Jonathan Corbet
Posts
323Following
28Followers
1606
Jonathan Corbet
corbet
Many cultures celebrate solar events — solstices and such — and that is a fine tradition. My variant of that is to celebrate the first day of the year when the solar panels generate more power than the house uses, running the meter backward overall. Thanks to some warm weather, that was yesterday... spring is coming!
4
42
121
Jonathan Corbet
corbet
@binder @luis_in_brief @Edent Strange, I have not seen much "steamrolling" going on, certainly not on the part of the Rust folks. But, if you have thoughts on how things could run more smoothly, joining the mailing-list discussion with constructive comments might be a good thing to do.
1
0
1
Jonathan Corbet
corbet
Far too many years ago, Rit Carbone hired me as a student assistant at the National Center for Atmospheric Research. My first job was delineating data from early doppler radars into structured scans — and creating a deck of punched cards describing each tape from the radar. It was an amazing way to start a career.
I am deeply saddened to hear that Rit is gone, he was a great scientist and a great man.
https://www.rit-memorial.com/
I am deeply saddened to hear that Rit is gone, he was a great scientist and a great man.
https://www.rit-memorial.com/
0
4
13
Jonathan Corbet
corbet
@maco @Edent Who have you seen "flouncing out"?
Do you really expect a project with 5,000 contributors over the course of the year to run without occasional conflict and disagreement?
At the moment we have a high-profile maintainer who is concerned about the prospect of maintaining a multi-language code base for the next ten years. I am not on board with how that concern has been expressed, and I think those concerns will not win out over the long term, but the concerns should be addressed on their merit — as the Rust-for-Linux developers have been patiently doing. Turning it into a "cold dead hands" strawman is really not going to make the process work better.
Do you really expect a project with 5,000 contributors over the course of the year to run without occasional conflict and disagreement?
At the moment we have a high-profile maintainer who is concerned about the prospect of maintaining a multi-language code base for the next ten years. I am not on board with how that concern has been expressed, and I think those concerns will not win out over the long term, but the concerns should be addressed on their merit — as the Rust-for-Linux developers have been patiently doing. Turning it into a "cold dead hands" strawman is really not going to make the process work better.
0
0
1
Jonathan Corbet
corbet
@luis_in_brief @Edent I looked at longevity a bit one year ago: https://lwn.net/Articles/956765/ . I should run those numbers again. The brief answer is that some of those people obviously drop their one patch and move on, but others do indeed stick around for the long term.
0
0
4
Jonathan Corbet
corbet
@Edent So this appears to be a lightly disguised criticism of the kernel project ... the project that is working hard to incorporate Rust into a 30+-year-old code base, is (slowly) developing new contribution tools, and sees 2-300 new contributors in each and every one of its nine-week release cycles.
There are plenty of problems in kernelland, but they will not be improved by a distorted view like this.
There are plenty of problems in kernelland, but they will not be improved by a distorted view like this.
3
1
5
Jonathan Corbet
corbet
On the radar: should there be an OpenWrt Two router device?
https://lwn.net/ml/all/56022ffa-2e71-4335-ae3c-418552e7e088@phrozen.org
...as if anybody is going to say "no"...
https://lwn.net/ml/all/56022ffa-2e71-4335-ae3c-418552e7e088@phrozen.org
...as if anybody is going to say "no"...
3
11
13
Jonathan Corbet
corbet
US politics
Show content
So NOAA employees have been told to stop working with foreign nationals
https://www.wired.com/story/noaa-employees-foreign-nationals/
Before I bailed out of reality to get into this free-software adventure, I spent many years at the National Center for Atmospheric Research; it was a great time working on things that really mattered. One of the things I learned is that atmospheric science is an international exercise; international collaboration is the norm. Removing the US from that community will impede science worldwide, and deprive the US of the fruits of working with others. Many of the best researchers in this field are *not* in the US.
But something else crosses my mind. If they can kill scientific collaboration, they can go after other types of collaboration too. Like, say, ordering government agencies to stop participating in free-software projects where there are non-US developers present — all of them, in other words. Or telling government contractors that. An attempt to tear our community apart is not much of a stretch from where we are now.
We live in interesting times, alas.
https://www.wired.com/story/noaa-employees-foreign-nationals/
Before I bailed out of reality to get into this free-software adventure, I spent many years at the National Center for Atmospheric Research; it was a great time working on things that really mattered. One of the things I learned is that atmospheric science is an international exercise; international collaboration is the norm. Removing the US from that community will impede science worldwide, and deprive the US of the fruits of working with others. Many of the best researchers in this field are *not* in the US.
But something else crosses my mind. If they can kill scientific collaboration, they can go after other types of collaboration too. Like, say, ordering government agencies to stop participating in free-software projects where there are non-US developers present — all of them, in other words. Or telling government contractors that. An attempt to tear our community apart is not much of a stretch from where we are now.
We live in interesting times, alas.
2
19
21
Jonathan Corbet
corbet
US politics
Show content
A strident look at what is going on in this country, worth a read. Wish I knew better what to do about it...
https://www.techdirt.com/2025/02/05/the-24-hour-reality-check-musks-impossible-power-grab-and-americas-crisis/
https://www.techdirt.com/2025/02/05/the-24-hour-reality-check-musks-impossible-power-grab-and-americas-crisis/
2
7
9
Jonathan Corbet
corbet
@kees @securepaul @monsieuricon @jmorris I have found them to be really useful when, for whatever reason, the automatic renewal process breaks and the cert heads toward expiration. Maybe I'm just clumsy, but I have managed to break it a time or two without noticing.
Yes, we should just have some sort of monitoring of our own ... that's gonna be happening soon ...
Yes, we should just have some sort of monitoring of our own ... that's gonna be happening soon ...
2
2
4
Jonathan Corbet
corbet
Forbes is warning us that Android phones are under severe risk due to a kernel vulnerability:
https://www.forbes.com/sites/zakdoffman/2025/02/03/google-warns-all-android-users-your-phone-is-now-at-risk/
This comes from Google's Android security bulletin for February:
https://source.android.com/docs/security/bulletin/2025-02-01
...which informs us that "There are indications that CVE-2024-53104 may be under limited, targeted exploitation". The vulnerability in question, though, is CVE-2024-53104:
https://lwn.net/ml/all/2024120232-CVE-2024-53104-d781@gregkh
...which is in the uvcvideo camera driver. Either I'm missing something badly, or the only way to exploit this would be to plug a malicious camera device into the phone. I can see why they would want to fix this, but I'm not sure it's a red-alert situation for most of us?
https://www.forbes.com/sites/zakdoffman/2025/02/03/google-warns-all-android-users-your-phone-is-now-at-risk/
This comes from Google's Android security bulletin for February:
https://source.android.com/docs/security/bulletin/2025-02-01
...which informs us that "There are indications that CVE-2024-53104 may be under limited, targeted exploitation". The vulnerability in question, though, is CVE-2024-53104:
https://lwn.net/ml/all/2024120232-CVE-2024-53104-d781@gregkh
...which is in the uvcvideo camera driver. Either I'm missing something badly, or the only way to exploit this would be to plug a malicious camera device into the phone. I can see why they would want to fix this, but I'm not sure it's a red-alert situation for most of us?
3
13
19
Jonathan Corbet
corbet
A week ago we managed to get away for a few days to Capitol Reef National Park — definitely worth exploring. It's important to escape to a beautiful place with no network service every now and then.
0
1
23
Jonathan Corbet
corbet
@keira_reckons Honestly I don't think it's just a matter of "people who make poor decisions". We have created a world where thousands of predatory people have free rein to try to rip us off every day, and some of them are good at it. I'm pretty aware of such things (I think), but it still feels like it's only a matter of time until I have a bad day and get scammed somehow.
0
0
3
Jonathan Corbet
corbet
@mcdanlj @LWN What a lot of people are suggesting (nepethenes and such) will work great against a single abusive robot. None of it will help much when tens of thousands of sites are grabbing a few URLs each. Most of them will never step into the honeypot, and the ones that do will not be seen again regardless.
1
0
2
Jonathan Corbet
corbet
@penguin42 They don't tell me what they are doing with the data... the distributed scraping is an easily observable fact, though. Perhaps they are firehosing the data back to the mothership for training?
1
0
0
Jonathan Corbet
corbet
@smxi @monsieuricon Suggestions for these countermeasures - and how to apply them without hosing legitimate users - would be much appreciated. I'm glad they are obvious to you, please do share!
1
0
8