Post Syndicated from jake original https://lwn.net/Articles/945504/

The AI boom is clearly upon us, but there are still plenty of questions
swirling around this technology. Some of those questions are legal ones
and there have been lawsuits filed to try to get clarification—and perhaps
monetary damages. Van Lindberg is a lawyer who is well-known in the
open-source world; he came to Open
Source Summit Europe 2023 in Bilbao, Spain to try to put the current
work in AI into its legal context.

Post Syndicated from jake original https://lwn.net/Articles/945519/

The 1.0 version of the LibrePCB
“free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards“.
As noted in a blog post back in May, a grant has helped spur development of the tool.
The focus for the release has been in adding features that were needed so that “there should be no show stopper anymore which prevents you from using LibrePCB for more complex PCB [printed circuit board] designs“.
New features include a 3D viewer and export format for working with designs in a mechanical computer aided design (CAD) tool, support for manufacturer part number (MFN) management, and lots of board editor features such as
thermal relief pads in planes, blind & buried vias,
keepout zones, and more. [Thanks to Alphonse Ogulla.]

Post Syndicated from jake original https://lwn.net/Articles/945503/

Security updates have been issued by Debian (bind9, elfutils, flac, ghostscript, libapache-mod-jk, lldpd, and roundcube), Fedora (linux-firmware, roundcubemail, and thunderbird), Mageia (curl, file, firefox/thunderbird, ghostpcl, libtommath, and nodejs), Oracle (kernel, open-vm-tools, qemu, and virt:ol and virt-devel:rhel), SUSE (bind, busybox, djvulibre, exempi, ImageMagick, libqb, libssh2_org, opera, postfix, python, python36, renderdoc, webkit2gtk3, and xrdp), and Ubuntu (accountsservice and open-vm-tools).

Post Syndicated from jake original https://lwn.net/Articles/945322/

Security updates have been issued by Debian (gsl), Fedora (dotnet6.0 and dotnet7.0), Oracle (libwebp), Slackware (bind, cups, and seamonkey), SUSE (kernel and rust, rust1.72), and Ubuntu (cups, flac, gnome-shell, imagemagick, and python3.5).

Post Syndicated from jake original https://lwn.net/Articles/945173/

Security updates have been issued by Debian (mutt, netatalk, and python2.7), Fedora (chromium, golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, and golang-gopkg-alecthomas-kingpin-2), Oracle (dmidecode, frr, libwebp, open-vm-tools, and thunderbird), Red Hat (libwebp and open-vm-tools), SUSE (cups, frr, mariadb, openvswitch3, python39, qemu, redis7, rubygem-rails-html-sanitizer, and skopeo), and Ubuntu (bind9, cups, and libppd).

Post Syndicated from jake original https://lwn.net/Articles/945132/

The 5.10.196 stable kernel has been
released. It fixes a single regression:

This release is only needed by any 5.10.y user that uses configfs, it
resolves a regression in 5.10.195 in that subsystem. Note that many
kernel subsystems use configfs for configuration so to be safe, you
probably want to upgrade if you are not sure.

Post Syndicated from jake original https://lwn.net/Articles/944764/

The “limited” C API for CPython extensions has been around for well over a
decade at this point, but it has not seen much uptake. It is meant to give
extensions an API that will allow binaries built with it to be used for
multiple versions of CPython, because those binaries will only access the stable
ABI that will not change when CPython does. Victor Stinner has been
working on better
definition for the
API; as part of that work, he suggested that some of the C extensions in the
standard
library start using it in an effort for CPython to “eat its
own dog food“. The resulting discussion showed that there is still a fair
amount of confusion about this API—and the thrust of Stinner’s overall plan.

Post Syndicated from jake original https://lwn.net/Articles/944300/

The security of digital products has become a topic of regulation
in recent years. Currently, the European Union is moving forward
with another new law, which, if it comes into effect in a form
close to the current draft, will affect software developers worldwide.
This new proposal, called the “Cyber
Resilience Act” (CRA), brings mandatory security requirements on all
digital products, both software
and hardware, that are available in Europe. While it aims at a worthy goal, the
proposal is causing a stir among open-source communities.

Post Syndicated from jake original https://lwn.net/Articles/944744/

Security updates have been issued by Debian (firefox-esr, libwebp, and thunderbird), Fedora (chromium, curl, flac, libtommath, libwebp, matrix-synapse, python-matrix-common, redis, and rust-pythonize), Gentoo (binwalk, ghostscript, python-requests, rar, samba, and wireshark), Oracle (.NET 6.0, kernel, and kernel-container), Slackware (python3), and SUSE (firefox).

Post Syndicated from jake original https://lwn.net/Articles/944596/

The Debian project is mourning Abraham Raji, who was killed in an accident on September 13.

Abraham was a popular and respected Debian Developer as well a prominent free software champion in his home state of Kerala, India. He was a talented graphic designer and led design and branding work for DebConf23 and several other local events in recent years. Abraham gave his time selflessly when mentoring new contributors to the Debian project, and he was instrumental in creating and maintaining the Debian India website.

The Debian Project honors his good work and strong dedication to Debian and Free Software. Abraham’s contributions will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others.

Post Syndicated from jake original https://lwn.net/Articles/944581/

Security updates have been issued by Debian (c-ares and samba), Fedora (borgbackup, firefox, and libwebp), Oracle (.NET 6.0 and kernel), Slackware (libwebp), SUSE (chromium and firefox), and Ubuntu (atftp, dbus, gawk, libssh2, libwebp, modsecurity-apache, and mutt).

Post Syndicated from jake original https://lwn.net/Articles/944497/

The Software Freedom Conservancy
(SFC) has announced
the availability of videos from the
first-ever Free and Open Source Yearly
(FOSSY) conference, which was held in July in Portland, Oregon in the US.

During the four days of the conference, there were a wide variety of talks
from speakers with a range of experience and backgrounds, and amazing
community focused discussions. Featuring wide ranging topics such as a panel
discussion about software coops, what
is life like without a smartphone (where the picture on the right is
from), and thinking
about FOSS from a systems theory perspective. Our track organizers
brought together communities from all over, and led by example choosing
speakers, topics and setting up panels for important conversations. There
is definitely a talk that will interest you, whether you are interested
in nonprofit
board structure, an
introduction to Reproducible
Builds or maybe you are looking to have more nature
adventures with free software.

Post Syndicated from jake original https://lwn.net/Articles/944481/

Security updates have been issued by Debian (firefox-esr, libwebp, ruby-loofah, and ruby-rails-html-sanitizer), Fedora (open-vm-tools and salt), Oracle (.NET 7.0, dmidecode, flac, gcc, httpd:2.4, keylime, libcap, librsvg2, and qemu-kvm), Red Hat (.NET 6.0 and .NET 7.0), Slackware (libarchive and mozilla), SUSE (chromium and kernel), and Ubuntu (curl, firefox, ghostscript, open-vm-tools, postgresql-9.5, and thunderbird).

Post Syndicated from jake original https://lwn.net/Articles/944209/

The “Common Vulnerabilities and
Exposures” (CVE) system was launched late
in the previous century (September 1999) to track vulnerabilities in
software. Over the years since, it has had a somewhat checkered
reputation, along with some some attempts to
replace it, but CVE numbers are still the only effective way to track
vulnerabilities. While that can certainly be useful, the
CVE-assignment (and severity scoring) process is not without its problems.
The prominence of CVE numbers, and the consequent increase in
“reputation” for a reporter, have combined to create a system that can
be—and is—actively gamed. Meanwhile, the organizations that oversee the
system are ultimately not doing a particularly stellar job.

Post Syndicated from jake original https://lwn.net/Articles/944038/

Arduino has emerged as one of the
prime success stories of the open-hardware movement. In recent years, the
company has shifted its focus toward Internet of Things (IoT)
applications. As part of this transformation, it has completely redesigned
its open-source integrated development environment (IDE), adding a more
professional feature set for its hobbyist target audience. If you have
experimented with Arduino in the past, but have lost track of its
progress, now might be a good time to give it another try.

Post Syndicated from jake original https://lwn.net/Articles/944306/

Ars Technica reports on a credential-stealing Trojan horse that would infect only some of those who installed the “Free Download Manager”. The article is based on a Kaspersky report that details the malicious payload offered up at that site from 2020 to 2022.

The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

Post Syndicated from jake original https://lwn.net/Articles/944190/

Security updates have been issued by Debian (frr, kernel, libraw, mutt, and open-vm-tools), Fedora (cjose, pypy, vim, wireshark, and xrdp), Gentoo (apache), Mageia (chromium-browser-stable, clamav, ghostscript, librsvg, libtiff, openssl, poppler, postgresql, python-pypdf2, and unrar), Red Hat (flac), SUSE (firefox, geoipupdate, icu73_2, libssh2_org, rekor, skopeo, and webkit2gtk3), and Ubuntu (linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-gcp, linux-gcp-6.2, linux-ibm, linux-oracle, linux-starfive, linux-gcp-5.15, linux-gkeop-5.15, and opendmarc).

Post Syndicated from jake original https://lwn.net/Articles/943995/

In a series of posts on his blog, Oscar Benjamin looks at SymPy, which is a Python-based symbolic-mathematics library. In the first article, he outlines the “big changes for SymPy with particular focus on speed“. The second covers polynomial handling; subsequent articles will examine other pieces of the puzzle.

I will be writing this in a series of blog posts. This first post will outline the structure of the foundations of a computer algebra system (CAS) like SymPy, describe some problems SymPy currently has and what can be done to address them. Then subsequent posts will focus in more detail on particular components and the work that has been done and what should be done in the future.

Post Syndicated from jake original https://lwn.net/Articles/943990/

Security updates have been issued by Debian (chromium, libssh2, memcached, and python-django), Fedora (netconsd), Oracle (firefox and thunderbird), Scientific Linux (firefox), SUSE (open-vm-tools), and Ubuntu (grub2-signed, grub2-unsigned, shim, and shim-signed, plib, and python2.7, python3.5).

Post Syndicated from jake original https://lwn.net/Articles/943856/

Security updates have been issued by Fedora (erofs-utils, htmltest, indent, libeconf, netconsd, php-phpmailer6, tinyexr, and vim), Red Hat (firefox), and Ubuntu (linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-intel-iotg-5.15, linux-raspi, linux-oem-6.1, linux-raspi, linux-raspi-5.4, shiro, and sox).