I imagine the term was invented in some meeting where a super pedantic engineer was dismissing all other concerns because they were not on his list of "functions", and in desperation the rest of the people said, "geez, ok, look, these are non-functional requirements..."

You could well be right :-) I've noticed that names tend to stick, even as the thing that the name refers to changes, so that the name doesn't really fit any more. One example that comes to mind is RAM versus ROM. RAM is random-access memory, memory that you can access in any order, instead of having to access in sequence, like a tape. ROM is read-only memory, but that's random access too. If you say "RAM", people assume it's writeable, so why isn't RAM called RWM? Or why isn't ROM called RORAM?

(My guess is it's because early computers often didn't have any ROM, and to boot them, you had to enter a simple program into the RAM using switches on the front panel. That program would then load a more sophisticated program from tape or punched cards. When computers gained some storage to hold that simple program, the thing that distinguished it from other types of storage was that you couldn't alter it.)

The way someone explained it to me was that "functional" refers to the reason(s) why the system exists. What result is the user or customer trying to achieve? A non-functional requirement is something that the system needs to make it possible or practical to meet a functional requirement, but that would be of no use on its own. A system for administering loans needs an audit trail to comply with the law and to detect and prevent fraud, but there would be no point in having an audit trail on its own.

On the other hand, from the point of view of someone in the audit team, being able to audit the accounts is a functional requirement. Maybe everything is a functional requirement to somebody.

True, but Perl isn't used for many new projects these days. Python developers are much easier to find than Perl developers, and probably cheaper, which is what this exercise is really about.

Nope. That's why I changed all my players to BlueOS.

I replaced all my SONOS connects with BlueSound node Nano devices. A pricey replacement, but worth it.

As a bonus I was now able to turn off SMB1 on my home Samba server !

The problem was made much worse by the fact that the UK Post Office is allowed to bring its own criminal prosecutions. If they had to do what everyone else does - ask the police to investigate, and the police then have to convince the Crown Prosecution Service that there's a reasonable chance of getting a conviction - many of these cases would've been thrown out for lack of evidence.

I heard about it when it launched, but it doesn't seem to have made much of an impact. I think it was meant to compete with dedicated websites for serialised fiction, like WebNovel and Dreame, and maybe even Wattpad. But you had to pay for episodes with some Amazon-only currency that you couldn't use for anything else, not even other stuff that Amazon sells.

Amazon didn't make it very appealing to writers, either. I write fiction (as a hobby-that-sometimes-pays-for-dinner-or-beers). Amazon might've relaxed the rules since I looked at Vella, but I think I would've had to write something specifically for Vella. They wouldn't accept anything that had been published anywhere else, not even on their other exclusive platform, Kindle Unlimited. (That one's been a runaway success. Maybe they thought it would be easy to replicate with a different reading model.) The Amazon-only money made it hard to work out how much I'd get paid for each chapter or story that a reader read. I didn't bother looking into whether I'd be allowed to publish a Vella-specific story somewhere else after some time. The idea of having to write exclusively for an as-yet-unproven market was enough of a deal breaker on its own.

More telling, perhaps - I'm in various writers' groups on Facebook, with many members who are much more successful than me, and I don't think I've ever seen anyone mention Vella as a viable marketplace for stories.

> Every large NAS vendor (Synology, QNAP, etc) has their own SMB server they wrote themserlves

That's untrue. Both Synology and QNAP use Samba. QNAP contributes code and bugfixes back to samba.org (Hi Jones !).

The announcement of what they did in July says that NLNet has given (or will give) them €26,500, or about US$29,000, which suggests it's rather more than a hobby project.

The upstream Linux kernel doesn't differentiate between security bugs and "normal" bug fixes. So the new kernel.org CNA just assigns CVE's to all fixes. They don't score them.

Look at the numbers from the whitepaper:

"In March 2024 there were 270 new CVEs created for the stable Linux kernel. So far in April 2024 there are 342 new CVEs:"

Yes ! That's exactly the point. Trying to curate and select patches for a "frozen" kernel fails due to the firehose of fixes going in upstream.

And in the kernel many of these could be security bugs. No one is doing evaluation on that, there are simply too many fixes in such a complex code base to check.

Oh that's really sad. I hope they use a more up to date version of Samba :-).

I don't see that argument in the blog or paper.

Did you read them ?

There are many more unfixed bugs in vendor kernels than in upstream. That's what the data shows.

You're missing something.

New bugs are discovered upstream, but the vendor kernel maintainers either aren't tracking, or are being discouraged from putting these back into the "frozen" kernel.

We even discovered one case where a RHEL maintainer fixed a bug upstream, but then neglected to apply it to the vulnerable vendor kernel. So it isn't like they didn't know about the bug. Maybe they just didn't check the vendor kernel was vulnerable.

I'm guessing management policy discouraged such things. It's easier to just ignore such bugs if customer haven't noticed.