Alexei Starovoitov introduced a patch series for the Linux kernel on February 6 to add bpf_arena, a new type of shared memory between BPF programs and user space. Starovoitov expects arenas to be useful both for bidirectional communication between user space and BPF programs, and for use as an additional heap for BPF programs. This will likely be useful to BPF programs that implement complex data structures directly, instead of relying on the kernel to supply them. Starovoitov cited Google's ghOSt project as an example and inspiration for the work.

The Curl project has previously had problems with CVEs issued for things that are not security issues. On February 21, Daniel Stenberg wrote about the Curl project's most recent issue with the CVE system, saying:

I keep insisting that the CVE system is broken and that the database of existing CVEs hosted by MITRE (and imported into lots of other databases) is full of questionable content and plenty of downright lies. A primary explanation for us being in this ugly situation is that it is simply next to impossible to get rid of invalid CVEs.

The world of open-source "forges" is becoming a little more fragmented. The Forgejo project is a software-development platform that started as a "soft" fork of Gitea in late 2022. On February 16, Forgejo announced its intent to become a "hard fork" of Gitea to help address its mission of community-controlled development and to "liberate software development from the shackles of proprietary tools". In a world where proprietary tools cast a long shadow over open-source development that's a welcome sentiment—if the project can deliver.

Last week I said that I was hoping things would calm down a bit. Technically things did calm down a bit, and rc6 is smaller than rc5 was. But not by a huge amount, and honestly, while there's nothing really alarming here, there's more here than I would really like at this point in the release.

So this may end up being one of those releases that get an rc8. We'll see.

Version 0.6 of Incus, a fork of LXD, has been released. This release includes a number of changes, including a new storage driver called lvmcluster, improvements for Open Virtual Network (OVN) users, improvements to migration tooling, a number of new security features, and storage bucket backup and re-import. See the release announcement for detailed release notes and complete list of changes. The announcement notes that a Long Term Support (LTS) release of Incus is planned in a few months "to coincide with the LTS releases of LXC and LXCFS".

bpftop provides a dynamic real-time view of running eBPF programs. It displays the average execution runtime, events per second, and estimated total CPU % for each program. This tool minimizes overhead by enabling performance statistics only while it is active.

Nix and Guix are a pair of unusual package managers based on the idea of declarative configurations. Their associated Linux distributions — NixOS and the Guix System — take the idea further by allowing users to define a single centralized configuration describing the state of the entire system. Both have been previously mentioned on LWN, but not covered extensively. They offer different takes on the central idea of treating packages like immutable values.