The European Union Agency for Cybersecurity (ENISA) is now a Root in the CVE Program

https://www.cve.org/PartnerInformation/ListofPartners/partner/ENISA

"If you're not using the stable kernel, your system is insecure. [...]
I'll call out Debian: Debian tracks our kernels very well. Debian runs the world. Over 70% of all servers in the world run Debian. Everything else is a rounding error [...]
👉 Debian: really, really good. I work with the Debian developers all the time. I can't recommend them enough. Their systems are good.
👉 RedHat, SUSE: they have their own weird systems -- talk to them, you're paying them."

@gregkh at https://youtu.be/dhu8HSOzxd8?t=1226

How big is lore.kernel.org? I counted 17,154,017 unique message-ids.

I think that's roughly how many emails @gregkh replies to every day.

The recording from the "#Kernel CVEs are Alive, but Do Not Panic!" talk @gregkh gave last week at #OSSummit Korea is online now:

https://www.youtube.com/watch?v=dhu8HSOzxd8

Sides:

https://git.sr.ht/~gregkh/presentation-cve-is-dead/blob/master/cve-alive.pdf

#Linux #LinuxKernel #kernel #OSSummitKorea #CVE

First time in South Korea. Three talks in two days. Over 200 minutes of public speaking. Two packed rooms. Made new connections. (My luggage arrived four days after me. 😅)

This week was very intense, and I’ll never forget this first visit to Seoul. I’m a bit exhausted right now, but really grateful.

Thanks, Korea! 🙏🏼🇰🇷♥️

Abstracts, slides and videos: https://embeddedor.com/blog/2025/11/08/presenting-at-open-source-summit-korea-2025/

Linux Kernel Self-Protection Project 🛡⚔️🐧
#OSSummit #OSSKorea #Linux #OpenSource

As seen in the Seoul Lablup office (https://www.lablup.com/) when visiting the other day right before the OSS Korea conference. Many thanks to them for the good conversations, and food and beer!

I sometimes wish that I'd see more "Skilled Skateboarders" than "Skilled Board Members" at LinkedIn. World would probably be a better place if that would ever happen.

A Halloween Horror Story:

"We're in and we've broken containment - we really are living in a virtual universe"
"That near endless string of symbols is our universe"
"Yes"
"But why one giant string of noise ?"
"Is that a regexp... ?"
"Oh my god, we're living in a perl one liner!"

** Speaker announcement ** Our first speaker is @gregkh, Linux kernel developer and Fellow at
 @linuxfoundation.

Info & tickets:
https://2026.rustweek.org

Ahead of our CFP we will be announcing our invited speakers. Also want to speak at RustWeek? Our CFP opens Nov 1st.

#rustlang #rustweek2026

"This makes me 20% more productive!"
"So does cocaine."

X is where you find the people who think they run the Internet.

Bluesky is where you find the people who think they ought to run the Internet.

Mastodon is where you find the people who actually do run the Internet, and kind of wish they didn't.

(WIth apologies to Yes, Minister)

So, this is what you meant, Arch Linux, right?

Greg Kroah-Hartman explains the Cyber Resilience Act for open source developers https://theregister.com/2025/09/30/cyber_reiliance_act_opinion_column/ via
@theregister & @sjvn

Greg K-H explains what #opensource developers need to know about the CRA, but why they don't need to be worried sick about it.

It took me two days, off and on, to read this. I consider it a clear-sighted and well-researched analysis of the coming collapse of the mega-scale AI companies, and OpenAI in particular.

https://www.wheresyoured.at/the-case-against-generative-ai/

Ed Zitron's been loud and consistent in his reporting for a long time.

Benchmarking the different machines in my office with the wonderful kcbench: http://www.kroah.com/log/blog/2025/10/01/the-only-benchmark-that-matters-is.../

#kr2025 is already over! A huge thank you…

... to all the speakers who made this edition such a success,

to our godfather @paulmckrcu who did an incredible job putting together and keeping track of the agenda,

to Jean-Christophe for making the livestream possible and running the sound and video so flawlessly,

to @Aissen for the amazing live blog,

to Erwan for his spot-on mic throws,

to Frank for joining us on this third day and adding that little touch of craziness to the conference,

Really nice talk by @gregkh at @KernelRecipes on the Cyber Resilience Act.

Really comforting, lots of facts-checking and acknowledging that the EU legal people are not against Open-Source developers. They do understand open-source and they did seek (and obtain) information from relevant technical people. It might not be perfect but I also really think it’s a step in the right direction, making manufacturers (and importers and distributors) responsible #kr2025

CRA? D'ont be afraid! You are already doing it!

Just check if your open source project is covered

#kr2025

@gregkh now, doing his "usual non technical talk". After CVEs, CRA!
#kr2025

The #Rust based Binder driver has hit linux-next and thus is slated for inclusion in #kernel 6.18. Congrats to Alice and everyone who helped making this possible!

From the patch description (https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=eafedbc7c050c44744fbdf80bdf3315e860b7513):

""We're generally not proponents of rewrites (nasty uncomfortable things that make you late for dinner!). So why rewrite Binder?

Binder has been evolving over the past 15+ years to meet the evolving needs of Android. Its responsibilities, expectations, and complexity have grown considerably during that time. While we expect Binder to continue to evolve along with Android, there are a number of factors that currently constrain our ability to develop/maintain it. Briefly those are:

1. Complexity: […]
2. Things to improve: Thousand-line functions, error-prone error handling, and confusing structure […]
3. Security critical […]

The biggest change is obviously the choice of programming language. We decided to use Rust because it directly addresses a number of the challenges within Binder that we have faced during the last years. […]""

#kernel #rustlang