this post was submitted on 04 Apr 2026

43 points (100.0% liked)

Linux

64338 readers

672 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Significant raise of kernel security vulnerability reports (lwn.net)

submitted 1 day ago by HaraldvonBlauzahn@feddit.org to c/linux@lemmy.ml

14 comments fedilink hide all child comments

On the kernel security list we've seen a huge bump of reports. We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week over the last year with the only difference being only AI slop, and now since the beginning of the year we're around 5-10 per day depending on the days (fridays and tuesdays seem the worst). Now most of these reports are correct, to the point that we had to bring in more maintainers to help us.

Something I'm predicting is that at least it will change the approach to security fixes: [ ... ] software that used to follow the "release-then-go-back-to-cave" model will have to change to start dealing with maintenance for real, or to just stop being proposed to the world as the ultimate-tool-for-this-and-that because every piece of software becomes a target.

[ ... ]

Overall I think we're going to see a much higher quality of software, ironically around the same level than before 2000 when the net became usable by everyone to download fixes. When the software had to be pressed to CDs or written to millions of floppies, it had to survive an amazing quantity of tests that are mostly neglected nowadays since updates are easy to distribute. But before this happens, we have to experience a huge mess that might last for a few years to come! Interesting times...

all 15 comments

sorted by: hot top controversial new old

[–] originalucifer@moist.catsweat.com 16 points 1 day ago (2 children)

kinda scary when ai slop becomes successful ai analysis

[–] actionjbone@sh.itjust.works 25 points 1 day ago (3 children)

That's the thing, this isn't AI slop.

This is using the tools for their intended purpose, rather than trying to use them to replace human-written code.

[–] AmbitiousProcess@piefed.social 17 points 1 day ago (1 children)

Exactly. AI slop is just that. Slop.

If it's just an AI doing something useful, we don't call it slop, we just call it AI.

When Google's AlphaFold predicted the folding of over 200 million protein structures, and won a nobel prize for it, I don't think anyone would call all the research using it to make cures to diseases slop.

[–] NewOldGuard@lemmy.ml 14 points 1 day ago (1 children)

It’s the disadvantage of using a marketing term like “AI” to refer to literally any type of software using machine learning. We know the strengths and weaknesses of ML, it’s the current trend of pushing it as “intelligence” and a cure-all to replace workers that gives it a bad rap. Then the slop machine chatbots get treated with the same attitude as actually useful tools, and both get a reputation they don’t deserve

[–] bricklove@midwest.social 4 points 23 hours ago

My parents have started calling CGI made by humans AI

[–] RIotingPacifist@lemmy.world 3 points 1 day ago

Maybe it's not slop, but this can lead to lazy developers that don't grok the code they write.

Linus was right to be sceptical about unit tests in the kernel, writing to test without understanding the problem is common in my paid job. The AI enabled equivalent of writing code without truly understanding it, is going to be much worse and is a separate issue to the pure slop AI generates at the moment.

[–] HaraldvonBlauzahn@feddit.org 7 points 1 day ago (1 children)

I am thinking since a while that AI tools, as useless as they are generally, could for once become helpful in checking freshly developed code. Even if the actual code is smart, most bugs are in reality pretty dumb.

[–] originalucifer@moist.catsweat.com 2 points 1 day ago

welcome to 24 months ago... its a good time to pay attention, because things are now functional.

[–] solrize@lemmy.ml 10 points 1 day ago

Overall I think we’re going to see a much higher quality of software, ironically around the same level than before 2000 when the net became usable by everyone to download fixes. When the software had to be pressed to CDs or written to millions of floppies, it had to survive an amazing quantity of tests that are mostly neglected nowadays since updates are easy to distribute.

Finally someone else said that.

[–] HaraldvonBlauzahn@feddit.org 7 points 1 day ago

You could think that this development puts open source projects at a disadvantage.

But this does not seem to be the case: AI tools can also be used to automatically disassemble and even decompile closed-source code machine code, leaving it open to the same kind of analysis.

[–] dragnucs@lemmy.ml 4 points 1 day ago (1 children)

I don't know how long this pace will last. I suspect that bugs are reported faster than they are written, so we could in fact be puffing from the a long backlog (and I hope so).

It is going to take a given time then stabilizes then decline. I guess maybe a year or so, until all major flaws and bugs are discovered and addressed. Maybe the rust code would help in this. After that it would either go back to normal, which is most likely or developer get up to speed using right tools.

AI could help accelerate writing fixes for reported bugssmaw as it does for discovering them.

[–] RIotingPacifist@lemmy.world 4 points 1 day ago

AI is also likely to write bugs faster than they are reported.

Maybe the rust code would help in this.

Why? Are these bugs in modules that are memory management related?

[–] HaraldvonBlauzahn@feddit.org 4 points 1 day ago (1 children)

By the way, in the medium term, generalizing this development from the kernel to general distro packages, this could be a good argument to prefer using a rolling-release distro like Arch, SuSE Tumbleweed, or Guix over "stable" Distros like Debian or Ubuntu.

Debian has real advantages (it has one of the fastest response times to security vulnerabilities), but rolling release distros do have the advantage not only that they in theory can update fast, but that the dependent packages only need to be compatible with the latest version to ensure stability.

[–] PabloSexcrowbar@piefed.social 2 points 1 day ago

On the other hand, it could lead to Debian becoming so heavily tested and patched that it becomes its own thing akin to one of the BSDs.