We get randomest crap.

Dear semi-lazyweb,

Given a git diff of a C/Rust codebase, how to best determine which functions/defines have been modified between the two versions? Yes, the diff itself sometimes gives hints as to what has changed, but it's not always correct. Think about when it modifies the start of a function, but the diffstat "name" shows the previous function, a correct marking, but not what is needed.

Is the correct answer really going to be "compile the two versions and compare the AST" or something like that? No "diff library" somewhere that "knows" how to parse C (and Rust) that can do this in a faster way? Surely I'm missing something obvious here...

There is virtually **no** AI slop security reports anymore submitted about #curl. They don't seem to happen any longer.

Almost everyone still uses AI though.

1. GenAI is probably going to impact us but how? Nobody knows.
2. The worst thing about GenAI isn't the technology, it's the shitty people: https://karlbode.com/the-problem-with-ai-is-shitty-human-beings [<must-read]
3. We can’t have a grown-up conversation on the subject because the trillion-dollar bet’s fear+greed pressure crowds out truth.
4. When the bubble pops, the shitty people will melt away. Then we can maybe figure it out.
5. We so *SO* need that bubble to pop. Next week would be ideal.

#GenAI

you ever write code so inefficient they have to update the whole power grid

„By Wednesday morning, Anthropic representatives had used a copyright takedown request to force the removal of more than 8,000 copies and adaptations of the raw Claude Code instructions—known as source code—that developers had shared on programming platform GitHub.“

Because if there’s one thing GenAI companies absolutely don’t take lightly, it’s copyright.

https://www.wsj.com/tech/ai/anthropic-races-to-contain-leak-of-code-behind-claude-ai-agent-4bc5acc7

Posting this link here, as I always have to dig every few years when I need it: https://cdecl.org/ a C -> English translator for those "fun" const pointer to const array issues that you have to work out every so often...

Claude Code's source code has been leaked via a map file in their NPM registry https://xcancel.com/Fried_rice/status/2038894956459290963 😂

Guess what? Most of code is either slop or even old good regex like for detecting negative sentiment in users prompt which is then logged

https://github.com/chatgptprojects/claude-code/blob/642c7f944bbe5f7e57c05d756ab7fa7c9c5035cc/src/utils/userPromptKeywords.ts#L8

These tools are going to replace 80% of all dev jobs and their plugin is gonna maintain all security and banking code? 🤡

In a few minutes I get interviewed by Shuah Khan and might answer questions from the audience if we have time: https://www.linuxfoundation.org/webinars/lf-live-maintainer-series-my-life-as-a-linux-kernel-developer-and-maintainer-with-greg-kh-and-shuah-khan

It will be recorded for playback later as well. It's part of the great Mentorship video series that Shuah has been putting on for years, the back catalog is deep: https://events.linuxfoundation.org/lf-live-mentorship-series/

Welcome Greg Kroah-Hartman @gregkh as #curl commit author 1459: https://github.com/curl/curl/pull/21159

Close enough.

We've gotten five different "security reports" about the decades old USBIP protocol https://docs.kernel.org/usb/usbip_protocol.html and how it is "insecure" in the past few days.

Yes, it's only to be run between "trusted" devices, and we will gladly take patches so see the ones recently posted to the linux-usb mailing list to mitigate these issues, but this is very strange as to why all of a sudden this is being reported all at the same time by random different semi-anonymous accounts.

Is there some big usb-over-ip installation somewhere that people suddenly started caring about out there, or did some internal hacking tool that uses usbip just get leaked?

No one who we asked "why?" when they submitting these issues would give a very clear answer to that simple question so something is going on...

This week the European Commission published the draft for a guidance document for the Cyber Resilience Act (CRA). It is 70 pages, but contains some helpful examples and flowcharts, like this one, making it accessible even to Open Source folks with limited time.

Here: Quick guidance for the question if your FOSS component is in scope for the CRA, and if so, wether you're deemed a steward or manufacturer in regards of the component.

#opensource #cra

After talking with a bunch of different companies / groups, we've now bumped the length of a few of the longterm kernels we are supporting:
https://git.kernel.org/pub/scm/docs/kernel/website.git/commit/?id=d04587da86a3464881e0c97aabddd2c271105698

As always, the dates can be found at:https://www.kernel.org/category/releases.html

Gemini, please convert this response into a politely worded email:

Hi:

Your vulnerability report is stupid. You have no idea what you're talking about, or you're hoping that nobody actually checks your findings. Unfortunately for me, I did check your findings and I will never get these 20 minutes of my life back. Everyone is dumber as a result of your report. Please do not contact us again.

It was one of those Mondays...

https://lwn.net/Articles/1059031/

Another post in my series about the kernel CVE process, all about how we classify fixes to be assigned a CVE and other related things:

http://www.kroah.com/log/blog/2026/02/16/linux-cve-assignment-process/

If you use AI-generated code, you currently cannot claim copyright on it in the US. If you fail to disclose/disclaim exactly which parts were not written by a human, you forfeit your copyright claim on *the entire codebase*.

This means copyright notices and even licenses folks are putting on their vibe-coded GitHub repos are unenforceable. The AI-generated code, and possibly the whole project, becomes public domain.

Source: https://www.congress.gov/crs_external_products/LSB/PDF/LSB10922/LSB10922.8.pdf

The #Rust support in the #Linux #kernel is now officially a first class citizen and not considered experimental any more:

https://git.kernel.org/torvalds/c/9fa7153c31a3e5fe578b83d23bc9f185fde115da; for more details, see also: https://lwn.net/Articles/1050174/

This is one of the highlights from the main #RustLang for #LinuxKernel 7.0 that was merged a few hours ago ; for others, see https://git.kernel.org/torvalds/c/a9aabb3b839aba094ed80861054993785c61462c

The 2nd Annual #EuropeanOpenSourceAwards have come to a close, but you can still revisit the best moments of the Awards Ceremony.

👇Watch the recording available here :
https://awards.europeanopensource.academy/awards/2026-recording-event