First talk of the day with Greg @gregkh KH to talk about Untrusted data in in Linux : How Rust is going to save us.

#RustWeek #RustWeek2026 #LinuxKernel #RustLang

I'm at the recording for the Rust In Production podcast on "Oxidizing the Linux Kernel" with Greg @gregkh KH, Alice Rhyl and Matthias @mre Endler.

#RustWeek #RustWeek2026 #LinuxKernel #RustLang #RustForLinux

Will be on the "Rust in Production" live podcast in a few hours here at RustWeek:

https://2026.rustweek.org/schedule/tuesday/

Live streams of the conference:
https://www.youtube.com/@rustnederlandrustnl/streams

I think the podcast might be streamed here as well:
https://www.youtube.com/playlist?list=PLbWDhxwM_45lkJfL95zELDgO01mnrRQ6t
but don't really know...

What is never? It's a Rust type that's pretty simple to define (not).

#RustWeek

@k From Keychron of course!

New desktop addition, a "big button" to do a kernel release. Would have come in handy earlier today when I had to do a bunch of them ...

More stable kernels with partial Dirty Frag fixes

https://lwn.net/Articles/1071483/ #LWN #Linux #kernel

"If Linux can be maintained by sending patches to an email mailing list, 'doesn’t work at scale' arguments are skill issues."
https://dbushell.com/2026/04/29/github-is-sinking/

Typical ML argument: "If I can read something legally, why can't I train an LLM on it?"

Humans are capable of reading things and later writing a similar thing that is still a copyright violation. If I go and write a book that follows the plot line of Star Wars, that's still a copyright violation, even if no text is literally the same. If I play the melody to a song on my piano and release it without the appropriate mechanical cover license, that's also a copyright violation.

The reason this does not happen often is that, as humans, we are aware that that's plagiarism and there are rules. Sometimes it happens by accident, and people still get sued and lose.

LLMs have no such awareness and routinely output things which are blatant copyright violations when appropriately prompted. That means the model weights encode that work, and therefore, are themselves a derivative work.

Your brain encodes a massive amount of copyrighted information. You are not a walking copyright violation because humans aren't data, can't be copied and distributed en masse, have human rights, etc. This is why "mind reading machines" are a classic dystopian plot point (monetizing your thoughts etc).

An LLM is not a human, does not have human rights, nor human privileges. It is data, and if it encodes copyrighted information, that's a derivative work. If you aren't following the license of the training data, that's a copyright violation.

@dascandy everything graphed risks becoming a goal in itself, so I make sure we graph everything 😀

@uecker @icing As is pointed, out, this is just a troll, but seriously, "worthy" isn't the issue. Again, you can not have one group "in" and one "out" without real reasons why anyone is "out".

And again, my point remains, "All early release lists leak like a sieve, otherwise why does your government allow it to exist."

@uecker

I think I should be the only one on that list. I‘ll then notify the right people who can demonstrate their worthiness.😌

Wait! That‘s already anthropic‘s business idea. Damn.

@gregkh

@uecker @icing There are many reasons why this would not work. Again, step through the logic to prove it yourself.

@uecker @icing @joshbressers @wdormann @Viss Why is it unconvincing? Who decides what group is on,or is not on, such a list? Your government? My governments? Their government? No government? Me? You? Someone else? And what is the criteria exactly for how?

See how it breaks down when it hits the real world?

As I have said many times, "All early-announce lists are a leak, otherwise why would your government allow it to exist?"

@corsac @joshbressers @wdormann @Viss Linux makes it very "easy", just update your kernel to the newest version. What's preventing that from happening for your systems?

@uecker @icing @joshbressers @wdormann @Viss There was no "embargo time". And again, Linux does not notify anyone because if we did, we would have to notify everyone.

It's as if no one reads my long posts about this topic explaining it all...

@joshbressers I will quote this in many presentations in the future because it is so true:

"The Kernel assigns lots of CVEs. They say it’s because they don’t really know how the Kernel is being used, so they err on the side of caution. Companies hate this because they have to deal with a lot of CVEs. Does the Kernel do this because it’s easier or do they have some sort of secret nefarious reason? Probably because it’s just easier and they have zero downside to disclosing and moving on. "

RE: https://infosec.exchange/@joshbressers/116507930206819253

@zmanion @joshbressers @wdormann @Viss Why is linux-distros somehow "special" enough to get these types of announcements and not everyone else? How exactly would you explain that to your favorite government entity?

@penguin42 @deftpunk @joshbressers @wdormann @Viss I honestly don't remember, and if I did, we don't publish who asked for CVE ids from us as that's generally not a good idea to do so (and is not a requirement for being a CNA).

@joshbressers @deftpunk @wdormann @Viss the "announcement of a public web site and exploit" was not sent to the kernel security team. If you look at the timeline they published, they show what they sent the kernel security team and when, which seems to be correct to me.