Krzysztof Kozlowski
Posts
199Following
32Followers
216๐ต๐ฑ ๐ช๐บ ๐ฐ๐ท ๐ฎ๐ฑ ๐บ๐ฆ ๐จ๐ญ
IRC: krzk
Kernel work related account. Other accounts of mine: @krzk@mastodon.social
Krzysztof Kozlowski
repeated
repeated
Mike Sheward
SecureOwl@infosec.exchange
If you've ever wondered what it is like to throw up and have diarrhea simultaneously, JIRA now has an AI button.
1
3
1
Krzysztof Kozlowski
krzk
@kernellogger Wasn't. Although if you combine it with these one-liners:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=812a33a65d00e3d813f5ed2c9923569acd0b445c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da968c3ce459442e83b021d73417b9402c8b14c5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=824ed4cb629c87b0b8aec997d3b7f6f77143ad25
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=859a661eb493fffa88ea5c94b0cd62ecc7b24634
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aaf69c606f0865c8ad3571e1725372f21b5ad97a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b995d1af162f1736dd1d62ec3f6f9a5d6be5c84
... you will get on average not that big patchset, so maybe it was on-average-reviewed-by.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=812a33a65d00e3d813f5ed2c9923569acd0b445c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da968c3ce459442e83b021d73417b9402c8b14c5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=824ed4cb629c87b0b8aec997d3b7f6f77143ad25
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=859a661eb493fffa88ea5c94b0cd62ecc7b24634
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aaf69c606f0865c8ad3571e1725372f21b5ad97a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b995d1af162f1736dd1d62ec3f6f9a5d6be5c84
... you will get on average not that big patchset, so maybe it was on-average-reviewed-by.
1
0
2
Krzysztof Kozlowski
krzk
@geert Irony is here that since some time, if as a contributor you receive no responses to your patch or to your ping, please check if you are not on the SDN list or if you are not suspected to be on the SDN list, because even a reply like "I cannot work with you" might be tricky for maintainers. Basically it is indistinguishable between being lost in maintainer's mailbox, being PLONK-ed or being sanctioned. :)
0
0
4
Krzysztof Kozlowski
krzk
Anyone has cool Arm topics to share? The Call For Papers for Linaro Connect conference in Lisbon is still open (till 13th Feb)!
https://www.linaro.org/connect/call-for-proposals
The Connect will be in May:
https://www.linaro.org/connect/
https://www.linaro.org/connect/call-for-proposals
The Connect will be in May:
https://www.linaro.org/connect/
0
3
3
Krzysztof Kozlowski
repeated
repeated
Luis Villa
luis_in_brief@social.coopIโve told LF repeatedly that โeducationโ as the leading point is insulting. Many maintainers know exactly what they need to do, but they lack time and energy for it. Lecturing them, I mean โgiving them skillsโ, isโฆ not actually a solution.
But it allows LF (and friends like GH) to continue elephant-in-the-room-ing the actual solution, which is paying maintainers for the trillions of dollars of value they create.
5
12
1
Krzysztof Kozlowski
krzk
@donmccurdy Copilot training and "3-week program consisting of a 5-10 hour commitment each week" is exactly what community needs to fix cases like XZ with busy maintainer bullied by bad actors.
Microsoft, are you ill? Are you just joking here around or just want to sell your crapy Copilot? This is just an insult to Open Source maintainers.
@martin.social You do not see how inappropriate this is?
Microsoft, are you ill? Are you just joking here around or just want to sell your crapy Copilot? This is just an insult to Open Source maintainers.
@martin.social You do not see how inappropriate this is?
0
3
4
Krzysztof Kozlowski
repeated
repeated
Don McCurdy
donmccurdy@fosstodon.orgI've been expecting something like this since the XZ hack, but still ... frustrated/annoyed/sad to see Microsoft and 13 (!) partners jointly announcing that their answer is to โeducateโ open source maintainers.
It's nice that they're compensating maintainers for the time spent on that training, but ... compliance with corporate security policies is still a whole lot of ongoing, unpaid work after that? Sigh.
https://github.blog/news-insights/company-news/announcing-github-secure-open-source-fund/
3
9
0
Krzysztof Kozlowski
krzk
@luis_in_brief Aaah, so now I know what was missing in my maintainer's life:
"Maintainers will get hands-on learning of security principles, tools like GitHub Copilot and Copilot Autofix"
Github Copilot!
Microsoft jokes from open-source...
"Maintainers will get hands-on learning of security principles, tools like GitHub Copilot and Copilot Autofix"
Github Copilot!
Microsoft jokes from open-source...
0
1
1
1
0
0
Krzysztof Kozlowski
krzk
Edited 3 months ago
Last year, for each of six Linux kernel releases - v6.7, v6.8 ... v6.12 - I was topping the list of most active contributors. This consistency led to a more interesting stat: I am one of the most active Linux kernel contributors for this period (and I don't count Kent here as he just dropped stuff out of tree... and then developed things to his own tree without review or mailing list collaboration) with 1339 commits upstream.
I am however more proud of another impact I made: I am one of the most active reviewers of the last one year of Linux kernel development. Reviewing takes a lot of time, a lot of iterations, a lot of patience, a lot of template answers and results with only "some" of reviewed-by credit going to Linux kernel git history. Yet here I am: ~1000 reviewed-by credits for last year v6.7 - v6.12 Linux kernel.
Source, LWN.net:
https://lwn.net/SubscriberLink/997959/377cf2f076306247/
I am however more proud of another impact I made: I am one of the most active reviewers of the last one year of Linux kernel development. Reviewing takes a lot of time, a lot of iterations, a lot of patience, a lot of template answers and results with only "some" of reviewed-by credit going to Linux kernel git history. Yet here I am: ~1000 reviewed-by credits for last year v6.7 - v6.12 Linux kernel.
Source, LWN.net:
https://lwn.net/SubscriberLink/997959/377cf2f076306247/
2
9
54
Krzysztof Kozlowski
repeated
repeated
K. Ryabitsev
monsieuricon
1000 days since the Russian army invaded Ukraine, destroying its cities and murdering civilians, all because Putin needed a "quick victorious war" to remain in power.
I will never forget, and I will never forgive.
I will never forget, and I will never forgive.
0
25
49
@thibaultmol @kernellogger @tuxedocomputers " this license allows them to prevent from someone else" - this is exactly something they should not do. We all know open-source compliance releases have poor quality and we do not have problems with that. That's life. But what they did is:
1. Release poor quality code.
2. Restrict community rights of improving it and bringing upstream.
That's a big no-go, big NAK for Tuxedo. Interesting twist, how one can release something open-source but not in open-source spirit.
1. Release poor quality code.
2. Restrict community rights of improving it and bringing upstream.
That's a big no-go, big NAK for Tuxedo. Interesting twist, how one can release something open-source but not in open-source spirit.
0
2
8
Krzysztof Kozlowski
krzk
@kernellogger @tuxedocomputers I wonder what is actually worse for customers: crappy driver release from vendors just for open-source compliance or this pseudo-open-source-move from Tuxedo which effectively blocks any community from upstreaming this code.
Let's recap what Tuxedo said:
> We do not plan to relicense the tuxedo-drivers project directly as we want to keep control of the upstream pacing,
This is absolutely terrible move, restricting community and customers from working upstream. Kind of what proprietary company would like to do... Bleh, just choose other laptops.
Let's recap what Tuxedo said:
> We do not plan to relicense the tuxedo-drivers project directly as we want to keep control of the upstream pacing,
This is absolutely terrible move, restricting community and customers from working upstream. Kind of what proprietary company would like to do... Bleh, just choose other laptops.
0
1
11
Krzysztof Kozlowski
repeated
repeated
Thorsten Leemhuis (acct. 1/4)
kernellogger@fosstodon.orgTIL: @tuxedocomputers released #Linux #kernel drivers for their machines under the #GPLv3, which makes it impossible for competitors and distros to ship them pre-compiled, as that license is incompatible with the #LinuxKernel's #GPLv2 only license.
They did this purposely, allegedly to "keep control of the upstream pacing" โ and want to re-license the code while upstreaming.
https://github.com/tuxedocomputers/tuxedo-keyboard/issues/61
https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/issues/137
9
4
2
Krzysztof Kozlowski
repeated
repeated
K. Ryabitsev
monsieuricon
@tusooa Heh, you're trying to convince a "Russian identified person" in one of the senior positions in the Linux Foundation that the Linux Foundation is being unfair towards "Russian identified people." It's pretty hilarious.
I'm not a lawyer and I don't speak for the LF, so I won't give you any kind of "official comment." But here's my view of it.
The people removed from maintainer positions were identified as employed by companies on the US and EU sanctions list. These companies are directly involved in the Russian military complex and therefore are directly complicit in war crimes being committed daily in Ukraine. If these maintainers want to think that they are "just techies helping improve the Linux kernel," or that "they are outside of politics," then they are fucking wrong. If they work for companies that develop weaponry or logistics used by the Russian military, they are complicit in Russia's war crimes, and I hold them responsible at a very personal level -- and that's my official comment on the situation.
I'm not a lawyer and I don't speak for the LF, so I won't give you any kind of "official comment." But here's my view of it.
The people removed from maintainer positions were identified as employed by companies on the US and EU sanctions list. These companies are directly involved in the Russian military complex and therefore are directly complicit in war crimes being committed daily in Ukraine. If these maintainers want to think that they are "just techies helping improve the Linux kernel," or that "they are outside of politics," then they are fucking wrong. If they work for companies that develop weaponry or logistics used by the Russian military, they are complicit in Russia's war crimes, and I hold them responsible at a very personal level -- and that's my official comment on the situation.
6
109
206
Krzysztof Kozlowski
krzk
@as400 It's protected very well. Just fork it. Or review commits. Or revert them. It's all open. There is no owner (except copyright owners but that does not matter here). You can do with it whatever you wish, as long as you keep it still open (and few other things enforced by GPL v2).
0
0
1
Krzysztof Kozlowski
krzk
@ptesarik Countries are political concepts, so every country where you move the organization will impose some sort of politics on that organization. Unless you propose moving to Principality of Sealand? :)
Joking aside, Linux Foundation is nowadays business with very big business behind, so change of residency might not change much.
RE: https://fosstodon.org/@ptesarik/113355467229724671
Joking aside, Linux Foundation is nowadays business with very big business behind, so change of residency might not change much.
RE: https://fosstodon.org/@ptesarik/113355467229724671
2
0
1
Krzysztof Kozlowski
krzk
Edited 4 months ago
I guess many are watching interesting email thread now. :)
One-time posters, language typo fixers and devs of architecture from a country far away from GMT. And even certain compression library is brought as an argument, while disclosing private emails and using quite aggressive tone.
Heh. The lady doth protest too much, methinks.
I know now which emails will trigger careful patch review, suspecting foreign country involvement. :)
Above of course does not cover known individuals from that thread. I feel sympathetic with Nikita, whose patches I was reviewing over last years, and who should not be put in the same basket with some companies.
One-time posters, language typo fixers and devs of architecture from a country far away from GMT. And even certain compression library is brought as an argument, while disclosing private emails and using quite aggressive tone.
Heh. The lady doth protest too much, methinks.
I know now which emails will trigger careful patch review, suspecting foreign country involvement. :)
Above of course does not cover known individuals from that thread. I feel sympathetic with Nikita, whose patches I was reviewing over last years, and who should not be put in the same basket with some companies.
0
0
3