> continues to be such a consistent source of bugs - many with serious security implications... just feel that io_uring is a questionable example.
Are you saying this as someone with experience, or is it just a feeling? Please give examples of recent bugs in io_uring that have security implications.
There are a couple of notable examples of projects[0] and companies[1] that have got tired of it, and no longer use it.
There's considerable difficulty these days extrapolating "real" vulnerabilities from kernel CVEs, as the kernel team quite reasonably feel that basically any bug can be a vulnerability in the right situation, but the list of vulnerabilities in io_uring over the past 12 months[2] is pretty staggering to me.
Not OP, and I'm no expert in the area at all, but I _do_ have a feeling that there have been quite a few such issues posted here and elsewhere that I read in the last year.
https://www.cve.org/CVERecord/SearchResults?query=io_uring seems to back that up. Only one relevant CVE listed there for 2026 so far, for more than two per month on average in 2025. Caveat: I've not looked into the severity and ease of exploit for any of those issues listed.
Did you read the CVEs? Half these aren't vulnerabilities. One allows the root user to create a kernel thread and then block its shutdown for several minutes. One is that if you do something that's obviously stupid, you don't get an event notification for it.
Remember the Linux kernel's policy of assigning a CVE to every single bug, in protest to the stupid way CVEs were being assigned before that.
If we apply risk/reward analysis, how probable is such a chain of exploits? If you already got local root, you might as well do a little bit more than a simple DoS.
Depending on how much performance would be gained by using io_uring in a particular case, and how many layers of protection exist around your server, it might be a risk worth taking.
I find the whole premise of writing some vague instructions, feeding them to a stochastic parrot and expecting a solid engineering process to materialize out of the blue quite ridiculous.
Any sufficiently advanced "AI" technology is indistinguishable from bullshit.
> The liquidity that flooded the tech sector didn’t just inflate valuations; it inflated teams, egos, and expectations.
Yes it's kind of obvious to anyone who's looking at the actual work being done: the constant churn of OS updates, the JS-framework-du-jour, apps being updated constantly...
It seems to me like a lot of this is just busy work, as if engineers need to justify having a job by being releasing inconsequential updates all the time. Bullshit jobs anyone?
I for one would really like things to slow down, we all deserve it!
Because it's important to recognize sometimes when someone you disagree with is right about something, I would like to note that Musk sacking most of the Twitter staff has not made the site unable to stay up. (The site has got worse for other reasons)
I'm not sure but I'm guessing gray water (or treated waste water) is not suitable for cooling purposes? Particle charge in small pipes and scaling may be a problem. Also, collecting gray water or channeling treated waste water - depending on the location that might be a problem.
Not that I'm in favor of using drinking water for cooling slop factories, but I guess the reason we don't see waste water being used for cooling is cost (unless governments start mandating that...)
I believe (happy to be corrected!) it's the same reason juice has little to no fibre: particles in the liquid could potentially clog the data centre cooling systems. But Google should just include the filtering cost as part of their operational expenses
reply