripts have something that looks like a stop function, but all it actually does is a blind kill of all the processes launched from the binary.

    Which is a problem if you want to have two init.d files launching the same binary with different arguments, and want to be able to stop processes launched from the first init.d file but not stop processes launched from the second init.d file. If so, you have to “roll your own” and store the arguments after launch somewhere, and then do a pkill -f based on arguments during stop.

    Systemd doesn’t even require an ExecStop, it just takes care of it.

    Systemd also offers parameterized units in the form of my_service@instance_name for example (with each instance having its own env file and be set to start at boot). With init.d you have to hack it around with symlinks to a “generic” init.d file and capture the $0 argument from the command line in the “generic” file.

    Then there is the issue of init.d having no standard logging system, it’s all a “roll your own” hack that involves shell redirection.

    All in all, init.d is a giant hack on the unix shell, systemd is a service management framework (which pretends to be an init system so the Pogs of this world won’t get angry for their OS becoming too modern)

    As with most things old unix (old linux), init.d is good enough as long as you won’t try to do anything non-trivial with it. Then you are on “roll your own” land.

  20. wizard emiritus says:

    “I say you are making a fuss out of nothing, but you readily ignore fiascos like Heartbleed. Pathetic.”

    What is really pathetic is thinking that an esoteric bug that is fixed or will be fixed is going to be the sole motivation for someone to dump an otherwise working set of applications and experience to implement linux as ones replacement desktop.

  21. Grece says:

    You left out the colloquial “It’s all good” Robert.

  22. oiaohm says:

    Deaf Spy
    I say you are making a fuss out of nothing, but you readily ignore fiascos like Heartbleed. Pathetic.
    openssl heartbleed is still turning up on windows due to library bundling. Really issues like heartbleed are examples of why snappy and flatpak idea of placing applications shipping bundled libraries in a sandbox to limit system threat is correct.

    Robert, would you please explain, in your own words, what is the impact of this bug, which type of users would be affected, what developers and types of applications would be impacted?
    Deaf Spy really name a Linux bug of the same type first. Please note this is not heartbleed to prove that you know enough to even read if robert answers you. I could list 40 Linux kernel bugs that have been patched in history of the same class so it should be quite simple to find if you know the right descriptions.

  23. Grece, giving us another example of Garbage In/Garbage Out, wrote, “a feeble old man living in a shit-hole backwater hick town”.

    I don’t live in a town at all. We are suburban and between towns. I would prefer the bush but this is as close as I can get TLW to live. She’s only visited the bush two or three times in her life and it wasn’t for her. Nearby towns, none of which fit Grece’s description, are Winnipeg, Selkirk, Lockport, and Stonewall. There are smaller ones a bit further away but these are ones I often visit for business/pleasure and they are just fine. Selkirk, for instance, has a world-class catfishery, an older section where folks really go all out to make beautiful lawns and gardens, several big box stores, a police station and a marine museum to name a few amenities. It’s also where I buy my hunting and fishing licences.

    *smiles*

  24. Grece says:

    Oh yes, a feeble old man living in a shit-hole backwater hick town, knows way more then a multi-billion dollar business.

    *rolls eyes*

  25. Deaf Spy says:

    Robert, would you please explain, in your own words, what is the impact of this bug, which type of users would be affected, what developers and types of applications would be impacted?

    I say you have absolutely no idea. I say you are making a fuss out of nothing, but you readily ignore fiascos like Heartbleed. Pathetic.

  26. oiaohm says:

    Kurkosdr by the way if your pulseaudio and X11 claims were not lier lier pants on fire the snappy on latest 14.04 would not be possible.

    There are still limitations to flatpak like not having device handling for how to pass device access to flatpak applications. The limitations of what application can be in flatpak are reducing.

    Reality most of the anti-Linux arguments have been a mixture of lie and truth. With the recent changes coming more current day lie than truth.

    As I always have said that running new on old and old on new has been possible on Linux. This has always been true the issue has been interface. As the interface is being sorted out lot of the arguments against Linux that have only been half truth will have to be stopped being used because they will become 100 percent lie.

  27. oiaohm says:

    Kurkosdr lie or not you read it. Reality when you have not read my posts you stick to the same arguments.
    http://www.omgubuntu.co.uk/2017/02/install-snap-apps-ubuntu-14-04
    The OS should be able to install the latest version either from an app store or from the official site
    https://nightlies.videolan.org/build/snap/
    Basically there is a official way to install newer vlc package on 14.04 its snappy. Yes latest version of VLC has been able to be got from the VLC site for 14.04 for quite some time since august last year. Just the VLC website has not updated to make it easy find.

    Interesting enough that snappy package can be used under debian as well.

    Kurkosdr so really you complaint should be about VLC not providing how to get the other install option on their website in an easy to access way. Basically you information is getting very out of date. Please note 14.04 can also use flatpak.

    Kurkosdr snappy is ubuntu officially way of doing backwards compatibility since 1 of feb this year.

    chroot, docker, flatpak and snappy all have installed the right glibc for the application.
    Not that I have not mentioned snappy enough time Kurkosdr maybe you should not ignore my posts because by ignoring them you just prove you are an out of date idiot.

  28. Kurkosdr says:

    apo store = app store

  29. Kurkosdr says:

    As much as I would like to take time to read Ohioan’s brain core dumps… bahahaha! Who am I kidding… I don’t want to do that.

    What I can tell to Ohioham is that the Ubuntu 14.04 OS that my netbook is using is stuck to an old version of VLC (according to the Ubuntu Software Centre), and when visiting the VLC official site it redirects me back to the Ubuntu Software Centre. And no, I do not want to deal with unofficial PPAs and whatnot. The OS should be able to install the latest version either from an apo store or from the official site (just like the older Windows 7 OS on the same netbook does).

    Call me when this little problem has been fixed and the OS behaves like a normal OS.

    And no Pog, I don’t want to go to a constantly breaking aka rolling release distro either.

  30. oiaohm says:

    Grece
    If Linux was so great, everyone would be using it. It is not a stretch of the imagination that Microsoft would take Linux and build on top of that if it was so good, but they haven’t done that so that right there tells you something.
    Google took Linux built on top of it and is now the most dominate user interface to the web. So maybe Microsoft missed the boat.

    https://www.theregister.co.uk/2016/03/09/microsoft_sonic_debian/
    https://www.microsoft.com/en-us/sql-server/sql-server-2017
    We are seeing Microsoft dipping their toes deeper and deeper into Linux.

    Grece basically we are seeing Microsoft starting to build on top of Linux. Of course of everyone is using Linux this could ruin Microsoft connection limit separation between desktop and server. So the most likely reason why Microsoft Desktop OS is not Linux core is nothing more than wanting to keep the server/desktop split for extracting more money.

    The reality is even Microsoft is dealing with Linux. But there is something interesting for critical systems Microsoft chooses Debian. Yet we have idiots say that Debian is not an enterprise OS.

    Grece basically claiming Microsoft is not building on top of Linux is another case of not research stuff before using an idea to push a point of view. Microsoft is building on top of Linux these days get use to it.

  31. Grece says:

    If Linux was so great, everyone would be using it. It is not a stretch of the imagination that Microsoft would take Linux and build on top of that if it was so good, but they haven’t done that so that right there tells you something.

  32. oiaohm says:

    Ivan the open source world does have the fix. But the problem is not all parties implement it.
    https://ostree.readthedocs.io/en/latest/

    Samsung has not been using ostree or any form of roll back system. Instead uses there own system.
    https://source.tizen.org/documentation/reference/bmaptool/introduction
    Yes one of the missing features of bmap is lack of rollback in case of bad update.

    Safe embedded development does recommend a rollback system. Its not like a desktop debian where you can insert boot media access then chroot in to fix a package fail. Functional systems exist in the Linux world for rollback.

    or not. Time to move the goalposts, Petey.

    Ivan really you are moving the goal posts here we are talking about desktop/server linux/windows and you move to embedded. Yes you do find windows embedded systems with the windows rollback system disabled for space.
    https://msdn.microsoft.com/en-us/library/windows/desktop/aa368307(v=vs.85).aspx
    If a embedded vendor decide to run without a safety net it is their fault. Tizen by other parties that are not samsung have be implemented on a ostree with boot loader roll back option before the other party is Intel.

    Samsung bad update was also lack of quality control. The samsung one you pointed to it was not that samsung would not fix like this recent Microsoft one.

    Ivan reality here Linux is a world of different things. Some are very well made and some are not.

    Basically Ivan you are just like Kurkosdr point under researched. The samsung problem is not Linux ecosystem problem. The samsung problem is NIH syndrome so not use the best from the Linux ecosystem and making and using a second rate copy that is bmap. Worked ok for a while.

    EndlessOS is a debian based made for embedded usage. EndlessOS does kernel updates monthly without single case of bricked. I could list more and more Linux world embedded who get it right all the time. Samsung bricked made the news because it failed and how rare that is.

  33. Ivan says:

    Linux is simply wonderful and they’ve totally fixed that update problem…

    http://www.zdnet.com/article/samsungs-bad-software-update-bricks-smart-tvs/

    or not. Time to move the goalposts, Petey.

  34. ram says:

    I find Linux Mint works for me on all Internet and desktop applications. My company uses Debian on its multitude of servers, some of which have thousands of cores.

    Both AMD and NVidia have really raised their Linux support, especially since Intel does all its Linux graphics support as an open source project.

  35. oiaohm says:

    https://abi-laboratory.pro/tracker/timeline/glibc/
    Kurkosdr now if you were yelling about glibc as causing breakage you would in fact have documentation backing you case. Pulseaudio and X11 recent years no real ABI breakage. But notice glibc here is different to the Pulseaudio one.

    Pulseaudio read Backward Compatibility status 100 percent so no breakage. But glibc is running a few percentage points down on every release. glibc is one of the major reason why you cannot old and new distribution packages with ease. This is not the Linux kernel with problem. This is glibc with problem.

    chroot, docker, flatpak and snappy all have installed the right glibc for the application.

    Oh, and the stupid one-repo-per-OS-version approach.
    This is not exactly what you think it is. 1 repo matched to a glibc is more what is really is. With the way glibc changes not a good idea run applications with wrong glibc. Does this happen under windows yes. Notice how many applications install particular visual studio runtime files again to match libc to application.

  36. oiaohm says:

    Even then, during upgrading there were problems with proprietary WiFi drivers and WiFi firmware, proprietary GPU drivers,
    Kurkosdr that list is generic for Windows or Linux. Linux does have open source wifi drivers for supported hardware that are more dependable. Now if you were putting Linux on a system that need proprietary wifi drivers it was not really Linux compatible.

    X.org compatibility breakages on app
    That goes back to how to clean up and document X11. The X11 standard had grown huge. How X.org found what was used they broke the feature and found out if anyone yelled about in 12 months if no one was using it they removed the feature completely if someone was using it they invested the resources into documenting it. That stopped about 4 years ago.

    no switchable graphics
    https://wiki.archlinux.org/index.php/PRIME this is not 100 percent true any more. It took a while to get AMD and Nvidia to start agree to use the same interfaces on Linux. Things in this department is getting better its been pulling teeth but at long last everyone is getting on the same page and using standard instead individually created solutions. Please note windows has issues in the same area on some laptops due to individually created solutions.

    VMWare drivers breaking
    https://communities.vmware.com/thread/516581
    Sorry another item that universal. VMWare does not make the best drivers for any OS.

    X.org most cases application are not falling due to this. When you chroot a debian snapshot from 2005 90+ percent of the debian graphical applications run with current day X11 server without any issues. Even flatpak found this the biggest issue was wrong opengl library version. Even with pulseaudio the issues are quite limited. One thing pulseaudio can do that is insane is pulseaudio in pulseaudio. How is this done simple pulseaudio can show as alsa device to another pulseaudio server.

    I have not seen a single documented case of a newer pulseaudio server causing a application using a old version of pulseaudio libraries to fail.

    https://abi-laboratory.pro/tracker/timeline/pulseaudio/
    Kurkosdr like it or not there has not been a single ABI breakage ever with pulseaudio that prevent old application from working on new pulseaudio server. New applications of pulseaudio most will work on old pulseaudio servers as well due to the protocol being designed that way. Its only new programs refusing to deal with old server with pulseaudio and developer has to set that or pulseaudio libraries will fall back and support the old pulseaudio server.

    So there is a big problem with your idea that the ABI is unstable. The reality is large percentage of the Linux ABI is stable.

    The pain is normally high up in likes of GTK and QT where ABI standards are not as good. Under windows and android those toolkit issues are solved by bundling.

    Kurkosdr really with your constantly breaking claim you need to wake up there is documentation when abi breaks. Reality the ones you are blaming have not been to blame for the past 4 years +. Pulseaudio issues were in fact the alsa driver layer being a disaster with drivers only partly implementing what alsa documentation said should be implemented so when you attempted to drive them as per documentation everything went wrong. Before Pulseaudio anyone working with wine or other sound servers knew about this problem.

    There is a lot of blame non guilty parties going on.

  37. Kurkosdr says:

    What Microsoft monopoly?

    If you take into account the margins Apple makes on each machine, the desktop and laptop market is a duopoly.

    Microsoft has a monopoly on the only complete implementation of win32 and win64 though. For all their preaching about vendor lock-in, FOSSies never managed to produce a credible multiplatform alternative. The best they managed is HTML+JS and Java, which are not the same. The only thing close they managed to deliver is PulseAudio and X.org, which are tied to a specific implementation themselves, are just as insufficiently documented, but are also constantly breaking.

  38. Grece says:

    What Microsoft monopoly?

    People can use whatever they like Robert, there us no mandate tgat everyone use Microsoft software.

  39. Kurkosdr says:

    We did until Poettering made GNU/Linux a moving target.

    Even then, during upgrading there were problems with proprietary WiFi drivers and WiFi firmware, proprietary GPU drivers, X.org compatibility breakages on apps, VMWare drivers breaking and other things you might consider unnecessary or evil but the free market deems necessary.

    You are referring to a past that never existed.

  40. Kurkosdr wrote, “we don’t leave in a perfect utopian where everybody upgrades to the newest version of the OS immediately and has no breakages, especially in Desktop Linux land.”

    We did until Poettering made GNU/Linux a moving target. Still, simple systems do dist-upgrade without issues in Debian. Standard desktops are not a problem.

  41. Kurkosdr says:

    I find it curious that Microsoft hasn’t started a sideproject to reimplement the win32 and win64 API from scratch all these years. You know, a Redmondian fuschia OS.

    Still, moving to Desktop Linux, with its bad GPU drivers (esp the Nvidia ones), bad suspend support, no switchable graphics and awful pulseaudio is too much for me.

    Oh, and the stupid one-repo-per-OS-version approach. Truth be said, the Desktop Linux people saw this and try to fix the problem with flatpak, but I will wait till it becomes the defacto method of delivering apps.

    The one repo/app-store per version approach is the perfect guarantee to make sure your OS dies in the market. It is what killed Windows Phone, or at least the biggest contributor. When it became clear that WP7 phones wouldn’t run any WP8 apps, while Android 2.x phones would run most 4.0 apps, I saw the market shifting away from WP before my own eyes, just when WP had started to barely takeoff. When carrier shops heard they were left with completely useless WP7 stock that wouldn’t run most new apps users wanted, they became Android and iOS shops.

    Desktop Linux had the one repo/app store problem since forever, on top of its other problems.

    I want to see it fixed before I leave Windows.

    And no, we don’t leave in a perfect utopian where everybody upgrades to the newest version of the OS immediately and has no breakages, especially in Desktop Linux land.

Leave a Reply

Your email address will not be published. Required fields are marked *