Posts
189
Following
24
Followers
933

Jonathan Corbet

I just put the last touches on the final article out of the LSFMM+BPF memory-management track. 25 articles written in just over a week; the final ones will trickle out over the next few days.

Now I can finally take a rest, perhaps go for an early Friday beer, and contemplate shopping for a new keyboard.

Wait — there's a merge window going on? Why didn't anybody tell me?!?
2
10
33

Jonathan Corbet

It's rare to have a conference I can drive to - even if it takes all day. I took that opportunity for LSFMM and stopped at Dinosaur National Monument on the way there, totally worth it.
0
0
15

Jonathan Corbet

Xcel Energy just sent me a survey asking about my "recent outage experience". Not sure what to say... "Five stars — would definitely do again"?
2
1
12

Jonathan Corbet

This post on how scammers use Chase's confirmation system to get victims to open up their accounts:

https://shkspr.mobi/blog/2024/05/bank-scammers-using-genuine-push-notifications-to-trick-their-victims/

Decades ago, we saw universal connectivity as a path to freedom. Instead, we have created a world where we are literally subject to dozens (if not many more) attempts to rip us off every day. We've made a world that is much more predatory and hostile, and it is getting worse.

Thus far, I've managed to avoid falling victim to any of these attempts. But I can only wonder when, as I get older and more confused and the scammers get more sophisticated, that will change. "When", rather than "if", seems like the relevant word here.

Oh well...I guess I'll get more coffee and read more email, I'm sure that will make me feel better.
3
7
10

Jonathan Corbet

On the radar: Tejun makes another push to get the sched_ext framework merged, citing the high level of interest that this work is drawing:

https://lwn.net/ml/linux-kernel/20240501151312.635565-1-tj@kernel.org/

(See https://lwn.net/Articles/922405/ for an introduction to sched_ext).
0
8
7

Jonathan Corbet

The view from my office... Back from OSS just in time to appreciate spring in Colorado.
0
5
24

Jonathan Corbet

Edited 1 month ago
The eclipse was only 64% here but the solar panels definitely noticed.
0
2
9

Jonathan Corbet

Sigh ... John Barth is gone ... https://www.theguardian.com/books/2024/apr/03/john-barth-death-american-novelist-dies-dead-aged-93 time to get into Giles Goat Boy again
1
1
1

I am a bit concerned by all the focus on small-ish projects with overwhelmed maintainers. There indeed are a lot of problems in that area.

But I am certain that lots of experienced OSS devs can think of a few large and crucial projects where they fairly easily could have hidden something small in a larger change. Without a lot of prior contributions to the project.

2
2
1

Jonathan Corbet

Edited 1 month ago
Quote of the day (from the Fedora devel list):
We have no mechanism to flag when J. Random Packager adds "Supplements: glibc" to their random leaf node package. As a reminder, *we are a project that allows 1,601 minimally-vetted people to deliver arbitrary code executed as root on hundreds of thousands of systems*, and this mechanism allows any one of those people to cause the package they have complete control over to be automatically pulled in as a dependency on virtually every single one of those systems.
Adam Williamson
1
87
101

Jonathan Corbet

Edited 1 month ago
I'm on a holiday and only happened to look at my emails and it seems to be a major mess.
Lasse Collin
0
30
58

Jonathan Corbet

Edited 1 month ago
Also if you're on F41 and/or think you might have installed the vulnerable xz anywhere, note that the exploit has not been fully analyzed and no one really knows what it could do. I'm currently reinstalling a couple of machines from scratch and have regenerated my SSH keys.

Richard W.M. Jones

0
8
11

Jonathan Corbet

Random, unordered, probably useless thoughts on today's apocalypxze...

Part of the success in getting this into Debian may be the result of there being no xz maintainer there. It is "maintained" by people whose attention is normally elsewhere doing occasional non-maintainer updates.

This code will have been running on the machines of a lot of distribution maintainers. If it has already been exploited, it could be that its real purpose has already been achieved and the real problem is now elsewhere. I sure hope somebody can figure out a way to determine if this backdoor has been used.

The multi-front nature of the attack, including multiple efforts to get the malicious code installed more widely more quickly, suggests we're not just dealing with a lone sociopath. I fear we'll never know who was really behind this, but I would sure like to.

There is surely more where this cam from.
15
170
230

Jonathan Corbet

One of the things I have been doing to approve my language skills is reading science fiction in Italian. It's surprisingly hard to find books by Italian SF authors (even though there are many of them) rather than yet another Tolkien translation; this is especially true in Italian bookstores, sadly. Ebooks fill in nicely, though, once you discover who you're looking for.

I recently read WOHPE by Salvatore Sanfilippo. The story, which deals with fears of the AI apocalypse, was a fun read, and it was clear that the author actually had a clue about how systems like language models actually work. I definitely enjoyed it.

Meanwhile, I'm a kernel person, relatively ignorant of areas like databases. So as I was reviewing an upcoming article by another LWN author about the Redis mess, I learned a lot. One thing I picked up was that one of the creators of Redis was ... a certain Salvatore Sanfilippo (aka @antirez) Some searching establishes that it's indeed the same person; no wonder the book was as clueful as it was.

Small world...and people say hackers can't write :)
2
8
32

🪦 Vernor Vinge, author of many influential hard science fiction works, died March 20 at the age of 79.

https://file770.com/vernor-vinge-1944-2024/

0
3
0

Jonathan Corbet

Once upon a time, if I enabled tethering on an Android phone, it would take the phone off the local WiFi network and route traffic over the cellular link

Now, if the phone is on a WiFi network, tethering will route packets from the tethered device over that WiFi network.

I'm guessing that improvements in WiFi interfaces and drivers have enabled this change. But it misses an important point: if I'm tethering a device in an environment where a WiFi network exists, it is almost certainly because said WiFi network sucks and I want to circumvent it. Having the phone continue to use it silently thwarts that purpose.

It's easy enough to work around — just turn off WiFi on the phone — but for slow folks like me that only happens after wondering for a while why the performance is still bad. Does anybody know of a way to disable this behavior permanently?
5
2
10

Jonathan Corbet

Edited 3 months ago
What a world we have built ... https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages

Edit: there are suggestions out there that this story is not actually true. So sad, who ever heard of something not being true on the Internet? But does anybody doubt that something like this *will* be true in the near future?
6
33
35

Jonathan Corbet

On the radar: Debian is launching into its 64-bit-time transition:

https://lwn.net/ml/debian-devel-announce/Zb0WpSukajgythGe@homer.dodds.net/

"By my reckoning, this is the largest cross-archive ABI transition we've ever
had in Debian".
0
26
27

Jonathan Corbet

Edited 3 months ago
At the risk of spoiling next week's "quote of the week": @monsieuricon 's post on why projects like the kernel and Git continue working over email is definitely worth a read.
2
14
25
Show older