Posts
9
Following
12
Followers
1
Linux contributor and maintainer. Currently working at AMD, on Linux enablement for the server chips. Views my own.

I also post at https://toot.io/@amit on a wider range of topics and interests.
repeated
repeated

Jonathan Corbet

Random, unordered, probably useless thoughts on today's apocalypxze...

Part of the success in getting this into Debian may be the result of there being no xz maintainer there. It is "maintained" by people whose attention is normally elsewhere doing occasional non-maintainer updates.

This code will have been running on the machines of a lot of distribution maintainers. If it has already been exploited, it could be that its real purpose has already been achieved and the real problem is now elsewhere. I sure hope somebody can figure out a way to determine if this backdoor has been used.

The multi-front nature of the attack, including multiple efforts to get the malicious code installed more widely more quickly, suggests we're not just dealing with a lone sociopath. I fear we'll never know who was really behind this, but I would sure like to.

There is surely more where this cam from.
15
176
229
repeated

Jonathan Corbet

Edited 17 days ago
Also if you're on F41 and/or think you might have installed the vulnerable xz anywhere, note that the exploit has not been fully analyzed and no one really knows what it could do. I'm currently reinstalling a couple of machines from scratch and have regenerated my SSH keys.

Richard W.M. Jones

0
8
11
repeated

Some of you know today as π-day.

But the real insiders know that today is the 30th anniversary of the 1.0 release of Linux.

47
1178
1821
repeated
Edited 29 days ago

I wanted to know simple daily Linux kernel CVE statistics just for fun, so wrote a script[1] and plotted the output.

$ ./vulns_stat.sh ./vulns/ 30 | ../gnuplot/plot.py --data_fmt table --type labeled-lines --xtics_rotate -90 cve_stat_30_days.png

[1] https://github.com/sjp38/lazybox/blob/master/cve_stat/vulns_stat.sh

#linux #kernel #cve #stat

3
8
13
repeated

A good time to remind everyone that we are remote-first and are hiring: http://jobs.frame.work

6
9
1
repeated

We’re seeking input from maintainers as we design a fellowship program pilot. We want to test a support mechanism that addresses structural issues in the FOSS ecosystem, and support maintainers who work on open digital infrastructure in the public interest.

If you maintain open source projects, we would be very grateful if you could take ten minutes to respond to the survey:
https://survey.sovereigntechfund.de/968766

Please also repost and share with FOSS maintainers you know. Thanks!

3
32
0
Show older