Jonathan Corbet
Posts
266Following
26Followers
1243
Jonathan Corbet
corbet
Edited 9 months ago
I'm on a holiday and only happened to look at my emails and it seems to be a major mess.— Lasse Collin
0
27
58
Jonathan Corbet
corbet
Edited 9 months ago
Also if you're on F41 and/or think you might have installed the vulnerable xz anywhere, note that the exploit has not been fully analyzed and no one really knows what it could do. I'm currently reinstalling a couple of machines from scratch and have regenerated my SSH keys.
0
8
10
Jonathan Corbet
corbet
Random, unordered, probably useless thoughts on today's apocalypxze...
Part of the success in getting this into Debian may be the result of there being no xz maintainer there. It is "maintained" by people whose attention is normally elsewhere doing occasional non-maintainer updates.
This code will have been running on the machines of a lot of distribution maintainers. If it has already been exploited, it could be that its real purpose has already been achieved and the real problem is now elsewhere. I sure hope somebody can figure out a way to determine if this backdoor has been used.
The multi-front nature of the attack, including multiple efforts to get the malicious code installed more widely more quickly, suggests we're not just dealing with a lone sociopath. I fear we'll never know who was really behind this, but I would sure like to.
There is surely more where this cam from.
Part of the success in getting this into Debian may be the result of there being no xz maintainer there. It is "maintained" by people whose attention is normally elsewhere doing occasional non-maintainer updates.
This code will have been running on the machines of a lot of distribution maintainers. If it has already been exploited, it could be that its real purpose has already been achieved and the real problem is now elsewhere. I sure hope somebody can figure out a way to determine if this backdoor has been used.
The multi-front nature of the attack, including multiple efforts to get the malicious code installed more widely more quickly, suggests we're not just dealing with a lone sociopath. I fear we'll never know who was really behind this, but I would sure like to.
There is surely more where this cam from.
13
156
227
Jonathan Corbet
corbet
One of the things I have been doing to approve my language skills is reading science fiction in Italian. It's surprisingly hard to find books by Italian SF authors (even though there are many of them) rather than yet another Tolkien translation; this is especially true in Italian bookstores, sadly. Ebooks fill in nicely, though, once you discover who you're looking for.
I recently read WOHPE by Salvatore Sanfilippo. The story, which deals with fears of the AI apocalypse, was a fun read, and it was clear that the author actually had a clue about how systems like language models actually work. I definitely enjoyed it.
Meanwhile, I'm a kernel person, relatively ignorant of areas like databases. So as I was reviewing an upcoming article by another LWN author about the Redis mess, I learned a lot. One thing I picked up was that one of the creators of Redis was ... a certain Salvatore Sanfilippo (aka @antirez) Some searching establishes that it's indeed the same person; no wonder the book was as clueful as it was.
Small world...and people say hackers can't write :)
I recently read WOHPE by Salvatore Sanfilippo. The story, which deals with fears of the AI apocalypse, was a fun read, and it was clear that the author actually had a clue about how systems like language models actually work. I definitely enjoyed it.
Meanwhile, I'm a kernel person, relatively ignorant of areas like databases. So as I was reviewing an upcoming article by another LWN author about the Redis mess, I learned a lot. One thing I picked up was that one of the creators of Redis was ... a certain Salvatore Sanfilippo (aka @antirez) Some searching establishes that it's indeed the same person; no wonder the book was as clueful as it was.
Small world...and people say hackers can't write :)
2
8
32
Jonathan Corbet
repeated
repeated
🪦 Vernor Vinge, author of many influential hard science fiction works, died March 20 at the age of 79.
0
3
0
Jonathan Corbet
corbet
Once upon a time, if I enabled tethering on an Android phone, it would take the phone off the local WiFi network and route traffic over the cellular link
Now, if the phone is on a WiFi network, tethering will route packets from the tethered device over that WiFi network.
I'm guessing that improvements in WiFi interfaces and drivers have enabled this change. But it misses an important point: if I'm tethering a device in an environment where a WiFi network exists, it is almost certainly because said WiFi network sucks and I want to circumvent it. Having the phone continue to use it silently thwarts that purpose.
It's easy enough to work around — just turn off WiFi on the phone — but for slow folks like me that only happens after wondering for a while why the performance is still bad. Does anybody know of a way to disable this behavior permanently?
Now, if the phone is on a WiFi network, tethering will route packets from the tethered device over that WiFi network.
I'm guessing that improvements in WiFi interfaces and drivers have enabled this change. But it misses an important point: if I'm tethering a device in an environment where a WiFi network exists, it is almost certainly because said WiFi network sucks and I want to circumvent it. Having the phone continue to use it silently thwarts that purpose.
It's easy enough to work around — just turn off WiFi on the phone — but for slow folks like me that only happens after wondering for a while why the performance is still bad. Does anybody know of a way to disable this behavior permanently?
5
2
10
Jonathan Corbet
corbet
Ah joy ... red flag warning in February.,.. https://www.google.com/maps/@39.8666965,-105.3048058,10z/data=!4m2!21m1!1s%2Fg%2F11vqwtkgjv?entry=ttu
0
0
1
Jonathan Corbet
corbet
Edited 11 months ago
What a world we have built ... https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages
Edit: there are suggestions out there that this story is not actually true. So sad, who ever heard of something not being true on the Internet? But does anybody doubt that something like this *will* be true in the near future?
Edit: there are suggestions out there that this story is not actually true. So sad, who ever heard of something not being true on the Internet? But does anybody doubt that something like this *will* be true in the near future?
6
32
35
Jonathan Corbet
corbet
On the radar: Debian is launching into its 64-bit-time transition:
https://lwn.net/ml/debian-devel-announce/Zb0WpSukajgythGe@homer.dodds.net/
"By my reckoning, this is the largest cross-archive ABI transition we've ever
had in Debian".
https://lwn.net/ml/debian-devel-announce/Zb0WpSukajgythGe@homer.dodds.net/
"By my reckoning, this is the largest cross-archive ABI transition we've ever
had in Debian".
1
28
32
Jonathan Corbet
corbet
Edited 11 months ago
At the risk of spoiling next week's "quote of the week": @monsieuricon 's post on why projects like the kernel and Git continue working over email is definitely worth a read.
2
13
25
Jonathan Corbet
corbet
Edited 11 months ago
Even in January, some days are just too nice to stay at the keyboard
1
4
41
Jonathan Corbet
corbet
Sigh...it seems that almost anything good can be wrecked by adding the finance industry to it...
https://time.com/6565415/rooftop-solar-industry-collapse/
When we put the panels on our house, we dealt with a local installer (which are not in short supply in Boulder) and just paid for it like any other house work. No regrets so far.
https://time.com/6565415/rooftop-solar-industry-collapse/
When we put the panels on our house, we dealt with a local installer (which are not in short supply in Boulder) and just paid for it like any other house work. No regrets so far.
1
0
6
Jonathan Corbet
corbet
On the radar: proposals from the C standards committee (as seen in kernelland):
https://lwn.net/ml/linux-toolchains/9162660e-2d6b-47a3-bfa2-77bfc55c817b@paulmck-laptop/
https://lwn.net/ml/linux-toolchains/9162660e-2d6b-47a3-bfa2-77bfc55c817b@paulmck-laptop/
0
13
19
Jonathan Corbet
corbet
On the radar: the value of CXL (or the lack thereof):
https://lwn.net/ml/linux-mm/75f21150-1e12-4f4b-e578-e170e4fea18b@google.com/
A pre-LSFMM discussion on whether CXL memory is as wonderful as the vendors would have us believe.
https://lwn.net/ml/linux-mm/75f21150-1e12-4f4b-e578-e170e4fea18b@google.com/
A pre-LSFMM discussion on whether CXL memory is as wonderful as the vendors would have us believe.
0
2
5
Jonathan Corbet
corbet
A drill with 25 CVE numbers:
https://www.securityweek.com/bosch-nutrunner-vulnerabilities-could-aid-hacker-attacks-against-automotive-production-lines/
Of course they only use this thing to assemble cars and airplanes and stuff...
2
3
6
Jonathan Corbet
corbet
Edited 11 months ago
Many years ago, my father set out to create a book that would help new spinal-cord-injury victims come to terms with (and love) their new life. The result, called Options, was widely distributed in rehabilitation centers for years and helped thousands of people before finally going out of print.
Inspired by the creation of the Full Circle film, which quotes extensively from the book, we have been working to bring Options back. Now, we're happy to say that Options is available, under the Creative Commons SA 4.0 license, in a number of forms. Enjoy!
As an aside, I have to say that the tools for scanning and OCR work have gotten pretty good. All of this was made possible by SANE, unpaper, tesseract, Sphinx, and surely some other tools I'm forgetting now.
0
26
41
Jonathan Corbet
corbet
Not quite sure what to make of this:
https://www.huaweicentral.com/harmonyos-next-is-true-operating-system-with-self-developed-components-huawei-ceo/
"Eventually, HarmonyOS NEXT is not an Android skin but a true OS. It doesn’t run on a primitive Linux Kernel that’s used to bind the operating system in the U.S. hands."
It's also evidently "three times more efficient than Linux"
https://www.huaweicentral.com/huaweis-self-developed-harmony-kernel-is-3-times-more-efficient-than-linux/
It must certainly be good stuff! I'm not finding a repository link, though.
https://www.huaweicentral.com/harmonyos-next-is-true-operating-system-with-self-developed-components-huawei-ceo/
"Eventually, HarmonyOS NEXT is not an Android skin but a true OS. It doesn’t run on a primitive Linux Kernel that’s used to bind the operating system in the U.S. hands."
It's also evidently "three times more efficient than Linux"
https://www.huaweicentral.com/huaweis-self-developed-harmony-kernel-is-3-times-more-efficient-than-linux/
It must certainly be good stuff! I'm not finding a repository link, though.
5
4
7
Jonathan Corbet
corbet
On the radar: 874 gccrs patches pushed toward the GCC mainline:
https://lwn.net/ml/gcc-patches/298a50be-687c-444d-8fd6-656ccfb9f37d@embecosm.com/
Proc macros, closures, "the beginnings of a borrow checker framework", iterators, intrinsics, and more.
https://lwn.net/ml/gcc-patches/298a50be-687c-444d-8fd6-656ccfb9f37d@embecosm.com/
Proc macros, closures, "the beginnings of a borrow checker framework", iterators, intrinsics, and more.
0
0
5
Jonathan Corbet
corbet
It's acid-test time. Getting rid of the gas furnace and installing a #heatpump in Colorado was a bit of leap of faith, even though the consensus was that they are good enough to work in this environment now.
We're midway through a stretch of sustained sub-zero weather (as in, below 0°F, not that wimpy 0° used in other parts of the world), so we are definitely putting it to the test.
So far, so good. We did put in a backup 10KW resistance strip, that that has only come on once for a few minutes as far as I can tell. Even so, it's good that we like a cooler house than many; I think it would be hard-put to sustain the sorts of temperatures that a lot of people like to keep in their houses around here.
It *has* certainly burned through a lot of electricity; our summertime surplus from the solar panels is dwindling rapidly. The hope of getting all the way through the winter on our banked electricity seems to be falling by the wayside.
Still, the goal of turning off the fossil-fuel feed to the house remains on track.
We're midway through a stretch of sustained sub-zero weather (as in, below 0°F, not that wimpy 0° used in other parts of the world), so we are definitely putting it to the test.
So far, so good. We did put in a backup 10KW resistance strip, that that has only come on once for a few minutes as far as I can tell. Even so, it's good that we like a cooler house than many; I think it would be hard-put to sustain the sorts of temperatures that a lot of people like to keep in their houses around here.
It *has* certainly burned through a lot of electricity; our summertime surplus from the solar panels is dwindling rapidly. The hope of getting all the way through the winter on our banked electricity seems to be falling by the wayside.
Still, the goal of turning off the fossil-fuel feed to the house remains on track.
4
8
36
Jonathan Corbet
corbet
On the radar: the Git development community starts talking about incorporating Rust.
https://lwn.net/ml/git/ZZ77NQkSuiRxRDwt@nand.local/
https://lwn.net/ml/git/ZZ77NQkSuiRxRDwt@nand.local/
0
9
11