Posts
12
Following
14
Followers
3
Linux contributor and maintainer. Currently working at AMD, on Linux enablement for the server chips. Views my own.

I also post at https://toot.io/@amit on a wider range of topics and interests.
The new AMD Turin CPU has implemented fixes for RSB Side Channel speculative attacks. Read my blog post at https://amitshah.net/2024/11/eraps-reduces-software-tax-for-hardware-bugs/ for info. Patches posted on lists too!
0
0
0
repeated

Jonathan Corbet

I have often complained that, even though thousands of developers are paid to work on the Linux kernel, there is not a single person whose job it is to write documentation for the kernel. The problem is wider than that, though: Alejandro Colomar, who has been maintaining the man pages collection for the last four years, can no longer afford to do it for free.

https://lwn.net/ml/all/4d7tq6a7febsoru3wjium4ekttuw2ouocv6jstdkthnacmzr6x@f2zfbe5hs7h5
5
80
66
repeated
#duckduckgo needs a better error message than

"There was an error displaying the search results. Please try again."

when its upstream is down. It's also weird to see the website load properly, not acknowledge any disruption in service, and still fail all searches...
0
0
0
repeated
repeated

Jonathan Corbet

Random, unordered, probably useless thoughts on today's apocalypxze...

Part of the success in getting this into Debian may be the result of there being no xz maintainer there. It is "maintained" by people whose attention is normally elsewhere doing occasional non-maintainer updates.

This code will have been running on the machines of a lot of distribution maintainers. If it has already been exploited, it could be that its real purpose has already been achieved and the real problem is now elsewhere. I sure hope somebody can figure out a way to determine if this backdoor has been used.

The multi-front nature of the attack, including multiple efforts to get the malicious code installed more widely more quickly, suggests we're not just dealing with a lone sociopath. I fear we'll never know who was really behind this, but I would sure like to.

There is surely more where this cam from.
13
157
228
repeated

Jonathan Corbet

Edited 8 months ago
Also if you're on F41 and/or think you might have installed the vulnerable xz anywhere, note that the exploit has not been fully analyzed and no one really knows what it could do. I'm currently reinstalling a couple of machines from scratch and have regenerated my SSH keys.

Richard W.M. Jones

0
8
10
repeated

Some of you know today as π-day.

But the real insiders know that today is the 30th anniversary of the 1.0 release of Linux.

46
1114
1934
repeated
Edited 8 months ago

I wanted to know simple daily Linux kernel CVE statistics just for fun, so wrote a script[1] and plotted the output.

$ ./vulns_stat.sh ./vulns/ 30 | ../gnuplot/plot.py --data_fmt table --type labeled-lines --xtics_rotate -90 cve_stat_30_days.png

[1] https://github.com/sjp38/lazybox/blob/master/cve_stat/vulns_stat.sh

#linux #kernel #cve #stat

3
8
13
repeated

A good time to remind everyone that we are remote-first and are hiring: http://jobs.frame.work

6
8
1
repeated

We’re seeking input from maintainers as we design a fellowship program pilot. We want to test a support mechanism that addresses structural issues in the FOSS ecosystem, and support maintainers who work on open digital infrastructure in the public interest.

If you maintain open source projects, we would be very grateful if you could take ten minutes to respond to the survey:
https://survey.sovereigntechfund.de/968766

Please also repost and share with FOSS maintainers you know. Thanks!

3
32
0
Show older