Posts
11
Following
12
Followers
1
Linux contributor and maintainer. Currently working at AMD, on Linux enablement for the server chips. Views my own.

I also post at https://toot.io/@amit on a wider range of topics and interests.
#duckduckgo needs a better error message than

"There was an error displaying the search results. Please try again."

when its upstream is down. It's also weird to see the website load properly, not acknowledge any disruption in service, and still fail all searches...
0
0
0
@monsieuricon #redhat / #fedora changed to using "retrospectives" for those reports, which I like.
0
0
0
repeated
repeated

Jonathan Corbet

Random, unordered, probably useless thoughts on today's apocalypxze...

Part of the success in getting this into Debian may be the result of there being no xz maintainer there. It is "maintained" by people whose attention is normally elsewhere doing occasional non-maintainer updates.

This code will have been running on the machines of a lot of distribution maintainers. If it has already been exploited, it could be that its real purpose has already been achieved and the real problem is now elsewhere. I sure hope somebody can figure out a way to determine if this backdoor has been used.

The multi-front nature of the attack, including multiple efforts to get the malicious code installed more widely more quickly, suggests we're not just dealing with a lone sociopath. I fear we'll never know who was really behind this, but I would sure like to.

There is surely more where this cam from.
15
170
230
repeated

Jonathan Corbet

Edited 1 month ago
Also if you're on F41 and/or think you might have installed the vulnerable xz anywhere, note that the exploit has not been fully analyzed and no one really knows what it could do. I'm currently reinstalling a couple of machines from scratch and have regenerated my SSH keys.

Richard W.M. Jones

0
8
11
repeated

@msw *sigh* I see that the years pass but we're still struggling with the same problems.

Maybe, just maybe, the FLOSS movement should have considered a long time ago the need to sustainably compensate developers, rather than expect huge world changing projects to be a non compensated side gig...

https://flameeyes.blog/2011/03/28/software-is-ff-ree-just-as-long-as-nobody-cares-about-it/?mtm_campaign=social&mtm_kwd=mastodon

0
1
1
repeated
repeated

Some of you know today as π-day.

But the real insiders know that today is the 30th anniversary of the 1.0 release of Linux.

47
1162
1840
repeated
Edited 2 months ago

I wanted to know simple daily Linux kernel CVE statistics just for fun, so wrote a script[1] and plotted the output.

$ ./vulns_stat.sh ./vulns/ 30 | ../gnuplot/plot.py --data_fmt table --type labeled-lines --xtics_rotate -90 cve_stat_30_days.png

[1] https://github.com/sjp38/lazybox/blob/master/cve_stat/vulns_stat.sh

#linux #kernel #cve #stat

3
8
13
repeated

A good time to remind everyone that we are remote-first and are hiring: http://jobs.frame.work

6
9
1
repeated

We’re seeking input from maintainers as we design a fellowship program pilot. We want to test a support mechanism that addresses structural issues in the FOSS ecosystem, and support maintainers who work on open digital infrastructure in the public interest.

If you maintain open source projects, we would be very grateful if you could take ten minutes to respond to the survey:
https://survey.sovereigntechfund.de/968766

Please also repost and share with FOSS maintainers you know. Thanks!

3
32
0
@sj @paulmckrcu neat! I did not know that backstory
0
0
2
Edited 3 months ago
@sj yes indeed. I hope I mentioned how that was the right thing to do as well
0
0
2
@sj @paulmckrcu Wow, nice! Not only does this help the Korean community, it helps you learn about the phenomenal work done by Paul and the community, as well as writing great documentation. How much do you think you learned about RCU internals during this journey?
1
0
2
Show older