Jonathan Corbet
Posts
351Following
32Followers
1779
Jonathan Corbet
corbet
I have ... opinions ... on the current course of the US federal government, and have been doing my best to make sure that my elected congresscritters know about them.
When you put in a message on Senator Bennet's web site, as with all of them, they want you to pick a topic. Only today did I notice that one of them is, literally, "Internet & Technology". I guess I'll have to advise them of my opinions on excessive entity escaping too...
When you put in a message on Senator Bennet's web site, as with all of them, they want you to pick a topic. Only today did I notice that one of them is, literally, "Internet & Technology". I guess I'll have to advise them of my opinions on excessive entity escaping too...
1
0
30
Jonathan Corbet
repeated
repeated
John Skiles Skinner
skiles@carhenge.clubI got laid off today, with the rest of 18F.
18F was an elite federal software shop. We made gov't websites work better, more efficiently for the American people. We saved taxpayers from getting screwed over by contractors. And were fired for it.
We made this website to tell our story:
0
24
0
Jonathan Corbet
corbet
US politics
Show content
So, while I think this article declares victory a bit too soon, I think we also need the occasional optimistic view that we may actually get through this administration.
https://prospect.org/politics/2025-02-24-trump-coup-has-failed/
(by way of @pluralistic)
https://prospect.org/politics/2025-02-24-trump-coup-has-failed/
(by way of @pluralistic)
2
11
28
Jonathan Corbet
corbet
Just after my last post on solar power, I got a cheery email from "SunStrong", the company taking over from SunPower, which has gone bankrupt. It seems that if I want to get historical data or performance data for individual panels (which I own) out of the monitoring system (which I own) installed in my house, I will have to pay them $100/year.
...or perhaps I can just use the data I've collected into Home Assistant via the SunPower integration and tell them to take a hike ...
My one question is whether they have the ability to push a firmware load and enshittify things further; I think the time may be coming to take the monitoring box off the net.
...or perhaps I can just use the data I've collected into Home Assistant via the SunPower integration and tell them to take a hike ...
My one question is whether they have the ability to push a firmware load and enshittify things further; I think the time may be coming to take the monitoring box off the net.
1
2
24
Jonathan Corbet
corbet
Many cultures celebrate solar events — solstices and such — and that is a fine tradition. My variant of that is to celebrate the first day of the year when the solar panels generate more power than the house uses, running the meter backward overall. Thanks to some warm weather, that was yesterday... spring is coming!
4
42
120
Jonathan Corbet
corbet
Far too many years ago, Rit Carbone hired me as a student assistant at the National Center for Atmospheric Research. My first job was delineating data from early doppler radars into structured scans — and creating a deck of punched cards describing each tape from the radar. It was an amazing way to start a career.
I am deeply saddened to hear that Rit is gone, he was a great scientist and a great man.
https://www.rit-memorial.com/
I am deeply saddened to hear that Rit is gone, he was a great scientist and a great man.
https://www.rit-memorial.com/
0
4
13
Jonathan Corbet
corbet
On the radar: should there be an OpenWrt Two router device?
https://lwn.net/ml/all/56022ffa-2e71-4335-ae3c-418552e7e088@phrozen.org
...as if anybody is going to say "no"...
https://lwn.net/ml/all/56022ffa-2e71-4335-ae3c-418552e7e088@phrozen.org
...as if anybody is going to say "no"...
2
11
13
Jonathan Corbet
corbet
US politics
Show content
So NOAA employees have been told to stop working with foreign nationals
https://www.wired.com/story/noaa-employees-foreign-nationals/
Before I bailed out of reality to get into this free-software adventure, I spent many years at the National Center for Atmospheric Research; it was a great time working on things that really mattered. One of the things I learned is that atmospheric science is an international exercise; international collaboration is the norm. Removing the US from that community will impede science worldwide, and deprive the US of the fruits of working with others. Many of the best researchers in this field are *not* in the US.
But something else crosses my mind. If they can kill scientific collaboration, they can go after other types of collaboration too. Like, say, ordering government agencies to stop participating in free-software projects where there are non-US developers present — all of them, in other words. Or telling government contractors that. An attempt to tear our community apart is not much of a stretch from where we are now.
We live in interesting times, alas.
https://www.wired.com/story/noaa-employees-foreign-nationals/
Before I bailed out of reality to get into this free-software adventure, I spent many years at the National Center for Atmospheric Research; it was a great time working on things that really mattered. One of the things I learned is that atmospheric science is an international exercise; international collaboration is the norm. Removing the US from that community will impede science worldwide, and deprive the US of the fruits of working with others. Many of the best researchers in this field are *not* in the US.
But something else crosses my mind. If they can kill scientific collaboration, they can go after other types of collaboration too. Like, say, ordering government agencies to stop participating in free-software projects where there are non-US developers present — all of them, in other words. Or telling government contractors that. An attempt to tear our community apart is not much of a stretch from where we are now.
We live in interesting times, alas.
2
18
21
Jonathan Corbet
corbet
US politics
Show content
A strident look at what is going on in this country, worth a read. Wish I knew better what to do about it...
https://www.techdirt.com/2025/02/05/the-24-hour-reality-check-musks-impossible-power-grab-and-americas-crisis/
https://www.techdirt.com/2025/02/05/the-24-hour-reality-check-musks-impossible-power-grab-and-americas-crisis/
2
7
9
Jonathan Corbet
corbet
Forbes is warning us that Android phones are under severe risk due to a kernel vulnerability:
https://www.forbes.com/sites/zakdoffman/2025/02/03/google-warns-all-android-users-your-phone-is-now-at-risk/
This comes from Google's Android security bulletin for February:
https://source.android.com/docs/security/bulletin/2025-02-01
...which informs us that "There are indications that CVE-2024-53104 may be under limited, targeted exploitation". The vulnerability in question, though, is CVE-2024-53104:
https://lwn.net/ml/all/2024120232-CVE-2024-53104-d781@gregkh
...which is in the uvcvideo camera driver. Either I'm missing something badly, or the only way to exploit this would be to plug a malicious camera device into the phone. I can see why they would want to fix this, but I'm not sure it's a red-alert situation for most of us?
https://www.forbes.com/sites/zakdoffman/2025/02/03/google-warns-all-android-users-your-phone-is-now-at-risk/
This comes from Google's Android security bulletin for February:
https://source.android.com/docs/security/bulletin/2025-02-01
...which informs us that "There are indications that CVE-2024-53104 may be under limited, targeted exploitation". The vulnerability in question, though, is CVE-2024-53104:
https://lwn.net/ml/all/2024120232-CVE-2024-53104-d781@gregkh
...which is in the uvcvideo camera driver. Either I'm missing something badly, or the only way to exploit this would be to plug a malicious camera device into the phone. I can see why they would want to fix this, but I'm not sure it's a red-alert situation for most of us?
3
13
19
Jonathan Corbet
corbet
A week ago we managed to get away for a few days to Capitol Reef National Park — definitely worth exploring. It's important to escape to a beautiful place with no network service every now and then.
0
1
23
Jonathan Corbet
corbet
So I guess I'm famous now :)
https://www.heise.de/en/news/AI-bots-paralyze-Linux-news-site-and-others-10252162.html
To be clear, LWN has never "crashed" as a result of this onslaught. We'll not talk about what happened after I pushed up some code trying to address it...
Most seriously, though: I'm surprised that this situation is surprising to anybody at this point. This is a net-wide problem, it surely is not limited to free-software-oriented sites. But if the problem is starting to get wider attention, that is fine with me...
https://www.heise.de/en/news/AI-bots-paralyze-Linux-news-site-and-others-10252162.html
To be clear, LWN has never "crashed" as a result of this onslaught. We'll not talk about what happened after I pushed up some code trying to address it...
Most seriously, though: I'm surprised that this situation is surprising to anybody at this point. This is a net-wide problem, it surely is not limited to free-software-oriented sites. But if the problem is starting to get wider attention, that is fine with me...
2
31
54
Jonathan Corbet
corbet
A followup for folks who are curious about the whole AI botswarm problem...
Some of these bots are clearly running on a bunch of machines on the same net. I have been able to reduce the traffic significantly by treating everything as a class-C net and doing subnet-level throttling. That and simply blocking a couple of them.
But that leaves a lot of traffic with an interesting characteristic: there are millions of obvious bot hits (following a pattern through the site, for example) that all come from a different IP. An access log with 9M lines as over 1M IP addresses, and few of them appear more than about three times.
So these things are running on widely distributed botnets, likely on compromised computers, and they are doing their best to evade any sort of recognition or throttling. I don't think that any sort of throttling or database of known-bot IPs is going to help here...not quite sure what to do about it.
What a world we have made for ourselves...
Some of these bots are clearly running on a bunch of machines on the same net. I have been able to reduce the traffic significantly by treating everything as a class-C net and doing subnet-level throttling. That and simply blocking a couple of them.
But that leaves a lot of traffic with an interesting characteristic: there are millions of obvious bot hits (following a pattern through the site, for example) that all come from a different IP. An access log with 9M lines as over 1M IP addresses, and few of them appear more than about three times.
So these things are running on widely distributed botnets, likely on compromised computers, and they are doing their best to evade any sort of recognition or throttling. I don't think that any sort of throttling or database of known-bot IPs is going to help here...not quite sure what to do about it.
What a world we have made for ourselves...
11
43
51
Jonathan Corbet
corbet
Should you be wondering why @LWN #LWN is occasionally sluggish... since the new year, the DDOS onslaughts from AI-scraper bots has picked up considerably. Only a small fraction of our traffic is serving actual human readers at this point. At times, some bot decides to hit us from hundreds of IP addresses at once, clogging the works. They don't identify themselves as bots, and robots.txt is the only thing they *don't* read off the site.
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
43
434
354
Jonathan Corbet
corbet
Best not to mess with the squirrels in Boulder... https://www.9news.com/article/news/local/douglass-elementary-secure-status-squirrel/73-95b14d37-bea5-4260-8594-c4db613d7cca
1
0
1
Jonathan Corbet
corbet
So is there anybody out there who can explain this image?
I bought this card in Korea some years ago after having seen this theme - a tiger and a rabbit seemingly getting stoned together - in a number of places. There must be a story behind it, but my meager search skills have never managed to turn it up. I do still love the image, though...
I bought this card in Korea some years ago after having seen this theme - a tiger and a rabbit seemingly getting stoned together - in a number of places. There must be a story behind it, but my meager search skills have never managed to turn it up. I do still love the image, though...
14
22
31
Jonathan Corbet
corbet
Two years ago, I installed solar panels on the roof, and was rewarded with enough power to run the house, charge the car, and even run the heat pump for much of the year.
Another reward was the SunPower monitoring system that lets us track the performance of the system and see how each individual panel is working. Naturally, this system only delivers its data to some proprietary cloud system run by SunPower. Just as naturally, SunPower has gone bankrupt, and the monitoring system is now just a useless brick sitting on the wall.
...or at least it would be, had I not gone through the effort of integrating it with Home Assistant — a mildly difficult task involving hooking into a maintenance port on the device itself. So now I have the data out of the monitoring box stored on a local system, under my control, and I don't need to go scrambling for alternatives. I can obsess over my post-solstice data, waiting for production to reach decent levels again — that happens faster if I stare at it, I'm convinced.
Maybe there's something to this free software idea after all.
Another reward was the SunPower monitoring system that lets us track the performance of the system and see how each individual panel is working. Naturally, this system only delivers its data to some proprietary cloud system run by SunPower. Just as naturally, SunPower has gone bankrupt, and the monitoring system is now just a useless brick sitting on the wall.
...or at least it would be, had I not gone through the effort of integrating it with Home Assistant — a mildly difficult task involving hooking into a maintenance port on the device itself. So now I have the data out of the monitoring box stored on a local system, under my control, and I don't need to go scrambling for alternatives. I can obsess over my post-solstice data, waiting for production to reach decent levels again — that happens faster if I stare at it, I'm convinced.
Maybe there's something to this free software idea after all.
15
179
375
Jonathan Corbet
corbet
Not having a cat, I'm not given to posting cat pictures ... but my daughter's cat is here for a visit, so here's my chance.
3
10
54