On Sun, 2023-09-10 at 23:10 -0400, Theodore Ts'o wrote: > On Sun, Sep 10, 2023 at 03:51:42PM -0400, James Bottomley wrote: [...] > > Perhaps we should also go back to seeing if we can prize some > > resources out of the major moneymakers in the cloud space. After > > all, a bug that could cause a cloud exploit might not be even > > exploitable on a personal laptop that has no untrusted users. > > Actually, I'd say this is backwards. Many of these issues, and I'd > argue all that involve an maliciously corrupted file system, are not > actually an issue in the cloud space, because we *already* assume > that the attacker may have root. After all, anyone can pay their $5 > CPU/hour, and get an Amazon or Google or Azure VM, and then run > arbitrary workloads as root. Well, that was just one example. Another way cloud companies could potentially help is their various AI projects: I seem to get daily requests from AI people for me to tell them just how AI could help Linux. When I suggest bug report triage and classification would be my number one thing, they all back off faster than a mouse crashing a cat convention with claims like "That's too hard a problem" and also that in spite of ChatGPT getting its facts wrong and spewing rubbish for student essays, it wouldn't survive the embarrassment of being ridiculed by kernel developers for misclassifying bug reports. I'm not sure peer pressure works on the AI community, but surely if enough of us asked, they might one day overcome their fear of trying it ... James
