Man I just discovered this as a good guide on how to exceed the normal limits on Linux kernel modules.

Been working on a derviative which hooks the VFS to allow dynamically remapping file paths on a per process basis so I can force badly behaved apps to load custom TLS certificates (looking at you Bazil builds in nixpkgs).

(If anyone knows something which already does this it would save me a lot of yak shaving)

> how to exceed the normal limits on Linux kernel modules.

Uh, what limits? I'm not aware of anything that would stop your module, once probed, from reaching around the back of the kernel and futzing around in the internals of another driver/device in a completely unrelated subsystem, or subsystem internals. SoC/SoM vendors love to pull that kind of crap in their BSPs.

> hooks the VFS to allow dynamically remapping file paths on a per process basis

Instead of messing with kernel VFS internals, you could try:

- patching the offending application or package (ideally make the path configurable and contribute that back upstream)

- running the application in a mount namespace and bind-mount something over the path

- use LD_PRELOAD to wrap fopen/open/openat (I'm pretty sure, ready made solutions for this already exist)

> use LD_PRELOAD to wrap fopen/open/openat (I'm pretty sure, ready made solutions for this already exist)

I think I would literally recompile libc to patch fopen/open/openat long before I would even begin to consider writing a kernel module to mess with filesystem paths on a per-process basis.

I feel like if you find yourself seriously considering writing a kernel module then you are either contributing to kernel development, or have embarked on an adventure specifically to learn about kernel internals, or have take a very wrong turn.

LD_PRELOAD has nothing to do with the kernel, it's entirely resolved in user space; in this context, it would be used to replace libc functions.

> I think I would literally recompile libc to patch fopen/open/openat

That's literally the functionality that LD_PRELOAD provides without having to recompile libc.

Yes, I am aware. I was suggesting that even going to the ridiculous length of patching and replacing libc system wide would likely make more sense than authoring a custom kernel module to accomplish most tasks for which such options are applicable.

Statically compiled binaries don't use libc. Golang is one, anything with Rust and MUSL is another, and reliably injecting an environment variables into Nix is well..not reliable. It also links its own hashed libc paths which you can't predict and which shouldn't be different to any process which isn't trying to establish TLS connections.

It's not like I didn't try this stuff.

You can hook the system call to open a file regardless of libc use. If for some strange reason you really wanted to patch libc and the program you're using statically links it (ex musl) that isn't an issue - just patch the relevant libc implementation and recompile. But more generally, if you have access to the source code then why would you not directly patch the program in question instead of resorting to these sorts of shenanigans?

Seriously, you're doing it wrong. Just hook the relevant system call and be done with it. Your usecase is literally one of the first eBPF tutorials that comes up when looking for information about modifying system call arguments. https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/m...

> Been working on a derviative which hooks the VFS to allow dynamically remapping file paths on a per process basis so I can force badly behaved apps to load custom TLS certificates (looking at you Bazil builds in nixpkgs).

chroot or namespaces/containers?

Well he said nix so it's probably hardcoded to load from the store. Tampering with the store itself might have unintended consequences if anything else references the same certificate package.

+1 for userns, there's also proot (userspace chroot) and fakechroot (using LD_PRELOAD).

I feel like the people who post this sentiment have never done any plumbing, electrical wiring or really just any sort of actual creative manual labor.

Show me the robot that can plumb a new sink in, or brick up an old doorway... Because I'd really like to buy it, those things are hard and time consuming!

Couple years ago you could have made the same argument about talking computers and here we are.

100%

Smaller tools might be better, humanoid robots can HELP with this but it will still be a tool that we command.

I just fixed a leaking sprinkler, would love to have had a humanoid help me dig the hole, help me turn on/off the shutoff, cut the pipe, glue it back, etc...

Right, like programming

It's mostly not reasonable to try and ascribe human motivations to alien entities, particularly when we know some humans would definitely fire up the transmitter if they could.

The presence or current lack of alien signals at the very least bounds estimates of local population density and what energy scale they're operating on. Currently there's no nearby Type 1 Kardashev scale civilizations.

Yes, there are arguments for and against sending out a strong deliberate "we're here" signal. But I guess you could also argue that the possible danger in announcing our presence is fairly well mitigated by the speed of light, as there are unlikely to be any other advanced civilizations within a few light years.

It might be worth considering what you think research in a field like mathematics actually entails when asking such questions.

Because you can write a lot of mathematics with no practical applications for generations (then whoops: number theory and cryptography!)

Mathematics often does apply to the real world, but that isn't the goal. Physics is about the study of the real universe. If you want to call string theory a branch of mathematics I'd be fine with it, but they keep trying to claim they are physicists and that puts a higher bar on what we expect from them.

Of course physicists sometimes do make wrong predictions and it can take some time to figure out the hypothesis is wrong. However the goal is always to make something they can test to prove the hypothesis holds, which string theory has so far failed to do.

String theory isn't a theory it's a family of related theories sharing some common mathematical tools.

People talk about this as though it's an attempt at deception, whereas two people notionally working in string theory could in fact be proposing highly incompatible models which would be conclusively ruled out (and a lot of them have been in so far as that can be done - i.e. experimentation has put tight bounds on their possible parameters).

Occam's razor is perfectly empirical: "entities must not be multiplied beyond necessity". It's what people repeatedly accuse string theory of violating in low-rent popsci criticism.

The other things you refer to are still Occam's razor: symmetry is handy because it eliminates symmetry-breaking entities even though we know they can happen in the standard model (Higgs) and "beauty" is really just another way of saying Occam's razor - you'd prefer your theory to not be full of dozens of free parameters because it starts to fit any possible outputs and be less predictive.

At all points the issue is that unless you've fully explored a simpler space with less entities, don't start adding them because you can always keep adding them to solve any problem but predict nothing (ala epicycles keeping geocentric solar models alive. You could probably run a space program assuming the Earth is the center of the universe, but it would be fiendishly difficult to model).

You seem to be intuiting some kind of chi squared minimization. It is true that fewer free parameters constrain models, but there is nothing in nature that prefers simplicity. That is probably the most annoying thing to us physicists. Even thermodynamics is always shoving us toward disorder. Just look at plasma physics some time for deterministically intractable problems stemming from four little equations (one if you like tensors).

I think it's better to think of most real world models as being low dimensional-ish, where there is a decaying power law of eigenvalues, and most are quite small, though not zero. You can get quite far by looking at the largest modes and ignoring small ones, but you're not exact, so you're not seeing The Truth, or whatever. Forcing your self to use fewer parameters is a way of denoising, however, that is quite effective.

No at all, this is my actual problem with the proposal.

We're 6 months away from the news report about "the new thing kids are using on the Internet" but the open propaganda and AI forgeries on Twitter and Facebook will continue to do their work on everyone else.

Assuming someone won't harm themselves or accept sacrifice for a cause is a poor argument.

If burning HN to the ground deleted Facebook and Tiktok out of existence, then let it burn.