lwn.net
[$] LWN.net Weekly Edition for May 16, 2024
Mozilla Foundation Welcomes Nabiha Syed as Executive Director
Syed is known for her mission-driven leadership, focused on increasing transparency into the most powerful institutions in society. She comes to Mozilla after leading The Markup, an award-winning publication that challenges technology to serve the public good, from its launch through its successful acquisition in 2024.
Linux maintainers were infected for 2 years by SSH-dwelling backdoor (ars technica)
In 2014, ESET researchers said the 2011 attack likely infected kernel.org servers with a second piece of malware they called Ebury. The malware, the firm said, came in the form of a malicious code library that, when installed, created a backdoor in OpenSSH that provided the attackers with a remote root shell on infected hosts with no valid password required. In a little less than 22 months, starting in August 2011, Ebury spread to 25,000 servers. Besides the four belonging to the Linux Kernel Organization, the infection also touched one or more servers inside hosting facilities and an unnamed domain registrar and web hosting provider.
Firefox 126.0 released
[$] The state of the page in 2024
Security updates for Wednesday
Manjaro 24.0 released
Version 24.0 of the Arch-based Manjaro distribution is now available with the 6.9 kernel, GNOME 46, Xfce 4.18, and an update to the Pamac package installer. This is also the project's first release with KDE Plasma 6:
The Plasma edition comes with the latest Plasma 6.0 series and KDE Gear 24.02. It brings exciting new improvements to your desktop.
With Plasma 6, KDE's technology stack has undergone major upgrades: a transition to the latest version of application framework, Qt, and an improved graphics platform when Wayland is used. These changes are as smooth and unnoticeable to the users as possible. You will see the same familiar desktop environment that you know and love. But these under-the-hood upgrades benefit Plasma's security, efficiency, and performance, and improve support for modern hardware. Thus Plasma delivers an overall more reliable user experience, while paving the way for many more improvements in the future.
The project also offers minimal install images with the 6.6 LTS and 6.1 LTS kernels to support older hardware.
[$] Portable LLMs with llamafile
Large language models (LLMs) have been the subject of much discussion and scrutiny recently. Of particular interest to open-source enthusiasts are the problems with running LLMs on one's own hardware — especially when doing so requires NVIDIA's proprietary CUDA toolkit, which remains unavailable in many environments. Mozilla has developed llamafile as a potential solution to these problems. Llamafile can compile LLM weights into portable, native executables for easy integration, archival, or distribution. These executables can take advantage of supported GPUs when present, but do not require them.
Security updates for Tuesday
[$] Some 6.9 development statistics
[$] Managing expectations with a contributions and credit policy
Security updates for Monday
The 6.9 kernel is out
[$] Debian dismisses AI-contributions policy
In April, the Gentoo Linux project banned the use of generative AI/ML tools due to copyright, ethical, and quality concerns. This means contributors cannot use tools like ChatGPT or GitHub Copilot to creating content for the distribution such as code, documentation, bug reports, forum posts. A proposal for Debian to adopt a similar policy revealed a distinct lack of love for those kinds of tools, though it would also seem few contributors support banning them outright.
Security updates for Friday
[$] Another push for sched_ext
Security updates for Thursday
[$] LWN.net Weekly Edition for May 9, 2024
[$] Securing Git repositories with gittuf
The so-called software supply chain starts with source code. But most security measures and tooling don't kick in until source is turned into an artifact—a source tarball, binary build, container image, or other method of delivering a release to users. The gittuf project is an attempt to provide a security layer for Git that can handle key management, enforce security policies for repositories, and guard against attacks at the version-control layer. At Open Source Summit North America (OSSNA), Aditya Sirish A Yelgundhalli and Billy Lynch presented an introduction to gittuf with an overview of its goals and status.
Fedora Asahi Remix 40 is now available
Fedora Magazine reports that the Fedora Asahi Remix for Apple Arm hardware, based on Fedora 40, is now available:
Fedora Asahi Remix offers KDE Plasma 6 as our flagship desktop experience. It also features a custom Calamares-based initial setup wizard. A GNOME variant is also available, featuring GNOME 46, with both desktop variants matching what Fedora Linux offers. Fedora Asahi Remix also provides a Fedora Server variant for server workloads and other types of headless deployments. Finally, we offer a Minimal image for users that wish to build their own experience from the ground up.See the installation guide to get started with the Asahi Remix.