I was in a conversation about the Python GIL with friends a few days ago, and realized that my understanding of the specifics of the GIL problem were super hand-wavy & unstructured. So I spent some time collecting resources to learn more, and now have a better understanding!

Python’s Infamous GIL (Larry Hastings)

This was a great introduction to the history of the GIL, why it was necessary & reasons why getting rid of it is complicated.

Understanding the Python GIL (David Beazley)

This has wonderful visualizations that really helped me understand exactly why multi-threaded python behaves the way it does. Multithreading decreases performance, adding more cores decreases performance & disabling cores increases performance :) All of this made vague hand-wavy sense to me before, and make much more concrete sense now.

It isn’t easy to remove the GIL (Guido van Rossum)

A blog post from the BDFL of python, after yet another request to ‘just get rid of the GIL’.

It set the (pretty high) bar for inclusion of a GIL removal patch (that he makes clear he will not write) in Python:

I’d welcome a set of patches into Py3k only if the performance for a single-threaded program (and for a multi-threaded but I/O-bound program) does not decrease.

Not been met yet!

An Inside Look at the GIL Removal Patch of Lore (Dave Beazley)

There was an attempt in about 1999 to remove the GIL - the ‘freethreading’ patch. This is a wonderful analysis of that patch - what it tried to do, why it disappeared, what the performance costs of it were, etc. Something that really stood out to me and makes me feel not very hopeful about GIL removal in CPython was:

Despite removing the GIL, I was unable to produce any performance experiment that showed a noticeable improvement on multiple cores. Really, the only benefit (ignoring the horrible performance) seen in pure Python code, was having preemptible instructions.

This seems to be still true, even in the Gilectomy branch.

Gilectomy (Larry Hastings)

This is the only talk about a recent (~2016) GIL removal attempt.

It is amazing work, but doesn’t give me much hope. There’s been no new commits to the public git repo for about 5 months now, so am unsure what the state of it now is.

There’s probably many more - let me know if you know any, and I’ll update this when I find out more!

Gilectomy - 2017 (Larry Hastings)

PyCon 2017 just happened, and Larry Hastings gave another talk!

It seems to have had a lot of intense work done on it, and the wall clock time graph in it warms my heart! I’ve a little more hope now than I did after the 2016 talk :D

I earlier had a vaguely working setup for making sure browsers, shells and other applications don’t eat all RAM / CPU on my machine with systemd + sudo + shell scripts.

It was a hacky solution, and also had complications when used to launch shells. It wasn’t passing in all the environment varialbes it should, causing interesting-to-debug issues. sudo rules were complex, and hard to do securely.

I had also been looking for an excuse to learn more Golang, so I ended up writing systemd-simple-containment or ssc.

It’s a simple golang application that produces a binary that can be setuid to root, and thus get around all our sudo complexity, at the price of having to be very, very careful about the code. Fortunately, it’s short enough (~100 lines) and systemd-run helps it keep the following invariants:

1. It will never spawn any executable as any user other than the ‘real’ uid / gid of the user calling the binary.
2. It doesn’t allow arbitrary systemd properties to be set, ensuring a more limited attack surface.

However, this is the first time I’m playing with setuid and with Go, so I probably fucked something up. I feel ok enough about my understanding of real and effective uids for now to use it myself, but not to recommend it to other people. Hopefully I’ll be confident enough say that soon :)

By using a real programming language, I also easily get commandline flags for sharing tty or not (so I can use the same program for launching GUI & interactive terminal applications), pass all environment variables through (which can’t be just standard child inheritence, since systemd-run doesn’t work that way) & the ability to setuid (you can’t do that easily to a script).

I was sure I’d hate writing go because of the constant if err != nil checks, but it hasn’t bothered me that much. I would like to write more Go, to get a better feel for it. This code is too short to like a language, but I definitely hate it less :)

Anyway, now I can launch GUI applications with ssc -tty=false -isolation=strict firefox and it does the right thing. I currently have available -isolation=strict and -isolation=relaxed, the former performing stronger sandboxing (NoNewPrivileges, PrivateTmp) than the latter (just MemoryMax). i’ll slowly add more protections here, but just keep two modes (ideally).

My Gnome Terminal shell command is now ssc -isolation=relaxed /bin/bash -i and it works great :)

I am pretty happy with ssc as it exists now. Only thing I now want to do is to be able to use it from the GNOME launcher (I am using GNOME3 with gnome-shell). Apparently shortcuts are no longer cool and hence pretty hard to create in modern desktop environments :| I shall keep digging!

Update: There’s a follow-up post with a simpler solution now.

Ever since I read Jessie Frazelle’s amazing setup (1, 2, 3) for running GUI applications in docker containers, I’ve wanted to do something similar. However, I want to install things on my computer - not in docker images. So what I wanted was just isolation (no more Chrome / Firefox freezing my laptop), not images. I’m also not as awesome (or knowledgeable!) as Jess, so will have to naturally settle for less…

So I am doing it in systemd!

Before proceeding, I want to warn y’all that I don’t entirely know what I am doing. Don’t take any of this as security advice, since I don’t entirely understand X’s security model. Works fine for me though!

GUI applications

I started out using a simple systemd templated service to launch GUI applications, but soon realized that systemd-run is probably the better way. So I’ve a simple script, /usr/local/bin/safeapp:

#!/bin/bash
exec sudo systemd-run  \
    -p CPUQuota=100% \
    -p MemoryMax=70% \
    -p WorkingDirectory=$(pwd) \
    -p PrivateTmp=yes \
    -p NoNewPrivileges=yes \
    --setenv DISPLAY=${DISPLAY} \
    --setenv DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS} \
    --uid ${USER} \
    --gid ${USER} \
    --quiet \
    "$1"

I can run safeapp /opt/firefox/firefox now and it’ll start firefox inside a nice systemd unit with a 70% Memory usage cap and CPU usage of at most 1 CPU. There’s also other minimal security stuff applied - NoNewPrivileges being the most important one. I want to get ProtectSystem + ReadWriteDirectories going too, but there seems to be a bug in systemd-run that doesn’t let it parse ProtectSystem properly…

Also, there’s an annoying bug in systemd v231 (which is what my current system has) - you can’t set CPUQuotas over 100% (aka > 1 CPU core). This is annoying if you want to give each application 3 of your 4 cores (which is what I want). Next version of Ubuntu has v232, so my GUI applications will just have to do with an aggregate of 1 full core until then.

The two environment variables seem to be all that’s necessary for X applications to work.

And yes, this might ask you for your password. I’ll clean this up into a nice non-bash script hopefully soon, and make all of these better.

Anyway, it works! I can now open sketchy websites with scroll hijacking without fear it’ll kill my machine!

CLI

I wanted each tab in my terminal to be its own systemd service, so they all get equitable amount of CPU time & can’t crash machine by themselves with OOM.

So I’ve this script as /usr/local/bin/safeshell

`#!/bin/bash
exec sudo systemd-run \
    -p CPUQuota=100% \
    -p MemoryMax=70% \
    -p WorkingDirectory=$(pwd) \
    --uid yuvipanda \
    --gid yuvipanda \
    --quiet \
    --tty \
    /bin/bash -i

The --tty is magic here, and does the right things wrt passing the tty that GNOME terminal is passing in all the way to the shell. Now, my login command (set under profile preferences > command in gnome-terminal) is sudo /usr/local/bin/safeshell. In addition, I add the following line to /etc/sudoers:

%sudo ALL = (root) NOPASSWD:SETENV: /usr/local/bin/safeshell

This + just specifying the username directly in safeshell are both hacks that make me cringe a little. I need to either fully understand how sudo’s -E works, or use this as an opportunity to learn more Go and make a setuid binary.

To do

[ ] Generalize this to not need hacks (either with better sudo usage or a setuid binary) [ ] Investigate adding more security related options. [ ] Make these work with desktop / dock icons.

I’d normally have just never written this post, on account of ‘oh no, it is imperfect’ or something like that. However, that also seems to have come in the way of ability to find joy in learning simple things :D So I shall follow b0rk’s lead in spending time learning for fun again :)

Keeping a running list of things I want to learn!

There’s also a list of things I want to build.

• How to use org mode properly? Should I use it for notes over markdown?
• Develop a deep understanding of how networks work.
• How do linux network namespaces work?
• How to run GUI apps with systemd?
  • I did learn! Both a hacky version and a much better version that also taught me some Go!
• What exactly is a ’tty'?
• How does HTTP2 actually work?
• How do X509 / TLS certificates work?
• How to use cgroups directly?
• Can I just use emacs terminals for all my terminal needs?
• How does NFS work, and why is it so crappy?
• How does ssh work?
• How does mosh work?
• How do contact lenses work? HOW DO LENSES WORK?
• Can I simply run a local DNS recursor on my laptop for performance & blocking me from visiting the orange website?
• What is SELinux? Why and how would I use it?
• What is AppArmor? Why and how would I use it, over SELinux?
• What is seccomp, and when/why/how would I use it?

If you know of resources that’ll help me learn these things, do let me know!

I’m attempting to now blog at http://words.yuvi.in, using hugo rather than wordpress.

Over the last few years, IRC, Twitter & WhatsApp have ruined my public writing. I shall now slowly attempt to bring that back :)

I ran into this thought provoking though when randomly attempting to relax this weekend. There’s a summary at LWN if you do not want to watch the talk - but as the lwn summarizer admits, the video definitely conveys things that are hard to capture on text.

The core takeaway for me is to think about:

what is the future of free and open-source software? The answer was: it has no future.

This seems somehow connected to ‘democratizing programming’, which I had earlier given a talk about. Somehow, it feels like there needs to be an update / rebirth of the GNU Freedoms for the world we live in.

I went to the protests at SFO last weekend. It was the first real set of protests I’ve been to. I write this to attempt to capture a sliver of what I felt that day.

I was there for about 10h on day 1, and came home exhausted. I went back on Day 2, and this time stayed for much shorter period of time (~4h?) before heading back home.

To everyone who was at the protest even if it does not directly affect you yet - thank you!

To the wonderful amazing women of color who were leading the protest - thank you. You are an inspiration.

To the brass band and the troupe of drummers who showed up - thank you!

To the people I already know from other contexts who I ran into at the protest - thank you!

To those who were protesting for the first time in their lives (as I was) - thank you!

To the fucking ACLU - thank you! I’ll send you all the money I can :)

To the people who provided infrastructure (food, water, snacks, first aid, printers, internet, etc) - thank you!

To the journalists who covered this - thank you.

I woke up that saturday feeling very depressed, angry, and helpless. By sunday night, I was only depressed and angry - but not helpless. The number and variety of people at the protests was very heartwarming, and made me feel distinctly not alone. Before going I was not sure what going to a protest accomplishes. I still do not know - but I know it gave me hope and restored my sense of agency.

I promise I’ll continue doing all I can, even and especially when it is about things that do not affect me yet. I hope you do too.

What hurts the victim most is not the cruelty of the oppressor but the silence of the bystander

- from a sign at the protest

I’ve unfollowed everyone I follow on Twitter, and am slowly starting back up from scratch. I’m only going to follow people who are:

1. Underrepresented people in Tech (as broadly construed)
2. Journalists

And that’s it. I’ll follow back friends I’m not otherwise in contact with as well, but might take a while.

I’ve had this for a few days and am already enjoying using it far more than I did before. A lot of the people I’m following now I did not know before, and the vibe is totally different. I’m able to understand and appreciate things I was not able to before. I know this is a bubble, but it is certainly a different bubble than the one I was in before. Bubbles also intersect - I’ve interactions with other types of people elsewhere, just not on Twitter.

If I unfollowed you, don’t take it personally! DM me for a phone number you can use for Signal / WhatsApp / Telegram - that’s how 90% of my social activities seem to happen these days anyway.

h/t to Jorm for the idea of targetted following!

Update: I’ve also setup LeechBlock to only allow me 5mins of Twitter every 2h, and I don’t have the twitter app on my phone. I wish there was a leechblock type thing for my Phone tho.

I’ve started taking a Coursera class on Conflicts from UCI.

Just dumping notes from me going through the video lectures here. I’ve a bunch more videos to go through for Week 1, but dumping what I have for now.

Types of Conflict:

1. Constructive
2. Destructive
   1. Caused by lack of flexibility, getting interpersonal things get in the way and the sureness that ones way is the right way
   2. Leads to stiffling of anything new, resulting in ‘this is the way things have always been’ being used as an actual legitimate reason for things

Sources of Conflict

1. Economic Conflict. Resources are scarce, people tend to hoard them. Individuals stand by and watch as other members look for resources and can not find them, without helping. Dysfunctional.
2. Value Conflict. Ideals / Principles / Preferences. Very difficult to sort out. Some values you hold very dear might be opposite to what the environment supports. You bring your own definition of values, and expect others to be compatible with it, conflict ensues. Individuals expect everyone to behave / believe / follow same philosophy they do.
3. Power & Control. Power some people decide who they are. Titles are important. Individual takes power in always being first to speak, forcing their decision on rest of their team. Nobody’s appointed someone to a position, and they decide they are the one who takes the lead role, even though they have not that much support from elsewhere.
4. Interpersonal conflict. Just between two individuals who can just not get along or not have civil interactions. They might’ve been friends at some point even, but something happens and splits them off. This can also be very dysfunctional for the team they work in.

Levels of Conflict 5. Role conflict – without clear definition who plays what roles (leader, decision maker, etc). Defining a team requires outlining responsibilities and what role they play. (This can probably lead to 3, 2, 1, 4, if not handled properly) 6. Intergroup. Inter group can be same as 1-5 but as groups, but can also be about respect. Example: Sales and Marketing fighting over who is the reason their product sucks. Groups can be silo’d can can think they are only responsible for their own success / failure, without thinking of cross-team stuff. 7. Multiparty. In M&A, the ‘surrendering party’ will have individuals who will be emotional and not like that this is happening. This is a lot of (5, 3, 2, 1) – freefall for everyone! 8. International. Diverse work force, cross cultural. Far more complex

Case study: Overtime

Manager asks you to work overtime, not get paid, cites projects being overtime etc.

Multiple options – such as: 1. suck up to him. 2. ask him to fuck off. 3. report him to his own boss. 4. Say you understand his perspective, but do not want to go against company policy.

Now, the course suggests you pick (4), which is an interesting choice – I would’ve picked (2), but that is not going to decrease teh amount of conflict, only increase it. (4) is bullshyt (in the anathema sense of vague euphemism that doesn’t actually say what the person means), but is something that leads to the least amount of conflict. However, I don’t know if that really is the best way to handle this shitty situation – since that’s just going to lead to bullshit all around. It does, though, AGF on part of the manager – which depending on what you think, might or might not be a good idea. Hmmm..

Bullshit vs Conflict? Maybe you have to have one or the other. OSS projects that consider (4) to be just bullshit do indeed have more amounts of conflict.

Of course, the real solution is to be not in such a place at all, and make the environment be that way through some form or way. So maybe (4) is an acceptable answer…

Very fascinating!

Case study: Dominant team member

Putting down everyone else, making everything not go well.

1. Why is this individual behaving this way?
2. What do you need to do to bring the team back together in one cohesive unit?

Has even more what-I-would-call-bullshit suggestions. “Setup roles for meetings, have a discussion about norms”, etc. However, they all could possibly work, which isn’t true for what I would’ve done – which is to PM the person and talk to them.

I guess there is a difference between ‘doing the right thing as you think it is’ vs ‘doing the thing that has highest probability of getting you to objective’. Now, with corporations said objective is easy to define – make more money, I guess – while for movements it it is much harder…

Case study: Convo with coworker

You had a conversation with coworker, and didn’t feel it went well. What do you do?

1. Explore what your feelings are, and what it is that you specifically feel didn’t go right. When you do this, you clear away emotions that could possibly be clouding ways for solutions. Focus only on the facts.
2. Go to actual peer, be open to receiving their position / feedback. LISTEN TO UNDERSTAND BEFORE BEING UNDERSTOOD.

Interview: Brent Rasmussen

Everyone assumed they were responsible for some part of the website, and everyone had different ideas for what it is. Need to explicitly figure out who is responsible for what and who is in a ‘consultive’ role.

Positive conflict can raise the bar, for things that other people did not think are possible.

For destructive conflict, figure out when is the right time to discuss it.

Note: I’m trying to spend time explicitly writing random side projects that are not related to what I’m actively working on as my main project in some form.

A random thread started by Ironholds on a random mailing list I was wearily catching up on contained a joke from bearloga about malformed User Agents. This prompted me to write UAuliver (source), a Firefox extension that randomizes your user agent to be a random string of emoji. This breaks a surprisingly large number of software, I’m told! (GMail & Gerrit being the ones I explicitly remember)

Things I learnt from writing this:

1. Writing Addons for Firefox is far easier to get started with than they were the last time I looked. Despite the confusing naming (Jetpack API == SDK != WordPress’ Jetpack API != Addons != Plugins != WebExtension), the documentation and tooling were nice enough that I could finish all of this in a few hours!
2. I can still write syntactically correct Javascript! \o/
3. Generating a ‘string of emoji’ is easier/harder than you would think, depending on how you would like to define ’emoji’. The fact that Unicode deals in blocks that at least in this case aren’t too split up made this quite easy (I used the list on Wikipedia to generate them). JS’s String.fromCodePoint can also be used to detect if the codepoint you just generated randomly is actually allocated.
4. I don’t actually know how HTTP headers deal with encoding and unicode. This is something I need to actually look up. Perhaps a re-read of the HTTP RfC is in order!

It was a fun exercise, and I might write more Firefox extensions in the future!