#curl has been a CNA for a year now https://daniel.haxx.se/blog/2024/01/16/curl-is-a-cna/

New year, new hardware failure, must be time for a new motherboard, any recommendations of what the "best" AMD workstation motherboard is these days?

"One fun anecdote is that companies or governments will often say they need months or years to prepare (CLEAN UP) code for open sourcing. Because on the inside, people allow themselves far worse code than they’d prefer to share with the outside world. Open source code often has higher standards, and it is a great mechanism of keeping you on track."

Says @bert_hubert in his article about long term software development #opensource #dev #coding
https://berthub.eu/articles/posts/on-long-term-software-development/

A new set of stable kernels

https://lwn.net/Articles/1002917/ #LWN

"Free Copilot in your GitHub account" is the 2020s version of "Free U2 album on your iPod".

Can you find an ITW 0-day from crash logs? Project Zero finds out

https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html

The #LinuxKernel's stable team extended the support timeframe for #Linux 6.11 from four to five years:

https://www.kernel.org/releases.html

To quote @gregkh from https://git.kernel.org/pub/scm/docs/kernel/website.git/commit/?id=e6083565a79c3d711c1a76d9312b8c00e06b826b:

'" Bump 6.1.y support up to 5 years.

Giving people a chance to phase in the shorter lifespans, if at all possible. Hopefully this should help a bit.'"

#Kernel

are you a programmer? do you like heavy metal? would you like to be *really upset* by a music video?

do i have something for you.

https://www.youtube.com/watch?v=yup8gIXxWDU

"I'm probably not alone in thinking that sometimes the compiler writers are doing their hardest to make life hard for people writing low level code." -- David Laight at: https://lore.kernel.org/r/344b4cf41a474377b3d2cbf6302de703@AcuMS.aculab.com

It's a fun thread, recommended for anyone who deals with compilers and trying to get them to do what you would think would be a "easy" thing to do and the hacks around them to get them to do that (hint adding "+ 0" to an expression tricks the compiler into doing what you meant it to do is usually a sign that something is wrong somewhere...)

"Census III of Free and #OpenSource Software: Application Libraries leans on more than 12M data points from security tools such as Black Duck, FOSSA, Snyk, and Sonatype, which have been deployed at more than 10k companies"

https://techcrunch.com/2024/12/04/linux-foundation-report-highlights-the-true-state-of-open-source-libraries-in-production-apps/ #cybersecurity

The last 4.19.y kernel has been released:
https://lore.kernel.org/lkml/2024120520-preorder-untracked-6e5b@gregkh/T/

Please move to a more modern kernel if you are somehow still running this one, which I strongly would not recommend doing.

New hardware showed up today, turns out Linux works just fine on it. Here's the 6.12.1 kernel running in Wayland.

Water bottle for scale.

Yeah, so I may have been bored in a meeting today...

https://mirrors.kernel.org/bogus

In today’s news: man with zero self reflection goes on lengthy one sided rant highlighting just that.

#Linux 6.12 is out. For a list of new features see:

* This short LWN story: https://lwn.net/Articles/997958/ (screenshotted)

* Two detailed stories from LWN: https://lwn.net/Articles/990750/ & https://lwn.net/Articles/991301/

* The kernelnewbies page: https://kernelnewbies.org/Linux_6.12

See also the announcement from @torvalds:

https://lore.kernel.org/lkml/CAHk-=wgtGkHshfvaAe_O2ntnFBH3EprNk1juieLmjcF2HBwBgQ@mail.gmail.com/

'"No strange surprises this last week, so we're sticking to the regular release schedule, and that obviously means that the merge window opens tomorrow."'

#kernel #LinuxKernel

{sigh} Go home CodeQL, you are drunk…

int main(int argc, char *argv[])
Poorly documented function: fewer than 2% comments for a function of 129 lines.

Code in question is at: https://github.com/gregkh/usbutils/blob/master/lsusb.c#L3835 if people are curious. It’s as if the tool hasn’t seen C code before…

Dear lazyweb,

For the usbutils project, developers have helpfully set up a bunch of github actions to help with build tests and the like, and it also includes github's "security scanning" toolsets. Unfortunately the output of such tools is pretty useless and unhelpful to a fault.

Example, this "result": https://github.com/gregkh/usbutils/security/code-scanning/2291
which claims "short global name" yet there is no such actual global variable `i` in the codebase at all.

Because of stuff like this, the tools "claim" there are 63 "security" issues in the usbutils project. Since when did using single character names become a security issue, even if we were doing that, but ok...

So, how to turn this off, or better yet, fix the test to not report issues that are actually in the tests themselves?

#usbutils (which contains lsusb and the more modern lsusb.py) 018 is out:

https://lore.kernel.org/all/Zxd0oZefuehqhA7z@kroah.com/

@gregkh writes:

'"For users, the largest change will be that the '-v' option to lsusb will now show the negoitated speed of the device on the bus […], and there is better handling for new device descriptor fields and information in the '-v' output as well."'

So… O’Reilly sent me email today hyping up how my books (really, just the one, I assume) is going to be AI-translated into Spanish and German, with other languages to follow. This was probably inevitable, but I still have concerns.

First: are there no human translators of these languages?

Second: who’s going to proof-read all 1,126 pages to make sure nothing got botched, especially given the technical nature of the content? The readers? Which isn’t even crowd-sourcing: it’s customer-sourcing.

@hikari @mcepl @koopa "well" is "better than any other web-based workflow" yes, gerrit does handle them better that way.

But no way is it better than an email-based review workflow, whereby I can just tear through hundreds of patches in a very short amount of time, all while sitting behind a very slow/laggy internet connection, or totally disconnected (i.e. better for distraction-free work).

As almost no other project is at the rate of change or size of the Linux kernel, gerrit might be wonderful for your smaller one. But for ones that are our size, realize that centralized workflows like gerrit and the like just do not scale at all.