Welcome to
This week: Linus says next release will support Rust, FBI warns scammers are getting hired in deepfake interviews, and 80% of IBM staff stay at home.
First up this week: The next release of Linux will include support for Rust in the fall. Linus Torvalds sounds “cautiously optimistic” it’ll happen.
On the one hand, Rust makes it easier to write secure software—e.g., without use-after-free errors. On the other hand, Rust has an immature toolchain and has a reputation for building bloated executables.
Steven Vaughan-Nichols: Linus Torvalds is cautiously optimistic about bringing Rust into Linux kernel’s next release
If all goes well, we’d see Rust in 5.20 in late October or early November 2022. … You may ask: “Why?” … Rust lends itself more easily to writing secure software.
…
Torvalds … likes that Rust is more memory-safe. “There are real technical reasons like memory safety and why Rust is good to get in the kernel.”
…
Mind you, no one is going to be rewriting the entire 30 or so million lines of the Linux kernel. … The three areas of potential concern for Rust support are making use of the existing APIs in the kernel, architecture support, and dealing with application binary interface (ABI) compatibility between Rust and C.
Channeling Kent Brockman, it’s brunoblack:
Welcome to our Rust overloads, I guess. … I am a little reluctant to having Rust in the kernel but I guess Linus knows better. … Anyway, having Rust in the kernel would be a good reason for me to learn it.
Curb your enthusiasm, binarybanana:
Nice. I’ve done some kernel hacking before, but I’m always anxious about any unforeseen side effects that might cause random breakage. Rust’s type system would help.
…
I wonder how quickly it’s going to be picked up by drivers or the more interesting subsystems (DRM/KMS, netfilter, etc.). Writing ip/nftables modules in Rust would be amazing!
But it’s just an elaborate feint, thinks gweihir:
Linus is giving [Rust fanbois] enough rope to hang themselves so they finally shut up. … The main problem we have is a ton of incompetent developers.
Scammers are applying for remote tech jobs using stolen identities and deepfake video, warns the Federal Bureau of Investigation. The obvious concern is unskilled staff actually doing the job. Less obvious are the insider threads from people who wouldn’t pass a background check.
A disparity between the interviewee and the person who shows up for work isn’t a new phenomenon. But if “showing up” is virtual, it’s less easy to spot this scam.
Sergiu Gatlan: Stolen PII and deepfakes used to apply for remote tech jobs
FBI warns of increasing complaints that cybercriminals are using Americans’ stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions. … Such synthetic content has been previously used to spread fake news and create revenge porn, but the lack of ethical limitations regarding their use has always been a source of controversy and concern.
…
The targeted remote jobs include positions in the tech field that would allow the malicious actors to gain access to company and customer confidential information after being hired. … Some victims who reported to the FBI that their stolen PII was used to apply for a remote job also said pre-employment background checks information was utilized with other applicants’ profiles.
It’s a new spin on an old problem, says tablespoon:
One of my previous leads suspects a contractor did something like this for an in-person role. We only did one or two phone interviews … and the guy did well enough to get brought on for a 3 month contract. … The guy who showed up didn’t seem to know as much as the interviewee, and was always on the phone. [We] speculated that some unscrupulous but relatively knowledgeable guy was sitting in for the interviews, and then coaching the incompetent applicants day to day for a cut of their pay.
…
A good chunk of that time was on-boarding then slowly getting suspicious. When we bring on contractors we expect some of them to be duds, the only thing interesting about this guy was his weird behavior. … In the end he just let the contract lapse. … To make the accusation would just make you look crazy and paranoid.
Blame it on HR, kvetches geekmux:
And yet no one cares because everyone seems to have adopted quite the impersonal process. Get burned? Oh well.
[It’s] dismissed as the cost of hiring. … And if it becomes too burdensome, they’ll consider automation … before ever admitting an impersonal process was a mistake.
IBM chief exec Arvind Krishna sounds sanguine about his U.S. employees not coming back to the office. A surprisingly low number have come back to their cube farms.
The IBM honcho sounds resigned to workers staying away from the office. But Big Blue has bigger problems with worker morale.
Eric Rosenbaum: Only 20% of U.S. workers in office
Recent comments from the CEO of IBM show that many workers at the biggest firms prefer to remain working from anywhere but the office. … Only 20% of IBM’s U.S. employees are in the office for three days a week or more, [said] Arvind Krishna.
…
IBM was one of the first major tech firms to embrace remote work before it was common. … But it ended up reversing course and requiring workers to again be based in offices in 2017. Now, the paradigm has shifted again.
…
He does not see a scenario where the balance ever gets back to over 60%. … “I think we’ve learned a new normal.”
How much of this is a tech-wide trend, and how much about what it’s like to work for Big Blue? u/ibmgummies:
Been here a few months, figured out IBM business model: Aggressively cut costs where we shouldn’t. Save as much as possible by offering non-competitive healthcare plans, and critically, outsourcing as much as possible [overseas] so services delivered are sub-par.
Ouch. And IBM chose to settle the “dinobabies” age-discrimination complaint. Here’s James Anderson:
Could be time for a shareholder lawsuit. Management burning money to cover up their mistakes would **** me off if I was still foolish enough to own IBM shares.
You have been reading The Long View by Richi Jennings. You can contact him at @RiCHi or tlv@richi.uk.
Image: Jorge Simmons-Valenzuela (via Unsplash; leveled and cropped)
Expect attacks on the open source software supply chain to accelerate, with attackers automating attacks in common open source software…
The emergence of low/no-code platforms is challenging traditional notions of coding expertise. Gone are the days when coding was an…
Datadog today published a State of DevSecOps report that finds 90% of Java services running in a production environment are…
Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux…
We're going to send email messages that say, "Hope this finds you in a well" and see if anybody notices.
I am happy and proud to announce with Daniel Newman, CEO of Futurum Group, an agreement under which Futurum has…