Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Perceptions of history (Score 1) 88

"It can technically rewrite code from an old language like Perl in a new one like Python".

Both languages are from the same vintage. Python is from the early 90s and Perl late 80s. Reminiscent of persistent belief JSON is new yet XML is old.

True, but Perl isn't used for many new projects these days. Python developers are much easier to find than Perl developers, and probably cheaper, which is what this exercise is really about.

Comment Re:what the hell actually went wrong? (Score 1) 10

The problem was made much worse by the fact that the UK Post Office is allowed to bring its own criminal prosecutions. If they had to do what everyone else does - ask the police to investigate, and the police then have to convince the Crown Prosecution Service that there's a reasonable chance of getting a conviction - many of these cases would've been thrown out for lack of evidence.

Comment Too complicated and too little reach (Score 1) 14

I heard about it when it launched, but it doesn't seem to have made much of an impact. I think it was meant to compete with dedicated websites for serialised fiction, like WebNovel and Dreame, and maybe even Wattpad. But you had to pay for episodes with some Amazon-only currency that you couldn't use for anything else, not even other stuff that Amazon sells.

Amazon didn't make it very appealing to writers, either. I write fiction (as a hobby-that-sometimes-pays-for-dinner-or-beers). Amazon might've relaxed the rules since I looked at Vella, but I think I would've had to write something specifically for Vella. They wouldn't accept anything that had been published anywhere else, not even on their other exclusive platform, Kindle Unlimited. (That one's been a runaway success. Maybe they thought it would be easy to replicate with a different reading model.) The Amazon-only money made it hard to work out how much I'd get paid for each chapter or story that a reader read. I didn't bother looking into whether I'd be allowed to publish a Vella-specific story somewhere else after some time. The idea of having to write exclusively for an as-yet-unproven market was enough of a deal breaker on its own.

More telling, perhaps - I'm in various writers' groups on Facebook, with many members who are much more successful than me, and I don't think I've ever seen anyone mention Vella as a viable marketplace for stories.

Submission + - Samba gets funding from the German Sovereign Tech Fund.

Jeremy Allison - Sam writes: The Samba project has secured significant funding (€688,800.00) from the German
Sovereign Tech Fund (STF) to advance the project. The investment was
successfully applied for by SerNet. Over the next 18 months, Samba developers
from SerNet will tackle 17 key development subprojects aimed at enhancing
Samba’s security, scalability, and functionality.

The Sovereign Tech Fund is a German federal government funding program that
supports the development, improvement, and maintenance of open digital
infrastructure. Their goal is to sustainably strengthen the open source
ecosystem.

The project's focus is on areas like SMB3 Transparent Failover, SMB3 UNIX
extensions, SMB-Direct, Performance and modern security protocols such as SMB
over QUIC. These improvements are designed to ensure that Samba remains a
robust and secure solution for organizations that rely on a sovereign IT
infrastructure. Development work began as early as September the 1st and is
expected to be completed by the end of February 2026 for all sub-projects.

All development will be done in the open following the existing Samba
development process. First gitlab CI pipelines have already been running [4]
and gitlab MRs will appear soon!

https://samba.plus/blog/detail...

https://www.sovereigntechfund....

Comment Re:Maybe (Score 1) 104

The upstream Linux kernel doesn't differentiate between security bugs and "normal" bug fixes. So the new kernel.org CNA just assigns CVE's to all fixes. They don't score them.

Look at the numbers from the whitepaper:

"In March 2024 there were 270 new CVEs created for the stable Linux kernel. So far in April 2024 there are 342 new CVEs:"

Comment Re:Yeah (Score 1) 104

Yes ! That's exactly the point. Trying to curate and select patches for a "frozen" kernel fails due to the firehose of fixes going in upstream.

And in the kernel many of these could be security bugs. No one is doing evaluation on that, there are simply too many fixes in such a complex code base to check.

Comment Re:Maybe (Score 1) 104

You're missing something.

New bugs are discovered upstream, but the vendor kernel maintainers either aren't tracking, or are being discouraged from putting these back into the "frozen" kernel.

We even discovered one case where a RHEL maintainer fixed a bug upstream, but then neglected to apply it to the vulnerable vendor kernel. So it isn't like they didn't know about the bug. Maybe they just didn't check the vendor kernel was vulnerable.

I'm guessing management policy discouraged such things. It's easier to just ignore such bugs if customer haven't noticed.

Slashdot Top Deals

A motion to adjourn is always in order.

Working...