Slashdot

News for nerds, stuff that matters

Linus Torvalds on Rust, C, Bugs, and AI Patch-Checking Tools

"Git and email are the two really only tools I use," Linus Torvalds said at Open Source Summit India 2026. But ZDNet reports that he also shared his thoughts on Rust, C, and patch-checking tools:



"I use Google as a way to look things up." He added, "I'm unusual; most of the other maintainers end up using many more tools, and I think a lot of them are starting to use AI tools for patch checking," while he "works at a higher level. I work with people, not tools."

When asked about Rust both in Git and the kernel, he pushed back against hype: "I'm not sure Rust is going to take over the world. I still think Rust is very interesting, [but] I still find C to be a much simpler tool." Torvalds continued, "I'm much more excited about all the tools we have for verification of C," including "automated patch verification tools" and "automated email checking tools for patches like Sashiko." Summing up, Torvalds told the Mumbai audience: "I'm more of a hack-and-slash kind of person, and I still like the raw and simple power of C, and I don't think that's going to change."

Torvalds also warned against overestimating Rust's benefits: "Rust fixes a few easy bugs that you can make in C, but it does not fix the logic errors, right? It does not think for you, and when you write incorrect code, the language does not matter. The end result will be incorrect." On mixed C/Rust code bases, he pointed out that guarantees are limited: "The guarantees that Rust give you only apply in the Rust-only parts of your code base, and wherever you interact with C code, all bets are off," with most Rust code in Linux talking to "core kernel C code" that is "much better quality... because that code has been tested in every single environment."

At the same time, Torvalds pointed out, "some of our big and more high-profile bugs in the kernel lately have been logic errors" rather than the kind of memory errors Rust prevents.

"It was just bad programming, which sadly happens even in carefully maintained subsystems and important kernels that are supposed to be very secure."

Read more of this story at Slashdot.

Japan's Space Agency Conducts First Test Flight For Experimental Reusable Rocket

"Japan's experimental reusable rocket took off and safely landed in a first test flight Saturday," reports the Associated Press, as Japan "seeks to achieve the technology key to cut launch costs and compete in the global space market dominated by SpaceX."


The RV-X rocket lifted off, hovered and moved horizontally before landing [watch the video here] during its less than one-minute flight at the Japan Aerospace Exploration Agency's Noshiro Testing Center in northeastern Japan, which was livestreamed by the NVS, a group of space fans...
Saturday's flight is a step forward for Japan in achieving the technology needed to develop a lower cost successor to the country's current mainstay, single-use H3 series.

Japan's test comes the same week that China recovered an orbital booster rocket for the first time.

Read more of this story at Slashdot.

Scheidsrechter Rob Dieperink (38) dood

Gruwelijk. Scheidsrechter Rob Dieperink (Borculo) is dood en dan hebben we een donkerbruin vermoeden hoe dat komt. Dieperink werd twee maanden geleden in Londen opgepakt op verdenking van aanranding van een zeventienjarige jongen. Hij was daar voor de wedstrijd Crystal Palace-Fiorentina in de Conference League. De zaak werd geseponeerd, maar Dieperink werd toch niet meegenomen naar het WK, waar hij in actie zou komen als videoref. Sinds 2012 floot hij in het profvoetbal, sinds 2017 ook in de Eredivisie. Dieperink werd slechts 38 jaar oud.

Potenramvrije zones tijdens Pride Amsterdam

pride amsterdam

Nadat 'jongens op fatbikes' geprobeerd hebben een bezoeker van Amersfoort Pride tot hetero te rammen staat iedereen weer op de achterste.. euh, poten. Niet prettig, zo met de grootse Amsterdam Pride voor de deur. En het gaat met de LHBTI-acceptatie in Nederland zó goed, dat er in Amsterdam potenramvrije zones zijn ingericht. "Als je als lhbti'er wordt lastiggevallen, kun je in Amsterdam straks in 35 hotels met beveiliging terecht. Ook plekken als het Stedelijk Museum, De Nieuwe Kerk en het stadsarchief zijn aangesloten. 'Je bent daar in ieder geval veilig en iemand helpt je verder'." Wat natuurlijk goedbedoeld en fijn is, maar besef: tijdens de Pride in onze lieve, vrije, homovriendelijke en supertolerante hoofdstad Amsterdam moeten specifieke plekken worden aangewezen en ingericht waar je als homo 'in ieder geval veilig' bent. Sad.

De Speld

Uw vaste prik voor betrouwbaar nieuws.

​Rustdag in Tour de France met 3 uur ingekort

'Het is veel te warm om te rusten'

De rustdag die vandaag op het programma staat in de Tour de France, wordt met 3 uur ingekort vanwege de hitte. Daarmee telt de dag 21 uur, in plaats van de geplande 24 uur. Volgens Tourorganisator ASO is het besluit 'noodzakelijk vanwege de extreme weersomstandigheden'. In grote delen van Frankrijk kan het kwik vandaag oplopen tot 40 graden en geldt code rood.

Een verstandig besluit, vindt analist Tom Dumoulin: "Op zo'n klamme dag komt je lijf niet tot rust. Ik heb zulke rustdagen zelf ook wel eens meegemaakt: dan lig je uren te woelen in je bed, terwijl je elk uur van de klok ziet. Dan ga je van frustratie compleet in het rood terwijl er de volgende dag weer gefietst moet worden. Dat is vragen om ongelukken."

De wielrenners mogen van de organisatie zelf weten welke drie uur ze uit hun dag schrappen, als ze morgenochtend maar op tijd aan de start staan van de tiende etappe (10.25 in plaats van 13.25).

&


White-throated Honeyeater, Myponga Beach, full story at https://naturallysouthaustralia.com

Naturallysouthaustralia.com has added a photo to the pool:

White-throated Honeyeater, Myponga Beach, full story at https://naturallysouthaustralia.com

The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection

Hudson Rock says the suspected compromise of the Argentine Football Association (AFA) may be linked to an infostealer infection nearly a year earlier. The incident appears to be the work of an aggrieved football fan, or group of them, after Argentina eliminated Egypt from the World Cup round of 16. Egypt's coach and football association complained about several refereeing and VAR decisions, which they said contributed to the result. The compromise of AFA's systems was spotted after mass emails were sent from legitimate domains stating that Argentina "stole" the win from Egypt and that "the robbery will not go unnoticed." Hudson Rock said it found evidence of an infostealer infection dating back to September 8, 2025, on a device belonging to an AFA software developer who had been employed at the governing body for nearly a decade. The security shop operates a database of known infostealer victims, and noted that the compromised machine was added to its database the following day. Whoever was behind the attack, which was claimed by "All Egyptian Cyber Warriors," they either sat on the credentials for nearly a year, or sought them out after Egypt were controversially eliminated from the World Cup. Once they procured the credentials and authenticated themselves into the AFA's systems, Hudson Rock said they "likely had profound administrative control." This would have included direct access to phpMyAdmin database management panels, root access to certain AFA databases, access to the management portal of AFA's training HQ, the AFA media portal, and its competition management system. After looking at the stolen credentials in their database, the researchers said that weak, easily guessable passwords were reused across several internal systems. In addition to the compromised emails sent from AFA's management and admin portal (afasistemas.com.ar), Hudson Rock spotted a number of posts made to cybercrime forums advertising the body's data for sale. According to the advertisements, the data related to staff, professional clubs, and the AFA's external media partners. The samples appeared to include internal email addresses, phone numbers, user roles, and registration timestamps, as well as listings for access to AFA subdomains. Passwords were also among the data, although much of them were securely hashed. However, a small portion were in plaintext, which Hudson Rock said suggests "a significant security oversight." "The AFA breach is a textbook example of how devastating a single, unmitigated infostealer infection can be," the security outfit said. "A compromised machine belonging to a developer with high-level access highly likely handed a threat actor direct database administration rights and the ability to send authenticated internal emails. "Because the stolen credentials sat dormant for months, the organization was lulled into a false sense of security, completely unaware of the ticking time bomb in their network infrastructure." The AFA told reporters on Friday that it was investigating the compromise with its IT team after many received the emails sent by the intruders. "There is a possibility that our account has been subject to unauthorized access," the AFA stated. "We are currently working to clarify the situation and implement the necessary security measures." ®

HTTP gets a QUERY method so complex searches can stop pretending to be POST

"Idempotent" may be jargon, but the term performs an important job in HTTP as a hall pass that gives reverse proxies and gateways the go-ahead to cache complex query responses and automatically retry failed requests. HTTP has long allowed automatic retries for idempotent methods, but complex queries are often sent using POST, which intermediaries cannot safely assume is retryable. Developers have worked around that limitation for decades. The Internet Engineering Task Force (IETF) has published a new HTTP request method, QUERY (RFC 10008), joining familiar methods including GET, POST, PUT, and PATCH. In development since 2021, the QUERY request method provides a way for an HTTP client to make an idempotent request to an HTTP server. An idempotent request has the same intended effect whether it is sent once or multiple times (so retrying it should not charge a user's credit card again). The specification defines QUERY as safe and idempotent, and the solution was surprisingly simple. "Thanks to QUERY, we finally have functional HTTP caching for complex requests. Proxies, CDNs, and browsers can now cache requests with a body. This is huge for performance," writes developer Elie Treport in a recent blog post. Query operations have traditionally used the GET method. HTTP defines GET as safe and idempotent, as it made no changes to the server itself, but GET becomes awkward when the query data is too large or complex for a URI. The idea behind GET was to load all the necessary query parameters onto the form's URL, resulting in a very long string that the browser sent to the server. Many search services still work this way, appending query parameters to the URL after a question mark. Those URLs can expose sensitive data through browser histories, server logs, and bookmarks. Festooned with nested filters, sort rules, date ranges, and other database flotsam, GET URLs can become unwieldy. HTTP recommends support for URIs of at least 8,000 octets, but there is no universal maximum, so an oversized URL may be rejected by any of the systems it passes through. Long query strings are also a pain to read and debug. Faced with these Franken-URLs, many developers turned to POST instead. POST can carry query data in the request body, but its semantics do not tell intermediaries that the operation is safe and idempotent. The method is more commonly associated with operations such as submitting form data, uploading a PDF, or creating and modifying resources. For a basic HTML form, switching to moves the encoded form data from the URL into the request body. Crafty developers soon began placing complex query payloads, often encoded as JSON, in POST request bodies and having their applications process the responses. Many APIs adopted the pattern; GraphQL, for example, commonly uses POST for queries, although it also supports GET. It was a hack, though. This was not what POST was designed for. HTTP defines POST as neither safe nor idempotent by default. A POST request could change the server's state. And this is why internet networking software treats POST far more delicately than GET. Intermediaries generally cannot reuse POST responses for later POST requests or automatically retry POST without knowing the operation is idempotent. If the message fails, the browser or gateway will not resend it, necessitating intervention from either the user or the app. QUERY's long road to adoption So basically, QUERY combines request content similar to POST with explicitly safe and idempotent query semantics. No longer will the query URL need to be appended beyond recognition, but, like POST, apps and browsers will get a dedicated space to put their complex query data. Unlike POST, QUERY is a read-only operation, and hence receives the IETF's blessing as idempotent, freeing up HTTP clients and intermediaries to cache and resend QUERY requests after a connection failure. A QUERY request does not ask or expect the server to change the state of the target resource. It's just there to ask a question. Cloudflare and Akamai engineers co-wrote RFC 10008. Both companies provide edge caching for large clients. German internet engineering firm greenbytes also contributed. As a new standard, QUERY still has limited support. The HTML forms standard still only understands GET and POST for ordinary form submission, so it will need to be updated even before the browsers get on board. The good news is that the Web Hypertext Application Technology Working Group is already on the case. However, a whole ecosystem of network software still doesn't understand QUERY and may reject requests using an unfamiliar method. Reverse proxies, load balancers, content delivery networks, API gateways, firewalls, and web frameworks will all need to be updated. "The pattern one would expect is the same seen with other HTTP methods and headers that became standard over the last twenty years: first server-side adoption and dev tools, then consolidation in frameworks, and finally, more slowly, native browser support and JavaScript APIs like fetch()," wrote open source developer Daniele Teti in a blog post. Teti noted that Node.js is adding support in its HTTP module, and the Go programming language is ahead of the game because it can already send custom HTTP methods. Elsewhere, the PHP framework Laravel is already ingesting QUERY. But, as with IPv6, the IETF faces an uphill battle to get the HTTP ecosystem on the same page. ®

Vanillasludge posted a photo:

MetaFilter

The past 24 hours of MetaFilter

Surprisingly elastic

If Foucault is inescapable, then he is also, perversely, elusive: both celebrated and reviled, sometimes by people in the same political camp. He's been called a relativist, a reactionary, a faux-radical, an anarchist, a nihilist and an idealist, among many other things. Foucault himself took pleasure in being hard to pin down. [NY Times; ungated (note: archive site)]