We can remove strncpy() from the Linux kernel finally! I did the last 6 instances, and dropped all the implementations:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=dev/v7.0-rc2/strncpy

Over the last 6 years working on this, there were 362 commits by 70 contributors. The folks with more than 1 commit were:

211 Justin Stitt <justinstitt@google.com>
22 Xu Panda <xu.panda@zte.com.cn>
21 Kees Cook <kees@kernel.org>
17 Thorsten Blum <thorsten.blum@linux.dev>
12 Arnd Bergmann <arnd@arndb.de>
4 Pranav Tyagi <pranav.tyagi03@gmail.com>
4 Lee Jones <lee@kernel.org>
2 Steven Rostedt <rostedt@goodmis.org>
2 Sam Ravnborg <sam@ravnborg.org>
2 Marcelo Moreira <marcelomoreira1905@gmail.com>
2 Krzysztof Kozlowski <krzk@kernel.org>
2 Kalle Valo <kvalo@kernel.org>
2 Jaroslav Kysela <perex@perex.cz>
2 Daniel Thompson <danielt@kernel.org>
2 Andrew Lunn <andrew@lunn.ch>

Thank you to all of you! (And especially to Justin Stitt who took on the brunt of the work.)

It's clear that AI assisted coding is dividing developers (welcome to the culture wars!). I've seen a few blog posts now that talk about how some people just "love the craft", "delight in making something just right, like knitting", etc, as opposed to people who just "want to make it work". As if that explains the divide.

How about this, some people resent the notion of being a babysitter to a stochastic token machine, hastening their own cognitive decline. Some people resent paying rent to a handful of US companies, all coming directly out of the TESCREAL human extinction cult, to be able to write software. Some people resent the "worse is better" steady decline of software quality over the past two decades, now supercharged. Some people resent that the hegemonic computing ecosystem is entirely shaped by the logic of venture capital. Some people hate that the digital commons is walled off and sold back to us. Oh and I guess some people also don't like the thought of making coding several orders of magnitude more energy intensive during a climate emergency.

But sure, no, it's really because we mourn the loss of our hobby.

Apparently there's been a Citrix security update yesterday: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

Something changed on their website. Is there an RSS feed or URL that I can scan for security updates now?

New blog post 🚨

We're diving deeper into a privilege escalation issue (CVE-2024-4762) in Lenovo Display Control Center used across Windows enterprise environments.

👉 Read the full breakdown: https://neodyme.io/en/blog/lenovo_dcc_lpe_fwupdate/

RIP one of our favorite techniques to bypass #PaloAlto #Cortex #XDR 🤷

https://labs.infoguard.ch/posts/decrypting-and-abusing_paloalto-cortex-xdr_behavioral-rules_biocs/

"We use debian, that should be age verification enough"

This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:

"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."

"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."

https://www.heise.de/news/WTF-Polizei-rueckte-Samstagnacht-wegen-Zero-Day-aus-11221345.html

Walmart: ChatGPT Checkout Converted 3x Worse Than Website https://tech.slashdot.org/story/26/03/23/1537238/walmart-chatgpt-checkout-converted-3x-worse-than-website?utm_source=rss1.0mainlinkanon

LSASS under the microscope at TyphoonCon 2026!
Erik Egsgard joins our lineup to uncover how even Windows’ most protected process can be turned into an attack surface: https://typhooncon.com/2026-agenda/

ICYMI (from the not-all-cyber-news-is-horrible dept), a cyberattack on a U.S. vehicle breathalyzer company has left drivers across the United States stranded and unable to start their vehicles. This story positively cries out for a headline-writing contest. TechCrunch reports:

"The company, Intoxalock, says on its website that it is “currently experiencing downtime” after a cyberattack on March 14. Intoxalock sells breathalyzer devices that fit into vehicle ignition switches, and is used by people who are required to provide a negative alcohol breath sample to start their car."

https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

@jpmens Arch is the OpenBSD of Linux for documentation.

[Gecko] Competition, Innovation, and the Future of the Web - Why Independent Browser Engines Matter

https://blog.mozilla.org/netpolicy/2026/03/23/competition-innovation-and-the-future-of-the-web/

🦎️

A man used LLMs to generate hundreds of thousands of "songs", then used bots to stream them billions of times, to collect $8m in royalties. https://www.justice.gov/usao-sdny/pr/north-carolina-man-pleads-guilty-music-streaming-fraud-aided-artificial-intelligence-0 Is there a better metaphor for late-stage capitalism than burning resources to make songs that are never listened to, then steaming them to robots that will never hear them, ad infinitum?

Micropatches released for Desktop Windows Manager Elevation of Privilege Vulnerability (CVE-2025-55681)
https://blog.0patch.com/2026/03/micropatches-released-for-desktop.html

that sound you hear is every Windows platform engineer pasting the "Our commitment to Windows quality" post into their AGENTS.md