Bug

Researchers Discovered a New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com) 36

Wednesday Greg Kroah-Hartman announced the release of the 6.4.2 kernel. "All users of the 6.4 kernel series must upgrade."

The Hacker News reports: Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.

"As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said. "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging."

Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month.

ZDNet points out that Linux 6.4 "offers improved hardware enablement for ARM boards" and does a better job with the power demands of Steam Deck gaming devices. And "On the software side, the Linux 6.4 release includes more upstreamed Rust code. We're getting ever closer to full in-kernel Rust language support."

The Register also notes that Linux 6.4 also includes "the beginnings of support for Apple's M2 processors," along with support for hibernation of RISC-V CPUs, "a likely presage to such silicon powering laptop computers."
Open Source

Linux Foundation's Yocto Project Expands LTS to 4 Years (linuxfoundation.org) 4

Wikipedia defines the Yocto Project as "a Linux Foundation collaborative open source project whose goal is to produce tools and processes that enable the creation of Linux distributions for embedded and IoT software that are independent of the underlying architecture of the embedded hardware."

This week the Linux Foundation shared an update on the 12-year-old Yocto Project: In an effort to support the community, The Yocto Project announced the first Long Term Support (LTS) release in October 2020. Today, we are delighted to announce that we are expanding the LTS release and extending the lifecycle from 2 to 4 years as standard.

The continued growth of the Yocto Project coincides with the welcomed addition of Exein as a Platinum Member, joining AMD/Xilinx, Arm, AWS, BMW Group, Cisco, Comcast, Intel, Meta and WindRiver. As a Member, Exein brings its embedded security expertise across billions of devices to the core of the Yocto Project...

"The Yocto Project has been at the forefront of OS technologies for over a decade," said Andrew Wafaa, Yocto Project Chairperson. "The adaptability and variety of the tooling provided are clearly making a difference to the community. We are delighted to welcome Exein as a member as their knowledge and experience in providing secure Yocto Project based builds to customers will enable us to adapt to the modern landscape being set by the US Digital Strategy and the EU Cyber Resilience Act."

"We're extremely excited to become a Platinum Partner of the Yocto Project," said Gianni Cuozzo, founder and CEO of Exein. "The Yocto Project is the most important project in the embedded Linux space, powering billions of devices every year. We take great pride in contributing our extensive knowledge and expertise in embedded security to foster a future that is both enhanced and secure for Yocto-powered devices. We are dedicated to supporting the growth of the Yocto Project as a whole, aiming to improve its support for modern languages like Rust, and assist developers and OEMs in aligning with the goals outlined in the EU Cyber Resilience Act."

Programming

92% of Programmers Are Using AI Tools, Says GitHub Developer Survey 67

An anonymous reader quotes a report from ZDNet: [A]ccording to a new GitHub programmer survey, "92% of US-based developers are already using AI coding tools both in and outside of work." GitHub partnered with Wakefield Research to survey 500 US-based enterprise developers. They found that 70% of programmers believe AI is providing significant benefits to their code. Specifically, developers said AI coding tools can help them meet existing performance standards with improved code quality, faster outputs, and fewer production-level incidents.

This is more than just people working on external open-source projects or just fooling around. Only 6% of developers said they solely use these tools outside of work. In other words, today, AI programming tools are part and parcel of modern business IT. Why has this happened so quickly? It's all about the programmers' bottom line. Developers say AI coding tools help them meet existing performance standards with improved code quality, faster outputs, and fewer production-level incidents. It's also all about simply producing more lines of code.
"Engineering leaders will need to ask whether measuring code volume is still the best way to measure productivity and output," added Inbal Shani, GitHub's chief product officer. "Ultimately, the way to innovate at scale is to empower developers by improving their productivity, increasing their satisfaction, and enabling them to do their best work -- every day."

According to the survey, "Developers want to upskill, design solutions, get feedback from end users, and be evaluated on their communication skills."

"In other words, generating code with AI is a means to an end, not an end to itself," writes ZDNet's Steven Vaughan-Nichols. "Developers believe they should be judged on how they handle those bugs and issues, which is more important to performance than just lines of code. [...] Yes, you can have ChatGPT write a program for you, but if you don't understand what you're doing in the first place or the code you're 'writing,' the code will still be garbage. So, don't think for a minute that just because you can use ChatGPT to write a Rust bubble-sort routine, it means you're a programmer now, You're not."
Programming

Does the New 'Mojo' Programming Language Offer a Faster Superset of Python? (infoworld.com) 71

InfoWorld explores how the new Mojo program language "resembles Python, how it's different, and what it has to offer." The newly unveiled Mojo language is being promoted as the best of multiple worlds: the ease of use and clear syntax of Python, with the speed and memory safety of Rust. Those are bold claims, and since Mojo is still in the very early stages of development, it will be some time before users can see for themselves how the language lives up to them. But Mojo's originator — a company named Modular — has provided early access [through a limited-enrollment preview program] to an online playground: a Jupyter Notebook environment where users can run Mojo code and learn about the language's features and behavior...

Mojo can be described as a "superset" of Python. Programs written in Python are valid Mojo programs, although some Python behaviors haven't yet been implemented... It's also possible to use the actual Python runtime for working with existing Python modules, although there is a performance cost. When Mojo introduces new syntax, it's for system-level programming features, chiefly manual memory handling. In other words, you can write Python code (or something almost exactly like it) for casual use cases, then use Mojo for more advanced, performance-intensive programming scenarios... Mojo's other big difference from Python is that Mojo's not interpreted through a runtime, as Python is. Mojo is compiled ahead-of-time to machine-native code, using the LLVM toolchain. To that end, the best performance comes from using features specific to Mojo. Python features are likely to come at the cost of emulating Python's dynamic behaviors, which are inherently slow — or again, by just using the Python runtime.

Many of Mojo's native language features do one of two things. They're either entirely new features not found in Python at all, or expansions of a Python feature that make it more performant, although with less of Python's dynamism.

For example, Mojo has its own fn keyword which defines a function with explicitly-typed and immutable-by-default arguments, and its own struct keyword which is less like a Python class and more like its C/C++ and Rust counterpart "with fixed layouts determined at compile time but optimized for machine-native speed."

But "At a glance, the code closely resembles Python. Even the new Mojo-specific keywords integrate well with existing Python syntax, so you can run your eye down the code and get a general idea of what's happening." And then there's the speed... The notebook demos also give examples of how Mojo code can be accelerated via parallelism, vectorizing, and "tiling" (increasing cache locality for operations). One of the demos, a 128x128 matrix multiplication demo, yielded a claimed 17-times speedup over Python (using the Python runtime in the Mojo playground) by simply running as-is with no special modification. Mojo added 1866x speedup by adding type annotations, 8500x speedup by adding vectorized operations, and 15000x speedup by adding parallelization.
United States

The US Is Building Factories At a Wildly Fast Rate (businessinsider.com) 98

Factory construction in the United States has experienced significant growth, with construction spending by manufacturers more than doubling over the past year. Insider reports: For April 2023, the annual rate reached nearly $190 billion compared with $90 billion in June 2022, with manufacturing accounting for around 13% of non-government construction. [...] Factories are being constructed everywhere from deserts to resort towns as the US tries to bring back manufacturing of goods commonly imported from lower-cost countries. Many battery and electric vehicle factories have popped up in the Rust Belt, while solar panel and renewable energy factories now span much of the South and Southeast. The US has added around 800,000 jobs in manufacturing employment over the last two years, employing around 13 million workers per the May Bureau of Labor Statistics jobs report (PDF). However, according to the National Association of Manufacturers, the manufacturing skills gap -- caused by the labor market's struggle to find workers with highly technical and manual expertise -- could lead to 2.1 million unfilled jobs by 2030.

Manufacturing, though, has accelerated its move back to the US from other countries over the past year. According to Kearney's 2022 Reshoring Index, 96% of American companies have shifted production to the US or are evaluating reshoring operations -- a spike from 78% in the 2021 index. The sudden rise in factory construction corresponds with passage of the CHIPS and Science Act in July 2022, which provided $280 billion in funding to boost manufacturing of semiconductors, as well as the Inflation Reduction Act in August 2022. The IRA has sought to create new jobs in manufacturing, construction, and renewable energy, estimated to create up to 1.5 million jobs by 2030. Construction spending in most areas of the US economy has fallen in contrast, including office, health care, and educational construction. Residential construction has also declined amid a big cooldown from the pandemic housing market boom. Census Bureau data reveals manufacturing construction spending has escalated from January 2020 until April 2023 in every region except New England and the Mid Atlantic.

Open Source

Peplum: F/OSS Distributed Parallel Computing and Supercomputing At Home With Ruby Infrastructure (ecsypno.com) 20

Slashdot reader Zapotek brings an update from the Ecsypno skunkworks, where they've been busy with R&D for distributed computing systems: Armed with Cuboid, Qmap was built, which tackled the handling of nmap in a distributed environment, with great results. Afterwards, an iterative clean-up process led to a template of sorts, for scheduling most applications in such environments.

With that, Peplum was born, which allows for OS applications, Ruby code and C/C++/Rust code (via Ruby extensions) to be distributed across machines and tackle the processing of neatly grouped objects.

In essence, Peplum:

- Is a distributed computing solution backed by Cuboid.
- Its basic function is to distribute workloads and deliver payloads across multiple machines and thus parallelize otherwise time consuming tasks.
- Allows you to combine several machines and built a cluster/supercomputer of sorts with great ease.

After that was dealt with, it was time to port Qmap over to Peplum for easier long-term maintenance, thus renamed Peplum::Nmap.

We have high hopes for Peplum as it basically means easy, simple and joyful cloud/clustering/super-computing at home, on-premise, anywhere really. Along with the capability to turn a lot of security oriented apps into super versions of themselves, it is quite the infrastructure.

Yes, this means there's a new solution if you're using multiple machines for "running simulations, to network mapping/security scans, to password cracking/recovery or just encoding your collection of music and video" -- or anything else: Peplum is a F/OSS (MIT licensed) project aimed at making clustering/super-computing affordable and accessible, by making it simple to setup a distributed parallel computing environment for abstract applications... TLDR: You no longer have to only imagine a Beowulf cluster of those, you can now easily build one yourself with Peplum.
Some technical specs: It is written in the Ruby programming language, thus coming with an entire ecosystem of libraries and the capability to run abstract Ruby code, execute external utilities, run OS commands, call C/C++/Rust routines and more...

Peplum is powered by Cuboid, a F/OSS (MIT licensed) abstract framework for distributed computing — both of them are funded by Ecsypno Single Member P.C., a new R&D and Consulting company.

Privacy

Freenet 2023: a Drop-in Decentralized Replacement for the Web - and More (freenet.org) 54

Wikipedia describes Freenet as "a peer-to-peer platform for censorship-resistant, anonymous communication," released in the year 2000. "Both Freenet and some of its associated tools were originally designed by Ian Clarke," Wikipedia adds. (And in 2000 Clarke answered questions from Slashdot's readers...)

And now Ian Clarke (aka Sanity — Slashdot reader #1,431) returns to share this announcement: Freenet, a familiar name to Slashdot readers for over 23 years, has undergone a radical transformation: Freenet 2023, or "Locutus". While the original Freenet was like a decentralized hard drive, the new Freenet is like a full decentralized computer, allowing the creation of entirely decentralized services like messaging, group chat, search, social networking, among others. The new Freenet is implemented in Rust and designed for efficiency, flexibility, and transparency to the end user.
"Designed for simplicity and flexibility, Freenet 2023 can be used seamlessly through your web browser, providing an experience that feels just like using the traditional web," explains the announcement...

And in the comments below, Ian points out that "When the new Freenet is up and running, I think it will be the first system of any kind that could host something like Wikipedia, not just the data but the wiki CMS system it's built on. An editable wikipedia, entirely decentralized and very scalable...

"We've already had interest from everyone from video game developers who want to build a decentralized MMORPG, to political advocacy groups across the political spectrum. Plenty of people value freedom."
Programming

'Mojo May Be the Biggest Programming Language Advance In Decades' (www.fast.ai) 126

Mojo is a new programming language developed by Modular1 that aims to address the performance and deployment limitations of Python in areas like AI model development. After demoing Mojo prior to its launch, Jeremy Howard from the non-profit research group fast.ai said it feels like coding will never be the same again. Here's an excerpt from Howard's article: Modular is a fairly small startup that's only a year old, and only one part of the company is working on the Mojo language. Mojo development was only started recently. It's a small team, working for a short time, so how have they done so much? The key is that Mojo builds on some really powerful foundations. Very few software projects I've seen spend enough time building the right foundations, and tend to accrue as a result mounds of technical debt. Over time, it becomes harder and harder to add features and fix bugs. In a well designed system, however, every feature is easier to add than the last one, is faster, and has fewer bugs, because the foundations each feature builds upon are getting better and better. Mojo is a well designed system.

At its core is MLIR (Multi-Level Intermediate Representation), which has already been developed for many years, initially kicked off by Chris Lattner at Google. He had recognized what the core foundations for an "AI era programming language" would need, and focused on building them. MLIR was a key piece. Just as LLVM made it dramatically easier for powerful new programming languages to be developed over the last decade (such as Rust, Julia, and Swift, which are all based on LLVM), MLIR provides an even more powerful core to languages that are built on it. Another key enabler of Mojo's rapid development is the decision to use Python as the syntax. Developing and iterating on syntax is one of the most error-prone, complex, and controversial parts of the development of a language. By simply outsourcing that to an existing language (which also happens to be the most widely used language today) that whole piece disappears! The relatively small number of new bits of syntax needed on top of Python then largely fit quite naturally, since the base is already in place.

The next step was to create a minimal Pythonic way to call MLIR directly. That wasn't a big job at all, but it was all that was needed to then create all of Mojo on top of that -- and work directly in Mojo for everything else. That meant that the Mojo devs were able to "dog-food" Mojo when writing Mojo, nearly from the very start. Any time they found something didn't quite work great as they developed Mojo, they could add a needed feature to Mojo itself to make it easier for them to develop the next bit of Mojo!
You can give Mojo a try here.
Windows

First Rust Code Shows Up in the Windows 11 Kernel 42

According to Azure CTO Mark Russinovich, the most recent Windows 11 Insider Preview build is the first to include the memory-safe programming language Rust. Thurrott reports: "If you're on the Win11 Insider ring, you're getting the first taste of Rust in the Windows kernel," Russinovich tweeted last night. It's not clear which Insider channel he is referring to, however.

Regardless, that that was quick: Microsoft only went public with its plans to replace parts of the Windows kernel with Rust code in mid-April at its BlueHat IL 2023 security conference in Israel. At that event, Microsoft vice president David Weston said that "we're using Rust on the operating system along with other constructs" as part of an "aggressive and meaningful pursuit of memory safety," a key source of exploits. And it's not just the Windows kernel. Microsoft is bringing Rust to its Pluton security processor as well.
Science

Fungal Attacks Threaten Global Food Supply, Say Experts 76

An anonymous reader quotes a report from The Guardian: Fast-rising fungal attacks on the world's most important crops threaten the planet's future food supply, scientists have said, warning that failing to tackle fungal pathogens could lead to a "global health catastrophe." Fungi are already by far the biggest destroyer of crops. They are highly resilient, travel long distances on the wind and can feast on large fields of a single crop. They are also extremely adaptable and many have developed resistance to common fungicides. The impact of fungal disease is expected to worsen, the researchers say, as the climate crisis results in temperatures rising and fungal infections moving steadily polewards. Since the 1990s, fungal pathogens have been moving to higher latitudes at a rate of about 7km a year. Wheat stem rust infections, normally found in the tropics, have already been reported in England and Ireland. Higher temperatures also drive the emergence of new variants of the fungal pathogens, while more extreme storms can spread their spores further afield, the scientists say.

The scientists said there was also a risk that global heating would increase the heat tolerance of fungi, raising the possibility of them hopping hosts to infect warm-blooded animals and humans. The warning, issued in an article in the scientific journal Nature, said growers already lost between 10% and 23% of their crops to fungal disease. Across the five most important crops -- rice, wheat, maize, soya beans and potatoes -- infections cause annual losses that could feed hundreds of millions of people. Fungi made up the top six in a recent list of pests and pathogens with the biggest impact. Fungi are incredibly resilient, the researchers say, remaining viable in soil for up to 40 years, and their airborne spores can travel between continents.

Fungicides are widely used but the pathogens are well equipped to rapidly evolve resistance to treatments that target only a single cellular process. Existing fungicides and conventional breeding for disease resistance are no longer enough, the researchers say. One solution is planting seed mixtures that carry a range of genes that are resistant to fungal infection, rather than monocultures of a single strain. In 2022, about a quarter of wheat in Denmark was grown in this way. Technology may also help, the scientists say, with drones and artificial intelligence allowing earlier detection and control of outbreaks. New pesticides are being developed, with a team at the University of Exeter recently discovering compounds that could lead to chemicals that target several biological processes within the fungi, making resistance much harder to develop. The approach has already been shown to be useful against fungi infecting wheat, rice, corn and bananas.
"While that storyline is science fiction, we are warning that we could see a global health catastrophe caused by the rapid global spread of fungal infections," said Sarah Gurr, professor at the University of Exeter and co-author of the report. "The imminent threat here is not about zombies, but about global starvation."
Programming

'sudo' and 'su' Are Being Rewritten In Rust For Memory Safety (phoronix.com) 143

Phoronix reports: With the financial backing of Amazon Web Services, sudo and su are being rewritten in the Rust programming language in order to increase the memory safety for the widely relied upon software... to further enhance Linux/open-source security.
"[B]ecause it's written in C, sudo has experienced many vulnerabilities related to memory safety issues," according to a blog post announcing the project: It's important that we secure our most critical software, particularly from memory safety vulnerabilities. It's hard to imagine software that's much more critical than sudo and su.

This work is being done by a joint team from Ferrous Systems and Tweede Golf with generous support from Amazon Web Services. The work plan is viewable here. The GitHub repository is here.

Linux

System76 Plans Its Own Open Hardware Laptop, and a New Desktop Environment Written in Rust (linux-magazine.com) 47

Linux Magazine argues that System76's Pop!_OS offers "something rare: a commercial distribution that was integrated into the hardware, with utilities designed specifically for System76 computers and keyboards." The only other example of an integrated commercial distro of which I am aware is Purism, a company in the same niche... With hardware and software coming from the same source — what business calls vertical integration — distributions like System76/Pop!_OS offer Linux users their first experiences with what Windows and macOS users have always enjoyed — to say nothing of the closest they can currently get to open hardware. Could Linux be finally becoming mainstream at last?
They interviewed System76 CEO Carl Richell (along with a marketing director and media relations manager), who remembered how System76 was actually founded in Carl's basement around 2005: He wanted to show the world how far Linux and open source software had come by delivering it preinstalled on high-quality computers backed by caring, knowledgeable customer support. Carl felt that making Linux computers that highlight the work of the community would be a great way to introduce the broader public to open source technology and its potential...

LM: What other hardware might System76 offer in the future?

S76: We are in the research and development process of designing our own in-house laptop. We'll eventually refresh our Meerkat mini desktop with a new Thelio-style aesthetic. That project will start sometime after our first in-house laptops start shipping. [In addition,] Launch keyboards and the System76 Keyboard Configurator work on macOS and Windows! We've also prepared ISO layouts for most Launch models but don't have a time frame for release.

LM: What are you willing to say at this point about the company's future directions?

S76: We're developing COSMIC DE — a desktop environment written in Rust — as well as a prototype for an open hardware laptop manufactured in-house. Finally, Nebula, a line of computer cases based on Thelio desktops will be arriving in the coming months.

My favorite line from the interview? "Seeing a flat sheet of aluminum transformed into a beautiful desktop is strikingly rewarding."
Microsoft

Microsoft is Busy Rewriting Core Windows Code in Memory-safe Rust (theregister.com) 150

Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers. From a report: David "dwizzle" Weston, director of OS security for Windows, announced the arrival of Rust in the operating system's kernel at BlueHat IL 2023 in Tel Aviv, Israel, last month. "You will actually have Windows booting with Rust in the kernel in probably the next several weeks or months, which is really cool," he said. "The basic goal here was to convert some of these internal C++ data types into their Rust equivalents."

Microsoft showed interest in Rust several years ago as a way to catch and squash memory safety bugs before the code lands in the hands of users; these kinds of bugs were at the heart of about 70 percent of the CVE-listed security vulnerabilities patched by the Windows maker in its own products since 2006. The Rust toolchain strives to prevent code from being built and shipped that is exploitable, which in an ideal world reduces opportunities for miscreants to attack weaknesses in software. Simply put, Rust is focused on memory safety and similar protections, which cuts down on the number of bad bugs in the resulting code. Rivals like Google have already publicly declared their affinity for Rust.

Open Source

Linux Kernel 6.3 Released (zdnet.com) 16

An anonymous reader quotes a report from ZDNet, written by Steven Vaughan-Nichols: The latest Linux kernel is out with a slew of new features -- and, for once, this release has been nice and easy. [...] Speaking of Rust, everyone's favorite memory-safe language, the new kernel comes with user-mode Linux support for Rust code. Miguel Ojeda, the Linux kernel developer, who's led the efforts to bring Rust to Linux, said the additions mean we're, "getting closer to a point where the first Rust modules can be upstreamed."

Other features in the Linux 6.3 kernel include support and enablement for upcoming and yet-to-be-released Intel and AMD CPUs and graphics hardware. While these updates will primarily benefit future hardware, several changes in this release directly impact today's users' day-to-day experience. The kernel now supports AMD's automatic Indirect Branch Restricted Speculation (IBRS) feature for Spectre mitigation, providing a less performance-intensive alternative to the retpoline speculative execution.

Linux 6.3 also includes new power management drivers for ARM and RISC-V architectures. RISC-V has gained support for accelerated string functions via the Zbb bit manipulation extension, while ARM received support for scalable matrix extension 2 instructions. For filesystems, Linux 6.3 brings AES-SHA2-based encryption support for NFS, optimizations for EXT4 direct I/O performance, low-latency decompression for EROFS, and a faster Brtfs file-system driver. Bottom line: many file operations will be a bit more secure and faster.

For gamers, the new kernel provides a native Steam Deck controller interface in HID. It also includes compatibility for the Logitech G923 Xbox edition racing wheel and improvements to the 8BitDo Pro 2 wired game controllers. Who says you can't game on Linux? Single-board computers, such as BannaPi R3, BPI-M2 Pro, and Orange Pi R1 Plus, also benefit from updated drivers in this release. There's also support for more Wi-Fi adapters and chipsets. These include: Realtek RTL8188EU Wi-Fi adapter support; Qualcomm Wi-Fi 7 wireless chipset support; and Ethernet support for NVIDIA BlueField 3 DPU. For users dealing with complex networks that have both old-school and modern networks, the new kernel can also handle multi-path TCP handling mixed flows with IPv4 and IPv6.
Linux 6.3 is available from kernel.org. You can learn how to compile the Linux kernel yourself here.
Programming

New Version of Rust Speeds Compilation With Less Debugging Info By Default (phoronix.com) 24

The Rust team released a new version Thursday — Rust 1.69.0 — boasting over over 3,000 new commits from over 500 contributors.

Phoronix highlights two new improvements: In order to speed-up compilation speeds, Rust 1.69 and moving forward debug information is no longer included in build scripts by default. Cargo will avoid emitting debug information in build scripts by default — leading to less informative backtraces in build scripts when problems arise, but faster build speeds by default. Those wanting the debug information emitted can now set the debug flag in their Cargo.toml configuration.

The Cargo build shipped by Rust 1.69 is also now capable of suggesting fixes automatically for some of the generated warnings. Cargo will also suggest using "cargo fix" / "cargo clippy --fix" when it knows the errors can be automatically fixed.

Programming

Rust Foundation Apologizes For Proposed Trademark Changes, Promises Improvement (theregister.com) 37

"The Rust Foundation on Monday apologized for confusion caused by the organization's proposed trademark policy changes," reports the Register.

The Foundation now says their proposed policy "clearly needs improvement" and "there are many valid critiques of the initial draft," promising to address them and adopt a more transparent process (with a report summarizing the feedback soon). From the Register's report: The foundation, which provides financial and legal support for the memory-safe programming language, had proposed fresh rules on the use of the word Rust and its logo, which included the recommendation that people not use 'Rust' in their Rust crate names, eg: vulture-rs would be preferred over vulture-rust. These draft changes triggered a backlash... Over the weekend, Rust creator Graydon Hoare voiced support for the community's objections in a Reddit discussion thread, in response to a post by programmer Andrew Gallant, a former member of the Rust moderation team, who argued the new policy was not all that different from the old one.

"Open them up side by side — old and new — and look at what they each say about, specifically, package names, project names, repos or websites using the word 'rust', or modified versions of the logo used for small groups or projects," wrote Hoare. "These are specifically the things people are upset about, because they all changed from 'acceptable' to 'prohibited' when 'clarifying' the policy. And those are specifically things that everyone in the community does, and has done, for years. There are zillions of packages, projects, repos, websites and groups using the names and logo this way, as the old policy said they could. The new policy tells them all to stop."

Long-time open source advocate Bruce Perens told the Register that Rust's trademark policy "goes far awry of fair use which is legally permitted. Books on Rust will always have its name in their title, commercial products will be advertised as being written in Rust, being compatible with Rust, or compiling Rust. But the policy attempts to deny permission for these things. A proper trademark policy prevents others from representing that their product is Rust or is endorsed by the trademark holder of Rust. That's really as much as you can ever enforce, so there's no sense in a policy that asks for more."

The Register also spoke to Ashley Williams, a former member of the Rust core team and the original executive director and founder of the Rust Foundation, who argued upheaval in Rust's governance over the past year led to a team with less experience dealing with the Rust community. "I think a couple of very passionate people participated in the trademark working group and they didn't involve a lot of people who have even basic experience interacting with the community. So really classic community behaviors ended up getting prohibited in that [draft] policy. And that's really why everybody got upset. The policy ultimately said, 'a thing that you do all the time as a way of contributing to the Rust community is now against our policy.'"
Programming

Undercutting Microsoft, Amazon Offers Free Access to Its AI Coding Assistant 'CodeWhisperer' (theverge.com) 45

Amazon is making its AI-powered coding assistant CodeWhisperer free for individual developers, reports the Verge, "undercutting the $10 per month pricing of its Microsoft-made rival." Amazon launched CodeWhisperer as a preview last year, which developers can use within various integrated development environments (IDEs), like Visual Studio Code, to generate lines of code based on a text-based prompt....

CodeWhisperer automatically filters out any code suggestions that are potentially biased or unfair and flags any code that's similar to open-source training data. It also comes with security scanning features that can identify vulnerabilities within a developer's code, while providing suggestions to help close any security gaps it uncovers. CodeWhisperer now supports several languages, including Python, Java, JavaScript, TypeScript, and C#, including Go, Rust, PHP, Ruby, Kotlin, C, C++, Shell scripting, SQL, and Scala.

Here's how Amazon's senior developer advocate pitched the usefulness of their "real-time AI coding companion": Helping to keep developers in their flow is increasingly important as, facing increasing time pressure to get their work done, developers are often forced to break that flow to turn to an internet search, sites such as StackOverflow, or their colleagues for help in completing tasks. While this can help them obtain the starter code they need, it's disruptive as they've had to leave their IDE environment to search or ask questions in a forum or find and ask a colleague — further adding to the disruption. Instead, CodeWhisperer meets developers where they are most productive, providing recommendations in real time as they write code or comments in their IDE. During the preview we ran a productivity challenge, and participants who used CodeWhisperer were 27% more likely to complete tasks successfully and did so an average of 57% faster than those who didn't use CodeWhisperer....

It provides additional data for suggestions — for example, the repository URL and license — when code similar to training data is generated, helping lower the risk of using the code and enabling developers to reuse it with confidence.

Programming

Rust Foundation Solicits Feedback on Updated Policy for Trademarks (google.com) 41

"Rust" and "Cargo" are registered trademarks held by the Rust Foundation — the independent non-profit supporting Rust's maintainers. In August 1,000 people responded to the foundation's Trademark Policy Review Survey, after which the foundation invited any interested individuals to join their Trademark Policy Working Group (which also included Rust Project leaders). They've now created a draft of an updated policy for feedback...

Crate, RS, "Rustacean," and the logo of Ferris the crab are all available for use by anyone consistent with their definition, with no special permission required. Here's how the document's quick reference describes other common use-cases:
  • Selling Goods — Unless explicitly approved, use of the Rust name or Logo is not allowed for the purposes of selling products/promotional goods for gain/profit, or for registering domain names. For example, it is not permitted to sell stickers of the Rust logo in an online shop for your personal profit.
  • Showing Support of Rust — When showing your support of the Rust Project on a personal site or blog, you may use the Rust name or Logo, as long as you abide by all the requirements listed in the Policy. You may use the Rust name or Logo in social media handles, avatars, and emojis to demonstrate Rust Project support in a manner that is decorative, so long as you don't suggest commercial Rust affiliation.
  • Inclusion of the Marks in Educational Materials — You may use the Rust name in book and article titles and the Logo in graphic components, so long as you make it clear that the Rust Project or Foundation has not reviewed/approved/endorsed your content.

There's also a FAQ, answering questions like "Can I use the Rust logo as my Twitter Avatar?" The updated policy draft says "We consider social media avatars on personal accounts to be fair use. On the other hand, using Rust trademarks in corporate social media bios/profile pictures is prohibited.... In general, we prohibit the modification of the Rust logo for any purpose, except to scale it. This includes distortion, transparency, color-changes affiliated with for-profit brands or political ideologies. On the other hand, if you would like to change the colors of the Rust logo to communicate allegiance with a community movement, we simply ask that you run the proposed logo change by us..."

And for swag at events using the Rust logo, "Merch developed for freebies/giveaways is normally fine, however you need approval to use the Rust Word and/or Logo to run a for-profit event. You are free to use Ferris the crab without permission... If your event is for-profit, you will need approval to use the Rust name or Logo. If you are simply covering costs and the event is non-profit, you may use the Rust name or Logo as long as it is clear that the event is not endorsed by the Rust Foundation. You are free to use Ferris the crab without permission."


Programming

C Rival 'Zig' Cracks Tiobe Index Top 50, Go Remains in Top 10 (infoworld.com) 167

InfoWorld reports: Zig, a general purpose programming language that interacts with C/C++ programs and promises to be a modern alternative to C, has made an appearance in the Tiobe index of programming language popularity. Zig entered the top 50 in the April edition of the Tiobe Programming Community Index, ranking 46th, albeit with a rating of just 0.19%. By contrast, the Google-promoted Carbon language, positioned as an experimental successor to C++, ranked just 168th.
Tiobe CEO Paul Jansen argues that high-performance languages "are booming due to the vast amounts of data that needs to be processed nowadays. As a result, C and C++ are doing well in the top 10 and Rust seems to be a keeper in the top 20." Zig has all the nice features of C and C++ (such as explicit memory management enhanced with option types) and has abandoned the not-so-nice features (such as the dreadful preprocessing). Entering the top 50 is no guarantee to become a success, but it is at least a first noteworthy step. Good luck Zig!
Tiobe bases its monthly ranking of programming language popularity on search engine results for courses, third party vendors, and engineers. Here's what they's calculated for the most popular programming languages in April of 2023:
  • Python
  • C
  • Java
  • C++
  • C#
  • Visual Basic
  • JavaScript
  • SQL
  • PHP
  • Go

April's top 10 was nearly identical to the rankings a year ago, but assembly language fell from 2022's #8 position to #12 in 2023. SQL and PHP rose one rank (into 2023's #8 and #9 positions) — and as in March, the rankings now shows Go as the 10th most popular programming language.


Programming

Collabora Developer Explores Rust Support for the Linux Kernel's V4L2/Media Subsystem (phoronix.com) 5

On Thursday patches were submitted for bringing Rust infrastructure to the Video 4 Linux 2 (V4L2) framework (within Linux's media subsystem) by Collabora's Daniel Almeida.

Phoronix reports: This provides just enough for working with a prototype VirtIO camera driver written in Rust along with a Rust sample driver. These initial patches are just intended to start the discussion around V4L2 Rust driver support and the actual upstreaming of the Rust support for these camera drivers may still be some ways down the line.

Slashdot Top Deals