"Linux would have prevented this!" literally true because my former colleague KP Singh wrote a kernel security module that lets EDR implementations load ebpf into the kernel to monitor and act on security hooks and Crowdstrike now uses that rather than requiring its own kernel module that would otherwise absolutely have allowed this to happen, so everyone please say thank you to him

don't let anyone ruin your day

it's YOUR day!

ruin it yourself by attempting a gentoo install

I just wrote a blog post about how to use the new counted_by attribute in C and the Linux kernel. I've been mentioning this attribute in my presentations over the past year, and I thought it was about time to write about it. So, here you go:

"How to use the new counted_by attribute in C (and Linux)"
https://embeddedor.com/blog/2024/06/18/how-to-use-the-new-counted_by-attribute-in-c-and-linux/

I hope you find it useful. Thanks!

Kernel Self-Protection Project ⚔ 🛡 🐧

@bert_hubert Bert's talk is all the more important when you combine it with stuff like this: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

RE: https://mastodon.nl/@bert_hubert/112608731406238492

Over vorige post, je kan ook zeggen dat het kabinet "geen grip heeft op de migratie" (naar de cloud). https://berthub.eu/articles/posts/de-hele-overheid-naar-de-cloud-dat-is-een-politiek-besluit/

Jeremy Allison writes:

'" The data shows that “frozen” vendor #Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream “stable” Linux #kernel created by Greg Kroah-Hartman. '"

https://ciq.com/blog/why-a-frozen-linux-kernel-isnt-the-safest-choice-for-security/ #LinuxKernel

Get out of the way of your developers or lose them to someone who will.

— Adrian Cockcroft

#management #programmers

I just got a few ideas for the next idiotic #opensource DMCA takedown notice I have to respond to...

https://bsky.app/profile/cola.baby/post/3ksffq2k5kb22

"hi I am Greg, this is wrong, everything I say is public information and *not* under NDA" - @gregkh on stage of the #GoogleAndroidBootcamp

Saturday's stable kernel updates https://lwn.net/Articles/969732/ #LWN

Four stable kernel updates https://lwn.net/Articles/969352/ #LWN

Just a reminder: only a week to hear me babbling about Linux kernel DTS validation and shared reset GPIOs on Embedded Open Source Summit/OSSNA 2024. Don't miss it and come to say hi!
EOSS: https://sched.co/1aBEf
OSSNA: https://sched.co/1aPvr

Well, I finally have data to back my model of the software world out there. And the data is relatively solid and shows what I keep saying.

You are all on our turf now. Please accept that you have no idea what you are talking about. Sit down. Listen. Ask questions.

But respect our work. We are trying to keep the world running, 1h per month.

https://www.softwaremaxims.com/blog/open-source-hobbyists-turf

Eight new stable kernels https://lwn.net/Articles/966755/ #LWN

Minister Adriaansens: verhuizing SIDN naar Amazon 'nog geen voldongen feit' https://tweakers.net/nieuws/220102/minister-adriaansens-verhuizing-sidn-naar-amazon-nog-geen-voldongen-feit.html

For your Sunday reading: https://arxiv.org/pdf/2402.05212.pdf "An Investigation of Patch Porting Practices of the
Linux Kernel Ecosystem" in which different distros, and Android, are evaluated as to how up to date they stay with upstream fixes. Note that RHEL or CentOS is not evaluated "because of the lack of public git repositories or insufficient data."

About time someone started writing papers about this stuff...

We're #hiring at the @openssf !

Our mission is to ensure the security of open source software for all.

Are you a seasoned Technical Program Manager excited about #cybersecurity and #opensource who wants a full-time #remotejob?

Apply: https://openssf.jobboard.io/jobs/314008394-technical-program-manager-at-openssf

I feel terrible, but I haven't laughed this hard in a long time.

So we got @gregkh on the show to explain Linux Kernel security, both proactive and reactive, and why they sort of can't treat security bugs special (TL;DR: Linux is on everything, so a prenotification list to tell people secretly doesn't work when you tell thousands of people... and that's one of the easier problems), the whole #CVE thing and more on the #osspodcast with @joshbressers and @kurtseifried https://opensourcesecurity.io/2024/02/25/episode-417-linux-kernel-security-with-greg-k-h/ TL;DR: just run an up to date stable Kernel, the era of trying to cherry-pick and backport security fixes is coming to an end.

Did a quick *rough* check:

* 65 #Linux #kernel CVE announcements from Greg so far

* 55 of those refer to a mainline commit

* 10 of those were marked for backporting to stable/longterm

And that's why Greg backports a lot of #LinuxKernel mainline commits to stable/longterm that are *not* tagged for backporting -- and why "only backport changes mainline developers[1] tagged for backporting" is a bad idea.

[1] reminder, such tagging is optional, as participation in stable/longterm is optional