9
2024 Open Source Software Funding Report (opensourcefundingsurvey2024.com)

cross-posted from: https://lemmy.ndlug.org/post/1401792

This report summarizes insights from the inaugural 2024 Open Source Software Funding Survey, a collaboration between GitHub, the Linux Foundation, and researchers from Harvard University. The objective of the survey was to better understand how organizations fund, contribute to, and otherwise support open s ource software.

Survey Respondents 159 respondents to the survey collectively contribute $1.7 billion (2023 USD) in annual value to open source. 86% comes in the form of contribution labor by employees. Extrapolating survey to all organizations active in open source Using the survey responses on contribution, we estimate that organizations contribute $7.7 billion annually to OSS.

16
2024 Open Source Software Funding Report (opensourcefundingsurvey2024.com)

This report summarizes insights from the inaugural 2024 Open Source Software Funding Survey, a collaboration between GitHub, the Linux Foundation, and researchers from Harvard University. The objective of the survey was to better understand how organizations fund, contribute to, and otherwise support open s ource software.

Survey Respondents 159 respondents to the survey collectively contribute $1.7 billion (2023 USD) in annual value to open source. 86% comes in the form of contribution labor by employees. Extrapolating survey to all organizations active in open source Using the survey responses on contribution, we estimate that organizations contribute $7.7 billion annually to OSS.

103

Bcachefs lead developer Kent Overstreet published a Patreon post this evening entitled "Trouble in the kernel" where he explained:

"TLDR: the future of bcachefs in the kernel is uncertain, and lots of things aren't looking good.

Linus has said he isn't accepting my 6.13 pull request, per "an open issue with the CoC board", and at this point I have no idea what's going on with the CoC board. I, for my part, have felt for quite some time that there are issues about our culture and the way we do work that need to be raised, and that hasn't been going anywhere - hence this post."

It appears that the source of this violation can be found in this Linux kernel mailing list thread.

8

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.

The flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and fixed only yesterday, in version 3.8.

Needrestart is a utility commonly used on Linux, including on Ubuntu Server, to identify services that require a restart after package updates, ensuring that those services run the most up-to-date versions of shared libraries.

...

Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited.

41

The first teaser for A Minecraft Movie released in September to some decidedly mixed reactions, particularly concerning the CGI and character design and especially Jason Momoa's hair. And yes, there were many ridiculous memes. We were inclined to give it a chance based on the casting of Momoa and Jack Black. Now the full trailer has dropped, and honestly, odd design choices aside—and they are indeed odd—it looks like a perfectly acceptable fun family film and not much more, albeit very light on actual plot.

YouTube Trailer: A Minecraft Movie | Official Trailer

15

Yes, this nifty workflow wonder is finally able to automatically tile newly opened windows based on the currently active tiling layout (and as you may sick of me re-emphasising: you can switch between different layouts ad-hoc, and create and save your own).

Windows auto-tile to the best vacant slot in the layout. But what’s ‘best’? Tiling Shell developer Domenico Ferraro says this will be the ‘vacant tile nearest to the center of the screen’.

With the addition of automatic tiling you no longer need to tile windows manually.

64
A Linux Desktop for the family (chronicles.mad-scientist.club)

I saw plenty of efforts that aim to create a Linux distribution for non-enthusiasts, for people who just want to use their computers, and not care about the details - A Desktop for All on the GNOME blog, most recently. While I commend the effort, my own experience is that these efforts are futile, and start off from a fundamentally wrong premise: that people are willing (let alone wanting) to manage their own operating systems.

...

My family is using Linux because that’s the system I can maintain for them. Apart from my Dad, they never installed Linux, and never will. They don’t install software, they don’t upgrade, they don’t change settings either. All of that is something I do for them. And to do so effectively, I need a distribution I am familiar with, one that is also flexible enough to fine-tune for every member of the family, because they prefer fundamentally different things!

...

The common pattern between all these three is that neither of them maintains their own systems. I do. As such, how beginner friendly the distribution is, is meaningless. The users of the system don’t care, they’ll never see those parts. They’ll have a preconfigured system maintained by someone else, and that’s exactly what they want. To make this work, I’m using distributions I am familiar with. For my parents, that’s Debian, because I was a Debian person when their systems were installed. For my Wife, it is NixOS, because I’m a NixOS person now. For the Twins, it will likely be NixOS too.

97
submitted 2 weeks ago* (last edited 2 weeks ago) by pnutzh4x0r@lemmy.ndlug.org to c/linux@lemmy.ml

A new patch series posted today to the Linux kernel mailing list would block kernel modules/drivers from TUXEDO Computers from accessing GPL-only symbols in the kernel.

TUXEDO Computers maintains a set of kernel drivers currently out-of-tree for their various laptops for additional functionality around power profiles, keyboard backlight controls, WMI, sensor monitoring, the embedded controller, and other functionality. They have said they want to eventually mainline these drivers but in the name of allowing for rapid hardware support they maintain them out-of-tree and ship them with their Ubuntu-based TUXEDO OS and also have the driver sources available via GitLab.

The issue at hand though is that these kernel drivers marked as GPLv3+ and that conflicts with the upstream Linux kernel code licensed as GPLv2. There was a commit to change the driver license from GPLv3 to GPL(v2) but was reverted by TUXEDO Computers on the basis of "until the legal stuff is sorted out."

Update: TUXEDO Computers Relicenses Some Of Their Drivers To GPLv2

As of yesterday, TUXEDO Computers has now been able to re-license their driver consisting of fully in-house code from GPLv3 to GPLv2+. These are the TUXEDO Computers drivers where it's all written by TUXEDO employees and not having to worry about code from any third-party developers or other vendors.

The gxtp7380, ite_8291, ite_8291_lb, ite_8297, stk8321, tuxedo_compatibility_check, tuxedo_nb02_nvidia_power_ctrl, and tuxedo_tuxi drivers are the initial ones able to be moved to the GPLv2+ licensing for satisfying upstream Linux kernel developers. Moving the other drivers to GPLv2+ will take longer due to needing to check with the associated parties that contributed to those drivers.

5
submitted 2 weeks ago* (last edited 2 weeks ago) by pnutzh4x0r@lemmy.ndlug.org to c/ubuntu@lemmy.ml

With the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privilege escalation vulnerabilities.

...

During our research, we successfully identified a privilege escalation from the default user on a fresh Ubuntu Desktop installation to root. To achieve this, we chained one small bug in a privileged component together with a number of features, which all work as expected, to achieve arbitrary command execution as root.

This blog post will outline the journey of our research, discuss how we identified these vulnerabilities, and, we hope, show that you can keep it simple when it comes to exploitation and achieve the same results without needing a very complex (although extremely cool) kernel memory corruption vulnerability, for example.

2
submitted 3 weeks ago by pnutzh4x0r@lemmy.ndlug.org to c/irc

2023 had been a slow year, so we skipped on our traditional annual update, but it is back this year. here’s a summary of everything that’s been happening since Nov 2022. Most of the progress these last two years have been around making chathistory more suitable for the real world, and reducing bandwidth usage for mobile clients.

2

The Ubuntu Mainline Kernel PPA is great for quickly and easily fetching new upstream Linux kernel builds assembled for Ubuntu/Debian systems. It's a big time saver for grabbing the latest stable or daily development kernel on Ubuntu. It's also great for having them publicly and readily available -- one of the reasons I prefer it as well is for that transparency into the kernel builds and prefer using them so when a vendor or user asks about my kernel configuration or if I can supply the kernel used for testing, it's darn simple to just cite the Ubuntu Mainline Kernel PPA.

But it hasn't been producing any new kernel builds since the middle of September... All of the Linux 6.12 release candidates and daily builds have not been producing. Presumably due to a broken Kconfig change or something else failing from the Linux 6.12 merge window changes.

Similar to last year the Ubuntu Mainline Kernel PPA being broken for over a month. Frustrating that such a useful feature and one maintained by the Ubuntu Kernel Team can remain broken for weeks on end. It's been an annoyance on my end for a number of weeks, but at least last time when calling out the broken state for more than a month, it wound up being fixed shortly thereafter. Hopefully that happens again to restore this great feature of Ubuntu Linux particularly for hardware enthusiasts, kernel testers, etc.

161

Whether you just downloaded Firefox, or you’ve been with us since the beginning, you are a vital part of helping us make the internet a better place. Here's a sneak peak at what's coming next!

[-] pnutzh4x0r@lemmy.ndlug.org 164 points 2 months ago

I think the "Ubuntu Core 22" means it is the snap based version of Steam rather than the deb version.

If you look at the snapcraft.yaml for the Steam snap, it uses core22 as its base.

[-] pnutzh4x0r@lemmy.ndlug.org 68 points 2 months ago

This is a great summary. Thanks!

[-] pnutzh4x0r@lemmy.ndlug.org 32 points 3 months ago

I think the WINE project was maintaining a fork of Mono that was used to support running certain Windows applications:

https://wiki.winehq.org/Mono

So in addition to translating traditional WIN32 system calls, WINE also supports .NET applications, which a number of Windows programs require.

[-] pnutzh4x0r@lemmy.ndlug.org 40 points 3 months ago

The reasons for this shift in budget away from funding Free Software and the NGI initiative seems to be an allocation of more funds for AI, leaving internet infrastructure by the wayside. Meanwhile, the EC has thus far declined to comment to share its official reasoning for striking this funding from its budget.

Sigh. It appears that they are chasing after the latest "shiny" thing instead of investing in existing infrastructure. Not surprising, but disappointing.

[-] pnutzh4x0r@lemmy.ndlug.org 77 points 3 months ago

Not a bad list. Off the top of my head, I would say it is missing two things:

  1. Discrete Math (formal logic, sets, probability, etc)
  2. Theory of Computing (not just algorithms, but things like Turing machines, NFAs, DFAs, etc.). These may not be strictly the most practical courses, but I think a Computer Science degree would be incomplete without these.

The "Introduction to Operating Systems" link no longer works (redirects to "Autonomous Systems" courses). Instead, I would recommend using Operating Systems: Three Easy Pieces, which is the textbook I use in my OS course.

Finally, something like The Missing Semester of Your CS Education would also be a nice extra.

[-] pnutzh4x0r@lemmy.ndlug.org 48 points 1 year ago

And that's exactly what happened in your case David. Which is why I'm so happy (also because I fixed the tools from an author I like and already had the books at home :-P):

Really detailed and cool response from the kernel developer. I also found the use of the recent BPF feature to provide a workaround until a proper kernel fix lands really interesting.

[-] pnutzh4x0r@lemmy.ndlug.org 53 points 1 year ago

Would to see them publish stable releases via this apt repository as well.

[-] pnutzh4x0r@lemmy.ndlug.org 45 points 1 year ago

No word on how long it will get software support though. With everyone else going to 5 or 7 years of updates, Motorola's typical 2 year support cycle is a huge negative.

[-] pnutzh4x0r@lemmy.ndlug.org 90 points 1 year ago

I wish they had a mastodon account... they have https://mozilla.social, but they don't have an account there... which is bizarre.

They do have an account for Firefox Nightly and Firefox Dev Tools account though.

[-] pnutzh4x0r@lemmy.ndlug.org 37 points 1 year ago

Headline is a bit misleading... This is just Tails updating to the latest LTS kernel, which has the security fix (which many other distributions have done).

This update is a good thing, but the headline made it sound like the Tails project was contributing a fix to the kernel.

Anyway, thanks for sharing.

[-] pnutzh4x0r@lemmy.ndlug.org 33 points 1 year ago

Currently self-hosting my own mastodon server and honestly the setup wasn't too bad (using docker)... much more straight-forward than I feared.

My main concerns, which Julia mentions, is that if you have a small instance, you are very much an island as the way federation work is not what you expect. For instance, as Julia notes, if you view a new person's profile on your own instance, it will look empty (as if they haven't posted anything). Lemmy also has this issue if you view a community you have not subscribed to yet for the first time.

Likewise, my "#explore" tab is basically always empty and discovering new tags or people is difficult if you are just looking on your own instance (I basically have to go to Fossotodon or another instance to find new things and then import them into my own instance). I've recently learned that you have to have a third party application basically seed your instance with posts... again, similar to the bot tricks use for seeding Lemmy with communities.

Overall, I think discovery is a big pain point for the fediverse and ActivityPub. It's great that we can have our own instances and control our own small communities, but it seems that we are lacking the ability to really connect across instances and form experiences that really bridge across multiple communities.

[-] pnutzh4x0r@lemmy.ndlug.org 47 points 1 year ago

I wonder if it is because of the various outages on both instance and the new "dead instance" detection, lemmy.ml has temporarily stopped receiving updates?

The federation code now includes a check for dead instances which is used when sending activities. This helps to reduce the amount of outgoing POST requests, and also reduce server load.

view more: next ›

pnutzh4x0r

joined 1 year ago