Odprtokodni pogled

Opensource view

LWN.net

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Posodobljeno: 40 min 57 sec nazaj

[$] Imitation, not artificial, intelligence

Tor, 07/23/2024 - 21:58
Simon Willison, co-creator of the popular Django web framework for Python, gave a keynote presentation at PyCon 2024 on a topic that is unrelated to that work: large language models (LLMs). The topic grew out of some other work that he is doing on Datasette, which is a Python-based "tool for exploring and publishing data". The talk was a look beyond the hype to try to discover what useful things you can actually do today using these models. Unsurprisingly, there were some cautionary notes from Willison, as well.

Improvements to the PSF Grants program

Tor, 07/23/2024 - 20:40

The Python Software Foundation (PSF) board has announced improvements to its grants program that have been enacted as a response to "concerns and frustrations" with the program:

The PSF Board takes the open letter from the pan-African delegation seriously, and we began to draft a plan to address everything in the letter. We also set up improved two-way communications so that we can continue the conversation with the community. The writers of the open letter have now met several times with members of the PSF board. We are thankful for their insight and guidance on how we can work together and be thoroughly and consistently supportive of the pan-African Python community.

So far the PSF has set up office hours to improve communications, published a retrospective on the DjangoCon Africa review, and put out a transparency report on grants from the past two years. The PSF board has also voted to "use the same criteria for all grant requests, no matter their country of origin".

Zuckerberg: Open Source AI Is the Path Forward

Tor, 07/23/2024 - 17:18
Mark Zuckerberg has posted an article announcing some new releases of the Llama large language model and going on at length about why open-source models are important:

AI has more potential than any other modern technology to increase human productivity, creativity, and quality of life – and to accelerate economic growth while unlocking progress in medical and scientific research. Open source will ensure that more people around the world have access to the benefits and opportunities of AI, that power isn't concentrated in the hands of a small number of companies, and that the technology can be deployed more evenly and safely across society.

There is an ongoing debate about the safety of open source AI models, and my view is that open source AI will be safer than the alternatives. I think governments will conclude it's in their interest to support open source because it will make the world more prosperous and safer.

Of course, whether Llama is truly open source is debatable at best, but it is more open than many of the alternatives.

[$] A look inside the BPF verifier

Tor, 07/23/2024 - 15:57

LWN has covered BPF since its initial introduction to Linux, usually through the lens of the newest developments; this can make it hard to view the whole picture. BPF provides a way to extend a running kernel, without having to recompile and reboot. It does this in a safe way, so that malicious BPF programs cannot crash a running kernel, thanks to the BPF verifier. So how does the verifier actually work, what are its limits, and how has it changed since the early days of BPF?

GNU C Library 2.40 released

Tor, 07/23/2024 - 14:37
Version 2.40 of the GNU C Library has been released. Changes include partial support for the ISO C23 standard, a new tunable for the testing of setuid programs, improved 64-bit Arm vector support, and a handful of security fixes. See the release notes for details.

Security updates for Tuesday

Tor, 07/23/2024 - 14:32
Security updates have been issued by Fedora (gtk3 and jpegxl), Red Hat (kpatch-patch and thunderbird), SUSE (apache2, git, gnome-shell, java-11-openjdk, java-21-openjdk, kernel, kernel-firmware, kernel-firmware-nvidia-gspx-G06, libgit2, mozilla-nss, nodejs20, python-Django, and python312), and Ubuntu (linux-aws, linux-aws, linux-aws-5.4, linux-iot, linux-aws-5.15, pymongo, and ruby-rack).

[$] "Opt-in" metrics planned for Fedora Workstation 42

Pon, 07/22/2024 - 14:54

Red Hat, through members of the Fedora Workstation Working Group, has taken another swing at persuading the Fedora Project to allow metrics related to the real-world use of the Workstation edition to be collected. The first proposal, aimed for Fedora 40, was withdrawn to be reworked based on feedback. This time around, the proponents have shifted from asking for opt-out telemetry to opt-in metrics, with more detail about what would be collected and the policies that would govern data collection. The change seems to be on its way to approval by the Fedora Engineering Steering Council (FESCo) and is set to take effect for Fedora 42.

[$] "Opt-in" metrics planned for Fedora Workstation 42

Pon, 07/22/2024 - 14:54

Red Hat, through members of the Fedora Workstation Working Group, has taken another swing at persuading the Fedora Project to allow metrics related to the real-world use of the Workstation edition to be collected. The first proposal, aimed for Fedora 40, was withdrawn to be reworked based on feedback. This time around, the proponents have shifted from asking for opt-out telemetry to opt-in metrics, with more detail about what would be collected and the policies that would govern data collection. The change seems to be on its way to approval by the Fedora Engineering Steering Council (FESCo) and is set to take effect for Fedora 42.

[$] "Opt-in" metrics planned for Fedora Workstation 42

Pon, 07/22/2024 - 14:54

Red Hat, through members of the Fedora Workstation Working Group, has taken another swing at persuading the Fedora Project to allow metrics related to the real-world use of the Workstation edition to be collected. The first proposal, aimed for Fedora 40, was withdrawn to be reworked based on feedback. This time around, the proponents have shifted from asking for opt-out telemetry to opt-in metrics, with more detail about what would be collected and the policies that would govern data collection. The change seems to be on its way to approval by the Fedora Engineering Steering Council (FESCo) and is set to take effect for Fedora 42.

Security updates for Monday

Pon, 07/22/2024 - 14:43
Security updates have been issued by Fedora (botan2, chromium, ffmpeg, fluent-bit, gtk3, httpd, suricata, tcpreplay, and thunderbird), Mageia (apache, chromium-browser-stable, libfm & libfm-qt, and thunderbird), Oracle (firefox, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, libndp, qt5-qtbase, ruby, skopeo, thunderbird, and virt:ol and virt-devel:rhel), Red Hat (containernetworking-plugins, firefox, libndp, qt5-qtbase, and thunderbird), SUSE (caddy, chromium, emacs, global, mockito, snakeyaml, testng, and opera), and Ubuntu (thunderbird).

NGI project may lose funding

Pet, 07/19/2024 - 18:48

The Next Generation Internet (NGI) project, an initiative of the EU's European Commission (EC), provides funding in the form of grants for a wide variety of open-source software, including Redox, Briar, SourceHut, and many more. But the NGI project is not among those that would be funded under the current draft budget for 2025, as The Register reports. More than 60 organizations have signed on to an open letter asking the EC to reconsider:

We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure. Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organizations.

[$] A new major version of NumPy

Pet, 07/19/2024 - 17:41

The NumPy project released version 2.0.0 on June 16, the first major release of the widely used Python-based numeric-computing library since 2006. The release has been planned for some time, as an opportunity to clean up NumPy's API. As with most NumPy updates, there are performance improvements to several individual functions. There are only a few new features, but several backward-incompatible changes, including a change to NumPy's numeric-promotion rules. Changes to the Python API require relatively minor changes to Python code using the library, but the changes to the C API may be more difficult to adapt to. In both cases, the official migration guide describes what needs to be adapted to the new version.

[$] Restricting execution of scripts — the third approach

Pet, 07/19/2024 - 15:05
The kernel will not consent to execute just any file that happens to be sitting in a filesystem; there are formalities, such as the checking of execute permission and consulting security policies, to get through first. On some systems, security policies have been established to limit execution to specifically approved programs. But there are files that are not executed directly by the kernel; these include scripts fed to language interpreters like Python, Perl, or a shell. An attacker who is able to get an interpreter to execute a file may be able to bypass a system's security policies. Mickaël Salaün has been working on closing this hole for years; the latest attempt takes the form of a new flag to the execveat() system call.

Security updates for Friday

Pet, 07/19/2024 - 14:19
Security updates have been issued by AlmaLinux (firefox, java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, libndp, openssh, qt5-qtbase, ruby, skopeo, and thunderbird), Debian (thunderbird), Fedora (dotnet6.0, httpd, python-django, python-django4.2, qt6-qtbase, rapidjson, and ruby), Red Hat (389-ds-base, firefox, java-1.8.0-openjdk, java-11-openjdk, libndp, qt5-qtbase, and thunderbird), Slackware (httpd), SUSE (apache2, chromium, and kernel), and Ubuntu (apache2, linux-aws, linux-azure-fde, linux-azure-fde-5.15, linux-hwe-5.15, linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5, and linux-raspi, linux-raspi-5.4).

Peter de Schrijver RIP

Čet, 07/18/2024 - 22:39
The sad news that Peter de Schrijver has passed away has just reached us. An obituary in Dutch relates that he passed in a Helsinki hospital on July 12. Mind Software Consulting, which he founded, has a message of condolences as well. De Schrijver was a Debian Developer and a Linux kernel contributor; he will be missed.

Evolving the ASF Brand (Apache Software Foundation blog)

Čet, 07/18/2024 - 17:10
The Apache Software Foundation (ASF) has announced that it will be changing its logo to remove the feather that has been part of its brand since 1997. ASF members will have input on the rebranding process and be able to vote on the new logo, which will be unveiled at the Community Over Code conference in October. The feather is a well-loved and iconic part of the ASF brand. We know of community members who have ASF feather tattoos. People love taking photos with the feather at our flagship event each year.

So why would we change it? As a non-Indigenous entity, we acknowledge that it is inappropriate for the Foundation to use Indigenous themes or language. We thank Natives in Tech and other members of the broader open source community for bringing this issue to the forefront. Today we are announcing we will be retiring the feather icon and logo and replacing it with a new logo that embodies the Foundation's rich history of providing software for the public good.

A bunch of new stable kernels

Čet, 07/18/2024 - 16:07
Greg Kroah-Hartman has released seven new stable kernels: 6.9.10, 6.6.41, 6.1.100, 5.15.163, 5.10.222, 5.4.280, and 4.19.318. As usual, each contains important fixes throughout the kernel tree.

[$] Filesystem testing for stable kernels

Čet, 07/18/2024 - 15:39
Leah Rumancik led a filesystem-track session at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit on the testing needed to qualify XFS patches for the stable kernels. At last year's summit, Rumancik, Amir Goldstein, and Chandan Babu Rajendra presented on their efforts to test and backport fixes for the XFS filesystem to three separate stable kernels. There has been some longstanding unhappiness in the XFS-development community with the stable-kernel process, which led to backports ceasing for that filesystem until Goldstein started working on XFS testing for the stable trees a few years ago. In this year's session, Rumancik updated attendees on how things had gone over the last year and wanted to discuss some remaining pain points for the process.

[$] The first half of the 6.11 merge window

Čet, 07/18/2024 - 15:31
The merge window for the 6.11 kernel release opened on July 14; as of this writing, 4,072 non-merge changesets have been pulled into the mainline repository since then. This merge window, in other words, is just now beginning. Still, there has been enough time for a number of interesting changes to land for the next kernel release; read on for a summary of what has been merged so far.

Security updates for Thursday

Čet, 07/18/2024 - 15:28
Security updates have been issued by Debian (chromium), Fedora (freeradius), Red Hat (firefox, java-1.8.0-openjdk, and java-17-openjdk), Slackware (openssl), SUSE (ghostscript, gnutls, podman, and python-Django), and Ubuntu (linux-hwe-6.5, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-oracle, linux-xilinx-zynqmp, and stunnel).
sfy39587f05