Jonathan Corbet
Posts
300Following
28Followers
1539
Jonathan Corbet
corbet
Far too many years ago, Rit Carbone hired me as a student assistant at the National Center for Atmospheric Research. My first job was delineating data from early doppler radars into structured scans — and creating a deck of punched cards describing each tape from the radar. It was an amazing way to start a career.
I am deeply saddened to hear that Rit is gone, he was a great scientist and a great man.
https://www.rit-memorial.com/
I am deeply saddened to hear that Rit is gone, he was a great scientist and a great man.
https://www.rit-memorial.com/
0
4
13
Jonathan Corbet
corbet
On the radar: should there be an OpenWrt Two router device?
https://lwn.net/ml/all/56022ffa-2e71-4335-ae3c-418552e7e088@phrozen.org
...as if anybody is going to say "no"...
https://lwn.net/ml/all/56022ffa-2e71-4335-ae3c-418552e7e088@phrozen.org
...as if anybody is going to say "no"...
2
10
11
Jonathan Corbet
corbet
US politics
Show content
So NOAA employees have been told to stop working with foreign nationals
https://www.wired.com/story/noaa-employees-foreign-nationals/
Before I bailed out of reality to get into this free-software adventure, I spent many years at the National Center for Atmospheric Research; it was a great time working on things that really mattered. One of the things I learned is that atmospheric science is an international exercise; international collaboration is the norm. Removing the US from that community will impede science worldwide, and deprive the US of the fruits of working with others. Many of the best researchers in this field are *not* in the US.
But something else crosses my mind. If they can kill scientific collaboration, they can go after other types of collaboration too. Like, say, ordering government agencies to stop participating in free-software projects where there are non-US developers present — all of them, in other words. Or telling government contractors that. An attempt to tear our community apart is not much of a stretch from where we are now.
We live in interesting times, alas.
https://www.wired.com/story/noaa-employees-foreign-nationals/
Before I bailed out of reality to get into this free-software adventure, I spent many years at the National Center for Atmospheric Research; it was a great time working on things that really mattered. One of the things I learned is that atmospheric science is an international exercise; international collaboration is the norm. Removing the US from that community will impede science worldwide, and deprive the US of the fruits of working with others. Many of the best researchers in this field are *not* in the US.
But something else crosses my mind. If they can kill scientific collaboration, they can go after other types of collaboration too. Like, say, ordering government agencies to stop participating in free-software projects where there are non-US developers present — all of them, in other words. Or telling government contractors that. An attempt to tear our community apart is not much of a stretch from where we are now.
We live in interesting times, alas.
2
19
21
Jonathan Corbet
corbet
US politics
Show content
A strident look at what is going on in this country, worth a read. Wish I knew better what to do about it...
https://www.techdirt.com/2025/02/05/the-24-hour-reality-check-musks-impossible-power-grab-and-americas-crisis/
https://www.techdirt.com/2025/02/05/the-24-hour-reality-check-musks-impossible-power-grab-and-americas-crisis/
2
8
9
Jonathan Corbet
corbet
Forbes is warning us that Android phones are under severe risk due to a kernel vulnerability:
https://www.forbes.com/sites/zakdoffman/2025/02/03/google-warns-all-android-users-your-phone-is-now-at-risk/
This comes from Google's Android security bulletin for February:
https://source.android.com/docs/security/bulletin/2025-02-01
...which informs us that "There are indications that CVE-2024-53104 may be under limited, targeted exploitation". The vulnerability in question, though, is CVE-2024-53104:
https://lwn.net/ml/all/2024120232-CVE-2024-53104-d781@gregkh
...which is in the uvcvideo camera driver. Either I'm missing something badly, or the only way to exploit this would be to plug a malicious camera device into the phone. I can see why they would want to fix this, but I'm not sure it's a red-alert situation for most of us?
https://www.forbes.com/sites/zakdoffman/2025/02/03/google-warns-all-android-users-your-phone-is-now-at-risk/
This comes from Google's Android security bulletin for February:
https://source.android.com/docs/security/bulletin/2025-02-01
...which informs us that "There are indications that CVE-2024-53104 may be under limited, targeted exploitation". The vulnerability in question, though, is CVE-2024-53104:
https://lwn.net/ml/all/2024120232-CVE-2024-53104-d781@gregkh
...which is in the uvcvideo camera driver. Either I'm missing something badly, or the only way to exploit this would be to plug a malicious camera device into the phone. I can see why they would want to fix this, but I'm not sure it's a red-alert situation for most of us?
3
14
19
Jonathan Corbet
corbet
A week ago we managed to get away for a few days to Capitol Reef National Park — definitely worth exploring. It's important to escape to a beautiful place with no network service every now and then.
0
1
23
Jonathan Corbet
corbet
So I guess I'm famous now :)
https://www.heise.de/en/news/AI-bots-paralyze-Linux-news-site-and-others-10252162.html
To be clear, LWN has never "crashed" as a result of this onslaught. We'll not talk about what happened after I pushed up some code trying to address it...
Most seriously, though: I'm surprised that this situation is surprising to anybody at this point. This is a net-wide problem, it surely is not limited to free-software-oriented sites. But if the problem is starting to get wider attention, that is fine with me...
https://www.heise.de/en/news/AI-bots-paralyze-Linux-news-site-and-others-10252162.html
To be clear, LWN has never "crashed" as a result of this onslaught. We'll not talk about what happened after I pushed up some code trying to address it...
Most seriously, though: I'm surprised that this situation is surprising to anybody at this point. This is a net-wide problem, it surely is not limited to free-software-oriented sites. But if the problem is starting to get wider attention, that is fine with me...
3
34
54
Jonathan Corbet
corbet
A followup for folks who are curious about the whole AI botswarm problem...
Some of these bots are clearly running on a bunch of machines on the same net. I have been able to reduce the traffic significantly by treating everything as a class-C net and doing subnet-level throttling. That and simply blocking a couple of them.
But that leaves a lot of traffic with an interesting characteristic: there are millions of obvious bot hits (following a pattern through the site, for example) that all come from a different IP. An access log with 9M lines as over 1M IP addresses, and few of them appear more than about three times.
So these things are running on widely distributed botnets, likely on compromised computers, and they are doing their best to evade any sort of recognition or throttling. I don't think that any sort of throttling or database of known-bot IPs is going to help here...not quite sure what to do about it.
What a world we have made for ourselves...
Some of these bots are clearly running on a bunch of machines on the same net. I have been able to reduce the traffic significantly by treating everything as a class-C net and doing subnet-level throttling. That and simply blocking a couple of them.
But that leaves a lot of traffic with an interesting characteristic: there are millions of obvious bot hits (following a pattern through the site, for example) that all come from a different IP. An access log with 9M lines as over 1M IP addresses, and few of them appear more than about three times.
So these things are running on widely distributed botnets, likely on compromised computers, and they are doing their best to evade any sort of recognition or throttling. I don't think that any sort of throttling or database of known-bot IPs is going to help here...not quite sure what to do about it.
What a world we have made for ourselves...
12
44
51
Jonathan Corbet
corbet
Should you be wondering why @LWN #LWN is occasionally sluggish... since the new year, the DDOS onslaughts from AI-scraper bots has picked up considerably. Only a small fraction of our traffic is serving actual human readers at this point. At times, some bot decides to hit us from hundreds of IP addresses at once, clogging the works. They don't identify themselves as bots, and robots.txt is the only thing they *don't* read off the site.
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
45
464
355
Jonathan Corbet
corbet
Best not to mess with the squirrels in Boulder... https://www.9news.com/article/news/local/douglass-elementary-secure-status-squirrel/73-95b14d37-bea5-4260-8594-c4db613d7cca
1
0
1
Jonathan Corbet
corbet
So is there anybody out there who can explain this image?
I bought this card in Korea some years ago after having seen this theme - a tiger and a rabbit seemingly getting stoned together - in a number of places. There must be a story behind it, but my meager search skills have never managed to turn it up. I do still love the image, though...
I bought this card in Korea some years ago after having seen this theme - a tiger and a rabbit seemingly getting stoned together - in a number of places. There must be a story behind it, but my meager search skills have never managed to turn it up. I do still love the image, though...
14
24
31
Jonathan Corbet
corbet
Two years ago, I installed solar panels on the roof, and was rewarded with enough power to run the house, charge the car, and even run the heat pump for much of the year.
Another reward was the SunPower monitoring system that lets us track the performance of the system and see how each individual panel is working. Naturally, this system only delivers its data to some proprietary cloud system run by SunPower. Just as naturally, SunPower has gone bankrupt, and the monitoring system is now just a useless brick sitting on the wall.
...or at least it would be, had I not gone through the effort of integrating it with Home Assistant — a mildly difficult task involving hooking into a maintenance port on the device itself. So now I have the data out of the monitoring box stored on a local system, under my control, and I don't need to go scrambling for alternatives. I can obsess over my post-solstice data, waiting for production to reach decent levels again — that happens faster if I stare at it, I'm convinced.
Maybe there's something to this free software idea after all.
Another reward was the SunPower monitoring system that lets us track the performance of the system and see how each individual panel is working. Naturally, this system only delivers its data to some proprietary cloud system run by SunPower. Just as naturally, SunPower has gone bankrupt, and the monitoring system is now just a useless brick sitting on the wall.
...or at least it would be, had I not gone through the effort of integrating it with Home Assistant — a mildly difficult task involving hooking into a maintenance port on the device itself. So now I have the data out of the monitoring box stored on a local system, under my control, and I don't need to go scrambling for alternatives. I can obsess over my post-solstice data, waiting for production to reach decent levels again — that happens faster if I stare at it, I'm convinced.
Maybe there's something to this free software idea after all.
15
194
379
Jonathan Corbet
corbet
Not having a cat, I'm not given to posting cat pictures ... but my daughter's cat is here for a visit, so here's my chance.
3
11
54
Jonathan Corbet
corbet
I was digging through my bookshelves when I stumbled across this book, untouched for years.
I picked up Anybody's Bike Book sometime around the mid 1970s, after having discovered the freedom that a good bike gives to a kid who needs to move around in northern Wyoming. It taught me that there was nothing in my bike that I couldn't fix myself — an empowering lesson to learn. With a mixture of plain language, clear descriptions, and sharp humor, it was perhaps my first example of what technical documentation can be.
So, a belated "thank you" to Tom Cuthbertson for this outstanding book; there is no doubt it had a strong influence on all the words I have inflicted on the world.
I picked up Anybody's Bike Book sometime around the mid 1970s, after having discovered the freedom that a good bike gives to a kid who needs to move around in northern Wyoming. It taught me that there was nothing in my bike that I couldn't fix myself — an empowering lesson to learn. With a mixture of plain language, clear descriptions, and sharp humor, it was perhaps my first example of what technical documentation can be.
So, a belated "thank you" to Tom Cuthbertson for this outstanding book; there is no doubt it had a strong influence on all the words I have inflicted on the world.
1
16
33
Jonathan Corbet
corbet
So here is a weird one ... the LWN site has been seeing a steady stream of login attempts, all using weird yahoo addresses as the username. By "weird" I mean things like lllbnwidgqeerdyi@yahoo.com and other equally unlikely strings.
These do not correspond to LWN accounts, but somebody has looked at our login form for long enough to post the login attempts directly, without loading the form first. The attempts come from all over the Internet, suggesting that some sort of botnet is doing this.
I don't suppose anybody else has seen this sort of pattern, or has any idea what it is that they may be trying to accomplish?
These do not correspond to LWN accounts, but somebody has looked at our login form for long enough to post the login attempts directly, without loading the form first. The attempts come from all over the Internet, suggesting that some sort of botnet is doing this.
I don't suppose anybody else has seen this sort of pattern, or has any idea what it is that they may be trying to accomplish?
9
18
17
Jonathan Corbet
corbet
On the radar: file-based memory management
https://lwn.net/ml/all/20241122203830.2381905-1-btabatabai@wisc.edu
This looks like fairly wild stuff, haven't had a chance to figure out how it actually works yet.
https://lwn.net/ml/all/20241122203830.2381905-1-btabatabai@wisc.edu
This looks like fairly wild stuff, haven't had a chance to figure out how it actually works yet.
1
9
10
Jonathan Corbet
corbet
Maybe these AI models are onto something after all? https://fortune.com/2024/11/14/grok-musk-misinformation-spreader/
1
10
22