It just occurred to me that Free, Libre, Open Source Software is inevitable (outside rare niches).

Yes, it takes time. But eventually, some FLOSS that's "good enough" arises. And network and scale effects make it easier everywhere with every win.

And once the switch has happened — have you ever heard of someone going back to proprietary software? No? Me neither.

It's a one way street.

And thus, the proprietary world keeps shrinking.

#OpenSource

This graph is the one I'm most excited about: the lifetime of security flaws in Linux is finally starting to get shorter (and the number of fixed flaws continues to rise).

https://hachyderm.io/@LinuxSecSummit@social.kernel.org/114750428620118674

I need the phrase (or its equivalent in everyday casual speech) of “What the fuck” in as many languages as possible.

Go.

Your reminder I once discovered a similarly qualified male coworker made like 20k more than I did and it only happened because he was willing to discuss it with me.

"each individual kid is now hooked into a Nonsense Machine"
Edit: I got those screenshots from imgur. It might be from Xitter, with the account deleted or maybe threads with the account not visible without login? 🤷
2nd Edit: @edgeofeurope found this https://threadreaderapp.com/thread/1809325125159825649.html
#school #AI #KI #meme #misinformation #desinformation

New blog post: "Putting the cart before the AI"

I guess it was inevitable that I would have to write something about AI. I am not sure if I have anything incredibly unique to add to this topic, but I nevertheless feel like I should put a stake in the ground.

https://blog.tohojo.dk/2025/06/putting-the-cart-before-the-ai.html

The greatest trick the devil ever pulled ... was convincing internet communities to switch from email lists / IRC / another open standard to Slack / Discord. The latest example of a “it's only free while we say it's free" is CNCF’s / Kubernetes's Slack - https://github.com/kubernetes/community/blob/master/communication/slack-migration-faq.md - who it appears have *4 days* to backup their history (for a server with 100,000s of users)

Neither Slack nor Discord are reasonable, serious, professional, options for open community discussion. They are either too expensive, and/or involve inappropriate advertising. And who knows when Discord will start pulling this kind of behaviour, too, requiring large communities to pay?

The problem is today when anyone says "can't we just use an email list?" they are pooh-pooh'ed as being horribly out of touch. Hence why even the linked FAQ describes Discord as the only likely exit plan for Kubernetes. What a mess.

I really must insist that you experience this marketing.

#Trains #Amtrak #Friday https://urbanists.social/@legofwoofus/114719276818121145

Remember when people were typing one word and then blindly accepting the next one from autosuggestion because it was a kind of fun and silly thing to do?

We now have a whole industry built around it.

Again I stand by what I said.

"I can't believe I even have to talk about these people. That's how ridiculous it s."

We have the equivalent of the scientologists running the field of AI with untold amounts of money and power and we're the ones who have to do point by point rebuttals of their eugenicists dreams.

https://www.rollingstone.com/culture/culture-commentary/billionaires-psychology-tech-politics-1235358129/

I went to a talk lately that was mostly about something else, but the speaker came out with:

“If you only remember one thing from this talk, remember this. Everyone in this room who likes helping people, raise your hand.”

Every hand, or nearly every hand, went up.

“If you like asking other people for help, keep your hand up.”

Almost every hand went back down.

“As you can see, people like helping you. When you ask for help, you’re making them feel good, even if you don’t like asking.”

I’ve genuinely forgotten the rest of the presentation but I won’t forget that.

You don't have to put on the red light.

A few people have asked me recently questions along the lines of ‘how mature is #CHERI as a technology?’ The analogy that I usually use is the 386’s memory management unit (MMU). This shipped 40 years ago, at a time when most desktops did not do memory protection, though larger systems usually did. Similarly, most systems today do not do object-granularity memory safety.

The 386 shipped after the 286 had tried a very different model for the same goal and had failed to provide abstractions that were usable and performant. Similarly, things like Intel MPX have failed to provide the memory safety guarantees of CHERI and thins like Arm’s POE2 have failed to provide the kind of useable programmer model for fine-grained compartmentalisation model that CHERI enables, yet both technologies have shown that these are important problems to solve.

The 386’s MMU had a bunch of features that you’d recognise today. Page tables were radix trees, for example, just as they are on a modern system. It wasn’t perfect, but it was enough for Linux and Windows NT to reach Bill Gates’ goal of ‘a computer on every desk’, at least in wealthy countries (and the cost of the MMU was not the blocker elsewhere). For over 20 years, operating systems were able to use it to provide useful abstractions with strong security properties.

It was not perfect. Few people thought, in 1985, that PCs would run VMs because they barely had enough memory to run two programs, let alone two operating systems. But the design was able to evolve. It grew to support more than 4 GiB of physical memory with PAE, to support nested paging for virtualisation with VT-x, and so on. It made some mistakes (read permission implied execute, for example) but these were fixed in later systems that were able to provide programmers with the same abstractions.

And this is why I’m excited about the progress towards the Y (CHERI) base architecture in RISC-V, and why I believe now is the right time for it. There’s a lot of CHERI that’s very stable. Most of the things from our 2015 paper are still there. A few newer things are also now well tested and useful. These are an excellent foundation for a base architecture that I’m confident we can standardise and that software and hardware vendors can support for at least the next 20 years.

At the same time, in #CHERIoT (and some other projects) we have a few extensions that we know are validated in software and very useful in some domains (in our case, for microcontrollers) but not as useful elsewhere. Some of the things we’ve done in CHERIoT would be terrible ideas in large out-of-order machines, but would be great to standardise as extensions because they are useful on microcontrollers, and some might be useful on some accelerators. It would be great if these could share toolchain bits.

There are also some exciting research ideas. I’d be much less excited by CHERI if I thought we were finished. 40 years after MMUs became mainstream, people are still finding exciting new use cases for them and new ways to extend them to enable more software models and that’s what a new foundational piece of architecture should provide. I firmly believe CHERI has the same headroom. After Y is standardised, I expect to see decades more vendor and standard extensions that are doing things no one has thought of yet, but which would be impossible without CHERI as a foundation.

Video of my DevConf.cz talk, "Beware of the kernel RTNL mutex" is available in the room stream, starting at 53:20

https://m.youtube.com/watch?v=BBwN-fzEtAs&t=3220s

Short stop at @devconf_cz 2025! Always great to meet @toke of #FQ_CoDel (#RFC8290) & #sch_CAKE fame 🙏🛜

Check out his talk “Beware of the #kernel RTNL #mutex”:

https://pretalx.devconf.info/devconf-cz-2025/talk/WQDUDJ/

#OpenSource #defineFUTURE #latency #devconf_cz #LibreQoS #bufferbloat #QoE #FLOSS #jitter #Linux #RedHat #OpenSSL #DevConf #TokeHoilandJorgensen #QoS

On software projects, we have an acute sense of "this project has technical debt", which we feel every time we're working on something else in the project other than paying off that technical debt. And generally, developers tend to have a lot of respect for taking time paying off technical debt to improve maintainability.

As individuals, we also have technical debt. Things like needing to fix our working environment. We feel that every time we're working on something else. We should have the same respect for working on our own technical debt as we do for working on a project's. Don't feel guilt for spending time improving your setup or your work, if it eliminates a source of stress or annoyance or slowdown for you.

When we throw up our hands and say none of it matters, we're doing the fascists’ work for them. They don't need to hide their corruption if they can convince us it's pointless to look. They don't need to silence truth-tellers if we've already decided truth is meaningless.

https://www.citationneeded.news/it-matters-i-care/

Proposal: A “yes but only if there’s an agenda” option for meeting invitations.

The calendar equivalent of “come back with a warrant”.

"Part of our task in the face of generative AI is to make an argument for the value of thinking – laboured, painful, frustrating thinking."

"[W]e also need to hold our institutions accountable. [...] university administrators are highly susceptible to the temptations of technology-driven downsizing, big tech donations, and the appearance of being on the cutting edge."

https://activehistory.ca/blog/2025/06/11/on-generative-ai-in-the-classroom-give-up-give-in-or-stand-up/