Long but cheering+ practical from @bert_hubert

https://berthub.eu/articles/posts/a-coherent-non-us-cloud-strategy/

"Europe has ample compute capacity and skills.... the carrot won’t be enough to make Europe sovereign again. We must have our own technology under our own control, but we must also make sure that it gets used"

Sasha's "AUTOSEL" logic has been revamped and published so that now you too, can dig in the Linux kernel commit logs to find patches that developers and maintainers forgot to tag to be backported to stable kernels:

The announcement:
https://lore.kernel.org/all/aBj_SEgFTXfrPVuj@lappy/

And the code itself:
https://git.sr.ht/~sashal/autosel

Good programming is 99% sweat and 1% coffee.

— anonymous

#programming

Psst, hey: HACKERS ARE NOT TECH BROS. The vast majority of hackers never become tech bros. The ethics of hacking runs completely counter to that of tech bros.

Hackers make hardware do things they weren’t intended to do. They circumvent barriers. They string together contraptions that repurpose old stuff to do new things. Hackers aren’t that interested in money; they’re more interested in showing off their skills. They love to learn and make demos and create and share free tech that other hackers then build upon. All they want is acknoweledgement and the respect of their peers.

Tech bros are parasites. They’re greedy bastards who love to erect barriers between people and tech. They extract, addict, monetize. They turn everything fun and useful into a transaction, a dopamine trap, a subscription, a surveillance tool, an advertising outlet, and a vector to extract money from labor and suppliers.

Please don’t get them mixed up.

#hackers #hacking #techbros

This ordinary Tuesday? Two. Two AI slop security reports arrived to #curl. So far.

"Findings by static analyzers in Fedora 43" == "nonsense findings that someone wants someone else to wade through to weed out the obvious false-positives in their broken 'security' tool"

Someone needs to seriously reconsider this.

And yes, the tool is obviously broken, I looked at the first 3 "issues" found and just laughed, thinking this was a joke, but it seemed to actually be real, which is sad on so many levels...

{sigh}

And for those curious, here’s the current stats for kernel CVEs reserved/assigned/rejected since we started just over a year ago:

 Year	Reserved	Assigned	Rejected	 A+R		Total
  2019:	  47		   2		   1		   3		  50
  2020:	  36		  14		   0		  14		  50
  2021:	  20		 728		  23		 751		 771
  2022:	  20		1098		  16		1114		1134
  2023:	  20		 493		  28		 521		 541
  2024:	  20		3067		  84		3151		3171
  2025:	1837		 384		  12		 396		2233
 Total:	2000		5786		 164		5950		7950

Given the news of the potential disruption of the CVE main server, I've reserved 1000 or so ids for the kernel now, which should last us a few weeks.

My KubeCon "keynote" about Linux and Rust is now online: https://www.youtube.com/watch?v=d5umzdT90HU

I'm sad to say that we're following the lead of many others and putting in proof-of-work proxies into place to protect ourselves against "AI" crawler bots. Yes, I hate this as much as you, but all other options are currently worse (such as locking us into specific vendors).

We'll be rolling it out on lore.kernel.org and git.kernel.org in the next week or so.

How #Linux Kernel Deals With Tracking CVE #Security Issues: https://thenewstack.io/how-linux-kernel-deals-with-tracking-cve-security-issues/ via @TheNewStack & @sjvn

And why, all too soon, most #opensource projects must also manage their own Common Vulnerabilities and Exposures.

Excellent #keynote by @gregkh at #KubeCon #CloudNativeCon on why we need #Rust in the #Linux kernel, including:

➡️ Standardize, "automate" error handling
➡️ Enforce lock acquisition, automate release
➡️ Type safety

As an important side-effect, switching from C to Rust requires you to ensure APIs fit the cleaner error handling/locking/type paradigms.

To ensure Linux stays secure and maintainers sane.

He also recommended the following 90-minute presentation: https://newsletter.pragmaticengineer.com/p/how-linux-is-built-with-greg-kroah

Many in open source are still unaware of how the Cyber Resilience Act will impact projects and businesses. This blog breaks it down.

Stay informed: https://www.linuxfoundation.org/blog/unaware-and-uncertain-is-the-open-source-community-prepared-for-the-new-regulatory-reality-of-the-cyber-resilience-act

The initial set of speakers and talks for ER is now published. A few highlights:
- @gregkh on the EU Cyber Resiliency Act (CRA)
- barriers to security on embedded systems
- Steam OS impact on Linux ecosystem
- Functional Safety on Linux
- writing real-time applications
- fully open source CNC and 3D printing

and many more: https://embedded-recipes.org/2025/speakers/

Fun, but long, interview with me about how the Linux development process works was just released: https://newsletter.pragmaticengineer.com/p/how-linux-is-built-with-greg-kroah

It's not all boring, I talk about Rust and our lack of project managers (both good things IMO) so there's lots for people to be grumpy about if you are so inclined.

Registration is now open for ER 2025! We hope you can join us this year in Nice, France.
https://embedded-recipes.org/2025/attend/

Perl is now a CNA, able to assign their own CVE ids, this is great news!
https://security.metacpan.org/2025/02/25/cpansec-is-cna-for-perl-and-cpan.html

Just in time for my talk about this very topic in a few weeks about how all open source projects should be doing this:
https://lfms25.sched.com/event/1urXE/take-control-over-your-projects-cve-entries-before-someone-else-does-greg-kroah-hartman-linux-foundation

At least once a day I'm reminded of this slide from @bagder last year at FOSDEM

What comes after world domination?

This is the abstract for my scheduled talk at foss-north 2025 in April. What do you think is next?

https://foss-north.se/2025/

Where's all the commentary and speculation for good kernel rust stories? https://www.phoronix.com/news/Linux-6.14-Faux-Bus-Merged