Jonathan Corbet
Posts
319Following
28Followers
1581
Jonathan Corbet
corbet
So my phone (a Pixel 7) has picked up the habit of randomly rebooting for unknown reasons. It seems to be getting worse.
Once upon a time, I used to look forward, at least a little bit, to getting a new phone. Shinier better hardware, a software update, there was something I got out of the deal, even when I wasn't really feeling that I wanted to buy another hunk of electronic stuff.
When I think of a new phone now, I think of fending of a bunch of new AI crap, of trying to track down and fix a hundred different privacy settings that, mysteriously, don't get copied from the old device, and generally just trying to get back to where I am now.
In other words, it's not that I'm not excited about getting a new phone; I actively don't want that new phone.
Maybe I'll just go back to the land line.
Once upon a time, I used to look forward, at least a little bit, to getting a new phone. Shinier better hardware, a software update, there was something I got out of the deal, even when I wasn't really feeling that I wanted to buy another hunk of electronic stuff.
When I think of a new phone now, I think of fending of a bunch of new AI crap, of trying to track down and fix a hundred different privacy settings that, mysteriously, don't get copied from the old device, and generally just trying to get back to where I am now.
In other words, it's not that I'm not excited about getting a new phone; I actively don't want that new phone.
Maybe I'll just go back to the land line.
11
25
38
Jonathan Corbet
corbet
The current OSI fun reminds me of an article I wrote just under 20 years ago... https://lwn.net/Articles/148792/
3
10
11
Jonathan Corbet
corbet
Ah the memories one finds at the bottom of a desk drawer... Once upon a time this was a really cool thing.
8
9
49
Jonathan Corbet
corbet
I have ... opinions ... on the current course of the US federal government, and have been doing my best to make sure that my elected congresscritters know about them.
When you put in a message on Senator Bennet's web site, as with all of them, they want you to pick a topic. Only today did I notice that one of them is, literally, "Internet & Technology". I guess I'll have to advise them of my opinions on excessive entity escaping too...
When you put in a message on Senator Bennet's web site, as with all of them, they want you to pick a topic. Only today did I notice that one of them is, literally, "Internet & Technology". I guess I'll have to advise them of my opinions on excessive entity escaping too...
1
0
29
Jonathan Corbet
repeated
repeated
John Skiles Skinner
skiles@carhenge.clubI got laid off today, with the rest of 18F.
18F was an elite federal software shop. We made gov't websites work better, more efficiently for the American people. We saved taxpayers from getting screwed over by contractors. And were fired for it.
We made this website to tell our story:
0
27
0
Jonathan Corbet
corbet
US politics
Show content
So, while I think this article declares victory a bit too soon, I think we also need the occasional optimistic view that we may actually get through this administration.
https://prospect.org/politics/2025-02-24-trump-coup-has-failed/
(by way of @pluralistic)
https://prospect.org/politics/2025-02-24-trump-coup-has-failed/
(by way of @pluralistic)
2
12
28
Jonathan Corbet
corbet
Just after my last post on solar power, I got a cheery email from "SunStrong", the company taking over from SunPower, which has gone bankrupt. It seems that if I want to get historical data or performance data for individual panels (which I own) out of the monitoring system (which I own) installed in my house, I will have to pay them $100/year.
...or perhaps I can just use the data I've collected into Home Assistant via the SunPower integration and tell them to take a hike ...
My one question is whether they have the ability to push a firmware load and enshittify things further; I think the time may be coming to take the monitoring box off the net.
...or perhaps I can just use the data I've collected into Home Assistant via the SunPower integration and tell them to take a hike ...
My one question is whether they have the ability to push a firmware load and enshittify things further; I think the time may be coming to take the monitoring box off the net.
1
2
24
Jonathan Corbet
corbet
Many cultures celebrate solar events — solstices and such — and that is a fine tradition. My variant of that is to celebrate the first day of the year when the solar panels generate more power than the house uses, running the meter backward overall. Thanks to some warm weather, that was yesterday... spring is coming!
4
43
121
Jonathan Corbet
corbet
Far too many years ago, Rit Carbone hired me as a student assistant at the National Center for Atmospheric Research. My first job was delineating data from early doppler radars into structured scans — and creating a deck of punched cards describing each tape from the radar. It was an amazing way to start a career.
I am deeply saddened to hear that Rit is gone, he was a great scientist and a great man.
https://www.rit-memorial.com/
I am deeply saddened to hear that Rit is gone, he was a great scientist and a great man.
https://www.rit-memorial.com/
0
4
13
Jonathan Corbet
corbet
On the radar: should there be an OpenWrt Two router device?
https://lwn.net/ml/all/56022ffa-2e71-4335-ae3c-418552e7e088@phrozen.org
...as if anybody is going to say "no"...
https://lwn.net/ml/all/56022ffa-2e71-4335-ae3c-418552e7e088@phrozen.org
...as if anybody is going to say "no"...
3
11
13
Jonathan Corbet
corbet
US politics
Show content
So NOAA employees have been told to stop working with foreign nationals
https://www.wired.com/story/noaa-employees-foreign-nationals/
Before I bailed out of reality to get into this free-software adventure, I spent many years at the National Center for Atmospheric Research; it was a great time working on things that really mattered. One of the things I learned is that atmospheric science is an international exercise; international collaboration is the norm. Removing the US from that community will impede science worldwide, and deprive the US of the fruits of working with others. Many of the best researchers in this field are *not* in the US.
But something else crosses my mind. If they can kill scientific collaboration, they can go after other types of collaboration too. Like, say, ordering government agencies to stop participating in free-software projects where there are non-US developers present — all of them, in other words. Or telling government contractors that. An attempt to tear our community apart is not much of a stretch from where we are now.
We live in interesting times, alas.
https://www.wired.com/story/noaa-employees-foreign-nationals/
Before I bailed out of reality to get into this free-software adventure, I spent many years at the National Center for Atmospheric Research; it was a great time working on things that really mattered. One of the things I learned is that atmospheric science is an international exercise; international collaboration is the norm. Removing the US from that community will impede science worldwide, and deprive the US of the fruits of working with others. Many of the best researchers in this field are *not* in the US.
But something else crosses my mind. If they can kill scientific collaboration, they can go after other types of collaboration too. Like, say, ordering government agencies to stop participating in free-software projects where there are non-US developers present — all of them, in other words. Or telling government contractors that. An attempt to tear our community apart is not much of a stretch from where we are now.
We live in interesting times, alas.
2
19
21
Jonathan Corbet
corbet
US politics
Show content
A strident look at what is going on in this country, worth a read. Wish I knew better what to do about it...
https://www.techdirt.com/2025/02/05/the-24-hour-reality-check-musks-impossible-power-grab-and-americas-crisis/
https://www.techdirt.com/2025/02/05/the-24-hour-reality-check-musks-impossible-power-grab-and-americas-crisis/
2
7
9
Jonathan Corbet
corbet
Forbes is warning us that Android phones are under severe risk due to a kernel vulnerability:
https://www.forbes.com/sites/zakdoffman/2025/02/03/google-warns-all-android-users-your-phone-is-now-at-risk/
This comes from Google's Android security bulletin for February:
https://source.android.com/docs/security/bulletin/2025-02-01
...which informs us that "There are indications that CVE-2024-53104 may be under limited, targeted exploitation". The vulnerability in question, though, is CVE-2024-53104:
https://lwn.net/ml/all/2024120232-CVE-2024-53104-d781@gregkh
...which is in the uvcvideo camera driver. Either I'm missing something badly, or the only way to exploit this would be to plug a malicious camera device into the phone. I can see why they would want to fix this, but I'm not sure it's a red-alert situation for most of us?
https://www.forbes.com/sites/zakdoffman/2025/02/03/google-warns-all-android-users-your-phone-is-now-at-risk/
This comes from Google's Android security bulletin for February:
https://source.android.com/docs/security/bulletin/2025-02-01
...which informs us that "There are indications that CVE-2024-53104 may be under limited, targeted exploitation". The vulnerability in question, though, is CVE-2024-53104:
https://lwn.net/ml/all/2024120232-CVE-2024-53104-d781@gregkh
...which is in the uvcvideo camera driver. Either I'm missing something badly, or the only way to exploit this would be to plug a malicious camera device into the phone. I can see why they would want to fix this, but I'm not sure it's a red-alert situation for most of us?
3
13
19
Jonathan Corbet
corbet
A week ago we managed to get away for a few days to Capitol Reef National Park — definitely worth exploring. It's important to escape to a beautiful place with no network service every now and then.
0
1
23
Jonathan Corbet
corbet
So I guess I'm famous now :)
https://www.heise.de/en/news/AI-bots-paralyze-Linux-news-site-and-others-10252162.html
To be clear, LWN has never "crashed" as a result of this onslaught. We'll not talk about what happened after I pushed up some code trying to address it...
Most seriously, though: I'm surprised that this situation is surprising to anybody at this point. This is a net-wide problem, it surely is not limited to free-software-oriented sites. But if the problem is starting to get wider attention, that is fine with me...
https://www.heise.de/en/news/AI-bots-paralyze-Linux-news-site-and-others-10252162.html
To be clear, LWN has never "crashed" as a result of this onslaught. We'll not talk about what happened after I pushed up some code trying to address it...
Most seriously, though: I'm surprised that this situation is surprising to anybody at this point. This is a net-wide problem, it surely is not limited to free-software-oriented sites. But if the problem is starting to get wider attention, that is fine with me...
3
32
54
Jonathan Corbet
corbet
A followup for folks who are curious about the whole AI botswarm problem...
Some of these bots are clearly running on a bunch of machines on the same net. I have been able to reduce the traffic significantly by treating everything as a class-C net and doing subnet-level throttling. That and simply blocking a couple of them.
But that leaves a lot of traffic with an interesting characteristic: there are millions of obvious bot hits (following a pattern through the site, for example) that all come from a different IP. An access log with 9M lines as over 1M IP addresses, and few of them appear more than about three times.
So these things are running on widely distributed botnets, likely on compromised computers, and they are doing their best to evade any sort of recognition or throttling. I don't think that any sort of throttling or database of known-bot IPs is going to help here...not quite sure what to do about it.
What a world we have made for ourselves...
Some of these bots are clearly running on a bunch of machines on the same net. I have been able to reduce the traffic significantly by treating everything as a class-C net and doing subnet-level throttling. That and simply blocking a couple of them.
But that leaves a lot of traffic with an interesting characteristic: there are millions of obvious bot hits (following a pattern through the site, for example) that all come from a different IP. An access log with 9M lines as over 1M IP addresses, and few of them appear more than about three times.
So these things are running on widely distributed botnets, likely on compromised computers, and they are doing their best to evade any sort of recognition or throttling. I don't think that any sort of throttling or database of known-bot IPs is going to help here...not quite sure what to do about it.
What a world we have made for ourselves...
11
44
51
Jonathan Corbet
corbet
Should you be wondering why @LWN #LWN is occasionally sluggish... since the new year, the DDOS onslaughts from AI-scraper bots has picked up considerably. Only a small fraction of our traffic is serving actual human readers at this point. At times, some bot decides to hit us from hundreds of IP addresses at once, clogging the works. They don't identify themselves as bots, and robots.txt is the only thing they *don't* read off the site.
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
45
449
355
Jonathan Corbet
corbet
Best not to mess with the squirrels in Boulder... https://www.9news.com/article/news/local/douglass-elementary-secure-status-squirrel/73-95b14d37-bea5-4260-8594-c4db613d7cca
1
0
1