Profile cover photo
Profile photo
Matthew Garrett
3,588 followers
3,588 followers
About
Matthew's posts

Post has attachment
Thoughts on the questions that people should be asking about IoT security, rather than the ones that they are asking

Post has attachment
500,000 infected devices is enough to create a botnet capable of crippling the internet. There's over 8 billion IoT devices. We're not going to fix this by inspecting devices at the border or forcing recalls.

Post has attachment
The Ubuntu Snap package format is most of the way to a genuine improvement in protecting users from compromised or untrustworthy apps, but right now it adds basically zero security for desktop users

Post has attachment

Post has attachment
Intel's documentation implies that Skylake devices may die early under Linux, so probably best not to buy one until that's fixed

Post has attachment
Matthew Garrett commented on a post on Blogger.
There are no such exceptions for drivers such as nvidia.ko.

Post has attachment
+Eric Raymond's arguments in favour of "meritocracies" being fundamental to hacker culture ignore the reality that projects organised along these lines:

a) have a smaller potential contributor pool
b) fulfill a smaller set of needs and
c) /aren't actually as meritocratic as they believe/

The net result is that a fixation on meritocracy is likely to result in lower quality output, the exact reverse of his stated goal. When people point out bugs in our development process, the appropriate reaction is to fix them, not to argue that those pointing out the bugs should be ejected from our communities.

Ok +Mark Shuttleworth - if I commit to doing the work to separate the Ubuntu trademarks into separate packages and make it easier for people to produce derivative works of Ubuntu without any risk of being confused for official products, will you commit to updating the IP policy to make it clear that removing those packages is sufficient to avoid any legal issues?

Post has attachment
Canonical finally told me that, while they were happy to grant me a license to redistribute Ubuntu binaries, they wouldn't allow me to pass that on to downstream recipients and also wouldn't tell me what changes I would need to make to avoid downstream recipients needing to get a license. When you're refusing to tell people what they need to do before they can redistribute free software, is it really free?

Post has attachment
A lot of people seem comfortable with the current state of security in the kernel. They shouldn't be.
Wait while more posts are being loaded