Profile cover photo
Profile photo
Greg Kroah-Hartman
About
Posts

Post has attachment
Good stuff from the netfilter team about the kernel GPLv2 license and a copyright troll.

Post has shared content
'[…] "Buying Into the Bias: Why Vulnerability Statistics Suck" by Steve Christey (MITRE) & Brian Martin (OSF)" are worth reading by anyone who thinks that it is easy to track vulnerabilities by a simple number, or by just a CVE, or really by any method at all. […]' That's a quote from a G+ post +Greg Kroah-Hartman shared a few days ago. He linked a whitepaper and a slides from the talk. Turns out there is a video recording as well. Really worth watching (but the slides are really great as well).
Greg's post: https://plus.google.com/+gregkroahhartman/posts/EyRv8WjbWqR
Whitepaper: https://media.blackhat.com/us-13/US-13-Martin-Buying-Into-The-Bias-Why-Vulnerability-Statistics-Suck-WP.pdf
Slides: https://media.blackhat.com/us-13/US-13-Martin-Buying-Into-The-Bias-Why-Vulnerability-Statistics-Suck-Slides.pdf

Post has attachment
On one of my recent trips, someone came up to me with a graph showing the number of CVEs assigned to the Linux kernel over time and asked me what was going on (note, the graph was going up.) I only had a moment to say that you can't judge anything by a CVE count before I had to go off to somewhere else, but here is the link I wish I had known about at the time to show them.

"Buying Into the Bias: Why Vulnerability Statistics Suck" by Steve Christey (MITRE) & Brian Martin (OSF)" are worth reading by anyone who thinks that it is easy to track vulnerabilities by a simple number, or by just a CVE, or really by any method at all.

And here's a whitepaper to read about it as well:
https://media.blackhat.com/us-13/US-13-Martin-Buying-Into-The-Bias-Why-Vulnerability-Statistics-Suck-WP.pdf

Remember, if anyone tells you "we only update our kernels when we have a CVE number assigned to the issue", run away fast, it's obvious they have no idea what they are talking about. And yes, I had the head of a very very large company's security team tell me that a few months ago. It was a fun argument that ensued (well fun for me, he wasn't happy in the end...)

Post has attachment
A podcast interview where I get to babble on about kernel development for an hour! It was a lot of fun, and look, they even have a transcript if you don't want to listen to the thing...

Post has attachment
Linux 4.12 is big, really big, like bigger than you thought big.

Note, ignore the "employers" numbers, they are way too low, need to update them soon...
Photo

Post has attachment
Most recent round of stable kernel updates were released while on one of these trains early in the morning.

You have all upgraded, right? 4.11, 4.9, 4.4, and 3.18 kernels are out there for you to install, what are you waiting for!!!
Photo

As no one seemed to make 4.9 blow up too badly, let's try this again!

4.14 == next LTS kernel I support for at least 2 years.

Any objections?

/me hops on a 12 hour flight to avoid the discussion...

Post has attachment
Messy desks are a good sign, right? Here's the latest desk setup, too many wires, too many power plugs, and too many USB storage devices for backup and testing, I need to clean up. Maybe later...
Photo

Post has attachment
Perfect for a developer to give to their manager for how to handle properly releasing the source code for your device when you are using Linux.

Highly recommended, as well as the free book, for anyone building a product with Linux.

Post has attachment
As it doesn't seem that very many people know about this Linux USB feature, here's a link to the userspace tool to provide access control to USB devices.

Oh, and we've had support for this for over a decade now, this is not anything new...
Wait while more posts are being loaded