Linux May Drop Old Network Drivers Now That AI-Driven Bug Reports Are Causing A Burden
28 points by WilhelmVonWeiner
28 points by WilhelmVonWeiner
damn, I was interested in messing with the ax25 driver when I first heard there was some amateur radio stuff in the kernel 😔
Comments I've seen on LWN mostly report that all the modern amateur radio tools work entirely in userspace with generic device drivers and don't need any specialized kernel drivers at all.
LLMs proving that before LLMs people also were writing crappy code.
Yes. Linux code has been unpleasant for a long time.
LLMs are just industrializing the process, generating bad code at an unmanageable volume, while the companies behind them are working hard to enshittify any form of intellectual work and shit on (sorry, disrupt) society.
There's a reason that sentiment is rapidly getting more negative around AI as people get more exposed to it, especially outside the tech industry.
We are not building towards a pleasant future. We are making the world worse for people.
We are not building towards a pleasant future. We are making the world worse for people.
Tbh i feel like a lot of "the web tech industry", which is where i have worked and made dollars for nearly two decades, hinges heavily on snake-oil-salesmanship of things that say they'll make your life better when in fact it's really just not that good, if not quite worse in subtle ways. (I'd like to add, a posteriori, that while this appears anecdotally true of the stuff within my immediate field of view, I don't know that it's not true elsewhere (and my observation remains anecdotal, but i'm fast developing an allergy to new webshits that promise me a glorious future free of whatever toil this specific thing pretends it's fixing))
Yes, whether the tech industry has made life better for people has been ambiguous for a very long time. I think more recently, the newly found focus is removing ambiguity very effectively.
These are all ISA and PCMCIA Ethernet devices, mostly from the last century....
That hurt.
I still have a couple of PCMCIA wifi cards (from around 2008) that I plan on using in a rebuild of a Compaq Armada E500 laptop that I have lying around.
This may complicate matters.
Thought a lot about since I first heard about this. At my university computer club there was a project to keep ancient hardware running forever, and there was commercial interest in it. Companies used it for CI for some specific hard to replace hardware still in use. Problem was all of these systems were too insecure to run on the internet.
Point is that it's already been unviable to maintain security for the long tail of hardware that has low or no commercial value. And I think this is the right move regardless of LLMs. We need a better structure than a monorepo for all drivers ever used over the last 4 decades. We need a tiered structure with different guarantees, hopefully with well defined ABIs so we can keep compiling extra, insecure modules that we need for obscure systems.
Cards that late will be CardBus. The only pure PCMCIA WiFi cards won't be able to join modern networks, not being able to support WPA2.
Try NetBSD, I used it to resurrect a laptop of a slightly older vintage (I think 1998) a while back. It had 64MiB of RAM, so I had to pare the kernel down a bit (removing all unnecessary drivers, and the IPv6 stack, amongst other things). But after that it ran smoothly. I dual booted it with FreeDOS.
Related advice: an SD card to IDE adapter is more convenient than a CF to IDE adapter IMO, offers decent performance and allows you to easily fix issues using a different computer by removing the drive and attaching it elsewhere. (micro)SD performance is more than good enough these days.
If we are now fabulously able to proactively find and fix vulns, shouldn't we be living in a golden age of security? What's with all the dark ages crap happening?
If LLMs are the panacea people present them as they should be able to maintain those legacy drivers themselves too.
Even if they did provide patches along with the reports, reviewing them still creates a burden on the maintainers[0] for negligible benefit.
[0] I was gonna say to make sure there's no deliberate vulns being added, but that does not make sense in this context because a) if they're adding vulns there'd be no point in fixing others in the first place and b) vulns in a driver no one uses can't be exploited. Review still takes time though, and patching code without having the hardware to test it is likely to break shit
vulns in a driver no one uses can't be exploited.
Technically, yes. But it would be a good way to sneak in a vulnerability: create a patch that ‘fixes’ a bug in a driver no one uses, which requires a small change in generic code (with a nice long comment explaining plausibly why it’s necessary) that introduces the real vulnerability that you’re going to exploit. And I bet LLMs are really good at helping with this, they’re great at producing code that looks entirely plausible.
This is why I think AI doesn't eliminate the need for conventional (that is to say, mathmatical, provable, trustable) tools, but only amplifies it
I wonder if LLMs end up being the best argument ever for doing code cleanups
Code cleanup is expensive. Especially for big sprawling codebases like the kernel. Doubly so for things that interact with decades old hardware.
LLMs themselves lend no hand towards this kind of cleanup, unfortunately. That asymmetry is why the idea to drop these old drivers.
We are similarly cutting out code we no longer want to support with a bit more urgency. Honestly, this is a net positive effect for us, because it lowers the technical debt in general (e.g., not having to update code that people don't actually use, reducing the test surface, etc.).
We have gotten a lot of BS LLM reports in the meantime, though, which has done a great job of highlighting stuff to delete.
I think dropping those drivers is extremely reasonable and a very pragmatic solution. If someone still needs to use those drivers, they're probably running on an old machine and can use an old version of Linux.
I remember when 3Com LAN cards were the go-to for Linux support. We had a box of old 3Com cards in the office so we could quickly set up pretty much any desktop or server machine with Linux.
There is also a chance that these drivers could reach zero bugs (if someone invests the time)