Rendered at 15:53:49 GMT+0000 (Coordinated Universal Time) with Netlify.
tptacek 18 hours ago [-]
Reads kind of sales-pitchy. Every day we see another actively exploited Linux LPE; have you thought about your SBOM today?
ohnei 17 hours ago [-]
I like nix and its approach but if I'm being honest I think its also getting easier to be sloppy about dependencies and ask AI to find any dependencies that might be missing from the cleanly installed packaging metadata. There's maybe a paradox for developers in that we can try to drop structure and brute force scan first intensively enough to catch anything likely to get caught or we can ask AI to finally apply all the rigorous methods we decided were too expensive for routine software and probably have minimally more things to run with each release.
ronef 18 hours ago [-]
I feel we should definitely be digging way beyond the SBOM... but also wondering if the forecasting in the general ecosystem is on point or not.
ronef 18 hours ago [-]
I.e. is this overhyped?
tremon 17 hours ago [-]
Are you offering an easy fix for that "Linux" line on your SBOM?
tptacek 16 hours ago [-]
No, I'm making an aesthetic critique of a promotional blog post, as an author of commercial technical blog posts myself.
edelbitter 16 hours ago [-]
I found that reducing my "Linux" lines from ~21000 (including net-pf-16-proto-21) down to those ~3000 I might actually use (e.g. udp_tunnel) to be a fairly effective method of not having to care about each and every newly discovered memory safety hazard.
abirch 16 hours ago [-]
I remember my earlier days of Linux of having to compile a kernel module to read from cdrom. Seems like Linux has gone too far in the other direction of having modules that you will probably never need.
tremon 15 hours ago [-]
That's the same thing that people say about MS Office: nobody uses more than 15% of its feature set, but everyone uses a different 15%. "Linux" having these modules is what keeps it relevant and prevalent in different fields and niches. Whether distro's should ship this many modules by default is a different question, but then we're no longer talking about Linux the kernel.
edelbitter 14 hours ago [-]
Not just shipping features - that part is little more than disk space, for features already neatly isolated into modules. I see potential in improved tooling to express "do not autoload anything below this tree" in a more reliable and manageable manner. I know my 15% (far below that, actually), and many more users could express theirs in some deploy config..
If only that did not incur the cost of watching upstream changing things for no reason, or for the recurring reason of kconfig being a fairly error-prone method of expressing & validating dependency trees.
philodeon 1 hours ago [-]
Not only are there a vast amount of modules you’ll never need, the distros build and distribute most of them.
jambay 18 hours ago [-]
There has been so much discussion about the increase of volume in CVEs. I love that it's super apparent from looking at that graph of CVEs by year, there is a noticeable bend in the slope upward in the 2026 plot. It's not just hype, the rate of CVEs is changing faster than prior years.
LoganDark 18 hours ago [-]
That is not the title of the article:
> Achieving CVE Remediation in an Era of Escalating Vulnerabilities
> Achieving CVE Remediation in an Era of Escalating Vulnerabilities