The Linux Foundation spends 2% of its money on Linux (kernel) and twice as much on "blockchain".

Edit: Updated to link directly to the annual report, as some folks objected to the techrights.org site (I'm unfamiliar with it, so I'll just trust and link directly).

Edit2: Maybe not? I have no idea what this chart means. It isn't explained in the text that I can find.

https://www.linuxfoundation.org/hubfs/Publications/2025%20Linux%20Foundation%20Annual%20Report_122225a_lr.pdf

RE: https://mastodon.social/@bagder/116448188069484288

Lots of people (including me) rushed to report on FOSS projects like curl being flooded with slop bug reports, to the point of having to kill their bug bounty. But now, things have changed: they are still receiving tons of AI-generated bug reports, but quality is now pretty good!
This doesn’t solve the problem of patching the bugs, let alone getting the patches deployed, but it’s a start.

Alright I better announce this actually. At 8UTC Sunday 10th May ("tomorrow, Sunday morning in Europe") I am speaking to

@bagder of #curl https://curl.se/ https://en.wikipedia.org/wiki/Curl_(software)

about becoming targetted by trillions of dollars of #AI companies #cybersecurity scanning, especially after he rejected their ai-content merge requests. And having to close bug bounties due to #llm spam.

...And what it means for #indie #programming today. #commonLisp #ecl 's 2010 example is curl, and and and.

Reminder that halting issuance is a recommended action during an incident & trustworthy CAs will do it early, until the problem is conclusively identified and remediated.

This happens for both for true "oh-shit" events, and "cross your t's dot your i's" compliance issues and you can't infer which bucket the incident is in just because issuance has stopped.

See
https://wiki.mozilla.org/CA/Responding_To_An_Incident#Immediate_Actions

Weekend at Bernie's - Which of your dependencies are wearing sunglasses?

https://nesbitt.io/2026/05/08/weekend-at-bernies.html