Posts

Posted on

AI Slop – or Human Laziness?

It’s strange – we have great new tools, but many folks are using them in such a sloppy way, that the tools get discredited. And this also tends to boil down that serious users get into trouble. You probably guess what I am talking about: AI tooling.

I am for sure nobody who jumps on the latest hype. So I resisted AI quite long for complex things. Until it was ready, which for me was around summer 2025. That was for coding. For some doc writing it was ready earlier (and I used it to cover my weak spots). Now, AI has evolved to also help with video and audio.

Continue reading “AI Slop – or Human Laziness?”
Posted on

How a Missing Windows Feature in 1995 Led to WinSyslog and rsyslog | 30 Year Throwback

Remember – I am for quite a while in this business. Have you ever wondered why I took up that work on logging. Which, btw, was perceived as “pretty boring” on those days without real cyber attacks. I took the time to record one of my usual and “highest-quality” videos to tell you the story. I hope you enjoy.

Continue reading “How a Missing Windows Feature in 1995 Led to WinSyslog and rsyslog | 30 Year Throwback”
Posted on

Using Local AI Review to Save CI Time, Money, and Nerves

You know, I like efficient processes. After all, that was one reason that I wrote rsyslog. Which, btw, nowadays is increasingly useful and cost-saving as an ETL/ingestion issue for its speed. So no surprise, I also like efficient workflows.

Terminal showing iterative local AI code review with cubic CLI, code fixes, rebuilds, and test runs before final commit.”

We strongly believe in CI. Especially with AI code generation, it is your ultimate safeguard. However, CI is costly, and AI review usually runs max once per CI run.

So I have paired that review with some local test execution and review. Nowadays of course AI assisted. I usually use CLI tools for their efficiency. As part of the post-build process, I make the AI run various checks. The last one is a full review. I often use cubic for that, because it provides very good results to me.

Continue reading “Using Local AI Review to Save CI Time, Money, and Nerves”
Posted on

AI Code Generation in a 200k LOC C Codebase: What Actually Worked in rsyslog

If you want the CS summary: it is at the end.

I keep seeing the same take pop up: “AI is overhyped. Mostly money burning.” Sure. There is hype. There is also a whole lot of low-effort “vibe coding” that produces low-quality output at impressive speed.

Illustration of a robotic hand carefully adjusting gears in a large rsyslog C codebase machine, symbolizing AI-assisted maintenance of mature software.

But there is also something else: if you treat AI as a serious engineering tool and you are willing to do the unglamorous work, it can make measurable difference and boost productivity and quality.

So here is a concrete case study: agentic code work in rsyslog.

Continue reading “AI Code Generation in a 200k LOC C Codebase: What Actually Worked in rsyslog”
Posted on

How We Run Open Source and Closed Source at Adiscon

I know many people know I am with Adiscon. They also know we do both open source and closed source software. That combination often raises eyebrows, and I occasionally get the same question: how do we manage this without open-core games, dual-licensing traps, or hidden agendas?

Blue and orange streams converge into a gear, symbolizing concept transfer between open source and commercial development.
Blue and orange streams meet in a gear: open source and commercial work, shared concepts, clear boundaries. (Image: Rainer Gerhards via AI)

So I decided to write it down, plainly.

Continue reading “How We Run Open Source and Closed Source at Adiscon”
Posted on

Security Theater at the Download Page

(See CS summary at the end.)

I needed to download VMware Workstation Pro for a new test environment. That now requires a Broadcom account. Registering that account did something that, in practice, pushes users toward weaker security – and it is also counter-productive for a “free download” funnel.

A laptop screen showing a password field where pasting is blocked. A broken padlock icon signifies this leads to weaker security.
Symbolic image: Blocking paste in password fields counterintuitively leads to weaker security. (Image: Rainer Gerhards via AI)
Continue reading “Security Theater at the Download Page”
Posted on

CyberSicherheitsForum Baden-Württemberg 2025: Notes from an rsyslog Perspective

Yesterday I attended the CyberSicherheitsForum Baden-Württemberg in Stuttgart. Program link: https://cybersicherheitsforum-bw.de/

For non-German readers: Baden-Württemberg is one of Germany’s federal states (Bundesländer), and an important IT region in its own right. Companies like SAP SE and Schwarz Digits are based here, and the Open Source ecosystem is active as well. When the state talks about digital sovereignty or security strategies, it is usually backed by real capabilities in industry and administration.

Conference hall with many attendees seated, large screens on stage showing the opening session of the CyberSicherheitsForum Baden-Württemberg.
Photo taken during the opening session of the CyberSicherheitsForum Baden-Württemberg 2025 in Stuttgart. (Rainer Gerhards)
Continue reading “CyberSicherheitsForum Baden-Württemberg 2025: Notes from an rsyslog Perspective”
Posted on

The Real Scope Behind the rsyslog Documentation Overhaul

For a concise Computer Science summary of this effort, see the section at the end of this article.

When I began the current documentation overhaul, the objective was never limited to cleaning up a few pages. From the beginning, the plan was to prepare rsyslog for the AI era. And the truth is simple: without modern AI tooling, this work would not have been feasible at this depth or speed.

Symbolic illustration showing documentation, an AI head, and a graph structure representing RAG.
Continue reading “The Real Scope Behind the rsyslog Documentation Overhaul”