OpenRiot v7.9.42 — The Warning Light That Was Never Lit
“The construct had a clock. It had always had a clock. It parsed
kern.version, subtracted the build date from the current date, and computed a number that meant something. The number was always telling the truth. The problem was that nobody was listening. The clock lived in a function that only ran at the end ofcurl | sh— and nobody runscurl | shwhen the desktop is working. They click the polybar icon. They see ‘up to date’ in green. Meanwhile, the kernel rot clock ticks past 7 days, past 14 days, past 40 days, and the packages on disk are built against a snapshot that doesn’t exist anymore. We wired the clock into the icon. We wired the clock into the click. The construct now looks at its own pulse and screams when it’s been too long. The Turing Police would call this ‘a monitoring solution.’ We call it the warning light that was never lit.” — The OpenRiot Crew, somewhere in the Sprawl, v7.9.42
Release Overview
This release is about one thing: drift detection that actually reaches
the user. We had the code. We had the kern.version parser. We had the
14-day threshold (raised from 7 because the Sprawl doesn’t do mid-week
nagware). But the warning only printed at the end of the installer —
a place nobody reaches on a working desktop. The polybar module, the
thing people click every day, showed “Up to date” in serene green
while the kernel silently aged past the point where pkg_add -u could
safely install anything.
Now the drift check runs at three touch points:
-
Polybar icon. Every time the update module refreshes, it parses the kernel build date. If the kernel is more than 14 days old, the icon turns from
(up to date) to(warning). On release systems it stays green — the kernel doesn’t drift on stable. -
Polybar click. The old click handler checked the OpenRiot VERSION file and either said “up to date” or launched an upgrade terminal. The new handler checks drift first. If drift is detected, it fires a critical dunst notification (“Kernel is N days old — run: doas sysupgrade -s”) and opens a terminal prompt: “Sync now? [y] doas sysupgrade -s && (reboot) && doas pkg_add -u.” Answering no skips ahead to the OpenRiot version check.
-
Installer entry point. The drift warning used to print at line 140-something of
runInstall, after configs deployed, packages installed, and source builds finished. It now prints at line 55, before anything else happens. Everycurl | shupgrade shows the warning at the top. The user can read it, decide what to do, and continue — or abort and sysupgrade first.
The Turing Police would have let the kernel rot indefinitely and called it “operational security through obscurity.” We called it a bug and fixed it.
🕐 Threshold: Seven Days → Fourteen Days
The original threshold was 7 days. That’s one week. On -current,
where snapshots ship roughly every 1-2 days, 7 days is aggressive —
it triggers mid-week, often while the user is mid-project, and feels
like nagware. Fourteen days is a cadence that means “you have
probably missed at least two snapshots, maybe more.” The packages
tree has advanced. The kernel has patched. The window for pkg_add -u
to work cleanly without a matching base is closing.
The number lives in two places now:
source/commands/helpers.go:232—14*24*time.Hourin the installer-sidehasPackageDrift(). Bumped from 7. Comment updated to match.source/update/update.go:23—const driftThreshold = 14 * 24 * time.Hourin the polybar-sidehasKernelDrift(). Kept in lockstep by a comment saying exactly that.
If you want to change it, change both. The Turing Police would have made it a config file with a YAML schema and a validation pipeline. We made it two constants you can grep.
🧾 Files Changed
| File | Change |
|---|---|
source/update/update.go |
NEW — hasKernelDrift() parses |
kern.version; Get() returns |
|
| warning icon when kernel drifts | |
past 14 days; Click() fires |
|
| dunst notification + sysupgrade | |
| terminal prompt before version | |
| check | |
source/commands/helpers.go |
FIX — drift warning moved from |
end of runInstall to top (before |
|
| any install work); threshold | |
7*24 → 14*24; removed late |
|
| duplicate warning block | |
README.md |
NEW — “Kernel Drift Detection” |
| section under System Management; | |
| drift icon added to polybar update | |
| module table (summary + reference) |
🗣️ Final Words
“The clock was always there. The number was always real. The problem was that the construct had a voice but no listener — the warning lived at the end of a script nobody ran, and the icon people checked every day showed the wrong color. We fixed the routing. The clock now pushes its number through the icon, through the notification, through the terminal that opens when you click. The construct tells you when it’s been too long. You don’t have to listen. But you can’t say it didn’t tell you. Somewhere in the Sprawl, a polybar module just turned warning-orange, and the kernel it’s warning about was built two weeks ago. The Turing Police would still be checking
uname -aby hand. We wired the clock into the dashboard and called it Tuesday.” — The OpenRiot Crew, after the icon finally changed, v7.9.42