@brauner No idea, I just went and ordered a few more, and some solokeys as I really would like to just use USB C and not have a A->C converter to lug around.

Dear lazyweb. One of my nitrokey 3 devices seems to have “stopped working” when attempting to access the key in it. Running the command line tools seems to say all is good (i.e. nitrocpy nk3 test says all is fine) but yet ssh seems to hate it with an error of:

ssh_sk_sign: fido_dev_get_assert: FIDO_ERR_NO_CREDENTIALS

and it never even attempts to let me “push the button”.

It’s running the latest firmware. Any hints on what to attempt/test to debug this or should I just give up on the thing?

My backup key is working just fine, so it’s not the USB kernel code on my system that is the issue for once :)

@aho "Don't panic and just follow standard security reporting guidelines".

Yet another thing I never thought I would be doing as a kernel developer, talking about EU regulations with open source finance people...

@joshbressers indeed. I just find that pURL advocates sometimes forget this gap and there are even online forms now where the pURL is a mandatory field, which have prevented for example me to enter curl in some places because curl nor libcurl have no pURL. So I keep having to remind people...

341 of the 733 changes[1] picked up for #Linux 6.15.3 could theoretically have made it into #kernel 6.15-rc6[2], as they were committed to some subsystem tree by then already.

Those are the changes that @gregkh meant when he recently wrote "[…] might also spur maintainers/developers to get fixes into -final a bit more as well :)"[3] (screenshotted).

[1] https://lore.kernel.org/all/2025061942-premiere-surreal-fa53@gregkh/

[2] And thus could have seen two weeks of testing before 6.15 was released – instead of about 3 days that 6.15.3-rc1 was out.

[3] https://lore.kernel.org/all/2025061030-latticed-capacity-dc94@gregkh/

#LinuxKernel

The solo maintainer for libxml2 is no longer accepting embargoed vulnerability reports, citing the unsustainable burden as an unpaid volunteer. Security issues will be treated like any other bug report moving forward.

https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports #opensource #cybersecurity h/t @joshbressers

Reporting a „possible memory leak“ in a 7 year old curl version, because the RSS jumps from 6.2 to 7 MB once.

Could be.

But, dear reporter, we can only try our best to be a better curl *today*. There is no changing the past (hence the name).

We outstretch our hands to you! Come and live with us in the present! Let the ancestors rest and rejoyce among the living!

#curl

Ticket sales for Kernel Recipes 2025 are now open! The conference will take place from September 22 to 24, 2025, in Paris. The agenda is still in the works, but you can already check out the list of speakers and a few of the topics online.

https://kernel-recipes.org/en/2025/

If you're a student, we’re offering a 50% discount—just get in touch with us!

See you in september!

A bunch of new stable kernels is out. With them, the #Linux 6.14.y stable series is now end-of-life – shortly after the merge window of 6.16 closed.

This thus happened a bit earlier than we are used to, but will be the new normal. To quote @gregkh from https://lore.kernel.org/all/2025061030-latticed-capacity-dc94@gregkh/:

'"Note this is the LAST 6.14.y release. This kernel branch is now end-of-life. Please move to the 6.15.y kernel branch at this time.

If you notice, this has happened a bit more "early" than previous end-of-life announcements. Normally, after -rc1 is out there is a TON of stable patches happening due to the changes that come into the merge-window that were marked for stable backports but didn't get into Linus's release before -final. As some people have objected to this large influx being added to a stable kernel that is just about to go end-of-life, let's try marking this end-of-life a bit earlier to see how it goes.

It might also spur maintainers/developers to get fixes into -final a bit more as well :)"'

#kernel #LinuxKernel

Long and fun interview with me on the Wookash Podcast just got published: https://www.youtube.com/watch?v=-1-OjxPJZcs

@gregkh For me it‘s all SOVEREIGN again

My seat name tag for the EU CRA meeting today...

@aho @brauner Your "4.x" kernel is filled with so so so so so many unfixed security issues that this one is the very least of your problems.

Good news is that anyone using such a kernel can easily get root access so that they can patch the thing to not run a 4.x kernel anymore :)

I have done custom backports of the patches to install a pidfd into the legacy usermodehelper coredump handler for v6.12, v6.6, v6.1, v5.14, v5.10, and v5.4.

So that all those kernels can defend against the Qualys vulnerabilities reported earlier this week in:

https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt

@gregkh should hopefully have not too much pain with these backports now. Otherwise it would've been rather unpleasant to do them.

Testing is of course very welcome!

https://lore.kernel.org/linux-fsdevel/20250602-eilte-experiment-4334f67dc5d8@brauner/T/#m03e7e205c913101dc452c391bf283661049ca494

Q: "Why have you suddenly been reworking coredumping, Christian?"
A: "Because I'm a clown and also I had it with all the CVEs because we provide a **** API for userspace."

So now that @torvalds merged the pidfs and initial coredump work things are already better but I have more work there.

In other news, there's two new CVEs in userpace that should be gone completely by installing a pidfd into the umh or by using the coredump socket.

[1]: https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt

[2]: https://blog.qualys.com/vulnerabilities-threat-research/2025/05/29/qualys-tru-discovers-two-local-information-disclosure-vulnerabilities-in-apport-and-systemd-coredump-cve-2025-5054-and-cve-2025-4598

ER2025 is over, and thanks to all of our sponsors it was a big success!
https://embedded-recipes.org/2025/blog/wrap/

The slides & videos are now available on the Speakers page
of the website: https://embedded-recipes.org/2025/speakers/

Please don’t hesitate to send us your feedback, critiques,
suggestions and rants. We’d want to hear what you thought of the
location, the venue, the food, the talks, the workshops, the evening
event, or anything else you want to share with us.

Please write us at: embedded-recipes@baylibre.com

[deep LTC cut] Who would have guessed that the unwanted task of working on MCP at IBM 20 years ago would finally pay off on the resume!

This is a great interview with @gregkh on corporate involvement in the #Linux kernel and #opensource. He goes in depth on justifying working upstream and how it made him a better engineer.

https://youtu.be/DZzFG_zhFnY?si=HWHmpsOtwXATUm5v

@ljs @vitaut Expect a very pedantic patch review in the near future :)