Michael Larabel reports via Phoronix: Back in 2022 Cloudflare announced they were ditching Nginx for an in-house, Rust-written software called Pingora. Today Cloudflare is open-sourcing the Pingora framework. Cloudflare announced today that they have open-sourced Pingora under an Apache 2.0 license. Pingora is a Rust async multi-threaded framework for building programmable network services. Pingora has long been used internally within Cloudflare and is capable of sustaining a lot of traffic while now Pingora is being open-sourced for helping to build infrastructure outside of Cloudflare. The Pingora Rust code is available on GitHub.

Read more of this story at Slashdot.

Cloudflare Makes Pingora Rust Framework Open-Source

By 2022 the VC firm Sequoia Capital had about $85 billion in assets under management, according to Wikipedia. Its successful investments include Google, Apple, PayPal, Zoom, and Nvidia. And now the VC firm "plans to fund up to three open source software developers annually," according to TechCrunch, which notes it "a continuation of a program it debuted last year." The Silicon Valley venture capital firm announced the Sequoia Open Source Fellowship last May, but it was initially offered on an invite-only basis with a single recipient to shout about so far. Moving forward, Sequoia is inviting developers to apply for a stipend that will cover their costs for up to a year so they can work full-time on the project — without giving up any equity or ownership.... "The open source world is to some extent divided between the projects that can be commercialized and the projects that are very important, very influential, but just simply can't become companies," said Sequoia partner Bogomil Balkansky. "For the ones that can become great companies, we at Sequoia have a long track record of partnering with them and we will continue partnering with those founders and creators." And this is why Sequoia is making two distinct financial commitments to two different kinds of open source entities, using grants to support foundational projects that might be instrumental to one of the companies it's taking a direct equity stake in. "In order for Sequoia to succeed, and for our portfolio of companies that we partner with to succeed, there is this vital category of open source developer work that must be supported in order for the whole ecosystem to work well," Balkansky added. From today, Sequoia said it will accept applications from "any developer" working on an open source project, with considerations made on a "rolling basis" moving forward. Funding will include living expenses paid through monthly installments lasting up to a year, allowing the developer to focus entirely on the project without worrying about how to put food on the table. Spotify, Salesforce and even Bloomberg have launched their own grant programs too, the article points out. "But these various funding initiatives have little to do with pure altruism. The companies ponying up the capital typically identify the open source software they rely on most, and then allocate funds accordingly..."

Read more of this story at Slashdot.

VC Firm Sequoia Capital Begins Funding More Open Source Fellowships

From a blog post by Greg Kroah-Hartman: As was recently announced, the Linux kernel project has been accepted as a CVE Numbering Authority (CNA) for vulnerabilities found in Linux. This is a trend, of more open source projects taking over the haphazard assignments of CVEs against their project by becoming a CNA so that no other group can assign CVEs without their involvment. Here's the curl project doing much the same thing for the same reasons. I'd like to point out the great work that the Python project has done in supporting this effort, and the OpenSSF project also encouraging it and providing documentation and help for open source projects to accomplish this. I'd also like to thank the cve.org group and board as they all made the application process very smooth for us and provided loads of help in making this all possible. As many of you all know, I have talked a lot about CVEs in the past, and yes, I think the system overall is broken in many ways, but this change is a way for us to take more responsibility for this, and hopefully make the process better over time. It's also work that it looks like all open source projects might be mandated to do with the recent rules and laws being enacted in different parts of the world, so having this in place with the kernel will allow us to notify all sorts of different CNA-like organizations if needed in the future. Kroah-Hartman links to his post on the kernel mailing list for "more details about how this is all going to work for the kernel." [D]ue to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team are overly cautious and assign CVE numbers to any bugfix that they identify. This explains the seemingly large number of CVEs that are issued by the Linux kernel team... No CVEs will be assigned for unfixed security issues in the Linux kernel, assignment will only happen after a fix is available as it can be properly tracked that way by the git commit id of the original fix. No CVEs will be assigned for any issue found in a version of the kernel that is not currently being actively supported by the Stable/LTS kernel team. alanw (Slashdot reader #1,822) worries this could overwhelm the CVE infrastructure, pointing to an ongoing discussion at LWN.net. But reached for a comment, Greg Kroah-Hartman thinks there's been a misunderstanding. He told Slashdot that the CVE group "explicitly asked for this as part of our application... so if they are comfortable with it, why is no one else?"

Read more of this story at Slashdot.

Linux Becomes a CVE Numbering Authority (Like Curl and Python). Is This a Turning Point?

Michael Larabel writes via Phoronix: While there have been efforts by AMD over the years to make it easier to port codebases targeting NVIDIA's CUDA API to run atop HIP/ROCm, it still requires work on the part of developers. The tooling has improved such as with HIPIFY to help in auto-generating but it isn't any simple, instant, and guaranteed solution -- especially if striving for optimal performance. Over the past two years AMD has quietly been funding an effort though to bring binary compatibility so that many NVIDIA CUDA applications could run atop the AMD ROCm stack at the library level -- a drop-in replacement without the need to adapt source code. In practice for many real-world workloads, it's a solution for end-users to run CUDA-enabled software without any developer intervention. Here is more information on this "skunkworks" project that is now available as open-source along with some of my own testing and performance benchmarks of this CUDA implementation built for Radeon GPUs. [...] For those wondering about the open-source code, it's dual-licensed under either Apache 2.0 or MIT. Rust fans will be excited to know the Rust programming language is leveraged for this Radeon implementation. [...] Those wanting to check out the new ZLUDA open-source code for Radeon GPUs can do so via GitHub.

Read more of this story at Slashdot.

AMD's CUDA Implementation Built On ROCm Is Now Open Source

Aujourd’hui, je tiens vraiment à vous présenter un lanceur de jeu au top et qui s’appelle en toute modestie : Heroic !

Heroic c’est open source , ça permet de lancer des jeux Epic Games en utilisant Legendary et GoG en utilisant gogdl , c’est compatible avec Linux, Windows et macOS et devinez quoi ? C’est même dispo sur SteamDeck ! Son interface utilisateur propose des paramètres Wine pour une expérience de jeu optimale sous Linux et macOS. Il supporte plus de 30 langues et permet d’ajouter des thèmes personnalisés.

Alors pourquoi devriez-vous utiliser Heroic ? Tout d’abord, c’est un lanceur Open Source , ce qui signifie que nous avons la possibilité d’examiner le code source et même de contribuer à son développement. De plus, il consomme vachement moins de ressources que l’Epic Games Launcher (EGL) et est en général beaucoup plus rapide.

Un exemple concret : lors de tests comparant le temps de lancement entre Heroic et EGL (epic games launcher), il a suffi d’environ 14,37 secondes pour que Heroic se lance. EGL est, quant à lui, légèrement plus lent, prenant environ 16,45 secondes . De même, lorsque l’on veut naviguer entre la boutique et la bibliothèque d’EGL, cela prend environ 2 secondes alors qu’avec Heroic c’est pratiquement instantané. En plus de cela, Heroic prend également beaucoup moins d’espace disque et de mémoire vive que EGL.

Ceci étant dit, il faut quand même admettre qu’il y a encore un peu de travail à faire sur Heroic en termes d’optimisation sur le chargement des images (2,7 secondes pour Heroic contre 2,9 secondes pour EGL).

Il est important de noter qu’actuellement, seuls les jeux nécessitant une activation dans une autre plateforme (Uplay, Origin) ne sont pas pris en charge par Heroic. Mais ne vous inquiétez pas ! Legendary a récemment ajouté une commande d’activation pour ces jeux. Nous pouvons donc nous attendre à ce que cette prise en charge soit bientôt disponible dans une prochaine version.

Depuis les dernières versions, Heroic peut utiliser EOS (services Epic Online), mais vous devrez mettre à jour DXVK et installer corefonts via winetricks au préalable. De son côté, Legendary avait déjà ajouté le support pour EOS avec sa version 0.20 .24 – mais rien que pour les utilisateurs de Windows. Snif.

En conclusion, si vous cherchez un bon petit lanceur de jeux communautaire avec un bon design et de chouettes fonctionnalités, je vous encourage vivement à essayer Heroic Games Launcher ! Vous ne serez pas déçu !

À découvrir ici

Hey les gens sous Windows, ça vous dirait une petite application bien pratique et gratuite de capture d’écran performante et polyvalente ?

Il s’agit de Peek Screen Recorder , un soft open source qui permet à chacun d’enregistrer son écran pour en faire des GIFs animés, des MP4 ou simplement des captures écrans au format PNG ou JPEG.

Ça permet comme ça de faire des petits screencasts ou d’enregistrer des petits bouts d’écran pour illustrer un article par exemple. Dans le même style, je vous avais déjà parlé de Gifcam et de LiceCap .

Pas mal d’options dans cet outil au look épuré, notamment la possibilité de masquer le curseur de la souris lors des enregistrements, de choisir le taux de rafraichissement, de capter tout l’écran ou juste une partie, mais également de mettre un délai avant le lancement ou une durée sur l’enregistrement.

Et vous pouvez également annoter ou dessiner sur les captures écran aussi simplement qu’avec Shottr sous macOS que j’aime beaucoup.

Bref, cet outil Windows vous sera bien pratique. Vous pouvez le télécharger sur le Windows Store .

Et coïncidence ou même développeur, je ne sais pas, mais il existe le même genre d’outil sous Linux baptisé simplement Peek ici . Sauf que son développement vient de s’arrêter. Snif. Je vous laisse quand même jeter un oeil.