|
|
Subscribe / Log in / New account

LWN's guide to 2024

By Jonathan Corbet
January 2, 2024
The calendar has flipped over into 2024 — another year has begun. Here at LWN, we do not have a better idea of what this year will bring than anybody else does, but that doesn't keep us from going out on a shaky limb and making predictions anyway. Here, for the curious, are a few things that we think may be in store for 2024.

The kernel community will begin to move away from email as the core of its development process. Progress will be slow, and many kernel developers will prove strongly resistant to any alternative workflow, often for good reasons, but there will be at least a few developers who are able to get work reviewed, updated, and merged without having to touch a mail client. In a world where even Linus Torvalds is saying that the time has come to make a change, the unthinkable stands a good chance of actually coming to pass.

The next long-term stable kernel will be 6.12, which will be released on December 1, 2024 (unless Linus Torvalds declines to make a release immediately after the US Thanksgiving holiday, in which case it will be one week later).

The first user-visible Rust code will be merged into the kernel, perhaps as soon as the 6.8 release (which will happen in March). That code may not be used on many systems initially, but it still marks an important transition: once Rust is used for user-visible features, the kernel community will no longer have the option of easily dropping support for the language. Merging user-visible Rust code into the kernel will, in other words, be a declaration that the Rust experiment is a success.

As Rust becomes necessary to build a Linux kernel, the lack of a GCC-based Rust compiler will become a bigger problem. The gccrs project is working to fill that void, but the task is large, the target is moving quickly, and the project has progressed slowly with relatively little support. Somebody is going to have to put some resources into that project if it is to succeed; it is not clear where those resources might come from in 2024, though.

The enterprise distribution market will be shaken up in 2024. Last year, vendors working in this space all apparently came to the conclusion that there was little to be done other than offering clones of Red Hat Enterprise Linux (RHEL), essentially ceding control over that part of the market to one company. As Red Hat makes it harder to compete in that space, though, both vendors and users will increasingly ask themselves why they are bothering. Stable Linux does not need to be a copy of RHEL, and there are a number of interesting approaches that could draw parts of the market away from RHEL in the future.

Firefox will reverse its longtime decrease in browser share after gaining a strong impetus from Google's plan to switch to "Manifest V3" in the Chrome browser. That transition will make ad blockers harder, if not impossible, to implement in Chrome. Ad blockers, once called "the biggest boycott in world history" by Doc Searls, are the only thing that makes the World Wide Web tolerable for many users. Switching browsers is not harder than installing the ad blocker in the first place; many people will find the motivation to make that switch when the alternative is a constant stream of advertisements, trackers, and malware.

Of course, this will all go better if Mozilla positions itself well to be the defender of a friendlier web. The recent statement from Mozilla CEO Mitchell Baker suggests that the organization sees AI as a more interesting place to focus its efforts on than saving the world (again) from a browser monopoly. If Firefox languishes while Mozilla pursues shinier projects, an opportunity — perhaps the final one — for Firefox to regain relevance may be lost.

Speaking of AI, open-source generative AI will see a lot of attention this year. Partly that is because some of the open-source projects have proved to be surprisingly competitive with the proprietary efforts, but there is more going on than that. Those proprietary platforms are going to spend the year tangled up in high-profile copyright lawsuits and could run into serious trouble. A system based on free software, running on one's own servers, may continue to be useful even if the large, proprietary solutions find themselves restricted or shut down. We will also certainly see signs of open-source models being used in ways (such as the generation of hate speech, for example) that the commercial models, often with good reason, prohibit. The results seem unlikely to be pleasant.

It will be a big year for BPF, which is not surprising since the last few years have been as well. Projects like the extensible scheduler class seem unlikely to go away; increasing pressure from users may eventually cause its rejection to be reconsidered. Meanwhile, the recently announced acquisition of Isovalent by Cisco may bring new resources to BPF development — or it may, in the way of many corporate acquisitions, succeed in messing up an important BPF-development group.

The first release of a "free threading" Python (without the global interpreter lock or GIL) in October will be a qualified success. There will be rough spots and bumpy patches due to the need for two different binary distributions of the language (with and without the GIL) and its extensions, but the overall direction will be looking good. The free-threaded version will not be the default in 2024, but progress in that direction will be visible by the end of the year.

Goodhart's law, paraphrased, says "when a measure becomes a target, it ceases to be a good measure". Abuse of metrics will become a bigger problem in the coming year, continuing a trend that has been underway for some time. Whether the metric is CVE numbers obtained, regression reports filed, commit counts, patches "reviewed", toots boosted, discussion-forum badges obtained, or any of a number of other things, the pursuit of "more" will lead to trouble.

Consider, for example, this post from Daniel Stenberg on problems with AI-generated security-bug reports in the curl project. As it becomes easier to crank out such reports (or "Tested-by" tags, etc.), and as people perceive value in increasing their personal scores, the amount of abuse will certainly increase. We will have to develop better defenses to avoid being overwhelmed by this type of spam.

Finally, the ongoing maintainer crisis will intensify in 2024. There are many projects in the free-software community that are heavily and widely depended upon, but which receive little support. Those projects, as a result, tend to exhibit slow progress, large amounts of technical debt, security problems, and more. This problem is not new; it is also not hidden to anybody who has been paying attention.

Free software has been a major boon to the corporate world. Any company out there can take advantage of massive amounts of free software with no obligations beyond adhering to the license — and many companies do not even bother with that. Companies can adapt the software to their needs, and they can pool their efforts to minimize the need to reimplement functionality that has been created elsewhere.

This freedom is a good thing; it has created a great deal of benefit for almost everybody involved. But free software does not develop itself; it needs care and support. Often, companies have provided those resources, with the result that we all have access to far more free software than we might have once thought possible. We have all benefited from this massive contribution of resources to our community from the commercial realm.

But companies can be severely short-sighted. It is easy for a manager to justify contributing a driver to the kernel to enable their company's hardware. It is harder to justify contributing resources to the framework within the kernel that makes the driver easy to write, to the rest of the kernel, or to user-space support for that hardware. And it is nearly impossible to get resources to support hardware that the company is no longer selling — even though many users still depend on that hardware.

So companies tend to contribute in ways that create other problems and fail to support the platform as a whole. They hire maintainers in the hope of gaining both skills and some influence over a project, then do not give those maintainers time to do their maintenance work. Companies will often ignore pressing needs in parts of the free-software ecosystem, seeing them as somebody else's problem. As a result, much of the work of keeping our software healthy falls onto the shoulders of the relatively few developers who are able to put some time (perhaps at significant personal cost) into it.

By all appearances, 2024 does not look like a year in which companies have decided to improve support for the software that they depend so heavily upon. That needs to change; free software is not some magical, infinite resource that companies can use to reduce their own development costs without a care for its future. It is a way to share maintenance costs; if it is used as a way to shed those costs entirely, the results will continue to be unpleasant, for both the software and the people who work so hard to keep it going.

Hopefully that vision is too dark, and we will see some progress toward improving the situation. Regardless of how it goes, LWN will be there throughout 2024 to keep you apprised of the state of our community. We hope it is a great year for all of our readers, and thank you for supporting us into our 26th year of operation. It has been a fascinating trip, and we are not done yet.


to post comments

LWN's guide to 2024

Posted Jan 2, 2024 22:53 UTC (Tue) by josh (subscriber, #17465) [Link] (9 responses)

> Of course, this will all go better if Mozilla positions itself well to be the defender of a friendlier web.

> the organization sees AI as a more interesting place to focus its efforts on than saving the world (again) from a browser monopoly. If Firefox languishes while Mozilla pursues shinier projects, an opportunity — perhaps the final one — for Firefox to regain relevance may be lost.

I would love to know what the actual rationale has been, there. The most *generous* interpretation I can come up with is that Firefox is desperately trying to find a revenue source other than its contract with Google. But at the same time, almost *any* good revenue source gets wildly better and easier if Firefox is vastly more popular than it currently is.

LWN's guide to 2024

Posted Jan 3, 2024 0:07 UTC (Wed) by tux3 (subscriber, #101245) [Link] (8 responses)

For two cents worth of cynical speculation, I would guess that maintaining a declining browser is not a big enough goal. It's not shiny. It's not gratifying.

Imagine that you are an exec leaving Mozilla a few years from now and the summary of your impact is that you did maintenance on a decaying 20 year old project. Maybe you reversed its decline for a moment and that _is_ positive impact, but nevertheless not very flashy on a CV. Or maybe you failed to reverse the decline, and now it looks like you were sleeping at the wheel without trying to innovate.

If you try to pursue AI 3.0 while turbocharging™ the innovation, even the failure can be marketed as a bold attempt among your executive peers. And if it succeeds, you're clearly a visionary.

LWN's guide to 2024

Posted Jan 3, 2024 5:50 UTC (Wed) by alison (subscriber, #63752) [Link] (3 responses)

> Imagine that you are an exec leaving Mozilla a few years from now and the summary of your impact is that you did maintenance on a decaying 20 year old project.

Mozilla spawned Rust, no? That's a pretty significant accomplishment. In addition, there are folks who have valid reasons to maintain a strong hold on their privacy and for whom Tor or Kubes is too difficult a solution. Firefox has given those users a way to control their data. These aspects of Mozilla projects are high-impact to my way of thinking. Why not influence the direction of the Mozilla Foundation by making a monetary contribution?

LWN's guide to 2024

Posted Jan 3, 2024 9:31 UTC (Wed) by b7j0c (guest, #27559) [Link] (1 responses)

> Why not influence the direction of the Mozilla Foundation by making a monetary contribution?

You don't fix a misallocation-of-funds problem with more money

Your donation just underwrites the comp of the existing leadership

I also fail to see how Mozilla's treatment of Rust can be seen as a success...they followed their good luck of incubating the tech by turning the entire team.

LWN's guide to 2024

Posted Jan 3, 2024 20:01 UTC (Wed) by roc (subscriber, #30627) [Link]

Mozilla incubated Rust until it became so important that it could continue to flourish without Mozilla's financial help. That's certainly a form of success.

In one way, Mozilla cutting their Rust team actually *helped* Rust: people used to worry about the future of Rust if Mozilla cut that support (sometimes in public as a FUD tactic, sometimes in good faith), and now they don't.

LWN's guide to 2024

Posted Jan 3, 2024 16:47 UTC (Wed) by sramkrishna (subscriber, #72628) [Link]

I actually believe that the dangers of inequity caused by AI will make trust in Windows and MacOS go down and we might see more interest in Linux on desktops/laptops. I think as GNOME and KDE continue to focus on the app ecosystem this is going to turn more critical as time goes by.

LWN's guide to 2024

Posted Jan 3, 2024 16:08 UTC (Wed) by pizza (subscriber, #46) [Link] (3 responses)

> For two cents worth of cynical speculation, I would guess that maintaining a declining browser is not a big enough goal. It's not shiny. It's not gratifying.

Eh, it's a lot more mundane than that.

All of firefox's competition (ie Edge, Chrome, Safari; everyone else doesn't even count as a rounding error) has the _massive_ advantages of (1) being the installed-by-default browser on a proprietary platform and (2) being pushed by major, major web destinations ("works best on Chrome", "Use our Chrome app for best experience" etc).

Firefox got its initial market share because it was genuinely, objectively *better* than its competition (mainly IE6). Today, everyone is roughly equivalent feature/performance-wise, and the only real way Firefox has to distinguish itself is through superior privacy features. However, the general consumer market doesn't give a flying f- about that stuff. And there's simply not enough privacy geeks to amount to more than a rounding error.

I find this almost incomprehensible; Firefox plus a couple of ad-blocking plugins provides such a vastly better browsing experience to everything else out there, yet the masses have clearly spoken.

(Meanwhile, on a similar token, folks complaining about Firefox lacking in feature X, or Mozilla coprorate shenanigans, and using that as justification to use Chrome, which is objectively _worse_ in those same respects... really don't deserve to be listened to)

LWN's guide to 2024

Posted Jan 5, 2024 14:43 UTC (Fri) by raven667 (subscriber, #5198) [Link] (2 responses)

I know this is opening up old debates, but Mozilla never made Firefox attractive for embedding or customization in the way that Google has with Chrome, there are some reasons why Vivaldi, Brave, Opera and MS Edge built on top of Chromium and not Firefox when both are available for licensing under reasonably similar terms. Or why Electron took off and XULRunner didn't when I think they were trying to do similar things, maybe Mozilla was just early with the tech but people really didn't seem to care for XUL.

How was that different from Rust, which was invented to improve Firefox security, but has taken on a life of its own and will probably outlive Firefox as a project, getting wide industry adoption and a vibrant community.

I used to love Opera as a professional browser for people who are professionally online (as a sysadmin or developer, journalist or researcher) and Vivaldi is trying to rekindle that niche as a small sustainable business, but it seems Firefox is still targeting the general consumer in competition with Chrome, rather than a niche they could more easily dominate (same kind of criticism often lobbed at GNOME, which seems primary used by sysadmins/developers/media professionals but who seems to focus on the general consumer as their target user).

> For two cents worth of cynical speculation, I would guess that maintaining a declining browser is not a big enough goal. It's not shiny. It's not gratifying.

I think I've come to a round about way of agreeing with this, they keep shooting for the moon and missing (according to their own definition of success) rather than defining a goal that is more achievable and sustainable, but not as exciting. Some of their moonshots are not bad ideas either (like Rust, or even KaiOS) but I think a lot of people would prefer if they could be relied on to keep the lights on in 10y and not take on risky bets that could sink the org, like they are going to re-create Netscape and the dotcom bubble days again.

LWN's guide to 2024

Posted Jan 5, 2024 14:52 UTC (Fri) by pizza (subscriber, #46) [Link]

> I think I've come to a round about way of agreeing with this, they keep shooting for the moon and missing (according to their own definition of success) rather than defining a goal that is more achievable and sustainable

The thing is, a "free standalone browser" _is_ not sustainable in the long run. That was the impetus for several of those moonshot projects (most notably FirefoxOS targeting smartphones); to try and make it so they're not entirely dependent upon platforms controlled by other, often hostile, organizations... that use said platforms to push (if not outright embed) their own competing browsers.

LWN's guide to 2024

Posted Jan 5, 2024 21:11 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

> I know this is opening up old debates, but Mozilla never made Firefox attractive for embedding or customization in the way that Google has with Chrome

Mozilla went out of their way to make it _impossible_ to embed Firefox. I guess the management wanted to make sure that Firefox brand is not diluted.

LWN's guide to 2024

Posted Jan 2, 2024 23:33 UTC (Tue) by iabervon (subscriber, #722) [Link] (5 responses)

My guess is that there will be a thread on Lore for a patch series where the developer didn't use a mail client to start it, read reviews, or respond to them, but other participants did receive this communication as email and send their feedback that way.

LWN's guide to 2024

Posted Jan 3, 2024 5:15 UTC (Wed) by mricon (subscriber, #59252) [Link] (4 responses)

I describe how I see a bridged GitHub/GitLab/Whatnot workflow for someone who wants to submit a pull request to a subsystem:

https://lore.kernel.org/tools/20231213-fluffy-roaring-cap...

It uses the email bridge as a mechanism to do additional code review and collect sign-offs from people who may not necessarily have an account on that particular forge.

I hope to work on this in the next few weeks.

LWN's guide to 2024

Posted Jan 3, 2024 11:19 UTC (Wed) by dullfire (guest, #111432) [Link] (3 responses)

I only took a quick skim, but it looks like this is primarily a github->mailing-list bridge (mostly unidirectional), is that correct?

Is there any tooling for if going the other way, that is I use a mail client (or basically any other interface that doesn't require a github account or agreeing to github's ToS) to contribute?

I am sort of guessing not (for one, I suspect that would itself be a violation of github's ToS), but I thought I'd ask.

LWN's guide to 2024

Posted Jan 3, 2024 20:49 UTC (Wed) by rincebrain (subscriber, #69638) [Link] (2 responses)

Github allows replying to PRs via email, so I don't think it _has_ to violate ToS...

LWN's guide to 2024

Posted Jan 3, 2024 21:22 UTC (Wed) by iabervon (subscriber, #722) [Link] (1 responses)

I think there's a federation issue, more than anything else: can kernel.org do anything that appropriately conveys that Al Viro reviewed the PR in a message kernel.org received from him? Or can kernel.org deliver Al Viro a useful email such that, if he replies in the usual way, the review arrives in the PR appropriately? (Al Viro being an example of someone whose normal email address is not at kernel.org.)

The forge and the email list probably have to be able to trust each other to have done the appropriate authentication of the attribution of review comments before transforming them in ways that preserve the meaning, which probably requires some sort of special agreement to be not too awkward.

I guess it might be okay to have the GitHub PR get a lot of review comments by kernel.org that say "according to (link to lore), (real person) says: (extracted comment about that part)", which kernel.org could add on its own behalf.

LWN's guide to 2024

Posted Jan 7, 2024 18:10 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

I believe that every "issuable" has its own email address (using `+unique-id`-style addresses) and the sender is associated with the user account that sent the email (probably based on `From`, so mailing list header-rewriting might need to change). I don't know what happens if you send something to such an address without an associated GitHub account with the sending email address.

LWN's guide to 2024

Posted Jan 3, 2024 7:38 UTC (Wed) by rsidd (subscriber, #2582) [Link]

Another source of pessimism about Firefox is this: the US government (also the UK government) supports any browser with a > 2% share on its websites. Firefox is in danger of slipping below that threshold and therefore losing guaranteed support from US government websites. That could set off a cascade, first among corporates who do business with the US government, then to others.

Firefox has been almost my only browser for the last 8 years and I certainly don't want to see this happen!

LWN's guide to 2024

Posted Jan 3, 2024 9:14 UTC (Wed) by b7j0c (guest, #27559) [Link] (17 responses)

Mozilla is the Trust Fund Kid of software...no real reason to exist but the existential crisis can be put off as long as the money remains. They may very well survive 2024 intact but they are obviously doomed long-term. Nothing Mozilla has done outside of Firefox has ever gained attention or traction. Does anyone use Firefox VPN etc? They will keep hiring non-developers into ambiguous roles. They will keep bumping the CEO's comp. Then one day the numbers won't work and everyone leaves. The issue here is that there is no vision for maintaining Firefox otherwise.

Probably our best bet is Ladybird. Once Ladybird reaches an acceptable level of compatibility I will move over to it. I trust Andreas Kling over Mitchell Baker.

2024 may also be the year SerendipityOS becomes a realistic thing to play with. On its current trajectory it really could be viable as a everyday linux replacement by 2027 or so.

Rust will indeed make it into the kernel and will forever split development into factions. Fragmenting kernel development by language will be viewed as a disastrous decision in a few years. I expect some good folks will leave kernel development rather than fight language wars.

LWN's guide to 2024

Posted Jan 3, 2024 9:45 UTC (Wed) by elenril (subscriber, #165899) [Link] (16 responses)

>Probably our best bet is Ladybird. Once Ladybird reaches an acceptable level of compatibility I will move over to it. I trust Andreas Kling over Mitchell Baker.
Far be it from me to trust Mitchell Baker, and I would love to see more real competition in browser space, but Ladybird seems like reinventing way too many wheels at once. Does a new browser really need its own new from-scratch XML library? And a JS library? And a new programming language? Seems like the mother of all NIHs.

LWN's guide to 2024

Posted Jan 3, 2024 10:05 UTC (Wed) by b7j0c (guest, #27559) [Link] (2 responses)

Agreed but without NIH, nothing the SerenityOS folks are doing would merit attention. Sure, they could have just built yet-another chrome-based browser...but why?

LWN's guide to 2024

Posted Jan 3, 2024 11:17 UTC (Wed) by elenril (subscriber, #165899) [Link] (1 responses)

This is a false dichotomy - there is a lot of space between "slap custom chrome on top of Chrome" and "reinvent the entire stack from scratch". There are existing XML, JS, ... libraries that could be used, I find it hard to believe there is a pressing need to have yet more of those custom-made for this specific project.

LWN's guide to 2024

Posted Jan 3, 2024 14:37 UTC (Wed) by b7j0c (guest, #27559) [Link]

But they seem to be succeeding (and having fun doing it)...so I'm not sure what the problem is

There are advantages with owning the roadmap of your dependencies

LWN's guide to 2024

Posted Jan 3, 2024 10:55 UTC (Wed) by paulj (subscriber, #341) [Link] (12 responses)

Cause its developers find it fun to implement those things for themselves. And if that's what provides the fun factor for them that lets them implement a good new browser, making the ecosystem healthier for the rest of us, great! More power to them.

LWN's guide to 2024

Posted Jan 3, 2024 11:24 UTC (Wed) by elenril (subscriber, #165899) [Link] (11 responses)

A modern browser is a massive undertaking, almost an entire OS unto itself. Even writing a custom UI for an existing rendering engine is a lot of work (see e.g. qutebrowser), deciding to reinvent EVERYTHING is a great way to never get beyond the toy stage. I honestly wish this project all the best, but the NIH just does not inspire confidence.

LWN's guide to 2024

Posted Jan 3, 2024 11:29 UTC (Wed) by paulj (subscriber, #341) [Link] (9 responses)

Well, the whole point of SerenityOS is to implement a useable desktop OS, from scratch. Just for the hell of it, just so the developers can learn and/or get a sense of accomplishment.

If that's their hobby, why not.

LWN's guide to 2024

Posted Jan 3, 2024 11:38 UTC (Wed) by elenril (subscriber, #165899) [Link] (8 responses)

I'm not saying they shouldn't do it, I'm saying that such an approach is unlikely to produce something more useful than say TempleOS. Of course anyone is entitled to have fun in any way the like, as long as it's not hurting anyone.

LWN's guide to 2024

Posted Jan 3, 2024 12:06 UTC (Wed) by paulj (subscriber, #341) [Link]

At a minimum a group of developers have learned a _lot_ about developing across a very broad spectrum of computer software. From x86 emulation to implement a valgrind-like debug tool, to filesystems, all kinds of formats (audio, graphics, sound, etc., etc.), how to display stuff.

It's seriously seriously impressive what they've achieved. Hats off to them. If that makes them happy, good for them.

Have a read of the birthday posts, that review accomplishments each year, it's just amazing. Starting with (and this is /1/ guy at this point): https://www.serenityos.org/happy/1st/

LWN's guide to 2024

Posted Jan 3, 2024 12:50 UTC (Wed) by Wol (subscriber, #4433) [Link] (6 responses)

> unlikely to produce something more useful than say TempleOS.

But isn't that exactly the attitude that produced Linux? And going back in time, it produced WordPerfect, OpenQM/Scarlet, Unix itself, the list goes on ...

(Of course, a lot of stuff - maybe most of it - that was produced we never hear of today ...)

Cheers,
Wol

LWN's guide to 2024

Posted Jan 3, 2024 13:04 UTC (Wed) by paulj (subscriber, #341) [Link]

And who knows what will come out of SerenityOS? Even if SerenityOS stays a happy playground, where young devs can jump in and learn-by-implementing whatever they find interesting, if even /1/ of the /many/ little components they are developing ends up becoming important to the wider world, that's a huge bonus - on top of what they've achieved personally for themselves (learning, joy through the sheer accomplisment of bringing up a whole OS from scratch, etc.).

E.g., Ladybird could be quite useful to the wider world one day. Just that'd be worth it. Imagine if someone had stopped the KHTML devs cause Mozilla existed!!

Maybe Jakt - new systems language with (hoped) much more user-friendly memory safety (via refcounting) - ends up being useful.

Maybe some other pieces.

LWN's guide to 2024

Posted Jan 3, 2024 13:22 UTC (Wed) by elenril (subscriber, #165899) [Link] (4 responses)

>But isn't that exactly the attitude that produced Linux?
No, Linus set out to write an OS kernel. He did not also write his own compiler, text editor, or libc as a part of it.

LWN's guide to 2024

Posted Jan 3, 2024 14:47 UTC (Wed) by Wol (subscriber, #4433) [Link] (2 responses)

To quote Linus (from memory, not verbatim)

THIS IS A TOY, NOT MEANT TO BE ANYTHING BIG.

Cheers,
Wol

LWN's guide to 2024

Posted Jan 3, 2024 16:19 UTC (Wed) by elenril (subscriber, #165899) [Link] (1 responses)

That is entirely orthogonal to my point, which is that trying to do too many things at once usually results in not doing any of them particularly well.

LWN's guide to 2024

Posted Jan 3, 2024 21:20 UTC (Wed) by Wol (subscriber, #4433) [Link]

> trying to do too many things at once usually results in not doing any of them particularly well.

(a) Who cares? and

(b) People who do this "Just for Fun" are usually clever enough to be "Jack of all trades, MASTER OF MOST".

If they weren't clever, they wouldn't *want* to do it.

Cheers,
Wol

LWN's guide to 2024

Posted Jan 4, 2024 1:22 UTC (Thu) by JoeBuck (subscriber, #2330) [Link]

Yes, Linux succeeded because GNU, BSD, and X had already done the work of building a free Unix-compatible userland and development tools. The kernel was the last piece (and an extremely important one). But without all of that work, it would not have been immediately useful.

LWN's guide to 2024

Posted Jan 3, 2024 14:42 UTC (Wed) by b7j0c (guest, #27559) [Link]

You should watch the Ladybird status demos on YouTube, they are well past the toy phase already

LWN's guide to 2024

Posted Jan 3, 2024 9:39 UTC (Wed) by marcH (subscriber, #57642) [Link]

> But companies can be severely short-sighted.

Not at all: some public companies look even beyond the current quarter!

Longer than that is however "the next CEO's problem" :-)

Chrome will shoot itself in the foot.

Posted Jan 3, 2024 10:47 UTC (Wed) by Wol (subscriber, #4433) [Link] (1 responses)

> That transition will make ad blockers harder, if not impossible, to implement in Chrome. Ad blockers, once called "the biggest boycott in world history" by Doc Searls, are the only thing that makes the World Wide Web tolerable for many users.

If Chrome becomes a malware delivery tool, then it's a perfect target for the CRA. If pretty much EVERY version is exploitable "out of the box" by a carefully crafted website, the regulator is likely to say "you can't issue a CE for Chrome". At which point, every product with it pre-installed becomes unsaleable in Europe.

Cheers,
Wol

Chrome will shoot itself in the foot.

Posted Jan 3, 2024 13:54 UTC (Wed) by amck (subscriber, #7270) [Link]

> If Chrome becomes a malware delivery tool, then it's a perfect target for the CRA. If pretty much EVERY version is exploitable "out of the box" by a carefully crafted website, the regulator is likely to say "you can't issue a CE for Chrome". At which point, every product with it pre-installed becomes unsaleable in Europe.

Interesting. How might this work out: some form of safety checking would be required. No checking by Chrome on adverts and it becomes a malware tool. But Google implementing any form of blacklisting or vetting of advertisers becomes a slam-dunk anti-trust violation (Google getting to blacklist its competitors).

Amck

LWN's guide to 2024

Posted Jan 3, 2024 13:14 UTC (Wed) by spacefrogg (subscriber, #119608) [Link] (10 responses)

I know my following opinion is heavily disputed, which is: The free software community could start by explicitly withdrawing from any so-called free software that is under any company ownership. In my opinion, contributing to these projects is short-sighted and detrimental to the free-software ecosystem as a whole. Each hour of work put into a company-owned project directly circumvents taxable action by said company (e.g. paying an employee or contracting another company), while maintaining (or even contributing to) all market and marketing benefits, that company has with this product. It is negligent, at best, to believe that this company-owned free software is not one of its products and not a market benefit. On the contrary, everyone who contributes to such software ruins the employee market for everyone else who would like to live from writing software (only by a bit, of course), right because they provide free services to a company that should pay for them.

Free software cannot be owned/governed by a for-profit organisation. This is a material conflict of interest due to how the free market works. Thus, I do not regard any of such software a valid target for free software developers.

I understand, that contributing to such software can be a substantial personal benefit, but I find it important to discuss the overall consequences to the ecosystem and to establish/adjust a moral compass.

The second most important point is that free software development infrastructure must be taken back from for-profit companies. It is exceptionally detrimental to project governance when (almost) the whole project infrastructure depends on the goodwill of a single company (usually Microsoft, of all places...). This is in addition to that I think that single-source project hosting is a dead end development. We need much more effective ways to manage software development and developer interaction via P2P protocols.

LWN's guide to 2024

Posted Jan 3, 2024 15:57 UTC (Wed) by dvdeug (guest, #10998) [Link] (8 responses)

> This is in addition to that I think that single-source project hosting is a dead end development. We need much more effective ways to manage software development and developer interaction via P2P protocols.

I'm always skeptical of P2P protocols. They're rarely long-term sources; if you want software to be available 24-7, someone needs to set up a server. Not only that, there's questions of trustworthiness; you want a known source to download from. You can already directly download from any git server another developer has exposed to you, but that depends on that developer running a server and making it available and known. Why is that better than hitting git.software.org and checking out their branch? A master server is more trustworthy, easier to find, easier to use, and doesn't depend on every developer constantly hosting their branch on an always-available server.

I'm not entirely happy with github.com being the one stop shop for Free Software, but it simplifies hosting and discovery. If it's not in Debian, and it's not on github, odds are I won't see it or hear of it. Remembering good old Freshmeat.net, I found there's an actively updated Freshcode.club, which may help with some of the discovery, but doesn't make hosting any easier. We left SourceForge, and the Free Software community will leave GitHub if we have to.

LWN's guide to 2024

Posted Jan 4, 2024 13:54 UTC (Thu) by spacefrogg (subscriber, #119608) [Link] (7 responses)

> I'm always skeptical of P2P protocols.
> ...

I would counter this argument with e-mail and http. For everything that is bad about them. They are one of the few user-visible protocols that are not seized by a single corp. to lock you in. Github and all the other web-based git hosting services are an interoperability joke. They don't even strive for an interoperable development process. That is what I am aiming at. I don't really care for P2P as a technical implementation but for an interoperable one.

> A master server is more trustworthy, easier to find

There is absolutely no justification for your trust. To be blunt, I presume your trust to be disguised laziness.
Apart from that, even with P2P protocols there will be "official" and well-known entry-points to a particular software project. That has nothing to do with the protocol.

> ... but it simplifies hosting and discovery

That is exactly what people call "slave thinking". Slaves also don't have to worry about anything. On the other hand they are completely at the mercy of their masters. This thinking gives up control (which is the basis for effectively exercising freedom) for laziness. For me this is a material conflict of interest between central, for-profit company-owned hosting and free software. There is nothing free about software whose access is controlled by a single entity.

> If it's not in Debian, and it's not on github ...

People don't scrape github to find software that solves their needs. Visibility has nothing to do with hosting. Not even with the inevitable github. It has to do with people not being inclined to subscribe to another(!) service. A problem that the free software community has precisely because it does not care for interoperability which would make subscriptions obsolete.

LWN's guide to 2024

Posted Jan 4, 2024 14:40 UTC (Thu) by timon (subscriber, #152974) [Link]

Your usage of “P2P” seems unusual to me. HTTP is not usually considered a peer-to-peer protocol but a client-server protocol.

> There is absolutely no justification for your trust.

Going with your example of HTTP, of course there is with well-known entrypoints and TLS with root CAs (the last one is a bit problematic, but generally works).

Example:
I know that the home of Linux is at kernel.org, so if I want to get in touch with Linux kernel development, I’d visit https://kernel.org and from there I can find the mainline Linux repository hosted at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

Anyway, everything of what I just said doesn’t mean that we need the quasi-monopoly on code hosting and open-source development that GitHub is.

LWN's guide to 2024

Posted Jan 5, 2024 22:43 UTC (Fri) by dvdeug (guest, #10998) [Link] (3 responses)

> I would counter this argument with e-mail and http.

Which aren't P2P protocols. It's hard to discuss something when not using standard language.

>That is what I am aiming at.

What is what you're aiming at?

>There is absolutely no justification for your trust.

Are you saying you'd trust a copy of the kernel from any source as much as you'd trust one from www.kernel.org or www.debian.org?

>This thinking gives up control (which is the basis for effectively exercising freedom) for laziness.

Sounds like a high-flying theory that has trouble with reality. Civilization is made possible by specialization. Do you grab a loaf of bread off the supermarket shelves, giving up control? Or do you bake your own bread, from commercial bread, trading a bunch of time for a little more control? Or do you grow your own wheat and sugar and process them yourself? That gives you control, but you don't have any time left.

I could spend all my time digging around the web for new, useful free software, but then I wouldn't have time to write it or use it.

>There is nothing free about software whose access is controlled by a single entity.

It's not. You can download most major free software projects from Debian or RedHat or Gentoo, even if they're hosted on GitHub. One feature of Git is that everyone who has downloaded the git repository has the whole history (at least in most cases.)

GitHub's dominance is problematic, but let's avoid exaggerating it.

>People don't scrape github to find software that solves their needs.

Except that I just told you I do.

>A problem that the free software community has precisely because it does not care for interoperability which would make subscriptions obsolete.

I don't even know what you want. To me, GitHub makes it trivial to throw up a quick hack and not worrying about paying for a website or jumping through hoops. It means it shows up in random searches on GitHub. It means if I can find a program, I can download it through a consistent interface and offer patches through a consistent interface, that doesn't require me to subscribe to another mailing list.

I don't know what magic you want. Apt, yum, pip, maven, snap, they all show that people want one source with consistent rules, and GitHub falls into that.

LWN's guide to 2024

Posted Jan 8, 2024 22:41 UTC (Mon) by johannbg (guest, #65743) [Link] (2 responses)

> GitHub's dominance is problematic

How is Github's dominance problematic?

LWN's guide to 2024

Posted Jan 15, 2024 3:33 UTC (Mon) by dvdeug (guest, #10998) [Link]

It's a large piece of infrastructure run by a commercial organization, a huge one that could turn it off and barely notice the backlash, and one that has a historically complicated relationship to open source. It's potentially like Geocities, which Yahoo unceremoniously shut down and left a hole in the Internet that's never really been replaced.

LWN's guide to 2024

Posted Jan 15, 2024 10:05 UTC (Mon) by sammythesnake (guest, #17693) [Link]

The simple answer is that it's a single point of failure - the possibility that it might become unavailable or unusable because of some future event (Microsoft remembers the "good old days" of hating open source, some awful security blunder...) It's a good idea for the process to be robust against such possibilities.

The "Network Effect" means that any potential improved alternative has a hard time getting traction, even if it's genuinely better.

Additionally, there are those for whom GitHub is already "unavailable" because of reluctance to sign up to an account, or because the interface is unpalatable to them. Various such objections (which I neither entirely agree with, nor have zero sympathy for) are frequently discussed here, on LKML, and elsewhere.

A key thing to remember is that the *reasons* some are reluctant to use GitHub (or whatever) aren't really the important thing. They exist and present an impedance requiring some kind of response, either technical (email bridges / mirrors / federation etc.) or social ("we value using GitHub more than we value your participation")

It would be great if all the process stuff hosted on GitHub (pull requests, bug tracking, discussion etc.) could be stored in a way similar to how code is stored in git. Anywhere capable of hosting a git repository (including each developer's computer) could be a complete source for all that information with whatever interface layered on top according to the needs of whoever wants access. Something like GitLab could even be taught to provide a forge-like interface on top of it to provide what people like about forges.

I'm not sure that git is really the ideal substrate for this, but could perhaps be adapted for the purpose...

LWN's guide to 2024

Posted Jan 12, 2024 13:39 UTC (Fri) by TheBicPen (guest, #169067) [Link]

> People don't scrape github to find software that solves their needs.

I do this regularly. If I can't find a piece of software through my distribution's package manager, the next place I look is GitHub, with Reddit being a close third.

Linux Software Map

Posted Dec 26, 2024 12:26 UTC (Thu) by alx.manpages (subscriber, #145117) [Link]

For software, there's the Linux Software Map.
<https://en.wikipedia.org/wiki/Linux_Software_Map>
<https://lsm.qqx.org/>
<https://xteddy.org/lsm/>

In the Linux man-pages project, we publish new entries for each release:
<https://git.kernel.org/pub/scm/docs/man-pages/man-pages.g...>

That map leads you to the master (and alternate) servers for the project. From there, you can consult the README of the project, which leads you to the other resources of the project (mailing list, maintainers, git repositories, ...). And of course, you can send email to the maintainers asking for other git repositories. For an entire year, I didn't have keys to the canonical server, and the project continued to be maintained in my home server. Since we only relied on mail and git, both of which are decentralized, we could continue working just fine. This, on a centralized platform, would have had a much worse impact in the maintenance of the project.

LWN's guide to 2024

Posted Jan 3, 2024 21:33 UTC (Wed) by Wol (subscriber, #4433) [Link]

> I understand, that contributing to such software can be a substantial personal benefit, but I find it important to discuss the overall consequences to the ecosystem and to establish/adjust a moral compass.

Oddly enough, I come to the complete opposite conclusion, for the exact same reasons that led you to your conclusion.

ScarletDME started life as a commercial product. It was "donated" by the owner as a linux-only version under the GPL. (Then they had a bit of a falling out with the community - I don't think they properly understood the GPL :-(

So. I'm going in the near future to modify the copying file to say that I, personally, grant a licence that any changes I make to Scarlet can be incorporated into the original OpenQM code base. I'm *hoping* that will encourage the current owners to free their updates into the Scarlet code base, but I look at it as (a) they gave me Scarlet when they had no need to whatsoever, I'm happy to give back to OpenQM on the exact same basis. And (b), if anything happens to Scarlet, I want to make sure that MY customers/users can move to the commercial product (if they so wish) without losing any functionality. I hope the other Scarlet contributors will sign their name to it too, but that's up to them.

Cheers,
Wol

My wish – no endless discussion about law on LWN

Posted Jan 4, 2024 7:15 UTC (Thu) by zdzichu (subscriber, #17118) [Link] (8 responses)

In 2024, I'd like to see less discussion about laws on LWN. Reporting is superb, but the comment sections become a junkyard very quick. Be it about CRA, or Red Hat and availability of source vs GPL, or any other "legal" topic.

Most people here are not lawyers. Most have zero understanding how legal systems in other countries work. No one has understanding of many nuances how law works. Discussions about law matters here reach hundreds of comment, most of them misguided or blatantly false :(

If lawyers were to discuss how to implement interrupts handlers in real-time OS, we would not treat them seriously. But when tech people discuss licenses or law in general, everyone seem to think they're knowledgeable in the topic. We are not. Leave law to lawyers.

My wish – no endless discussion about law on LWN

Posted Jan 4, 2024 9:37 UTC (Thu) by Wol (subscriber, #4433) [Link]

> Most people here are not lawyers. Most have zero understanding how legal systems in other countries work. No one has understanding of many nuances how law works. Discussions about law matters here reach hundreds of comment, most of them misguided or blatantly false :(

> If lawyers were to discuss how to implement interrupts handlers in real-time OS, we would not treat them seriously. But when tech people discuss licenses or law in general, everyone seem to think they're knowledgeable in the topic. We are not. Leave law to lawyers.

Well, lawyers have good reason to be interested in real-time computer systems if they drive a modern car ... and lawyers write laws that affect ordinary people (including programmers) so we have good reason to be interested in legal stuff. That's why Groklaw is so seriously missed.

But yes, a little more light and a lot less heat would be appreciated, especially when people are deluded into thinking they are speaking the same language. It's bad enough trying to translate between The King's English and Legal Europese, without a bunch of people thinking Street American is mutually comprehensible with the other two ... :-) (that's without throwing Hansard into it!)

Oh to have Groklaw back :-(

Cheers,
Wol

My wish – no endless discussion about law on LWN

Posted Jan 4, 2024 14:18 UTC (Thu) by pizza (subscriber, #46) [Link] (6 responses)

> In 2024, I'd like to see less discussion about laws on LWN. Reporting is superb, but the comment sections become a junkyard very quick. Be it about CRA, or Red Hat and availability of source vs GPL, or any other "legal" topic.

I'm sorry, that is _highly_ naive and is the moral equivalent of sticking one's head in the sand.

We are _all_ stuck dealing the the consequences of the law and the legal system. Sometimes the "bad" effects are unintentional; other times those effects are explicitly the purpose -- and we are _well_ past the point where we can expect "someone else" to advocate for our interests.

What drives most F/OSS activity? A combinational of Idealism (create the world I want) and pragamatism (make the best of the world as it is). The law is no different, and there is a remarkable amount of overlap in their effects on each other.

There is an old book by Lawrence Lessig, _Code and the Laws of Cyberspace_, that touches on this, and is still worth reading.

> Most have zero understanding how legal systems in other countries work

Most have zero understating about the legal systems in _their own countries_ work -- in theory or in actual practice.

My wish – no endless discussion about law on LWN

Posted Jan 4, 2024 14:47 UTC (Thu) by farnz (subscriber, #17727) [Link] (5 responses)

There's two challenges, though:

  1. People come in and call long-established (as in decades-old) principles of another country's system "crazy" (or other pejorative terms) simply because it doesn't work the way they expect from their understanding of their local system.
  2. LWN.net discussions aren't the place that's going to affect the final outcome of the system; Bert Hubert had far more impact on the current text of the CRA than any of the people complaining about possible side effects here, because he wrote to actual legislators involved in the CRA and had changes made to the language of the latest draft to reflect concerns he had.

And then on top of that, you have people forgetting that there's a huge difference between how laws are "executed" and how code is executed; a law is interpreted by judges who will read the preamble and other non-binding parts of a rule to help resolve ambiguity; this is akin to a compiler reading the comments and turning UB into the right behaviour because the comment clarifies the programmer's intentions.

My wish – no endless discussion about law on LWN

Posted Jan 4, 2024 18:27 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (3 responses)

+1, but statutory interpretation is even more complicated than you make it out to be. There are a ton of different principles for how judges try to resolve ambiguity in laws, and this varies significantly between jurisdictions. Here are some (non-exhaustive) examples from the US:

* What does the dictionary say these words mean? If you can figure it out just from looking up terms in the dictionary, then it wasn't actually ambiguous in the first place, so no using any of the other rules to find a cleverer interpretation. You might think that two judges coming to different legal conclusions about the meaning of a statute would be enough to render it "ambiguous," but in fact it is quite common for judges to disagree about a statute that is ultimately ruled to be unambiguous.
* Is there a federal agency responsible for executing this law, and if so, how do they think it should be interpreted? Then side with them if it's a "permissible" reading ("Chevron deference"). Caveat: Their opinion only matters if the statute was ambiguous in the first place, and not if the issue in question seems really important (the "major questions doctrine"). Also, the conservative legal movement does not like this rule, so who knows whether SCOTUS will narrow or eliminate it in the future.
* Would one possible interpretation cause Constitutional issues, and the other would not? Then go with the reading that doesn't cause problems ("Constitutional avoidance").
* Does one possible interpretation have far-reaching consequences, well beyond the scope of the statute as it seems to be intended? Then that's probably the wrong interpretation ("Congress does not hide elephants in mouseholes").
* Would one possible interpretation cause part of the sentence/paragraph/whatever to have no legal effect? Then that's probably the wrong interpretation (it would create "surplusage").

The annoying part: As far as I'm aware, there is no established order of priority for most of these rules (except for the obvious one: you have to figure out whether the statute is ambiguous in the first place before you can try applying different rules to it). Judges just pick whichever rule makes the most sense in any given situation, in that judge's individual opinion (but they will probably talk about all potentially-relevant rules just to cover their bases).

My wish – no endless discussion about law on LWN

Posted Jan 4, 2024 21:53 UTC (Thu) by Wol (subscriber, #4433) [Link] (2 responses)

To throw something else into the mix that has happened in the UK, but I can't see happening in the US,

The Judges read Hansard (the official record of the proceedings of the House of Commons) and issued the following ruling:

"Hansard says the MPs were told X, the law says not-X, therefore the law is struck down as fraudulent".

I don't think it went down very well at all in some quarters, but as PJ said, "law is squishy", and it's hard to argue when the ruling basically says "the law's backers lied".

Cheers,
Wol

My wish – no endless discussion about law on LWN

Posted Jan 5, 2024 11:28 UTC (Fri) by james (subscriber, #1325) [Link] (1 responses)

I'm not sure it quite goes like that.

Judges can and do read Hansard to see what Parliament thought they were enacting (if the law isn't clear on the point in question), but they can't strike down the law as fraudulent. They don't need to: if they have to look at Parliamentary intention to interpret the law, and they find that Parliament meant X, then the law means X.

If the Court of Appeal or Supreme Court / House of Lords make that determination, then that's precedent, and now the law does mean X in all subsequent cases (unless overturned).

This recent UK Supreme Court judgment discusses the point at paragraph 28 onwards.

As usual, I am not a lawyer, and if you need to rely on this, you need a good one!

My wish – no endless discussion about law on LWN

Posted Jan 5, 2024 14:31 UTC (Fri) by Wol (subscriber, #4433) [Link]

> Judges can and do read Hansard to see what Parliament thought they were enacting (if the law isn't clear on the point in question), but they can't strike down the law as fraudulent. They don't need to: if they have to look at Parliamentary intention to interpret the law, and they find that Parliament meant X, then the law means X.

I think in this case, the law was perfectly clear. One of the parties, however, argued that the law did not say what the MPs *were* *told* it said. The Judge(s) sided with the party, so a perfectly clear law was set aside on the basis that the MPs didn't vote for what the law actually said.

Obviously, it's probably more complicated than that, but it was a definite case of "The law clearly says X, the MPs were clearly told Y", and the law as passed did not survive the court case.

Cheers,
Wol

My wish – no endless discussion about law on LWN

Posted Jan 4, 2024 22:22 UTC (Thu) by kleptog (subscriber, #1183) [Link]

I'd like to thank you for those links to Bert Hubert's blog, he explains things very very well. And he also includes some fascinating links regarding the explosive use of recitals in EU legislation which was puzzling to me. The problem appears to be the overwhelming majority of people involved in the drafting of EU legislation, from EU institutions to policy experts, don't have any legal training. There is no part of the legislative process that is targeted at improving the legal quality of the texts. Basically, what EU legislation really needs is a good editor to cut out all the fluff, even if the consensus is that the current results are of fairly high quality, just overly wordy.

With regard to the legal discussions on LWN, I think that indicates how much Groklaw is missed.

(The Debian statement was mostly badly timed, the vote being after the trilogue, but before the new draft was published. If it had happened a month or two earlier it would have mattered more.)

LWN's guide to 2024

Posted Jan 4, 2024 8:05 UTC (Thu) by joib (subscriber, #8541) [Link]

No prediction that 2024 will be the year when the real time tree is finally completely merged?

I vaguely remember this has been predicted previously, but it now seems like the end is really finally in sight?

LWN's guide to 2024

Posted Jan 4, 2024 19:53 UTC (Thu) by Lionel_Debroux (subscriber, #30014) [Link]

Last time I checked, the main sponsors of gccrs were Open Source Security Inc. and Embecosm. They've been contributing resources where none of the large companies did it... and they could afford doing it thanks to some of their other operations which earn money.
Come to think of it, with their history of over 20 years consistently working on making operating system kernels (mainly Linux, but not only it) safer, Open Source Security Inc. is one of the most obvious candidates for helping with that work, through the usual defense in depth philosophy: Rust is not a silver bullet, but can be part of the technical solution.

LWN's guide to 2024

Posted Jan 5, 2024 22:17 UTC (Fri) by sramkrishna (subscriber, #72628) [Link]

Since nobody is doing app ecosystem type stuff - let me add some things from my perspective:

* I predict that the popularity of distros like Silverblue and blue-fin where the OS is immutable is going to go up especially as a cloud native developer tool. Container driven work flows is going to get interesting.

* flatpak/snaps are going to continue to become more popular - flathub.org is going to gain more popularity as especially as we add the ability to pay or donate to open and closed source projects. Flathub is showing the popularity of apps for Linux.

Hopefully, we'll have some position statements on how AI is going to shake out. But I will say that in the world of democratized AI - the Free desktops are the ones to trust where your data and behavior are not used to drive AI.


Copyright © 2024, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds