"Census III of Free and #OpenSource Software: Application Libraries leans on more than 12M data points from security tools such as Black Duck, FOSSA, Snyk, and Sonatype, which have been deployed at more than 10k companies"

https://techcrunch.com/2024/12/04/linux-foundation-report-highlights-the-true-state-of-open-source-libraries-in-production-apps/ #cybersecurity

2/ Regarding the #Linux 4.19.y EOL, see also this nice and interesting farewell note from @gregkh:

https://lore.kernel.org/all/2024120520-mashing-facing-6776@gregkh/

'"[#LinuxKernel 4.19] had a good life, despite being born out of internal strife. […]

As a "fun" proof that this one is finished […] , I looked at the "unfixed" CVEs from this #kernel release. Currently it is a list 983 CVEs long, too long to list here. […]"'

The last 4.19.y kernel has been released:
https://lore.kernel.org/lkml/2024120520-preorder-untracked-6e5b@gregkh/T/

Please move to a more modern kernel if you are somehow still running this one, which I strongly would not recommend doing.

@pro @xav Yup!

@xav it has only been a few hours, no idea how even a single day would work yet...

New hardware showed up today, turns out Linux works just fine on it. Here's the 6.12.1 kernel running in Wayland.

Water bottle for scale.

Yeah, so I may have been bored in a meeting today...

https://mirrors.kernel.org/bogus

@monsieuricon Oh great, of course now this means I need to write a hampster_fs kernel module and get it merged, yet another thing to add to my TODO list...

@ross If a distro is attempting to build and distribute a years-old version of XScreenSaver then it is my explicit goal to make life absolutely as difficult as possible for them.

In today’s news: man with zero self reflection goes on lengthy one sided rant highlighting just that.

#Linux 6.12 is out. For a list of new features see:

* This short LWN story: https://lwn.net/Articles/997958/ (screenshotted)

* Two detailed stories from LWN: https://lwn.net/Articles/990750/ & https://lwn.net/Articles/991301/

* The kernelnewbies page: https://kernelnewbies.org/Linux_6.12

See also the announcement from @torvalds:

https://lore.kernel.org/lkml/CAHk-=wgtGkHshfvaAe_O2ntnFBH3EprNk1juieLmjcF2HBwBgQ@mail.gmail.com/

'"No strange surprises this last week, so we're sticking to the regular release schedule, and that obviously means that the merge window opens tomorrow."'

#kernel #LinuxKernel

@gustavoars I'm not even going to try :)

{sigh} Go home CodeQL, you are drunk…

int main(int argc, char *argv[])
Poorly documented function: fewer than 2% comments for a function of 129 lines.

Code in question is at: https://github.com/gregkh/usbutils/blob/master/lsusb.c#L3835 if people are curious. It’s as if the tool hasn’t seen C code before…

To followup up on this, @xexaxo sent a pull request to get rid of these "code in the meson temp files are security issues" false-warnings: https://github.com/gregkh/usbutils/pull/211

Many thanks for this, now to whittle down the other pointless `switch case is too big` and `FIXME is left in a comment` warnings that are left so that if anything "real" ever shows up, it will actually be noticed...

@xexaxo Yes, thank you! And thanks for the PR, I'll go merge that now and see how it goes.

@tbodt Nope, didn't work. Or I got the yaml wrong, which is probably the real reason here...

@tbodt Oh, nice, let me attempt that...

@tbodt codeql really wants to build the code, as I'm guessing it is doing so with a compiler hack to get at the files needed to analyze. I guess we can turn that off, let me try that out...

@tbodt @captainepoch Yes, enabling it is good. Stupid tests claiming problems that are not actually present at all are not good.

Drowns out any potential real issues.

As it turns out that “code scanning” isn’t public, here’s the error message that github is putting up saying that meson temp build files are security problems:

build/meson-private/tmpzhj7u8eq/testfile.c:2  Test

Poor global variable name 'i'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo).

Rule ID cpp/short-global-name

Description
This rule finds global variables which have a name of length three characters or less. It is particularly important to use descriptive names for global variables. Use of a clear naming convention for global variables helps document their use, avoids pollution of the namespace and reduces the risk of shadowing with local variables.