Conversation

Notices

1. Embed this notice
   ✧✦✶✷Catherine✷✶✦✧ (whitequark@mastodon.social)'s status on Tuesday, 07-May-2024 06:36:11 JST ✧✦✶✷Catherine✷✶✦✧

   Several vulnerabilities have been discovered in the Linux kernel

   (this lists 250 CVEs. I am not sure who this email is for anymore)

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     ✧✦✶✷Catherine✷✶✦✧ (whitequark@mastodon.social)'s status on Tuesday, 07-May-2024 06:37:01 JST ✧✦✶✷Catherine✷✶✦✧

     in reply to

     oh I see, the madmen have actually went through with their threat to give every bugfix a CVE number, e.g. https://cve.circl.lu/cve/CVE-2024-27078

     this is going to be astonishingly disruptive but also incredibly, unbelievably funny to watch, so it's impossible to say if it's good or not

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 07-May-2024 06:37:58 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @whitequark *coughs in rust stdlib itself getting CVEs*
   • Embed this notice
     ✧✦✶✷Catherine✷✶✦✧ (whitequark@mastodon.social)'s status on Tuesday, 07-May-2024 06:37:59 JST ✧✦✶✷Catherine✷✶✦✧

     in reply to

     also it can obviously be solved by simply rewriting the Linux kernel in Rust, as a result of which it will stop having CVEs

   • Embed this notice
     Piggo :verified_horse: (piggo@piggo.space)'s status on Tuesday, 07-May-2024 06:38:49 JST Piggo :verified_horse:

     in reply to

     • sanfierro
     @whitequark @sanfierro this is similar to how in a programming course we had to write some java and the teacher did not set any limits on execution time or memory usage so I generated an incredibly complex nested class that eventually passed the automated test and they had to accept it as a solution
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     ✧✦✶✷Catherine✷✶✦✧ (whitequark@mastodon.social)'s status on Tuesday, 07-May-2024 06:38:50 JST ✧✦✶✷Catherine✷✶✦✧

     in reply to

     • sanfierro

     @sanfierro the Linux kernel maintainers are being petty about people somewhat arbitrarily classifying bugfixes to the kernels as "security-sensitive" and "not security-sensitive" so they decided to publish literally every bugfix as if it was a security bug, because it _might_ and there is no downside (to them) to doing it

   • Embed this notice
     ✧✦✶✷Catherine✷✶✦✧ (whitequark@mastodon.social)'s status on Tuesday, 07-May-2024 06:38:50 JST ✧✦✶✷Catherine✷✶✦✧

     in reply to

     • sanfierro

     @sanfierro this is like a 3rd grader level immaturity about what is a complex sociotechnical issue; immaturity so deep the systems are not actually prepared to deal with it so this will make a bunch of entirely unrelated people's lives very miserable for a while

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     sanfierro (sanfierro@pony.social)'s status on Tuesday, 07-May-2024 06:38:51 JST sanfierro

     in reply to

     @whitequark As someone who's never hacked the Linux kernel and uses it only as a regular (not really power) user, this feels scary, although I feel like I need someone savvy to explain to me what the implications are, etc