Microsoft breaking a bunch of dual-boot systems by revoking insecure versions of grub during a standard Windows update is, uh, not great and was not supposed to happen, but it's worth mentioning that systems broken by this were running known insecure bootloaders and anyone running a distro that's actually on top of security updates was unaffected

(Edit to add: I wasn't terribly clear here. It's not the user's fault if their distro fails to deal with this, it's the distro's)

https://www.hs.fi/suomi/art-2000010645468.html

Here's a link to the slides for my "Why are there so many kernel CVEs?" talk I gave at OSS China yesterday:
https://kccncossaidevchn2024.sched.com/event/ed2b39a9a0cdfc1df18de67ce0c2f6be

Link to git repo for the slides if the schedule site acts odd for you:
https://git.sr.ht/~gregkh/presentation-security

It was fun, and will be the "set up" for my Kernel Recipes talk in Paris in a few weeks (only 3 conferences to go between now and then, travel is back in full swing.)

https://www.youtube.com/watch?v=yBv4kWsi4TE

At Profian I did Rust with managed wasm bytecode payloads.
At Tampere University I hacked RISC-V SoC's.
At Parity Technologies, I'll do Rust with managed RISC-V *bytecode* payloads.

My work career seems to move forward by combining patterns.

I think Linux would be better off not supporting async feature of Rust.

It's not that it cannot be done but it will result long-term maintained code that is hard to reverse to opcodes at the CPU core just by looking at the snippet code.

This is exactly the gist of any possible kernel patch review..

I'm not disregard its usefulness in user space code but it could be even counter-productive tool in kernel code.

It's the added cost of time for kernel maintainers that weights here. Most (all) could cope with non async Rust from the perspective of what CPU does when it executes a specific peace of Rust code. Developer productivity is the most insignificant portion of kernel development cycle. I'm 100% sure that async is not existential feature, meaning that any possible feature could not be implemented without it.

#rust #linux #kernel

TDR Molotok is IMHO the best thing ever in software and/or hardware when you want the most hyper reactive compressor in existence with reasonably clean sound at extremes.

In my books, when ducking with kick some other channel, it beats ShaperBox3, LFOTool and similar plugins. You get both surgical and musical off-the-bad. The sound just feels right :-)

Molotok is also great alternative to give a shot when having either 1176 or dbx160 would be, or is already used. Worth of trying out.

#tokyodawn #molotok #plugins

permissions

Permalink: https://wizardzines.com/comics/permissions/

Storj made me consider a blockchain company. Before that, honestly I did not understand the application. I used it for four months without knowing it is token based and ended my Dropbox subscription. Token is like IP address, totally useless without service that makes it tick. In Storj tokens work as B2B in storage sharing. I just pay with my credit card and enjoy the awesome benefits like pay for use and ultra-cheap S3 object storage, never ever thinking crypto 😀 This is how to do it right.

#systemd sucks for #embedded because it is not a design that downscales effectively. Tried systemd few times for smaller devices but it just a bad solution for anything not at least a mobile phone.

An init system that could both upscale and downscale and based on statically linked tight core would be awesome.

It could even be (partially) compatible with the same unit-file format.

In particular for this project it would make a lot of sense to implement such support because this is a need at scale:

https://github.com/uutils/coreutils

Could even gain sponsorships from embedded companies.

I have now a registered private company for the sake of being a contractor starting from October: Siltakatu Solutions Oy (aka Ltd).

Siltakatu is my home street [1] in #Tampere and I try to find solutions for various issues in software engineering, so by combining these two facts I got a company name 🤷

Sometimes my solutions suck tho but I do not imply anything about quality in my "company brand" ;-)

[1] The #Finnish word silta translates to bridge and katu translates to street.

One wisdom that applies both understanding math and programming in deeper level and navigating through that jungle: be stupid and try not to understand 🤷 Stupid is the new smart.

A power user belongs to a category of users who use computers just for the sake of using them, and that is the overall main goal of using a computer.

I like Low Level Learning Youtube-channel but with this I have I have to totally disagree: https://www.youtube.com/watch?v=3T3ZDquDDVg

The golden rule for writing code and debugging is obviously:

1. Do the most simplest and least scalable trial at first.
2. If that does not scale take a more powerful tool.

I certainly know how to use core files but it is MORE EFFORT.

Starting from October, when my research contract ends, I'll be joining Parity as compiler and virtualization engineer: https://www.parity.io/

Since https://github.com/RustScan/RustScan claims to be fast I tried first a trivial SYN scan to my file server:

sudo nmap -sS -p- haaparousku

I got the list of ports in about one second (bit more or less). Then I tried rustscan and got bored enough to finally SIGINT it:

rustscan --addresses haaparousku

Not sure I get the improvement here… Also command-line is not “tactile :-)

Something definitely to improve in Rust command-line apps is not to think arguments as an object tree that you feed into clap crate. That’s just lazy.

Instead a better metaphor for a great command-line interface is something like a game pad that you can “play” easily. That’s why nmap has been relevant for decades.

#AI #brain collapse

https://www.nature.com/articles/s41586-024-07566-y

Glue on pizza is apparently not enough, how about bogus AI mushroom foraging books
https://www.reddit.com/r/LegalAdviceUK/comments/1etko9h/family_poisoned_after_using_aigenerated_mushroom/

#ai

Registration for @linuxplumbersconf reopened

'"This year there was a huge demand to attend #LinuxPlumbers Conference in person and at last we were able to add more places and reopen the registration."'

https://lpc.events/blog/current/index.php/2024/08/16/registration-is-now-reopened/

#Linux #kernel #LinuxKernel #LinuxPlumbers2024

Hallituksen halu poistaa työntekijöitä maasta on outo https://www.hs.fi/mielipide/art-2000010631106.html
Outo, typerä, paha, valitse adjektiivisi. Taantumuskopla on sitä kaikkea.