We had a large integration test suite. It made calls to an external service, and took ~45 minutes to fully run. Since it needed an exclusive lock on an external account, it could only run a few tests at a time. We started getting random failures, so we were in a tough spot: bisecting didn't work because the failure wasn't consistent, and you couldn't run a single version of a test enough times to verify that a given version definitely did or didn't have the failure in any practical way. I ended up triggering a spread of runs over night, and then used Bayesian statistics to hone in on where the failure was introduced. I felt mighty proud about figuring that out.

Unfortunately, it turns out the tests were more likely to pass at night when the systems were under less strain, so my prior for the failure rate was off and all the math afterwards pointed to the wrong range of commits.

Ultimately, the breakage got worse and I just read through a large number of changes trying to find a likely culprit. After finally finding the change, I went to fix it only to see that the breakage had been fixed by a different team a hour or so before. It turned out to be one of our dependencies turning on a feature by slowly increasing the probability it was used. So when the feature was on it broke our tests.

Wow. I feel like this dependency should be named and shamed.

If done in a company with a monorepo I'd be especially interested in hearing more

Are there any big companies left which haven't adopted a monorepo?

However, it's not surprising when you consider the massive breadth of software that Microsoft builds, as one of the oldest and largest software development orgs.

I doubt single digit percentages of, say, the fortune 500 use them, and I'd be surprised if double digit percentages of companies use them at IPO.

As with anything, striking the balance and finding when to use a tool is the hardest question.

I disliked how needlessly convoluted the pipelines are, and how some person pushing on accident to mainline can break everything.

So many things seem to be done the hard way.

Sure, but I bet that it was helpful to have the `bats` tool so that you could replicate the build locally, right? As compared with other build systems where (so far as I can see - though I may be wrong) you basically have to push a debugging change for replication.

> I disliked how needlessly convoluted the pipelines are, and how some person pushing on accident to mainline can break everything.

This is true of any CI/CD system, though? In any system, if there's no push-protection set up so that you can only merge into main(/line) once a change has been reviewed (and run your tests at the point of review so that you know the merge won't break anything), you have only yourself to blame for breakage.

> So many things seem to be done the hard way.

Genuine question - what do you find convoluted/hard about them? To me, the apparently-industry-standard of "push a change to your App Code, which triggers a build to generate a docker image, then trigger an automatic commit containing that Docker image to a Deployment Package, which is picked up by your CD system and creates a deployment" is way more convoluted. Having a conceptual "pipeline" built out of lots of little disconnected GitHub Actions (or whatever) is also way harder for me to wrap my head around than the CDK definition of a linear pipeline.

I figured a work around that involved having a separate manifest for the deps and packing them manually. It worked… I also tried the lambda without any dependencies and they the lambda’s dependencies were available in the instance even though they were not listed anywhere.

The needlessly convoluted part is getting a NodeJS function into prod, the forced change caused something to break even though I was already on 18_x

But I will not lie, bats was super useful when debugging another engineer’s build, and avoiding the whole push to debug is so so so so helpful.

For the pipeline thing, idk why it was setup as such; but it certainly broke everything once a push to mainline was done, kinda like a runtime error when it should have been a compiler error. Though it was certainly on us.

CDK is fine too. Tbh I kinda love CDK and don’t want to go to anything else when it comes to cloud deployment.

In retrospect, perhaps that one sour experience had just too much of an impact.

I want a better way to manage external dependencies mostly. Afaict for scala I will need to pull the package into Brazil to get it to work. An analogue to NPMPM would be great but I can see why there isn’t one yet. A colleague had issues getting python dependencies to work so yeah.

Here’s to hoping Peru would fix those.

On that point, I'm totally with you. The excessive caution about the software supply chain is probably justified given the impact of a potential incident, but certainly frustrating for the >99% of times that dependencies are safe.

FWIW, I think best practice here is to hardcode all feature flags to off in the integration test suite, unless explicitly overwritten in a test. Otherwise you risk exactly these sorts of heisenbugs.

At a BigCo that’s probably going to require coordinating with an internal tools team, but worth getting it on their backlog. All tests should be as deterministic as possible, and this goes double for integration tests that can flake for reasons outside of the code.

That way when you get a failure, you can reproduce it. And then one of the easy things to do is test which features may have contributed to it.

Nothing kills confidence in testing more than test flakes. It’s a huge drain on velocity and morale, and encourages devs not to trust test output.

If you want to have some sort of chaos monkey process that runs your test suite flipping feature flags at random and notifying teams of failures (along with some sort of resourcing to investigate) I could get behind that. But that should be something outside of the main suite that gates code deployment.

If a test passes when run by a dev pre-commit, it should pass in CI.

Yes it's kinda fractal of bad practices that have to align for this problem to occur, but that's the nature of tech debt.

One way I have seen this handled is to enforce restricting rollouts of a feature flag to 95% at most. That way turning a feature all the way on requires removing the flag from your codebase. It’s draconian, but honestly anything less than that leads to the situation you describe.

He’s not saying to alter any of the feature flags used for the test, but simply to record which were used during the test.

Simply logging doesn’t introduce any of the issues you are describing.

> I think best practice here is to hardcode all feature flags to off in the integration test suite

That's pretty clearly about forcing the flags to be off, i.e. altering them, and not about logging their values.

If you’re testing a new feature, you should have explicit tests for the enabled state (along with existing tests for the disabled state).

If you have bugs propagating up the stack from flags changing in low-level dependencies, the change to the dependency is probably not properly tested.

Alternatively, if the feature flag gates a change to the interface of the dependency, you should have explicit integration tests covering the systems on both sides of the change.

In the end, I think the real problem is that you can't test all combinations of experiments. I don't trust "all off" or "all on" testing. In my book, you should indeed sample from the true distribution of experiments that real users see. Yes, you get flaky tests, but you also actually test what matters most, i.e. what users will - statistically - see.

Basically, if you have N different features (let's assume they are all on/off switches, but it works for multi-values too), in theory you'd need to run 2^N tests to cover them all, which would become completely impractical. But, you can generate a far, far smaller set of test setups that guarantee that every pair of features gets tested together. Run those tests and you'll probably encounter most feature-interaction bugs in a much quicker time.

Let's say you have a bug you suspect is from an interaction of any one pair of 10 features being "on" or "off", but you don't know which specific pair causes the problem. Encode each of the states you could set up your code by a 10-digit binary string: 0000000000, 0000000001, 0000000010, 0000000011, etc.

We could try the 45 possibilities in some order, and we would expect that on average it'd take us 22.5 tries to find the bug. But notice how your "target set" is smaller than the universe of strings: there's only 45 pairs of features, but 1024 strings.

What happens if we try a random string of ones and zeros? Now, instead of catching just one possible pair, we are covering many pairs. The only problem is that we now won't be able to know exactly which pair caused the problem when it does. But we can build a corpus of strings that don't trigger the error vs. strings that trigger the error, and a random sampling soon converges on the correct pair.

If you think about why this works, it's because any of these random strings has about a 1/4 chance to trigger the bug: wlog we can reorder the bits so that the buggy feature are the first two digits, and then we see that we have a 1/4 chance of hitting "11" on those two digits.

The problem is that as you increase the size of the subset that needs to be active, the probability that your random strings will actually catch the bug decreases exponentially. For any _fixed_ target size k (the number of features that need to be active), the overall complexity is still polynomial in n (the number of existing features). But if k is a constant fraction of n, then this technique takes exponential time in n.

I was on a team where app updates were deployed using a canary system. A small percentage of users (say, 1%) received the update first, then the team watched for incoming crash reports from that cohort. If it looked good, the feature was rolled out to a few more people, and this was repeated. This allows you to identify a problem by only negatively impacting a relatively small percentage of customers.

The problem occurs when the calculation to determine which cohort the user belongs to is deterministic. In this case, the calculation was based on the internal ID of the user. This means some users always get the updates first, and deal with bugs more frequently than other users. Conversely, some users are so high in the list that they virtually never get an update until it's been tested by a wide user base, so their experience is consistently stable.

Or you might have a problem where some players in a video game consistently take more damage than their friends: https://news.ycombinator.com/item?id=34742505

Yeah no thanks. It's probably better than completely random but software should be predictable and unsurprising.

I think it is a good reminder that most things you think of as being unchanging that are also directly related to a person.. aren't unchanging. Or at least any conceivable attribute probably has some compelling reason why some one will need to change it.

https://m.youtube.com/watch?v=r-TLSBdHe1A&t=14m10s

Discussing a performance regression due to longer username due to username being in ENVIRONMENT variable which changes memory layout of process.

Will it cost an extra lookup? It's cheap, and if you really need to, you could embed the lookup in some encrypted cookie so you can verify you approved some name->id mapping recently without doing a lookup.

Clearly, making sure that 1% of all teams gets fired for being unable to run unit tests, then slowly ramping that by a few percent each review cycle is a good strategy.

Ideally, the probability of breaking would drop off exponentially as you moved up the org chart. Something like "p ^ 1/hops_to_director_of_engineering" would work well. The trick would be getting the dependency to query ldap without being detected...

It worked quite well.

Imagine a scenario where your upstream dependency started out with one failure per 1,000,000 machine hours, then removed a zero once every 12 months. If you had 100 machines running tests at 100% efficiency, the bug would hit about once a year for the first year, then 10x the next year, and so on.

Put another way, if upstream is malicious, and you're not auditing every line of their source code, you're screwed.

https://lore.kernel.org/lkml/20230614173430.GB10301@redhat.c...

You will need a vmlinux or vmlinuz file from Linux 6.4 RC.

If these are the last two lines of output then congratulations you reproduced the bug:

  [    0.074993] Freeing SMP alternatives memory: 48K
  *** ERROR OR HANG ***

* CPU: Intel(R) Core(TM) i9-9900KS

* qemu: qemu-kvm-7.2.1-2.fc38.x86_64

* host kernel: 6.3.6-200.fc38.x86_64

* guest kernel: 6.4.0-0.rc6.48.fc39.x86_64 (grabbed latest from mirrors.kernel.org/fedora since fedoraproject.org DNS is down and I can't access koji)

Log:

    <...>
    1966... 1967... 1968...

    [    0.075343] LSM: initializing lsm=lockdown,capability,yama,bpf,landlock,integrity
    [    0.075514] Yama: becoming mindful.
    [    0.075514] LSM support for eBPF active
    [    0.075514] landlock: Up and running.
    [    0.075514] Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
    [    0.075514] Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
    [    0.075514] x86/cpu: User Mode Instruction Prevention (UMIP) activated
    [    0.075514] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
    [    0.075514] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0
    [    0.075514] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
    [    0.075514] Spectre V2 : Mitigation: Enhanced / Automatic IBRS
    [    0.075514] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
    [    0.075514] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT
    [    0.075514] RETBleed: Mitigation: Enhanced IBRS
    [    0.075514] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
    [    0.075514] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
    [    0.075514] TAA: Mitigation: TSX disabled
    [    0.075514] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode
    [    0.075514] SRBDS: Unknown: Dependent on hypervisor status
    [    0.075514] Freeing SMP alternatives memory: 48K
    *** ERROR OR HANG ***

To guarantee that there's absolutely no other difference between the two tests, I took the source RPM, added the commit f31dcb152a3 diff + `%patch -P 2 -R`, and built the kernel RPM with mock.

1242 iterations :

  [    0.015088] printk: console [ttyS0] enabled
  [    0.055882] ACPI: Core revision 20230331
  [    0.056124] APIC: Switch to symmetric I/O mode setup
  [    0.056867] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x2e204823bcd,   max_idle_ns: 440795224253 ns
  [    0.057467] Calibrating delay loop (skipped) preset value.. 6399.99 BogoMIPS (lpj=3199998)
  [    0.057924] pid_max: default: 32768 minimum: 301
  [    0.058194] LSM: initializing lsm=capability,integrity
  [    0.058464] Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
  [    0.058464] Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
  [    0.058464] x86/cpu: User Mode Instruction Prevention (UMIP) activated
  [    0.058464] Last level iTLB entries: 4KB 512, 2MB 255, 4MB 127
  [    0.058464] Last level dTLB entries: 4KB 512, 2MB 255, 4MB 127, 1GB 0
  [    0.058464] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
  [    0.058464] Spectre V2 : Mitigation: Retpolines
  [    0.058464] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
  [    0.058464] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
  [    0.058464] Spectre V2 : Enabling Restricted Speculation for firmware calls
  [    0.058464] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
  [    0.058464] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
  [    0.058464] Freeing SMP alternatives memory: 48K
  *** ERROR OR HANG ***

40000 iterations (4 runs) = "test ok"

That one was.. fun. First time I've ever managed to identify dozens of commits widely dispersed within a large range, all seem to be the "cause" of the bug, while clearly having nothing to do with anything related to it, and having commits all around them be good :)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852480 was the ultimate bug/patch that came out of it, Canonical were a vendor for us, and helped do the investigation, https://bugs.launchpad.net/ubuntu/+source/klibc/+bug/1652348.

The dhcp client in the klibc-utils had a bug in how it handled multiple interfaces, in that it didn't create separate sockets per interface, as it enumerated through them it would clobber the previous one. It validated the destination of the received DHCP response, and silently dropped it if it wasn't for the interface the socket was for.

The DHCP server was only listening on one of the two interfaces, and so if that interface got enumerated second, all was well and good. The socket was for it, response would be accepted. When it came up first, the clobbered socket meant the dhcp response would be ignored.

I bisected so many times and mostly just got confused. The engineer at Canonical dug in and found the actual bug.

Host kernel: 6.1.33

Guest kernel: 6.4-rc6

Guest config: http://oirase.annexia.org/tmp/config-bz2213346

QEMU: 8.0.2

Hardware: AMD Ryzen 7 3700X CPU @ 4.2GHz

Honestly I don't know! We've seen it appear with host kernel 6.2.15 (https://bugzilla.redhat.com/show_bug.cgi?id=2213346#c5) but I'm not aware of anyone either reproducing or not reproducing it with earlier host kernels. All your other config looks right.

The story is a wild one, and begins with what looks like a patch with a hacky workaround:

> The patch works around the U-Boot bug by setting the signal voltage back to 3.0V at an opportune moment in the Linux kernel upon reboot, before control is relinquished back to U-Boot.

But wait... it was "the weirdest placebo ever!" Turns out the only reason this worked was because:

> all this setting did was to write a warning to the kernel log... the regulator was being turned off and on again by regulator code, and that writing that line took long enough to be a proper delay to have the regulator reach its target voltage.

The full story is well worth a read.

[0] https://kohlschuetter.github.io/blog/posts/2022/10/28/linux-...

[1] https://news.ycombinator.com/item?id=33370882

Then you have those types who put their machine into hibernate/sleep with 100+ Chrome tabs open and never do a full boot ritual. Boggles my mind that people do that.

When we looked at his PC to see if there was anything useful from the project, his browser had around a thousand tabs open. Probably 80% of them were duplicates of other tabs, linking to the same couple stack overflow and C# sites for really basic stuff. The other 20% were... definitely "private stuff".

On one of my largest projects the IT dept made bulk orders for hardware and doled them out to new hires. 18 months into our new project someone’s hard drive died.

Everyone acted like his dog died. I said no problem let’s go through the onboarding docs. The longest step by far was that the company mandated Whole Disk Encryption but IT hadn’t put it in their old inventory yet. So that was 2/3 of setup time. We found some issues with the docs and fixed them.

Every two to four weeks that summer, someone else’s drive would go. You see, we got all of these machines from the same production run. So the hard drives came from the same production run, which was apparently faulty. The process got a little faster as we went. By the end of the summer it was my turn, and people still looked at me like I needed condolences. I got a faster machine for a few hours worth of work. I’m not sad. All my stuff was in the network already. I lost a couple hours’ of work, tops.

I thought this was a typo at first. Love this as an engineering koan.

With today’s software for managing corporate machines, and corporate VPN with network security and firewalls abound, anything and everything can be seen.

I have a joke Wi-Fi name that I’ve even considered changing (or at least create a guest network) just to be safe. It’s likely overboard, but I like the idea of just mailing my laptop if I change companies, and no worries at all

3 -> 2 means you now only need two people to be hit by buses to ruin your project.

There are very few machines in the world that are actually mission critical, and you might not be able to do that (although for them, you can probably switch components with it still running). Anybody else, you are just betting your company on the lack of fires, hardware failure, etc.

There's a huge red flag. "Private stuff" (embarrassing or otherwise) shouldn't be on company machines in the first place.

However if anyone touches my computer: don't you dare f*%king touch my private key.

(ditto for my browsers sessions database, google cloud credentials directory etc;)

I'm paranoid about it, but not enough to buy a yubikey, apparently.

But if those keys (or passwords, etc.) are generated for work purposes, I consider them to be as much company property as the machine itself, so I'm no more protective of them than I am of any other sensitive company data.

How do you feel about giving your colleague your password?

My personal opinion is that I can hold someone legally culpable if their account does something like leak financial information; you have a professional responsibility to secure your account from absolutely everyone.

Administrators acting on your account must of course be heavily logged and audited, which is the case.

I usually don't, mostly just out of good security habits, but also because most employers specifically prohibit doing that.

Almost always, your colleague can be given his own access to whatever the password is for anyway. If that's not possible, then I'll share the password and change it immediately after my colleague doesn't need access anymore.

> you have a professional responsibility to secure your account from absolutely everyone.

I agree -- that's part of treating credentials the same way as all other sensitive company data. But it's still my employer's data, not mine.

If I quit the company or if my supervisor wants to see the contents of my machine, I'm fine with that. The machine and everything on it belongs to the company anyway.

They tie to your identity, thus you must not treat them the same as company secrets, they are professional personal secrets which should not be disclosed or allowed to fall into anyone elses hands (less they be revoked and cycled).

It's not just good security posture it could affect your career quite badly or lead to legal issues.

> thus you must not treat them the same as company secrets, they are professional personal secrets

They are company secrets that are tied to my identity. The company owns those secrets, not me. Just like my keycard to get into the building.

I think given the context of the thread (don't touch my secrets), saying that you don't have anything you would consider confidential towards your employer or colleagues is a direct contradiction to what I stated.

That's why I'm "arguing" because my employer/colleagues should not have access to my private key, ever.

There are several very legitimate times when my employer needs to have access to my keys. If I'm leaving the company, for an obvious instance.

But my core point is that such keys/passwords aren't really mine, they're the company's and in the end, the company gets to decide what I'm to do with them.

I think the building access keycard is a perfect analogy. I'd never let anyone borrow mine on my own volition, but if the company wants to retrieve it from me, that's their prerogative. It's theirs, after all.

There are exceptions but the circumstances where an employer would need to retrieve my keys without my assistance are extremely rare and in those instances it’s unlikely I’d still be an employee anyway.

The handing of the keycard is necessary to ensure it's destroyed and can't be used as a "proof" you work somewhere (most access cards these days have your name, face and the company logo printed on the front).

The keycard will be removed from the access list to the building even when it's destroyed, they're not considered reusable by most companies.

Your private key is not reusable, it should be destroyed and revoked from all system when you leave a company.

Aside from a third party attacker (which is well-covered by my normal practices), that's a threat model that I'm personally not worried about at all, really. In part because I've never seen or heard of that happening and in part because if it did, I am confident that there are enough records to be able to prove it.

By default this should be what is happening on all but the most ephemeral of machines/testing platforms/etc. And even then if its a formal testing system it should probably be integrated too.

Directory service integration BTW is the one feature that clearly delineates enterprise products from the rest.

I'm fine with that, but I still will not share my passwords. I'd be happy to reset the passwords for them if they can't access the data by other means, but as another commenter pointed out, the fact that anything needs to be recovered from my^H^H not my laptop indicates mistakes were made.

Touch the computer, sure, but please don’t touch the screen with your filthy grease fingers.

Yeah, it's not like that part of the story was condensed and might have left out a bunch of details that weren't important to the story. So let's give OP a hard time and make judgements about a situation for which we have not even the slightest bit of context.

(For what it's worth, I'm American, and I disagree with your assessment. We don't know how long the person was given to make progress, and we don't know what was communicated. To conclude that a two-week period without a commit represents the entire period between the start of the poor performance and the termination is, well, a bit out of the blue.)

When I was hired I was told he was a problematic hire, that hadn't produced anything for long before my arrival. It was basically "We already know we're going to probably have to let him go but if you want to try to work around it, be my guest". I did try to go in with no judgments, as I always do, but he refused help, and refused to even let anyone look over his shoulder and find why this task was taking an order of magnitude too long.

If the OS and hardware drivers properly support sleep, you almost never need to do otherwise (except to install a new kernel driver or similar).

In macOS for example it hasn't been the case that you need reboot in your regular OS use for over 10+ years.

The "100+ Chrome tabs" or whatever mean nothing. They're paged out when not directly viewed anyway, and if you close just Chrome (not reboot the OS) the memory will be freed in any case...

That's like the biggest of big IFs.

I once had my work PC unhibernate and not pop up the login box. The computer appeared to be running normally otherwise; I just couldn't log in, and I had to tap the power button to shut it down. This stuck in my mind due to its rarity.

Can't remember ever having a serious issue on macOS. A couple of my programs sometimes don't survive the sleep/wake cycle, but it's intermittent, and I'm always in the middle of something else when it happens. I've never lost any meaningful work.

  > Can't remember ever having a serious issue on macOS.

also if you are a dev and apps (like xcode, android studio etc) fill your drive with cache files* or have weird background daemons that eat up cpu, at the least a logout/login (or a reboot) can fix some of those eierd things

you could manually delete them without a reboot but ymmv

I have actually found both Windows and macOS generally pretty good if you leave them running for weeks at a time, but it's one of those things that's best done only if you really need it (and can accept a non-zero chance of something going wrong). They're not so very good that I'd actually recommend doing it routinely. A reboot every 1 or 2 weeks massively reduces the chance of weird stuff happening.

Why?

It boggles my mind that you'd reboot needlessly. My uptime is usually in the hundreds of days.

Sleep is good: I just close the lid. Next time I open the lid it immediately picks up where I left off. Why on earth would you want any other behaviour?

At work, however, I have to use Windows. In that case, I shut it down at the end of every workday, in part because that prevents weird issues Windows tends to develop when running too long.

Mostly, though, it's because of those damned forced updates. Since I can't trust Windows to not reboot itself at any random point in time, having the habit of shutting down at the end of the day at least ensures that I won't accidentally lose my state overnight or over the weekend.

If you don't/won't/can't use the group policy editor, I got a lot of mileage out of hibernating the PC and powering it off at the mains. You can't leave it running something overnight, but you can at least quickly get back to exactly where you left things the previous day.

(Powering it off at the mains ensures that even if you have a device connected that could wake the PC up - thus putting your computer in a state where WIndows Update can reboot it - it can't. You can turn this feature off on a per-device basis with powercfg, but then one day you'll plug something new in and leave it plugged in and it'll wake the PC up while you're away and Windows Update will do its thing.)

What are you using Windows Vista? I run about a dozen windows machines, half of them are VMs and none of them need to be rebooted regularly. Average uptime is over 40 days, and I only reboot when there's a big update. Windows becoming unstable entirely depends on the 3rd party software you install on it. Don't install crapware, you won't have a crap experience.

A couple of times I've discovered I've forgotten to set stuff to auto-run on login, or things turn out to have lost their settings, or stuff doesn't work for whatever reason - I'd much rather discover this at a time of my own choosing!

I close down my laptop when I'm moving around or when I leave it somewhere while I'm in another part of the building.

Your luck is not good security policy. When I was getting started with Linux in 1992 and only intermittently connected to the Internet via dial-up, I celebrated long uptimes. Now that I do daily banking and other activities on a machine continuously connected to the Internet, uptimes longer than the interval between kernel security updates is just irresponsible behavior.

I would prefer to not have to reboot. I know that is not the world we live in. The stability of the kernel is no longer the reason to think about uptime.

I don't care that you have nothing of value connected to the Internet. I am objecting to the advice about not rebooting.

:( I only reboot when my machine freezes or when updates require a reboot. I did a lot of on-call in my life and I saved tons of time by leaving everything open exactly as I left it during the day.

  ~> w
  11:19  up 18 days, 17:03, 9 users, load averages: 3.87 2.96 2.39

I logged into a firewalled Windows VM on EC2 that’s been running an internal micro service that was acting up and it caught my eye that task manager showed an uptime of 6 days making my mind immediately think it might be a bug caused by the recent reboot or perhaps the update that triggered it.

It turns out no reboot had taken place and in fact, the uptime counter had merely rolled over - and not for the first time! Bug was unrelated to the machine and it’s still (afaik) ticking merrily away.

(Our `uptime` tool for Windows [0] reported the actual time the machine was up correctly.)

[0]: https://neosmart.net/uptime/

Restoring all my work every couple of hours was becoming a pain, so I decided to re-enable hibernation support on Windows for the first time in 10 years... And surprisingly it works absolutely flawlessly.

Even on my 12yr old hardware, even if I'm running a few virtual machines. I honestly haven't seen any reason to reboot other than updates.

I'm in SA too, and I used to have 100s of days uptime (one even over a year and a half) ... until the regular blackouts.

Had to stop using a desktop, I've resigned myself to using a laptop, purely so that I don't have to boot the thing all the time and lose my context.

I'm from the first set of people and the only reason I stopped shutting down my macbook is because I'm now keeping its lid closed (connected to display) and there's no way to turn it on without opening a lid which is very inconvenient. I still reboot it every few days, just in case.

    $ uptime
     15:39:13 up 359 days,  2:02, 16 users,  load average: 0.09, 0.08, 0.15

One of the fascinating curiosities you're missing out on is Pressure Stall Information (https://docs.kernel.org/accounting/psi.html). Here's what the PSI gauges look like in htop when kernel support is available:

  PSI some CPU:     0.37%  0.78%  1.50% 
  PSI some IO:      0.38%  0.33%  0.25% 
  PSI full IO:      0.38%  0.31%  0.23% 
  PSI some memory:  0.02%  0.04%  0.00% 
  PSI full memory:  0.02%  0.04%  0.00%

If there was no boot failure, nor the need to reboot after some upgrade, I'd never, ever reboot my system.

Why? I only restart my (linux) laptop every 3-4 months when I update software.

I can't think of any downside that I've experienced from this practice. I do a lot of work with data loaded in a REPL, so it's certainly saved me time having everything restored to as I left it.

I would never suspend to RAM or disk, far too error-prone in my experience. (Plus serializing out 128GiB of RAM is not great.) I just leave my machine running "all the time." My most recently retired disks (WD Black 6TB) have 309 power cycles with ~57,382 power-on hours. Seems like that works out to rebooting a little less than once per week. That tracks: I usually do kernel updates on the weekend, just in case the system doesn't want to reboot unattended.

Hey, I'm that guy (although I put it to sleep instead)! It honestly works really well and is in stark contrast to how Linux and sleep mode interacted just ~10 years ago. It's amazing for keeping your workspace intact.

(FWIW, I also don't reboot or shutdown my desktop where it acts as a mainframe for my "dumb" laptop.)

Basically it calculates the commit to test at each step which gains the most information, under some trivial assumptions. The calculation is O(N) in the number of commits if you have a linear history, but it requires prefix-sum which is not O(N) on a DAG so it could be expensive if your history is complex.

Never got round to integrating it into git though.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

Given the uncertainty I can see how this might be more efficient, especially if the variance of the heisenbug is high.

That suggests that for a larger search space with a large enough difference, the optimal bisection point is probably not always the midpoint even if you know nothing about the distribution.

Perhaps someone can find the exact formula for selecting the next revision to search?

Almost. If only the last commit is slow, binary search is still faster.

Better off as in expected/average case. Good point, but only marginally better in the worse case.

Is that supposed to be the log of the commit messages space?

Maybe it would have failed on the 292,613rd boot ...

But in order to contribute something useful, as a rule of thumb you want to have 10 times as many passes than failures in order to reject a commit. If a bug has taken up to 2500 runs to reproduce, don't consider it a pass until 30000 runs have succeeded.

It's something to do with Poisson distributions. If you have 𝑛 runs before a failed run on average, and you want to be 𝑃 % certain that a fix (including a revert or moving beyond the bug in a bisect) reduced the failure rate, you can use the formula − 𝑛 ln (1 − 𝑃 /100) for how long to run, and the factor for 𝑃=99.99 is about 10.

In fact that means that once you had landed on a merge commit it was probably much better to switch to a linear backwards search because it might have fewer passing runs and passing runs are 10-15 times more expensive as failures. Is that what you did?

Ha ha, nope! I tested each commit starting at the earliest, and it was the last one in the merge :-(

It's particularly comforting when the reason for the failure/fix/change in behavior isn't completely understood.

Having hit this before myself... does anyone know how to finagle git bisect to be useful for non-linear history?

>> [Being tracked in this bug which contains much more detail: >> https://gitlab.com/qemu-project/qemu/-/issues/1696 ]

> Can I please just get the detail in mail instead of having to go look at random websites?

Maybe it's me but if I did boot boot linux 292.612 times to find a bug, you might as well click a link to a repository of a major open source project on a major git hosting service.

Is it really that weird to ask people online to check a website? Maybe I don't know the etiquette of these mail lists so this is a geniune question. I guess it is better to keep all conversation in a single place, would that be the intention?

> Can I please just get the detail in mail so that it is archived with the list?

Of course you can't expect every email written to be perfect, it is generally treated as an informal medium in these settings. But stating the reason helps people understand your motives and serve them better.

Unfortunately he's not been able to reproduce it, even though I can reproduce it on several machines here (and it's been independently reproduced by other people at Red Hat). We do know that it happens much less frequently on Intel hardware than AMD hardware (likely just because of subtle timing differences), and he's of course working at Intel.

I've met people who seriously do use dumb terminals and other people who have seriously discussed using a PDP-11.

So, while your question might sound sarcastic, the answer is definitely yes.

Nerds gonna nerd. Nothing wrong with that.

I personally don't like going to gitlab or github because I don't like the businesses behind them. That's another point irrespective of whether I'm browsing in a terminal or ancient device.

You can't possibly expect the world to cater to such affectations

Used this daily for many years. Was great when connecting to the internet was only practical via a shell.

All of the comments/updates on the bug report are loaded by javascript and don't work for me in lynx or elinks.

However there are many things that all need to work:

Firefox (or similar) installed (using a snap??)

DNS must work Firewall allow it Preferably open the browser on a second monitor for easy work flow.

Oh and to click the link, the programmer may need to find his wireless mouse because he may not have used it in days.

This is very much a Chesterton's fence topic, I think. Linux developers have settled on a workflow that works for them, and if you want to get time from the people who are doing the bulk of the work it's fair to expect you to work within their requests.

Git itself is a satellite project of the Linux kernel. It can work without the web at all. That someone EEE’d it so hard that even Microsoft couldn’t resist is no reason to expect the kernel devs to change their workflow.

I think this makes it interesting!

And I mean that objectively. That standard would not allow an uninteresting number.

Which is mildly interesting.

3 * 2 ^ {0, 0, 6, 7} - 1

And all of them are palindromes.

2 = 3 × 2⁰ − 1

191 = 3 × 2⁶ − 1

383 = 3 × 2⁷ − 1

The issue hasn't been fixed yet, but if it affects you the proximate cause is known and can be reverted locally.

EDIT: I missed the link to the white paper.

You can see that that must be possible fairly easily. Consider two algorithms:

1. Classic binary search - test each element once and 100% trust the result.

2. Overkill - test each element 100 times because you don't trust the result one bit.

The former will clearly give you the wrong result most of the time, and the latter is extremely inefficiency. There's clearly a solution that's more efficient without sacrificing accuracy in-between.

Skimming the algorithm, it looks like they maintain Bayesian probabilities for each element being "the one" and then test an element 50% probability point each iteration, then update the probabilities accordingly. Basically a Bayesian version of the traditional algorithm.

There's ofc always some sort of bayesian approach mentioned in other answers.

Impressive that they managed to discover this bug.

[0] - https://www.bbc.com/future/article/20221011-how-space-weathe...

Of course people tried to find ways to reproduce the bug reliably, as saving even milliseconds can mean everything in a speed run. They went as far as replicating the state of the game from the original occurrence 1:1, but AFAIK no one has been able to reproduce the glitch without messing with the games memory.

For that reason it is speculated that a cosmic ray caused a bit-flip in the byte that stores the players y coordinate, shooting him up into the air and onto the next platform.

[0] - https://youtu.be/o3Cx2wmFyQQ?t=16

It is not clear from the article if you booted linux 290K more times _after_ the bisect, or during the bisect.

And I thought I had it bad!

I had a friend in college who was dumb as a post but could study like nobody’s business. Some of us skated through, some of us earned our degree, but he really earned his. We became friends over computer games and for a long time I wondered if games and fiction were the only things we had in common. Turns out there’s maybe more to that story than I thought at the time.

I tend to believe that discipline and tenacity are separate traits. Often appearing in the same people, but different skills with different exercises.

I know when I leave projects, my ex coworkers defend my decisions. I’ve gotta be doing something right.

I have an old VIA-based 32-bit x86 machine (VIA Eden Esther 1 GHz from 2006), and it hangs in different times, but I managed to create a reproducer which hangs the system not so long after the boot. About 1 in 20 boots are unsuccessful.

I noticed that verbose booting reduces the chance of hanging compared to quiet boot, but does not eliminate it completely.

The similar issue was present even on Dell servers back in 2008-2009, which are based on more recent x86_64 VIA CPUs, here's an attempt to bisect the issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507845#84 The CPU seem to enter endless loop, as the machine becomes quite hot as if it's running full-speed.

All these years I believed this is a hardware implementation issue, related either to context switch or to SSE/SSE2 blocks, as running pentium-mmx-compiled OS seem to work fine, given that no other x86 system hangs the way VIA does.

However after this post and all LKML discussions, ticks/jiffies/HZ mentions, and how is it less an issue on Intel, I'm not so sure: the issue mentioned is related to time and printk, I also associate my problem with how chatty the kernel log is (at least partially), and the person in Debian bug tracker above also bisected the code related to printf, although in libc. It could be another software bug in the kernel. If that's the case, it is present since at least 2.6 times.

I would appreciate any suggestions to try, any workarounds to apply, any advice on debugging. If anyone have spare time and interest, I can setup the dedicated machine over SSH for testing. I have a bunch of VIA hardware which is reused for my new non-commercial project and I struggle to run these machines 100% stable.