Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

The Plight of a Single Maintainer: The curl Project's Struggle

2025-09-12

Daniel Stenberg, the sole full-time maintainer of the widely used curl project, shared his struggles at the Open Source Summit Europe. Despite curl's massive impact (used in over a billion devices), the project faces challenges from companies leveraging it without contributing, malicious emails, AI-driven DDoS attacks, and the sheer volume of maintenance tasks. While he receives some heartwarming thank-you notes, the burden of maintaining curl is immense, highlighting the difficulties faced by many open-source maintainers working without adequate support.

Read more
(lwn.net)
Development maintainer burnout

BCacheFS Disabled in openSUSE Kernels 6.17+

2025-09-11

The openSUSE team announced that BCacheFS filesystem will be disabled in kernels 6.17 and later. This is because BCacheFS is externally maintained since version 6.17, and openSUSE will no longer maintain and backport downstream patches. Currently, 6.16 and earlier versions are unaffected. Users should follow BCacheFS upstream advice for installation and usage, or prepare a KMP themselves. BCacheFS will be re-enabled once its maintainer resumes upstream maintenance.

Read more
(lwn.net)
Development

KDE Unveils Alpha of its Own Linux Distro: KDE Linux

2025-09-11

At Akademy 2025, the KDE Project released an alpha version of KDE Linux, a distribution built to showcase the best of KDE's offerings using advanced technologies. Based on Arch Linux but eschewing Pacman, it employs KDE Builder and Flatpak for software installation. While aiming for home, business, and OEM use, the alpha release is rough around the edges. Future plans include testing, enthusiast, and stable editions, with a potential end-of-life plan involving migration to another distro.

Read more
(lwn.net)
Development

Microdot: A Tiny Web Framework for Microcontrollers

2025-09-07

At EuroPython 2025, Miguel Grinberg presented Microdot, a lightweight web framework running on both MicroPython and CPython, suitable for systems ranging from IoT devices to cloud servers. Inspired by Flask but significantly smaller, Microdot's creation stemmed from Grinberg's experience with a faulty smart thermostat in his Irish home. He built a MicroPython-based system to control heating and used Microdot to create a simple web interface for monitoring temperature and humidity. Microdot's core is remarkably concise at 765 lines of code, supporting asynchronous operations and common features, with extensions providing advanced functionality. Its design emphasizes simplicity and avoids complexity, making it ideal for building web applications on microcontrollers.

Read more
(lwn.net)
Development

Open Source Power Plays: Rug Pulls, Forks, and the Shifting Sands of Control

2025-09-06

At the 2025 Open Source Summit Europe, Dawn Foster dissected the complex power dynamics in open-source software development. Large cloud providers often hold significant sway, potentially leveraging this power to the detriment of smaller companies. One tactic, 'rug pulls,' involves companies re-licensing software to restrict competitor profitability, often leading to 'forks' – community-driven project branches to regain control. The presentation analyzed case studies like Elasticsearch, Terraform, and Redis, comparing contributor composition changes before and after forks. The importance of neutral governance and a diverse contributor base emerged as key themes. Foster highlighted that while forking offers a means for maintainers and contributors to combat power imbalances, projects should prioritize neutral governance and broad contributor participation to mitigate the risk of rug pulls.

Read more
(lwn.net)
Development forking

The Demise of 32-bit Support in the Linux Kernel?

2025-09-02

At the Open Source Summit Europe 2025, Arnd Bergmann, the maintainer of architecture support in the Linux kernel, delivered a talk discussing the potential removal of 32-bit system support. While desktop and server systems have long transitioned to 64-bit, a significant number of 32-bit devices remain in embedded systems. Bergmann noted that while the kernel is still adding support for some 32-bit boards, the number of 64-bit boards supported has significantly surpassed 32-bit ones. He argued that removing 32-bit support is a gradual process, requiring consideration of existing hardware and software support and analyzing user numbers to determine when to remove support for specific architectures. The talk also addressed challenges and solutions related to 32-bit support, such as high-memory support, the year-2038 problem, and big-endian support. Ultimately, Bergmann stated that the kernel will retain support for armv7 systems for at least another ten years, while support for other 32-bit architectures will likely fade away sooner.

Read more
(lwn.net)
Development 32-bit Systems 64-bit Systems

Debian 13 "Trixie" Released: A Stable Linux Distribution Prioritizing Reliability

2025-08-29

After over two years of development, Debian 13, codenamed "Trixie," is finally here. This stable release boasts upgraded packages, over 14,000 new packages, and features APT 3.0 as the default package manager. Support for 64-bit RISC-V architecture is also included. Trixie prioritizes stability, offering a reliable experience with versions of popular software like GNOME 48 and KDE Plasma 6.3. Installation offers both a traditional command-line installer and a more user-friendly Calamares installer. The release also addresses the Year 2038 problem on 32-bit architectures and drops support for i386 and some MIPS architectures.

Read more
(lwn.net)
Development Stable Release

Python: The Documentary – Now Streaming!

2025-08-29

CultRepo's documentary, "Python: The Documentary," is now available on YouTube! This 90-minute film chronicles the incredible journey of Python, from a side project in 1990s Amsterdam to powering AI, data science, and some of the world's largest companies. Featuring interviews with Guido van Rossum, Travis Oliphant, Barry Warsaw, and many more, the documentary explores Python's rise, its community-driven evolution, internal conflicts, and its profound impact on the world. A preview was shown at EuroPython.

Read more
(lwn.net)
Development

Confidential Computing in the Linux Cloud Stack: A Balancing Act

2025-08-23

Public cloud inherently limits the privacy of VMs. Confidential computing protects guest memory, even from hypervisors, addressing privacy concerns. However, supporting confidential VMs requires rethinking the Linux cloud stack, balancing performance and security. This article explores how hardware isolation, software security mechanisms, and confidential computing impact the Linux cloud stack's boot process, secure boot, remote attestation, and more. It analyzes scaling and performance challenges, such as DRAM encryption/decryption, memory page acceptance, and ASID limitations. While confidential computing enhances security, it increases reliance on firmware and hardware, highlighting the security value of open architectures like RISC-V to reduce reliance on third-party trust. The article questions whether the investment in adapting the Linux kernel is worthwhile for the community.

Read more
(lwn.net)
Development

Kernel Community Debates AI-Generated Patches

2025-08-23

The Linux kernel community is grappling with the rise of AI-assisted coding tools. Submissions using LLMs to generate patches have sparked debate, with proposals to add tags identifying LLM usage. However, concerns about patch quality, copyright issues, and increased maintainer burden are prevalent, leading some to suggest banning LLM-generated contributions. A consensus remains elusive, but discussions are expanding to encompass a broader AI policy, slated for further discussion at the December Maintainers Summit.

Read more
(lwn.net)
Development Code Patches

ArchWiki's Secrets to Success: Lessons from DebConf25

2025-08-14

Arch Linux's ArchWiki is renowned in the Linux community for its high-quality documentation. At DebConf25, ArchWiki maintainers shared their secrets, covering content strategy, contribution guidelines, and community management. While leveraging MediaWiki's strengths—comprehensive, high-quality, and up-to-date content—they also addressed challenges like the complexity of MediaWiki markup, the high barrier to entry for contributors, and threats from AI-generated content and scraping bots. Future plans include improving community involvement, developing more editor tools, and cautiously incorporating AI. The presentation inspired Debian to revamp its wiki using MediaWiki.

Read more
(lwn.net)
Development Open Source Wiki

Nyxt: The Emacs-Inspired Browser for Developers

2025-08-14

Nyxt is an unconventional web browser built on the philosophy of Emacs: highly customizable and keyboard-driven. Written in Common Lisp and licensed under the BSD 3-clause license, it prioritizes Linux users and empowers developers to extend its functionality. While inspired by Emacs, Nyxt runs independently and supports vi and CUA keybindings. The current 3.x series uses WebKitGTK, while the upcoming 4.0 will leverage Electron for improved performance and cross-platform support (macOS and Windows). Nyxt's minimalist interface and extensive customization options appeal to developers seeking ultimate efficiency, but its steep learning curve and limited community resources present a challenge.

Read more
(lwn.net)
Development

StarDict Dictionary's Default Settings Leak User Text Selections

2025-08-12

StarDict, a popular cross-platform dictionary application, has been found to contain a serious security vulnerability. Under X11, its default configuration sends user-selected text via unencrypted HTTP to two remote servers. This vulnerability stems from its default-enabled "scan" feature, which monitors user text selections in real-time and automatically provides translations. While the maintainer suggests that disabling the scan functionality or the YouDao plugin resolves the issue, security experts argue that features with privacy risks should never be enabled by default. This is not the first time such a vulnerability has been reported; previous similar reports existed but fixes were incomplete, potentially exposing users to text leaks for years. Although the number of StarDict installations on Debian is low, the issue highlights the persistent existence and delayed resolution of security problems in open-source software maintenance.

Read more
(lwn.net)
Tech

Python Performance: Myths, Realities, and the SPy Project

2025-08-06

At EuroPython 2025, Python performance engineer Antonio Cuni debunked common misconceptions about Python's speed. He argued that Python's performance limitations stem not solely from its interpreted nature, but also from memory management overhead and dynamic features. While JIT compilers help, Cuni believes they can't fully solve the problem. He introduced SPy, a project aiming to enhance Python's performance without sacrificing compatibility by tweaking language semantics. SPy, available on GitHub, offers beginner-friendly issues for community contribution.

Read more
(lwn.net)
Development SPy project

QUIC Protocol Heads for Linux Kernel Mainline: A Speed and Performance Trade-off

2025-08-01

After over a decade, the QUIC protocol is finally making its way into the Linux kernel mainline. Designed to address latency, congestion, and security issues inherent in TCP on the modern internet, QUIC uses UDP for faster, more secure data transmission. However, current kernel implementations underperform in benchmarks, lagging behind TCP. Developers attribute this to a lack of hardware offload support and optimization, with future performance improvements expected. Kernel integration will pave the way for wider application support, but complete code review and merging are expected to take considerable time, potentially until 2026 at the earliest.

Read more
(lwn.net)
Development Network Protocol

GrapheneOS: A Privacy-Focused Android Rebuilt

2025-07-25

GrapheneOS is an open-source project aiming to bolster Android's security and privacy. Based on the Android Open Source Project, it removes substantial code and adds numerous security features, including a hardened malloc() library and control-flow integrity enhancements. While support is limited to select Google Pixel devices, GrapheneOS leverages hardware memory tagging for robust OS protection. A firsthand installation experience reveals a more secure and private Android, albeit with an initial setup time investment. The author highlights its strong privacy features but acknowledges the ongoing challenge of balancing functionality with a complete rejection of proprietary apps.

Read more
(lwn.net)
Development

PyCon US 2025: A Deep Dive into pedalboard, the Python Audio Processing Library

2025-07-22

At PyCon US 2025, Peter Sobot, a machine learning engineer at Spotify, presented pedalboard, his Python audio processing library. This library leverages Python and NumPy for efficient audio manipulation, supporting various audio format conversions and effect additions, and seamlessly integrating with VST3 plugins. Sobot's talk provided a clear explanation of digital audio fundamentals and showcased pedalboard's capabilities, such as real-time audio effects and efficient streaming. He stressed the importance of avoiding loading entire audio files into memory in Python, advocating for stream processing to prevent memory overflows. pedalboard empowers Python developers with robust audio processing, simplifying development for audio applications.

Read more
(lwn.net)
Development

Linux Secure Boot Facing Key Expiration: A Race Against Time

2025-07-19

Linux Secure Boot systems rely on a Microsoft key set to expire in September. This key signs the shim, the first-stage UEFI bootloader used to boot the Linux kernel. While a replacement key has been available since 2023, many systems may lack it, potentially requiring hardware vendor firmware updates. This poses extra work for Linux distributions and users. Updating firmware via LVFS and fwupd might be necessary, but isn't guaranteed to succeed; older BIOS systems may face space constraints, even requiring a BIOS reset. Vendor updates may also be problematic, with some manufacturers having lost access to their platform keys. Ultimately, disabling Secure Boot might be the only option in some cases.

Read more
(lwn.net)
Development

Rust and C Interoperability in the Linux Kernel: Memory, Self-Referential Structures, and Locks

2025-07-19

This article delves into the intricacies of interfacing Rust and C code within the Linux kernel. It highlights memory allocation (Kmalloc, Vmalloc, KVmalloc, and their corresponding Box and Vec usage), handling self-referential structures (Pin and the pin_init! macro), and locking mechanisms (Mutex, LockedBy, GlobalLockedBy). Rust enhances kernel code safety and reduces runtime errors through its type system and lifetime management.

Read more
(lwn.net)
Development C Interop

Linux Secure Boot Faces Key Expiration Crisis

2025-07-18

A Microsoft key used for signing the Linux Secure Boot shim bootloader is set to expire in September, potentially breaking booting on numerous systems. While a replacement key has been available since 2023, many systems lack the update, possibly requiring firmware updates from hardware vendors. This adds extra work for Linux distributions and users. Solutions involve firmware updates via LVFS and fwupd, but older firmwares might have compatibility issues, potentially requiring Secure Boot to be disabled. Vendor updates may also present problems, such as lost platform keys. Ultimately, this highlights the challenges Linux faces relying on a Windows-centric hardware ecosystem.

Read more
(lwn.net)
Development Firmware Updates

Btrfs Performance Boost: Chunk Allocation with Device Roles

2025-07-11

A significant performance improvement is coming to the Btrfs filesystem! A new patch introduces a performance-based chunk allocation method using device roles, addressing the current imbalance caused by allocation based solely on free space. By defining five device roles (metadata_only, metadata, none, data, data_only) and prioritizing roles alongside remaining space, the system can intelligently assign faster devices to metadata and slower devices to data, significantly boosting read/write performance. This improvement avoids complex device speed measurements, leveraging the existing on-disk format for smarter, more efficient storage management.

Read more
(lwn.net)
Development

Thunderbird 140 Released: Dark Mode, Easy Setting Sync, and Exchange Support

2025-07-09

Thunderbird email client version 140 is out, boasting several new features. A standout is "dark message mode," adapting message content to dark themes. It also features easy transfer of desktop settings to the mobile Thunderbird client, experimental Microsoft Exchange support, and global controls for message threading and sort order. This is an extended-support release (ESR) with 12 months of support, though Thunderbird encourages users to switch to the monthly Release channel. A staggered rollout to existing users helps catch bugs before widespread deployment, but manual upgrades are available via Help > About. Check the release notes for a complete changelog.

Read more
(lwn.net)
Development email client

Linus Torvalds and bcachefs Developer Part Ways

2025-07-05

Linus Torvalds, the maintainer of the Linux kernel, rejected a pull request for the bcachefs filesystem in the 6.16-rc3 release and hinted at no longer accepting contributions from the project in the 6.17 merge window. This stems from a significant disagreement during code review, with Torvalds stating that bcachefs developer Kent Overstreet refused to accept any questioning or modification of his code. Following a private conversation, both parties decided to end their collaboration.

Read more
(lwn.net)
Development Development Dispute

A Concise Rust Kernel Driver: The AX88796B Ethernet Controller Example

2025-06-28

This article details the experience of writing a Linux kernel driver for the AX88796B embedded Ethernet controller using Rust. The author contrasts the Rust version with its C counterpart, highlighting differences in syntax, types, and APIs. The Rust version is remarkably concise, at just over 100 lines, leveraging macros to simplify driver registration and using traits and the `#[vtable]` macro for seamless integration with existing C code. The article clearly explains the advantages of Rust in kernel driver development, such as memory safety guarantees through references and simplified error handling using `Result` and the `try` operator, providing valuable insights for Rust kernel driver development.

Read more
(lwn.net)
Development Kernel Driver

Open Source Maintainer Revolt: The Libxml2 Case Study

2025-06-26

Libxml2, a widely used XML parser, highlights the successes and failures of the open-source model. After years of being relied upon by major corporations like Apple, Google, and Microsoft without adequate support, its maintainer, Nick Wellnhofer, is rejecting security embargoes and treating security vulnerabilities like regular bugs. This decision, driven by burnout and insufficient funding, sparked a debate about corporate responsibility in open source and the need for sustainable maintenance models. Wellnhofer's actions suggest a growing frustration within the open-source community and could signal a shift in how maintainers engage with large companies.

Read more
(lwn.net)
Development corporate responsibility

Asterinas: A Rust-based Linux-compatible Kernel Challenging Traditional Designs

2025-06-20

Researchers from Southern University of Science and Technology (SUSTech) in China have developed Asterinas, a new Linux kernel written in Rust using a "framekernel" architecture. This architecture combines the advantages of monolithic and microkernels, encapsulating unsafe Rust code within a library while the rest of the kernel services use safe abstractions. This improves kernel safety while maintaining the high performance of monolithic kernels. Asterinas aims for a system with a small, formally verifiable TCB, Linux ABI compatibility, and a simple shared-memory architecture. Currently supporting x86 and RISC-V, Asterinas is under active development, with future plans to expand architecture support and cloud computing applications.

Read more
(lwn.net)
Development

Linux Kernel 6.16 Patches Core Dump Vulnerabilities: Saying Goodbye to a 'Stupid' API

2025-06-14

The Linux kernel 6.16 release significantly improves core dump handling, addressing long-standing security vulnerabilities. Previous API designs had flaws, such as core dump handlers running with root privileges, making them attractive attack targets, and race conditions leading to vulnerabilities. The new improvements introduce pidfd to ensure handlers operate on the correct crashed process and allow handlers to bind to a socket for receiving core dumps, reducing privilege escalation risks and effectively preventing attacks.

Read more
(lwn.net)
Development core dump

Open Source Software: A Cornerstone of Scientific Research

2025-06-04

This article explores the crucial role of open-source software in scientific research. The author argues that the freedom and reproducibility inherent in open-source software are essential for scientific progress, effectively addressing challenges in data processing, simulation, document preparation, and preservation. In contrast, proprietary software presents numerous risks, including restrictive licensing, software rot, and the inability to reproduce results. The article concludes by recommending several commonly used open-source software packages, such as GCC, GFortran, Julia, Typst, and Pandoc, and emphasizes the significant contribution of open-source software to scientific advancement.

Read more
(lwn.net)
Tech

The Enshittification of the Internet: Policy Failure or Technical Glitch?

2025-05-28

Science fiction author Cory Doctorow's PyCon US 2025 keynote explored the 'enshittification' of internet platforms. He attributes this phenomenon to a three-stage strategy employed by tech companies to maximize profits: locking in users, degrading user experience to benefit business customers, and finally, extracting all value from the platform. Using Google as an example, he showed how 'twiddling' algorithms manipulate search results and ad placement, harming user interests. Doctorow argues that 'enshittification' isn't a technical issue, but stems from relaxed antitrust regulation and neglected privacy legislation. He calls for stronger antitrust measures, improved interoperability, enhanced privacy protections, and other steps to reverse this trend and build a 'new good internet'.

Read more
(lwn.net)
Tech

Flatpak's Development Stagnation: A Lack of Maintainers Hinders Innovation

2025-05-23

Despite its popularity among developers and users, and adoption by distributions like Fedora, the core Flatpak project is facing development stagnation. The main cause is the loss of key developers, leading to slow code review and merging, and a backlog of new features and improvements. The article explores challenges in Flatpak's OSTree and OCI support, permission refinement, network namespaces, and NVIDIA driver integration, proposing a potential OCI-based refactoring to leverage the broader container ecosystem and address existing issues.

Read more
(lwn.net)
Development application packaging
← Previous 1 3