Cloning the Linux Kernel repository takes time. We don’t need every commit ever for our work. But we do need multiple branches. Here are some numbers for how long it takes to do various operations.
Continue readingNow that I have cleaned the loop up somewhat, we can continue with the process of refactoring the code. This is a continuation to the article series I started here.
This next step really moves beyond refactoring. I have identified that the intended backtracking was not actually implemented in the code. Instead, The whole board is wiped and restarted many times, causing a decent slowdown in execution. My refactoring process thus far has allowed me to understand the code well enough to attempt and improvement.
Continue readingIn my last article on the Long Refactoring series, I elided the process I went through to solve the bug. While preparing to turn the articles into a presentation, I went through the steps myself again, and came across the bug. When I was writing the articles, I was pressed for time, and didn’t go through the process of solving it step by step, which in turn means there is a gap between the pre-and-post states of the code: you can’t get there from here.
Let me take it from where I mentioned that I found a bug, and added the unit test that shows it.
Assuming PRINCIPAL is your Kerberos principal and $IPASERVER is the FQDN of your server, you can query your identity on the IPA server via curl:
kinit $PRINCIPAL
curl -k -H referer:https://$IPASERVER/ipa -H "Content-Type:application/json" -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method":"whoami","params":[[],{"version": "2.220"}],"id":0}' -X POST https://$IPASERVER/ipa/json
{"result": {"object": "user", "command": "user_show/1", "arguments": ["ayoung"]}, "version": "4.5.4", "error": null, "id": 0, "principal": "ayoung@YOUNGLOGIC.COM"}This is handy if your system is not registered as an IPA client.
To fetch by username:
curl -k -H referer:https://$IPASERVER/ipa -H "Content-Type:application/json" -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method": "user_show", "params": [[ "ayoung" ], { "all": true, "rights": true } ]}' -X POST https://$IPASERVER/ipa/json
It took me a couple months to get back to my patch, and in the interim, I forgot everything about formatting a patch series to LKML. Here’s what I have remembered.
Continue readingdmidecode -t processor | grep Version
Version: Ampere(R) Altra(R) Processor
Version: Ampere(R) Altra(R) Processor
Role Based Access Control (RBAC) as defined by NIST is based on the concept of global roles. Global, in this case, means the scope of the application. So if you have the role of ADMIN, and you are in a globally scoped RBAC based application, that role applies to all APIs and resources within the program.
OpenStack was written assuming that the ADMIN role was a global role. But then it was implemented as a non-global role. It was implemented as a role scoped to a tenant. The term tenant was the original (and I would argue, better) term for what was later called Project, and then again expanded to Domains as well.
Continue reading#bin/bash
KOJI_URL=https://kojipkgs.fedoraproject.org/packages/kernel/6.12.0/0.rc3.20241015giteca631b8fe80.32.eln143/aarch64/
curl $KOJI_URL > aarch64.dir.html
for PACKAGE in `xmllint --html --xpath "//html/body/pre/a/@href" aarch64.dir.html | awk -F\" 'NR % 2 == 0 { print $2 }' `;
do
URL=$KOJI_URL/$PACKAGE ;
echo $URL; wget $URL;
done
Modify the URL to fetch a different architecture, version, or package.
The version of xmllint I am running does not support fn:string. If it did, the “for PACKAGE” line can be redone as:
for PACKAGE in `xmllint --html --xpath "string(//html/body/pre/a/@href)" aarch64.dir.html` ;