Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment As a programmer: Quake (Score 1) 228

Full disclosure: I was somewhat involved with the Quake development, helped Mike Abrash a little bit to optimize the asm code that actually made a pure SW 3D rasterizer fast enough to be playable.

The Castle Wolfenstein - Doom - Quake progression might seem from the outside to be a fairly linear upgrade path, but in reality Quake was at least an order of magnitude harder to achieve.

Just the number of amazing ideas John Carmack managed to come up with in order to make a real 3D game possible will forever give Quake a special place in my programming heart.

Terje

Comment Re:Not suprising for rich country with EV incentiv (Score 1) 137

I'm Norwegian, have driven EVs since around 2000, and only EVs since March 2016:

This was the first time I could buy an EV which had both a long enough range to drive up to the Telemark mountains to go skiing, and had the 4WD to reliably get up hills on snowy/icy roads. At the time, this was a Tesla Model S, which we since sold to our son, replacing it with the "made for Norway" Model Y (which has been the best-selling vehicle in Norway for the last 3 years).

As noted above, we started with a lot of EV incentives, we saved over $5000 per year in gas and toll road fees until around 2020 when they (as planned) started to roll back some of those incentives.

However, all of that doesn't really matter: By now it is pretty much inconceivable for most Norwegians to buy any new non-EV vehicle: They are just so much better!

Terje

Submission + - Samba gets funding from the German Sovereign Tech Fund.

Jeremy Allison - Sam writes: The Samba project has secured significant funding (€688,800.00) from the German
Sovereign Tech Fund (STF) to advance the project. The investment was
successfully applied for by SerNet. Over the next 18 months, Samba developers
from SerNet will tackle 17 key development subprojects aimed at enhancing
Samba’s security, scalability, and functionality.

The Sovereign Tech Fund is a German federal government funding program that
supports the development, improvement, and maintenance of open digital
infrastructure. Their goal is to sustainably strengthen the open source
ecosystem.

The project's focus is on areas like SMB3 Transparent Failover, SMB3 UNIX
extensions, SMB-Direct, Performance and modern security protocols such as SMB
over QUIC. These improvements are designed to ensure that Samba remains a
robust and secure solution for organizations that rely on a sovereign IT
infrastructure. Development work began as early as September the 1st and is
expected to be completed by the end of February 2026 for all sub-projects.

All development will be done in the open following the existing Samba
development process. First gitlab CI pipelines have already been running [4]
and gitlab MRs will appear soon!

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fsamba.plus%2Fblog%2Fdetail...

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.sovereigntechfund....

Comment Re:Maybe (Score 1) 104

The upstream Linux kernel doesn't differentiate between security bugs and "normal" bug fixes. So the new kernel.org CNA just assigns CVE's to all fixes. They don't score them.

Look at the numbers from the whitepaper:

"In March 2024 there were 270 new CVEs created for the stable Linux kernel. So far in April 2024 there are 342 new CVEs:"

Comment Re:Yeah (Score 1) 104

Yes ! That's exactly the point. Trying to curate and select patches for a "frozen" kernel fails due to the firehose of fixes going in upstream.

And in the kernel many of these could be security bugs. No one is doing evaluation on that, there are simply too many fixes in such a complex code base to check.

Comment Re:Maybe (Score 1) 104

You're missing something.

New bugs are discovered upstream, but the vendor kernel maintainers either aren't tracking, or are being discouraged from putting these back into the "frozen" kernel.

We even discovered one case where a RHEL maintainer fixed a bug upstream, but then neglected to apply it to the vulnerable vendor kernel. So it isn't like they didn't know about the bug. Maybe they just didn't check the vendor kernel was vulnerable.

I'm guessing management policy discouraged such things. It's easier to just ignore such bugs if customer haven't noticed.

Submission + - Why a 'frozen' distribution Linux kernel isn't the safest choice for security (zdnet.com) 1

Jeremy Allison - Sam writes: Cracks in the Ice: Why a 'frozen' distribution Linux kernel isn't the safest choice for security

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fciq.com%2Fblog%2Fwhy-a-fro...

This is an executive summary of research that my colleagues Ronnie Sahlberg and Jonathan Maple did, published as a whitepaper with all the numeric details here:

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fciq.com%2Fwhitepaper%2Fven...

Steven Vaughan-Nichols is covering the release of this
data here:

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2F...

Slashdot Top Deals

The person who makes no mistakes does not usually make anything.

Working...