bumpusoot [any]

If there’s a serious security bug, like Heartbleed, you should totally update and reboot the service. That is basically the only “must” for staying atop things. The rest is mostly personal preference.

In my job I maintain publically exposed Linux servers, and many of them don’t get rebooted for years. I think our record is about five years.

Yes, if you want your server to be theoretically the rootinest tootinest securest setup ever, you should update about every 6 hours, but even then you’re just more vulnerable to repo attacks (which have happened a few times lately). Apt upgrade every month or three is probably good practice to keep on top of bugs.

So really, how frequently do you need to reboot? Eh. So long as it works, there are no critical kernel vulnerabilities, and updates are available, I really would argue you should never “have” to.

Servers are horses for courses, if you’re being heavily targeted by hackers, obviously stay on top of updates, but if your server is pootling along without harassment and doesn’t contain life-altering stuff if it got leaked, then don’t worry too much. A standard, barely-changing, ‘stable’ build is usually a very secure one.

So long as the foundation and the official “owners” of the kernel are US based, then the real answer is “because it’s the law”. Despite the fact the kernel is maintained and used throughout the globe, other countries’ laws are entirely irrelevant, but people who employed in a country are typically held to its laws.

The real mistake was having a registered company in the US that they’re unable to realistically move abroad.

In a world with sense, someone vaguely accountable in a new country will fork the kernel, that just becomes the de facto new kernel, doesn’t seem likely. We can only wait and see.

From that same mail thread:

Moreover, we have to remove any maintainers who come from the following countries or regions, as they are listed in Countries of Particular Concern and are subject to impending sanctions:

• Burma, People’s Republic of China, Cuba, Eritrea, Iran, the Democratic People’s Republic of Korea, Nicaragua, Pakistan, Russia, Saudi Arabia, Tajikistan, and Turkmenistan.
• Algeria, Azerbaijan, the Central African Republic, Comoros, and Vietnam.

For People’s Republic of China, there are about 500 entities that are on the U.S. OFAC SDN / non-SDN lists, especially HUAWEI

Some patches are linked where it looks like they’re trying to remove vast swathes of Chinese maintainers as well. If they insist with being a US lapdog like this then Linux kernel (as maintained by the Foundation/Torvalds etc) is fucking dead, no contest.

It’s interesting reading. Seems a lot of sole maintainers have been removed, so lots of important parts will start breaking. There’s also a lot of acknowledgement in the comments that chinese developers are an essential part of Linux development nowadays. And the US just gave China a very good reason to not collaborate on their projects, and there’ll be plenty rightly pissed off Russian developers who’ll be looking for something else to work on…

Just as the US is losing economic dominance, I wonder if this is the beginning of similarly losing its dominance in software development.

Honestly nobody should ever really be shaming for forking. It is the basis of all open software and all successful software development in history. Linux itself is obviously just a fork of Minix with GNU. And it is the traditional means of open-source and forking with which communities can and should quickly move away from bullshit like this to prevent corporate/government monopolization of it.

Given a small allocation can take only a few hundred cycles, and this would take at minimum a few seconds, it’s probably between a billion and a trillion times slower.

I just can’t enjoy this. I recognise it’s a technological feat, but giving an ounce of positive praise to these first steps to privatized solar-system destroying shit just hurts. Society would be better off if it had exploded.

100%. Reusable rockets in this fashion were even envisioned and designed by NASA many decades ago, they just never had the funding to do it.

To be honest, you could replicate this same graph for everything and anything in life. To me personally, it really isn’t news, neither is the size of the effect. Social mobility in western society is insanely low (and honestly not amazing anywhere). :same-graph:

However, this fact really does need to be hammered into peoples’ heads: Even if you only care about meritocracy, capitalism is an awful system as we’re clearly denying ~90% of potential achievers from achieving by allowing this kind of inequality. The wealth you’re born into is the biggest indicator of success in life, to such an insane degree that it’s borderline the ONLY indicator of your chance of success in life.

Even revolutionary leaders are most typically bourgeoisie-born class traitors. Turns out having food, education, stable family, reliable shelter and healthcare, and opportunities in life really, really helps.

I’d bet life savings the same way. Without a signficant newsworthy breakthrough that we’d already heard about, there’s not a chance in hell this company is making energy from nuclear fusion in 4 years.

Germany never knew how to handle the DDR correctly.

Thanks, guess that makes sense, kinda.

Instead of mass translating C code in some insane ready-to-ruin codebases project, why not just… make a compiler that addresses the vulnerabilities?

I don’t work in actual software development, though I do a little of it amongst other work.

When I need to slop out a one-time snippet or short script to do something, which I have to do like 10 times a day, it takes me like 3-20 minutes. ChatGPT 4 does it near-perfectly, takes one minute, and usually teaches me something on the way.

Plus when I need to work out how the fuck GDB works to debug shit, it’s an absolute lifesaver. The manual is very long and remembering all the memory examination commands is hard.

If you’re ever working on code over ~100 lines a long, then I basically agree as it takes massive debugging and is poorly factored to the point of being worthless. But for arcane, well-documented commands (ie obscure programming languages and linux tools), and short blasts of code, it’s genuinely incredibly useful on a daily basis.

I promise this isn’t true. AI is absolutely a scam in the sense that it’s overhype as fuck, but LLMs are frequently of practical use to me when doing basically anything technical. It has helped me solve real-life problems that actually materially helps others.