Brief items

I recently used my credit card to buy a banana. Then I tried to figure out how my credit card let companies buy me.

You might think my 29-cent swipe at Target would be just between me and my bank. Heavens, no. My banana generated data that’s probably worth more than the banana itself. It ended up with marketers, Target, Amazon, Google and hedge funds, to name a few.

Oh, the places a banana will go in the sprawling card-data economy. Despite a federal privacy law covering cards, I found that six types of businesses could mine and share elements of my purchase, multiplied untold times by other companies they might have passed it to. Credit cards are a spy in your wallet — and it’s time that we add privacy, alongside rewards and rates, to how we evaluate them.

We are increasing the scope of GPSRP [Google Play Security Reward Program] to include all apps in Google Play with 100 million or more installs. These apps are now eligible for rewards, even if the app developers don’t have their own vulnerability disclosure or bug bounty program. In these scenarios, Google helps responsibly disclose identified vulnerabilities to the affected app developer. This opens the door for security researchers to help hundreds of organizations identify and fix vulnerabilities in their apps. If the developers already have their own programs, researchers can collect rewards directly from them on top of the rewards from Google. We encourage app developers to start their own vulnerability disclosure or bug bounty program to work directly with the security researcher community.

It just seems that every maintainer I spoke with is generally making things "sort-of work well enough" by applying a lot of baling wire around mail clients, patchwork.kernel.org, gitlab, or all of the above, and I'm wondering if everyone is happy to do that, or only doing that because a good tool written to fit with the "kernel development model" doesn't exist.

The major difference between filesystems and the rest of the kernel that seems to be missed by most kernel developers is that filesystems maintain persistent data - you can't fix a problem/bug by rebooting or power cycling. Once the filesystem code screws up, the user is left with a mess they have to fix and that invariably results in data loss.

Users remember when a filesystem eats their data - they don't tend to want to have anything to do with that filesystem ever again if it happens to them. We still get people saying "XFS ate my data back in 2002, I don't trust it and I'll never use it again".

In addition to acting as a board member like my peers do, there is one aspect I see as my personal focus: bridging—helping to further connect and bridge between openSUSE and “SUSE corporate.” There are a lot of such bridges on the technical side, and SUSE employees who contribute to openSUSE, and personal and working relationships from openSUSE users and contributors towards the SUSE side, which is great. I hope we can grow those and add strong connections between some of my peers on the SUSE side and the board, them and contributors in specific areas, and generally further increase mutual visibility, understanding, and collaboration.

Usual rules apply: don't expect any new features, don't think that this will change your life, it won't make you richer or more attractive, but it will hopefully be more stable and usable for people who've been victims of any of these bugs.