Jeremy Allison - Sam - Slashdot User

Slashdot

●Stories

●Firehose

●All

●Popular

●Polls

●Software

●Thought Leadership

Submit

Search Slashdot

● Login

●or

● Sign up

●Topics:

●Devices

●Build

●Entertainment

●Technology

●Open Source

●Science

●YRO

●Follow us:

●RSS

●Facebook

●LinkedIn

●Twitter

● Youtube

● Mastodon

●Bluesky

Please create an account to participate in the Slashdot moderation system

Nickname:

Password:

Public Terminal

Forgot your password?
Close

binspam dupe notthebest offtopic slownewsday stale stupid fresh funny insightful interesting maybe offtopic flamebait troll redundant overrated insightful interesting informative funny underrated descriptive typo dupe error

MongoDB Atlas: Multi-cloud, modern database on AWS, Azure, and Google Cloud. Get access to our most high performance version ever, with faster and easier scaling at lower cost.

×

180253083 comment

Comment News at 11. (Score 1) 95

byJeremy Allison - Sam on Monday December 01, 2025 @03:00PM (#65828531) Attached to: Netflix Kills Casting From Phones

Proprietary service drops support for proprietary protocol..

179888134 submission

Submission + - Python Software Foundation refuses $1.5 million grant with anti DEI provision. (blogspot.com) 1

Submitted by Jeremy Allison - Sam on Monday October 27, 2025 @08:50PM

Jeremy Allison - Sam writes: The PSF has withdrawn a $1.5 million proposal to US government grant program.

"We became concerned, however, when we were presented with the terms and conditions we would be required to agree to if we accepted the grant. These terms included affirming the statement that we “do not, and will not during the term of this financial assistance award, operate any programs that advance or promote DEI, or discriminatory equity ideology in violation of Federal anti-discrimination laws.”

176704271 comment

Comment Re:That library file limit (Score 1) 7

byJeremy Allison - Sam on Thursday March 13, 2025 @12:26PM (#65230627) Attached to: Sonos Cancels Its Streaming Video Player

Nope. That's why I changed all my players to BlueOS.

175898267 comment

Comment Re:F-Sonos (Score 1) 38

byJeremy Allison - Sam on Monday January 13, 2025 @03:55PM (#65086107) Attached to: Sonos CEO Patrick Spence Steps Down After Disastrous App Launch

I replaced all my SONOS connects with BlueSound node Nano devices. A pricey replacement, but worth it.
As a bonus I was now able to turn off SMB1 on my home Samba server !

175001971 comment

Comment Re:Why Samba? (Score 1) 33

byJeremy Allison - Sam on Sunday September 15, 2024 @01:55PM (#64789099) Attached to: 'Samba' Networking Protocol Project Gets Big Funding from the German Sovereign Tech Fund

> Every large NAS vendor (Synology, QNAP, etc) has their own SMB server they wrote themserlves
That's untrue. Both Synology and QNAP use Samba. QNAP contributes code and bugfixes back to samba.org (Hi Jones !).

174983609 submission

Submission + - Samba gets funding from the German Sovereign Tech Fund.

Submitted by Jeremy Allison - Sam on Thursday September 12, 2024 @12:46PM

Jeremy Allison - Sam writes: The Samba project has secured significant funding (€688,800.00) from the German
Sovereign Tech Fund (STF) to advance the project. The investment was
successfully applied for by SerNet. Over the next 18 months, Samba developers
from SerNet will tackle 17 key development subprojects aimed at enhancing
Samba’s security, scalability, and functionality.

The Sovereign Tech Fund is a German federal government funding program that
supports the development, improvement, and maintenance of open digital
infrastructure. Their goal is to sustainably strengthen the open source
ecosystem.

The project's focus is on areas like SMB3 Transparent Failover, SMB3 UNIX
extensions, SMB-Direct, Performance and modern security protocols such as SMB
over QUIC. These improvements are designed to ensure that Samba remains a
robust and secure solution for organizations that rely on a sovereign IT
infrastructure. Development work began as early as September the 1st and is
expected to be completed by the end of February 2026 for all sub-projects.

All development will be done in the open following the existing Samba
development process. First gitlab CI pipelines have already been running [4]
and gitlab MRs will appear soon!

https://samba.plus/blog/detail...

https://www.sovereigntechfund....

173911565 comment

Comment Re:Maybe (Score 1) 104

byJeremy Allison - Sam on Sunday May 19, 2024 @12:57AM (#64482291) Attached to: Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security

The upstream Linux kernel doesn't differentiate between security bugs and "normal" bug fixes. So the new kernel.org CNA just assigns CVE's to all fixes. They don't score them.
Look at the numbers from the whitepaper:
"In March 2024 there were 270 new CVEs created for the stable Linux kernel. So far in April 2024 there are 342 new CVEs:"

173911539 comment

Comment Re:Yeah (Score 1) 104

byJeremy Allison - Sam on Sunday May 19, 2024 @12:49AM (#64482277) Attached to: Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security

Yes ! That's exactly the point. Trying to curate and select patches for a "frozen" kernel fails due to the firehose of fixes going in upstream.
And in the kernel many of these could be security bugs. No one is doing evaluation on that, there are simply too many fixes in such a complex code base to check.

173911531 comment

Comment Re:Synology .. (Score 1) 104

byJeremy Allison - Sam on Sunday May 19, 2024 @12:45AM (#64482271) Attached to: Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security

Oh that's really sad. I hope they use a more up to date version of Samba :-).

173911529 comment

Comment Re:"ZDNET" (Score 1) 104

byJeremy Allison - Sam on Sunday May 19, 2024 @12:44AM (#64482269) Attached to: Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security

I don't see that argument in the blog or paper.
Did you read them ?
There are many more unfixed bugs in vendor kernels than in upstream. That's what the data shows.

173911503 comment

Comment Re:Maybe (Score 1) 104

byJeremy Allison - Sam on Sunday May 19, 2024 @12:38AM (#64482263) Attached to: Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security

You're missing something.
New bugs are discovered upstream, but the vendor kernel maintainers either aren't tracking, or are being discouraged from putting these back into the "frozen" kernel.
We even discovered one case where a RHEL maintainer fixed a bug upstream, but then neglected to apply it to the vulnerable vendor kernel. So it isn't like they didn't know about the bug. Maybe they just didn't check the vendor kernel was vulnerable.
I'm guessing management policy discouraged such things. It's easier to just ignore such bugs if customer haven't noticed.

173911481 comment

Comment Re:"ZDNET" (Score 1) 104

byJeremy Allison - Sam on Sunday May 19, 2024 @12:33AM (#64482259) Attached to: Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security

Gordon, Gordon, don't you ever get tired of your obsession ?
"Towards thee I roll, thou all-destroying but unconquering whale; to the last I grapple with thee; from hellâ(TM)s heart I stab at thee; for hateâ(TM)s sake I spit my last breath at thee."

173911471 comment

Comment Re:Frozen distros are a must in some areas... (Score 1) 104

byJeremy Allison - Sam on Sunday May 19, 2024 @12:31AM (#64482255) Attached to: Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security

Very astute comment. The white paper shows that the frozen "vendor" kernel model really doesn't work. And if people can't / won't upgrade then maybe alternative security precautions around a known insecure kernel is the best we can do.

173891517 submission

Submission + - Why a 'frozen' distribution Linux kernel isn't the safest choice for security (zdnet.com) 1

Submitted by Jeremy Allison - Sam on Thursday May 16, 2024 @04:01PM

Jeremy Allison - Sam writes: Cracks in the Ice: Why a 'frozen' distribution Linux kernel isn't the safest choice for security

https://ciq.com/blog/why-a-fro...

This is an executive summary of research that my colleagues Ronnie Sahlberg and Jonathan Maple did, published as a whitepaper with all the numeric details here:

https://ciq.com/whitepaper/ven...

Steven Vaughan-Nichols is covering the release of this
data here:

https://www.zdnet.com/article/...

173858487 comment

Comment Oh look, the Telehuman :-). (Score 3, Informative) 18

byJeremy Allison - Sam on Monday May 13, 2024 @11:32AM (#64469013) Attached to: Google Bringing Project Starline's 'Magic Window' Experience To Real Video Calls

I'm just gonna leave this here..
https://www.youtube.com/watch?...

« Newer Older »

Slashdot Top Deals

Jeremy Al...
Firehose
Comments
Submissions
Friends
Tags
Achievements

Nickname:

Password:

Public Terminal

Forgot your password?

Close

Jeremy Allison - Sam (8157)

●(email not shown publicly)
http://samba.org/~jra

Jeremy Allison - Sam's Achievements

● Days Read in a Row

● Submitted a Story That Was Posted

● The Contradictor

Jeremy Allison - Sam's Comments

● News at 11.

● Re:That library file limit

● Re:F-Sonos

● Re:Why Samba?

● Re:Maybe

Jeremy Allison - Sam's Tags

● slashdot (submissions)

● interesting (submissions)

● !military (stories)

● fresh (submissions)

● slownewsday (submissions)

Jeremy Allison - Sam's Submissions

● Python Software Foundation refuses $1.5 million grant with anti DEI provision.

● Samba gets funding from the German Sovereign Tech Fund.

● Why a 'frozen' distribution Linux kernel isn't the safest choice for security

● RHEL Panel Discussion at FOSSY 2023

● Software Freedom Conservancy files GPL lawsuit against Visio

Slashdot

● Submit Story

If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro

●FAQ

●Story Archive

●Hall of Fame

●Advertising

●Terms

●Privacy Statement

●About

●Feedback

●Mobile View

●Blog

Icon

Do Not Sell or Share My Personal Information

Copyright © 2026 Slashdot Media. All Rights Reserved.

×

Close

Close

Slashdot

Working...