"Linux would have prevented this!" literally true because my former colleague KP Singh wrote a kernel security module that lets EDR implementations load ebpf into the kernel to monitor and act on security hooks and Crowdstrike now uses that rather than requiring its own kernel module that would otherwise absolutely have allowed this to happen, so everyone please say thank you to him
I just wrote a blog post about how to use the new counted_by attribute in C and the Linux kernel. I've been mentioning this attribute in my presentations over the past year, and I thought it was about time to write about it. So, here you go:
"How to use the new counted_by attribute in C (and Linux)"
https://embeddedor.com/blog/2024/06/18/how-to-use-the-new-counted_by-attribute-in-c-and-linux/
I hope you find it useful. Thanks!
Kernel Self-Protection Project ⚔ 🛡 🐧
Over vorige post, je kan ook zeggen dat het kabinet "geen grip heeft op de migratie" (naar de cloud). https://berthub.eu/articles/posts/de-hele-overheid-naar-de-cloud-dat-is-een-politiek-besluit/
Jeremy Allison writes:
'" The data shows that “frozen” vendor #Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream “stable” Linux #kernel created by Greg Kroah-Hartman. '"
https://ciq.com/blog/why-a-frozen-linux-kernel-isnt-the-safest-choice-for-security/ #LinuxKernel
Get out of the way of your developers or lose them to someone who will.
— Adrian Cockcroft
I just got a few ideas for the next idiotic #opensource DMCA takedown notice I have to respond to...
"hi I am Greg, this is wrong, everything I say is public information and *not* under NDA" - @gregkh on stage of the #GoogleAndroidBootcamp
Saturday's stable kernel updates https://lwn.net/Articles/969732/ #LWN
Well, I finally have data to back my model of the software world out there. And the data is relatively solid and shows what I keep saying.
You are all on our turf now. Please accept that you have no idea what you are talking about. Sit down. Listen. Ask questions.
But respect our work. We are trying to keep the world running, 1h per month.
https://www.softwaremaxims.com/blog/open-source-hobbyists-turf
Minister Adriaansens: verhuizing SIDN naar Amazon 'nog geen voldongen feit' https://tweakers.net/nieuws/220102/minister-adriaansens-verhuizing-sidn-naar-amazon-nog-geen-voldongen-feit.html
We're #hiring at the @openssf !
Our mission is to ensure the security of open source software for all.
Are you a seasoned Technical Program Manager excited about #cybersecurity and #opensource who wants a full-time #remotejob?
Apply: https://openssf.jobboard.io/jobs/314008394-technical-program-manager-at-openssf
So we got @gregkh on the show to explain Linux Kernel security, both proactive and reactive, and why they sort of can't treat security bugs special (TL;DR: Linux is on everything, so a prenotification list to tell people secretly doesn't work when you tell thousands of people... and that's one of the easier problems), the whole #CVE thing and more on the #osspodcast with @joshbressers and @kurtseifried https://opensourcesecurity.io/2024/02/25/episode-417-linux-kernel-security-with-greg-k-h/ TL;DR: just run an up to date stable Kernel, the era of trying to cherry-pick and backport security fixes is coming to an end.
Did a quick *rough* check:
* 65 #Linux #kernel CVE announcements from Greg so far
* 55 of those refer to a mainline commit
* 10 of those were marked for backporting to stable/longterm
And that's why Greg backports a lot of #LinuxKernel mainline commits to stable/longterm that are *not* tagged for backporting -- and why "only backport changes mainline developers[1] tagged for backporting" is a bad idea.
[1] reminder, such tagging is optional, as participation in stable/longterm is optional