Can Artuc

@canartuc
3 Followers
1 Following
73 Posts
Writing about the people and projects behind Linux and open source. 20+ years building software and data architectures. No hype, no tutorials. Articles and Free Newsletter: canartuc.com
Webcanartuc.com
Can Artuc1d ago

Anthropic pointed Claude Code at Linux kernel source files one at a time, framed as a security puzzle. It found a heap overflow in NFS code hiding since March 2003. Four more kernel bugs followed. 500+ validated vulnerabilities in weeks. Linux Foundation set aside $12.5M to help maintainers cope. Nobody found a volunteer to maintain a Google Drive library for 3.5 years. The bottleneck was never the bugs.

#LinuxKernel #OpenSource #SecurityResearch #AISecurity

Can Artuc1d ago

Anthropic pointed Claude Code at the #linux kernel source one file at a time, framed as a security puzzle. Found a heap overflow in NFS (Network File System) hiding since March 2003. Four more kernel bugs followed. 500+ validated vulnerabilities across open source in weeks.

Linux Foundation set aside $12.5M to help maintainers cope. Meanwhile, nobody could find one volunteer to maintain a Google Drive library for three and a half years. The bottleneck was never the bugs but the unpaid people.

Show threadCan Artuc2d ago
For more today's topics: https://www.canartuc.com/an-ai-agent-filed-a-dmca-takedown-the-rights-holder-had-no-idea/
An AI Agent Filed a DMCA Takedown. The Rights Holder Had No Idea.

An unauthorized AI agent filed a DMCA (Digital Millennium Copyright Act) copyright takedown against gallery-dl, and the rights holder never approved it. Linux 7.0-rc7 confirms April 13 stable release.

Can Artuc
Can Artuc2d ago

gallery-dl, an open source media downloader, got a DMCA takedown on GitHub filed through a third-party service. The CEO of the company whose copyrights were cited said an AI agent sent it "without our approval or permission."

The maintainer removed nine components. The project migrated to Codeberg. US law requires takedown notices under penalty of perjury. When an AI agent submits one autonomously, no one in the chain authorized the legal action.

#FOSS #OpenSource

Show threadCan Artuc3d ago
If you're curious about "Elephant in the room": https://www.canartuc.com/linux-70s-postgresql-crisis-openclaws-triple-cve-tigerfs/
📬 Linux 7.0's PostgreSQL Crisis, OpenClaw's Triple CVE, TigerFS

Linux 7.0-rc7 ships days before stable with PostgreSQL throughput halved on AWS Graviton4 and no fix in sight. OpenClaw collects three critical CVEs in three months. TigerFS mounts PostgreSQL as a filesystem for AI agents.

Can Artuc
Can Artuc3d ago

#Linux 7.0 removed a CPU scheduling mode #PostgreSQL (a widely deployed open source database) relied on for internal locking. Result: throughput on AWS Graviton4 (Amazon ARM servers) dropped to 49% of normal.

The kernel team says PostgreSQL should adopt RSEQ, a newer Linux API for safe lock restarts. PostgreSQL cannot ship that before Linux 7.0 goes stable mid-April.

Ubuntu 26.04 LTS ships April 23. LTS means five years. Teams on AWS ARM who upgrade will hit this silently.

Show threadCan Artuc4d ago
It was a very active week, more: https://www.canartuc.com/open-source-linux-weekly-w142026/
📬 Open Source & Linux Weekly - W142026

European Commission loses 340 GB to supply chain attack, Linux doubles macOS on Steam at 5.33%, PHP ends 26 years of license confusion with a 51-0 BSD vote.

Can Artuc
Can Artuc4d ago
Greg Kroah-Hartman (Linux kernel maintainer) told The Register that AI bug reports stopped being garbage about a month ago, and nobody knows why. Torvalds noticed independently. Of 60 AI patches Kroah-Hartman reviewed, two-thirds were correct. Real reports, real fixes, systematic. Meanwhile, Linux crossed 5.33% on Steam, doubling macOS at 2.35%. The 3.10 point monthly jump is the largest in Steam survey history. SteamOS is the driver. #Linux #OpenSource
Show threadCan Artuc5d ago
For more details: https://www.canartuc.com/teampcp-trivy-compromise-european-commission-aws-breach-confirmed/
TeamPCP Trivy Compromise: European Commission AWS Breach Confirmed

CERT-EU confirms EC cloud breach via Trivy scanner. OpenClaw: 250K stars, 135K exposed. Sonatype: 454K malicious packages. 65% of CVEs have no severity score.

Can Artuc
Can Artuc5d ago

The European Commission ran Trivy, a security scanner, inside its automated build pipeline on AWS. A criminal group called TeamPCP poisoned Trivy itself.

The scanner had elevated permissions. Attackers used that access to steal 340 GB. ShinyHunters, a data extortion gang, published the dataset. 71 hosted clients affected.

Same attack hit Sportradar (23,169 athlete records, 328 API credential pairs offered for up to $50K) and 1,000+ other organizations.

#OpenSource #Cybersecurity