Core Viewpoint - Linus Torvalds publicly criticized a Google engineer's RISC-V code submission for Linux 6.17, labeling it as "garbage" due to its poor quality and late submission [2][3][5]. Group 1: Criticism of Code Quality - Torvalds emphasized that the newly submitted RISC-V code contained unnecessary and poor-quality additions that do not pertain specifically to RISC-V [6][9]. - He provided examples of problematic code, such as the "make_u32_from_two_u16()" helper function, which he argued complicates understanding and makes the code worse [7][9]. - Torvalds insisted that such low-quality submissions should not be sent, especially late in the merge window, and warned developers against future late submissions [10][9]. Group 2: Developer Communication - Torvalds's comments were not merely harsh; he aimed to provide constructive feedback to improve code quality and adherence to submission timelines [3][4]. - He advised developers to submit their pull requests early in the merge window and to ensure that the code is of high quality, stating that "no more garbage" should be submitted [10][9]. - The response from social media regarding Torvalds's outburst was mixed, with some appreciating his directness and others questioning his approach [3].

Core Viewpoint - The article highlights a significant gathering of four influential figures in the tech industry: Mark Russinovich, Bill Gates, Linus Torvalds, and David Cutler, emphasizing the potential impact of their collaboration on future technological advancements [1][2][4]. Group 1: Individual Contributions - **Bill Gates**: Co-founder of Microsoft, instrumental in developing the Windows operating system, and a key figure in the personal computer revolution [5]. - **Linus Torvalds**: Creator of the Linux operating system and Git, pivotal in the open-source movement, with Linux being a core system for servers and supercomputers [6][7]. - **Mark Russinovich**: Chief Technology Officer of Microsoft Azure, known for his expertise in Windows internals and contributions to cloud computing and system architecture [8][10][12]. - **David Cutler**: Renowned for developing major operating systems including VAX/VMS, Windows NT, and Azure, recognized as a leading figure in modern operating systems [13][14][15]. Group 2: Industry Impact - The meeting of these four leaders represents a convergence of ideas that could lead to significant innovations in technology, particularly in operating systems and cloud computing [4][16]. - The article suggests that future collaborations among these figures could yield groundbreaking advancements in the tech industry, potentially influencing the direction of software development and cloud services [4][16].

Core Points - The Linux kernel development process is complex and involves collaboration among thousands of developers, which can lead to tense situations and conflicts [1] - During the Linux 6.16 merge window, Linus Torvalds expressed anger over suspicious submissions from Kees Cook, which included 330 pull requests that appeared to alter author information and forge merge history [2][3] - Linus accused Kees of malicious behavior, stating that the submissions were not simple errors but deliberate falsifications, and demanded an explanation and the removal of the affected code tree [4][6] Incident Details - The controversy arose when Linus noticed unusual Git operations in Kees's code tree, leading to accusations of malicious submissions [3][4] - Kees Cook responded by suggesting that a malfunctioning SSD might have caused the corrupted code tree and promised to rectify the situation [7] - Linus remained skeptical, emphasizing that the scale of the issue indicated a serious problem with Kees's scripts and operations [8] Resolution - The root cause was identified as an issue with the b4 tool, which Kees used for patch management, leading to unintended alterations in commit metadata [9] - Konstantin Ryabitsev, the Linux infrastructure maintainer, confirmed that Kees did not act with malice and proposed to restore Kees's account after addressing the tool's issues [9] - Linus agreed to the account restoration but insisted on modifications to the b4 tool to prevent future occurrences of similar issues [9] Community Reactions - Some developers criticized Linus for his aggressive response, arguing that it was unnecessary given the accidental nature of the incident [10] - Others defended Linus, highlighting the importance of maintaining strict oversight and accountability in the Linux kernel development process [10]

Core Viewpoint - The article discusses the successful identification of a Linux kernel zero-day vulnerability using the o3 model, highlighting the potential of large models in security research and vulnerability detection [1][2][5]. Group 1: Vulnerability Discovery - The vulnerability, identified as CVE-2025-37899, is a use-after-free vulnerability in the SMB "logoff" command handler [4]. - This marks the first publicly discussed instance of a vulnerability discovered by a large model [5]. - The discovery process involved minimal tools, relying solely on the o3 API without complex setups [3][6]. Group 2: Research Methodology - Sean Heelan, an independent researcher, initially tested the o3 model on a manually discovered vulnerability (CVE-2025-37778) to evaluate its capabilities [12]. - He provided the model with a session handler's code and specified the search for use-after-free vulnerabilities, running each experiment 100 times to gather success rates [13]. - The o3 model demonstrated a notable performance, identifying vulnerabilities in a complex codebase of approximately 3,300 lines [15]. Group 3: Comparative Analysis - Heelan also tested other models, Claude 3.7 and Claude 3.5, with o3 outperforming them significantly: Claude 3.7 found vulnerabilities 3 times out of 100 runs, while Claude 3.5 found none [18]. - The o3 model's output was structured and clear, resembling human-written vulnerability reports, while Claude's output was more verbose and less organized [17]. Group 4: New Vulnerability Discovery - When testing o3 on a larger codebase of about 12,000 lines, the success rate for the original vulnerability dropped to 1%, but it reported a new vulnerability that Heelan was previously unaware of [21]. - This new vulnerability was also a use-after-free issue, highlighting the model's ability to discover previously unknown vulnerabilities [22]. Group 5: Repair Suggestions - The o3 model provided more comprehensive repair suggestions than Heelan's initial proposals, indicating its potential to enhance vulnerability remediation processes [25]. - Heelan acknowledged that using o3 for vulnerability detection and repair could theoretically yield better results than manual efforts, despite current challenges with false positives [27][28]. Group 6: Future Implications - Heelan concluded that large models are approaching human-like capabilities in program analysis, suggesting a shift in how code auditing may be conducted in the future [30]. - There are concerns regarding the potential misuse of AI capabilities for malicious purposes, emphasizing the need for vigilance in the security landscape [31].