The creator of the Linux/macOS package manager Homebrew has a new package manager named Tea. But according to Stack Overflow's podcast, the software also "aims to solve the problem of providing funding for popular open source projects." While he is not a crypto bull, Max was inspired with a solution for the open source funding dilemma by his efforts to buy and sell an NFT. A contract written in code and shared in public enforced a rule sending a portion of his proceeds to the digital objects original creator. What if the same funding mechanism could be applied to open source projects? In March of 2022, Max and his co-founder launched Tea, a sort of spirtual successor to Homebrew. It has a lot of new features Max wanted in a package manager, plus a blockchain based approach to ensuring that creators, maintainers, and contributors of open source software can all get paid for their efforts.

You can read Max's launch post on Tea here and yes, of course there is a white paper.
The paper describes the proposed solution as "a decentralized system for fairly remunerating open-source developers based on their contributions to the entire ecosystem and enacted through the tea incentive algorithm applied across all entries in the tea registry." And the launch post calls tea "our revolution against a failing system," arguing "We're taking our knowledge of how to make development more efficient and throwing innovations nobody has ever really considered before.

"Package managers haven't been sexy. Until now. Most importantly, we're moving the package registry on-chain (relax, we'll use a low-energy proof of stake chain). This has numerous benefits due to the inherent benefits of blockchain technology." For starters, decentralized storage will make the packages always-available and immutable, signed by maintainers themselves. But there's more: web3 has enabled novel new ways to distribute value, and with our system people who care about the health of the open source ecosystem buy some token and stake it. Periodically, we reward this staking because it is securing our token network. We give a portion of these rewards to the staker and a portion to packages of their choice along with all the dependencies of those packages.

Note that no portion goes to us. We're not like the other app stores.... tea is the home to a DAO that will ensure the open source maintainers that keep the Internet running are rewarded as they deserve.
An introduction to the white paper adds that in the spirit of the open source movement, "we're inviting developers, speculators, and enthusiasts alike to contribute to our white paper and help brew the future of the internet. This is our revolutionary undertaking to create equitable openâsource for web3, and we want you to be a part of laying its groundwork."

Thanks to guest reader for submitting the story.

An anonymous reader quotes a report from ZDNet: For years, 5G wasn't able to deliver on its high-speed, low-latency promises. Things have changed. Today, 5G is finally delivering on its performance promises. A big reason for that, proclaimed Arpit Joshipura, the Linux Foundation's general manager of Networking, Edge, and IoT at ONE Summit North America, a networking trade show, is 5G's open-source networking foundation. Joshipura said, "The industry has surpassed the tipping point when it comes to leveraging open source for enabling digital transformation. Leading organizations are using our projects' code -- which continues to evolve and mature -- in real-world deployments to scale."

How big a tipping point? According to Joshipura, 5G deployment is now over 50%. And according to some analysts, by 2030, 5G will reach $7 trillion -- that's trillion, not billion -- in economic value. Behind all this, Joshipura said, "is a radical shift toward open networks and frameworks. This continues irrespective of economic and political headwinds. Indeed, open source is probably the only area that hasn't been impacted because of its ability to cross borders and boundaries to do what needs doing." The Linux Foundation is working on an End-to-End, 5G Super Blueprint to bring together a wide variety of open-source networking programs and projects.

"While still a work in progress, it maps out a way to bring together multiple open-source and cloud-native projects into a relatively simple 5G deployment map," adds ZDNet. "It's designed so that any telecom can put together a high-bandwidth, low-latency, scalable, and cost-effective digital networking infrastructure all the way from end-user devices to the edge to cloud applications."

The Linux Foundation Europe (LF Europe) -- the recently launched European offshoot of the open source Linux Foundation -- today announced the launch of Project Sylva, which aims to create an open source telco cloud framework for European telcos and vendors. TechCrunch: This is the first project hosted by LF Europe and is a good example of what the organization is trying to achieve. The project aims to create a production-grade open source telco cloud stack and a common framework and reference implementation to "reduce fragmentation of the cloud infrastructure layer for telecommunication and edge services." Currently, five carriers (Telefonica, Telecom Italia, Orange, Vodafone and Deutsche Telekom) and two vendors (Ericsson and Nokia) are working on the project.

"There's a whole bunch of Linux Foundation networking projects already that have taken telecommunications into the open source era," Arpit Joshipura, the general manager for Networking, Edge and IoT at the Linux Foundation, told me. "All those projects are under what is called the [LF] Networking foundation. [â¦] So whatever that work is that is done by the telcos, Sylva is going to leverage and build on top of it with these European vendors to solve EU specific requirements. Those are security, energy, federated computing, edge and data trust." At the core of Sylva is a framework for a compute platform that can be agnostic to whether a workload is running on the telco access network, edge or in the core. The project aims to build a reference implementation, leveraging all of the work already being done by LF Networking, the Cloud Native Computing Foundation (the home of Kubernetes and other cloud-native infrastructure projects), LF Energy and others.

Linux magazine explores how to breath fresh life into old Android devices: Every mobile device needs its own Android build because of numerous drivers that are not available in the source code. The need to maintain every version of Android for every mobile device means that many manufacturers eventually stop supporting updates. Often, smartphones or tablets that still work perfectly can no longer be used without worry because the manufacturer has simply ceased to offer bug fixes and security updates....

The LineageOS project, the successor to the CyanogenMod project, which was discontinued in 2016, proves that it is not impossible to keep these devices up-to-date. Unpaid volunteers at LineageOS do the work that many manufacturers do not want to do: They combine current Android releases with the required device-specific drivers.

The LineageOS project (Figure 1) provides Android systems with a fresh patch status every month for around 300 devices. The builds are released weekly, unless there is a problem during the build. The Devices page on the LineageOS Wiki provides the details of whether a LineageOS build is available for your smartphone or tablet....

I recommend the LineageOS project as the first port of call for anyone who wants to protect an older smartphone or tablet that is no longer maintained and doesn't receive Google security patches. The LineageOS derivatives LineageOS for MicroG and /e/OS make it even easier to enjoy a Google-free smartphone without too many restrictions.
The article also describes how to use TWRP to flash a manufacturer-independent recovery system (while also creating a restoreable backup of the existing system) as an alternative to LineageOS's own recovery tools.

And it even explains how to unlock the bootloader — although there may be other locks set up separately by the manufacturer. "Some manufacturers require you to register the device to unlock it, and then — after telling you that the warranty is now void — they hand over a code. Others refuse to unlock the device altogether."

Thanks to Slashdot reader DevNull127 for submitting the article.

"Microsoft's GitHub Copilot is being sued in a class action lawsuit that claims the AI product is committing software piracy on an unprecedented scale," reports IT Pro.

Programmer/designer Matthew Butterick filed the case Thursday in San Francisco, saying it was on behalf of millions of GitHub users potentially affected by the $10-a-month Copilot service: The lawsuit seeks to challenge the legality of GitHub Copilot, as well as OpenAI Codex which powers the AI tool, and has been filed against GitHub, its owner Microsoft, and OpenAI.... "By training their AI systems on public GitHub repositories (though based on their public statements, possibly much more), we contend that the defendants have violated the legal rights of a vast number of creators who posted code or other work under certain open-source licences on GitHub," said Butterick.

These licences include a set of 11 popular open source licences that all require attribution of the author's name and copyright. This includes the MIT licence, the GNU General Public Licence, and the Apache licence. The case claimed that Copilot violates and removes these licences offered by thousands, possibly millions, of software developers, and is therefore committing software piracy on an unprecedented scale.

Copilot, which is entirely run on Microsoft Azure, often simply reproduces code that can be traced back to open-source repositories or licensees, according to the lawsuit. The code never contains attributions to the underlying authors, which is in violation of the licences. "It is not fair, permitted, or justified. On the contrary, Copilot's goal is to replace a huge swath of open source by taking it and keeping it inside a GitHub-controlled paywall...." Moreover, the case stated that the defendants have also violated GitHub's own terms of service and privacy policies, the DMCA code 1202 which forbids the removal of copyright-management information, and the California Consumer Privacy Act.
The lawsuit also accuses GitHub of monetizing code from open source programmers, "despite GitHub's pledge never to do so."

And Butterick argued to IT Pro that "AI systems are not exempt from the law... If companies like Microsoft, GitHub, and OpenAI choose to disregard the law, they should not expect that we the public will sit still." Butterick believes AI can only elevate humanity if it's "fair and ethical for everyone. If it's not... it will just become another way for the privileged few to profit from the work of the many."

Reached for comment, GitHub pointed IT Pro to their announcement Monday that next year, suggested code fragments will come with the ability to identify when it matches other publicly-available code — or code that it's similar to.

The article adds that this lawsuit "comes at a time when Microsoft is looking at developing Copilot technology for use in similar programmes for other job categories, like office work, cyber security, or video game design, according to a Bloomberg report."

According to The Record, New Hampshire will pilot a new kind of voting machine that will use open-source software to tally the votes. The Record reports: The software that runs voting machines is typically distributed in a kind of black box -- like a car with its hood sealed shut. Because the election industry in the U.S. is dominated by three companies -- Dominion, Election Systems & Software and Hart InterCivic -- the software that runs their machines is private. The companies consider it their intellectual property and that has given rise to a roster of unfounded conspiracy theories about elections and their fairness. New Hampshire's experiment with open-source software is meant to address exactly that. The software by its very design allows you to pop the hood, modify the code, make suggestions for how to make it better, and work with other people to make it run more smoothly. The thinking is, if voting machines run on software anyone can audit and run, it is less likely to give rise to allegations of vote rigging.

The effort to make voting machines more transparent is the work of a group called VotingWorks. [...] On November 8, VotingWorks machines will be used in a real election in real time. New Hampshire is the second state to use the open-source machines after Mississippi first did so in 2019. Some 3,000 voters will run their paper ballots through the new machines, and then, to ensure nothing went awry, those same votes will be hand counted in a public session in Concord, N.H. Anyone who cares to will be able to see if the new machines recorded the votes correctly. The idea is to make clear there is nothing to hide. If someone is worried that a voting machine is programmed to flip a vote to their opponent, they can simply hire a computer expert to examine it and see, in real time.

The Godot Engine now has its own foundation to continue funding themselves. Previously, they teamed up with the Software Freedom Conservancy to handle fiscal sponsorship duties. Phoronix reports: The Godot engine developers and Software Freedom Conservancy mutually agreed to move the open-source game engine project to its own foundation. The Godot Foundation has been setup in the Netherlands as its own organization modeled after the policies of the SFC. The Godot Foundation is to help this game engine achieve its next level of growth and project a stronger image for the project. "We have just started the process of moving to the Foundation," writes Godot Engine lead developer, Juan Linietsky, in a blog post. "For now all of Godot's funding and contractors are still managed by the SFC. The SFC will gradually reduce its work for Godot and the new foundation will slowly ramp up. Stay tuned for announcements in the future as we finalize the Foundation's organizational structure and officially begin operations."

More details can be found via the Godot Engine blog.

An anonymous reader quotes a report from TechCrunch: As part of its larger commitment to combat "cyberflashing," the dating app Bumble is open sourcing its AI tool that detects unsolicited lewd images. First debuted in 2019, Private Detector (let's take a moment to let that name sink in) blurs out nudes that are sent through the Bumble app, giving the user on the receiving end the choice of whether to open the image. "Even though the number of users sending lewd images on our apps is luckily a negligible minority -- just 0.1% -- our scale allows us to collect a best-in-the-industry dataset of both lewd and non-lewd images, tailored to achieve the best possible performances on the task," the company wrote in a press release.

Now available on GitHub, a refined version of the AI is available for commercial use, distribution and modification. Though it's not exactly cutting-edge technology to develop a model that detects nude images, it's something that smaller companies probably don't have the time to develop themselves. So, other dating apps (or any product where people might send dick pics, AKA the entire internet?) could feasibly integrate this technology into their own products, helping shield users from undesired lewd content. When Bumble first introduced this AI, the company claimed it had 98% accuracy. "There's a need to address this issue beyond Bumble's product ecosystem and engage in a larger conversation about how to address the issue of unsolicited lewd photos -- also known as cyberflashing -- to make the internet a safer and kinder place for everyone," Bumble added.

First released in 1998, the BSD-licensed software Zeek (originally named "Bro") is about to get more widely adopted, writes long-time Slashdot reader skinfaxi: Zeek, the open source network security monitoring platform, is being integrated into Windows and "is now deployed on more than one billion global endpoints," according to an announcement from Corelight.
From Corelight's press release: Corelight, the leader in open network detection and response, today announced the integration of Zeek, the world's most popular open source network security monitoring platform, as a component of Microsoft Windows and Defender for Endpoint. The integration will help security teams respond to the most challenging attacks by providing "richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities."

Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory, Zeek transforms network traffic into compact and high-fidelity logs, file content, and behavioral analytics to accelerate security operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy's Office of Science. As adoption increased, Corelight was founded to provide a financial model and corporate sponsor for the project....

"Microsoft is strongly committed to supporting open source projects and ecosystems," said Rob Lefferts, corporate vice president for Microsoft. "We're proud to be working with Zeek and are thrilled to bring this level of network intelligence and monitoring to our customers."

"This is an amazing development for Zeek and its community of contributors and users," said Paxson. "I never imagined that the tool I developed for network monitoring would find broader application in defending endpoints — but that's part of the creative magic of open source development.

"We are grateful for Microsoft's contributions and support, and we are excited that the project's impact, and that of the community of contributors, will increase so dramatically."

Google unveiled a new open source security project on Thursday centered around software supply chain management. The Record reports: Given the acronym GUAC -- which stands for Graph for Understanding Artifact Composition -- the project is focused on creating sets of data about a software's build, security and dependency. Google worked with Purdue University, Citibank and supply chain security company Kusari on GUAC, a free tool built to bring together many different sources of software security metadata. Google has also assembled a group of technical advisory members to help with the project -- including IBM, Intel, Anchore and more.

Google's Brandon Lum, Mihai Maruseac, Isaac Hepworth pitched the effort as one way to help address the explosion in software supply chain attacks -- most notably the widespread Log4j vulnerability that is still leaving organizations across the world exposed to attacks. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," they wrote in a blog post. "GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding."

Google shared a proof of concept of the project, which allows users to search data sets of software metadata. The three explained that GUAC effectively aggregates software security metadata into a database and makes it searchable. They used the example of a CISO or compliance officer that needs to understand the "blast radius" of a vulnerability. GUAC would allow them to "trace the relationship between a component and everything else in the portfolio." Google says the tool will allow anyone to figure out the most used critical components in their software supply chain ecosystem, the security weak points and any risky dependencies. As the project evolves, Maruseac, Lum and Hepworth said the next part of the work will center around scaling the project and adding new kinds of documents that can be submitted and ingested by the system.

Longtime Slashdot reader lazyeye writes: The 53rd release of OpenBSD, version 7.2, has officially been released. Support for new platforms such as the Ampere Altra, Apple M2 chip, and support for Lenovo ThinkPad x13s and other machines using the Qualcomm Snapdragon 8cx Gen 3 (SC8280XP) SoC are now included, along with various kernel improvements. The announcement with all the details are available at the link [here] from the openbsd-announce mailing list.

Last Friday, Google announced the release of KataOS, a security-minded operating system focused on embedded devices running ambient machine learning workloads. As Phoronix notes, it uses the Rust programming language and is "built atop the seL4 microkernel as its foundatin." From Google's Open-Source Blog: As the foundation for this new operating system, we chose seL4 as the microkernel because it puts security front and center; it is mathematically proven secure, with guaranteed confidentiality, integrity, and availability. Through the seL4 CAmkES framework, we're also able to provide statically-defined and analyzable system components. KataOS provides a verifiably-secure platform that protects the user's privacy because it is logically impossible for applications to breach the kernel's hardware security protections and the system components are verifiably secure. KataOS is also implemented almost entirely in Rust, which provides a strong starting point for software security, since it eliminates entire classes of bugs, such as off-by-one errors and buffer overflows.

The current GitHub release includes most of the KataOS core pieces, including the frameworks we use for Rust (such as the sel4-sys crate, which provides seL4 syscall APIs), an alternate rootserver written in Rust (needed for dynamic system-wide memory management), and the kernel modifications to seL4 that can reclaim the memory used by the rootserver. KataOS code is being worked on via GitHub under the AmbiML umbrella.

The Clearing House, a banking association and payments company owned by the largest commercial banks in the U.S., has joined the Open Invention Network (OIN) -- the world's largest patent nonaggression consortium. ZDNet reports: The OIN has long protected Linux and Linux-related software from patent aggression by rival companies. With the increase in patent troll attacks, the OIN is also defending companies from these assaults. You may not think financial companies and banks are subject to such attacks. I mean, TCH's roots go all the way back to 1853. Think again.

As Keith Bergelt, CEO of OIN, said in June, "The most sophisticated and compelling global banking and fintech companies have essentially become technology companies that employ open-source software to deliver their services at scale." Further, patent trolls "appear to be targeting them for this reason, along with the fact that financial services companies have not historically been active patent filers." That's because, historically, they've purchased most of their tech from third-party vendors.

That was then. This is now. Today, financial institutions generate more tech in-house, so they're more concerned about being granted patents, building patent portfolios, and related patent issues. Indeed, these days fintech businesses have their own Fintech Open Source Foundation (FINOS), the financial sector branch of the Linux Foundation. So, Bergelt said in a release Wednesday, "Advancements in financial services and fintech increasingly rely on open-source technologies. As the most experienced payment company in the US, and a keystone for the financial services industry, we are pleased that The Clearing House is committed to patent nonaggression in core Linux and adjacent open-source technologies."

Pine64 has announced a new "sub $10 Linux capable single board computer" called the Ox64.

Liliputing says the tiny SBC "looks a lot like a Raspberry Pi Pico. But while Raspberry Pi's tiny board is powered by an RP2040 microcontroller, the Ox64 has a dual-core RISC-V processor, 64MB of embedded RAM, and support for up to 128Mb of flash storage plus a microSD card for additional storage." It's expected to support RTOS and Linux and blurs the lines between a microcontroller and a (very low power) single-board PC. It's expected to go on sale in November with prices starting at $6 for an RTOS-ready version of the board and $8 for a Linux-compatible model.

As spotted by CNX Software earlier this month, the board is designed to be a small, inexpensive single-board computer with a RISC-V processor that's aimed at developers.
Pine64's October update also reveals that their Star64 and QuartzPro64 single-board computers "now boot Linux (and run it well too already!)"

Greg Lavender, CTO of Intel, spoke to VentureBeat about the company's efforts to help developers build applications that can run on any operating system. From the report: "Today in the accelerated computing and GPU world, you can use CUDA and then you can only run on an Nvidia GPU, or you can go use AMD's CUDA equivalent running on an AMD GPU,â Lavender told VentureBeat. "You can't use CUDA to program an Intel GPU, so what do you use?" That's where Intel is contributing heavily to the open-source SYCL specification (SYCL is pronounced like "sickle") that aims to do for GPU and accelerated computing what Java did decades ago for application development. Intel's investment in SYCL is not entirely selfless and isn't just about supporting an open-source effort; it's also about helping to steer more development toward its recently released consumer and data center GPUs. SYCL is an approach for data parallel programming in the C++ language and, according to Lavender, it looks a lot like CUDA.

To date, SYCL development has been managed by the Khronos Group, which is a multi-stakeholder organization that is helping to build out standards for parallel computing, virtual reality and 3D graphics. On June 1, Intel acquired Scottish development firm Codeplay Software, which is one of the leading contributors to the SYCL specification. "We should have an open programming language with extensions to C++ that are being standardized, that can run on Intel, AMD and Nvidia GPUs without changing your code," Lavender said. Lavender is also a realist and he knows that there is a lot of code already written specifically for CUDA. That's why Intel developers built an open-source tool called SYCLomatic, which aims to migrate CUDA code into SYCL. Lavender claimed that SYCLomatic today has coverage for approximately 95% of all the functionality that is present in CUDA. He noted that the 5% SYCLomatic doesn't cover are capabilities that are specific to Nvidia hardware.

With SYCL, Lavender said that there are code libraries that developers can use that are device independent. The way that works is code is written by a developer once, and then SYCL can compile the code to work with whatever architecture is needed, be it for an Nvidia, AMD or Intel GPU. Looking forward, Lavender said that he's hopeful that SYCL can become a Linux Foundation project, to further enable participation and growth of the open-source effort. [...] "We should have write once, run everywhere for accelerated computing, and then let the market decide which GPU they want to use, and level the playing field," Lavender said.

VideoLAN, the developer and operator of popular media player VLC, has filed a legal notice to India's IT and Telecom ministries, alleging that the Indian bodies failed to notify the software developer prior to blocking the website and did not afford it a chance for an explanation. From a report: Indian telecom operators have been blocking VideoLAN's website, where it lists links to downloading VLC, since February of this year, VideoLan president and lead developer Jean-Baptiste Kempf told TechCrunch in an earlier interview. India is one of the largest markets for VLC. "Most major ISPs [internet service providers] are banning the site, with diverse techniques," he said of the blocking in India. The telecom operators began blocking the VideoLan website on February 13 of this year, when the site saw a drop of 80% in traffic from the South Asian market, he said. Now, VideoLAN, in assistance with local advocacy group Internet Freedom Foundation, is using legal means to get answers and redressal. It has sought a copy of the blocking order for banning VideoLAN website in India and an opportunity to defend the case through a virtual hearing. In the notice, VideoLAN argues that the way Indian ministries have enforced the ban on the website, they violate their own local laws.

An anonymous reader quotes a report from Ars Technica: A stable version of Linux 6.0 is out, with 15,000 non-merge commits and a notable version number for the kernel. And while major Linux releases only happen when the prior number's dot numbers start looking too big -- there is literally no other reason" -- there are a lot of notable things rolled into this release besides a marking in time. Most notable among them could be a patch that prevents a nearly two-decade slowdown for AMD chips, based on workaround code for power management in the early 2000s that hung around for far too long. [...]

Intel's new Arc GPUs are supported in their discrete laptop form in 6.0 (though still experimental). Linux blog Phoronix notes that Intel's ARC GPUs all seem to run on open source upstream drivers, so support should show up for future Intel cards and chipsets as they arrive on the market. Linux 6.0 includes several hardware drivers of note: fourth-generation Intel Xeon server chips, the not-quite-out 13th-generation Raptor Lake and Meteor Lake chips, AMD's RDNA 3 GPUs, Threadripper CPUs, EPYC systems, and audio drivers for a number of newer AMD systems. One small, quirky addition points to larger things happening inside Linux. Lenovo's ThinkPad X13s, based on an ARM-powered Qualcomm Snapdragon chip, get some early support in 6.0. ARM support is something Linux founder Linus Torvalds is eager to see [...].

Among other changes you can find in Linux 6.0, as compiled by LWN.net (in part one and part two):
- ACPI and power management improvements for Sapphire Rapids CPUs
- Support for SMB3 file transfer inside Samba, while SMB1 is further deprecated
- More work on RISC-V, OpenRISC, and LoongArch technologies
- Intel Habana Labs Gaudi2 support, allowing hardware acceleration for machine-learning libraries
- A "guest vCPU stall detector" that can tell a host when a virtual client is frozen Ars' Kevin Purdy notes that in 2022, "there are patches in Linux 6.0 to help Atari's Falcon computers from the early 1990s (or their emulated descendants) better handle VGA modes, color, and other issues."

Not included in this release are Rust improvements, but they "are likely coming in the next point release, 6.1," writes Purdy.

Michael Larabel writes via Phoronix: Debian developers have been figuring out an updated stance to take on non-free firmware considering the increasing number of devices now having open-source Linux drivers but requiring closed-source firmware for any level of functionality. The voting on the non-free firmware matter has now concluded and the votes tallied... The debian votes option 5 as winning: "Change SC for non-free firmware in installer, one installer."

Basically the Debian Installer media will now be allowed to include non-free firmware and to automatically load/use it where necessary while informing the user of it, etc. Considering the state of the hardware ecosystem these days, it's reasonable and common sense since at least users will be able to easily make use of their graphics cards, network adapters, and more. Plus a number of modern CPU security mitigations also requiring the updated closed-source microcode. So all in, I am personally happy with this decision as it will allow for a more pleasant experience for Debian on modern systems and one akin to what is found with other Linux distributions. The solution is described in full via the Debian Wiki.

Speech recognition remains a challenging problem in AI and machine learning. In a step toward solving it, OpenAI today open-sourced Whisper, an automatic speech recognition system that the company claims enables "robust" transcription in multiple languages as well as translation from those languages into English. TechCrunch reports: Countless organizations have developed highly capable speech recognition systems, which sit at the core of software and services from tech giants like Google, Amazon and Meta. But what makes Whisper different, according to OpenAI, is that it was trained on 680,000 hours of multilingual and "multitask" data collected from the web, which lead to improved recognition of unique accents, background noise and technical jargon.

"The primary intended users of [the Whisper] models are AI researchers studying robustness, generalization, capabilities, biases and constraints of the current model. However, Whisper is also potentially quite useful as an automatic speech recognition solution for developers, especially for English speech recognition," OpenAI wrote in the GitHub repo for Whisper, from where several versions of the system can be downloaded. "[The models] show strong ASR results in ~10 languages. They may exhibit additional capabilities ... if fine-tuned on certain tasks like voice activity detection, speaker classification or speaker diarization but have not been robustly evaluated in these area."

Whisper has its limitations, particularly in the area of text prediction. Because the system was trained on a large amount of "noisy" data, OpenAI cautions Whisper might include words in its transcriptions that weren't actually spoken -- possibly because it's both trying to predict the next word in audio and trying to transcribe the audio itself. Moreover, Whisper doesn't perform equally well across languages, suffering from a higher error rate when it comes to speakers of languages that aren't well-represented in the training data. Despite this, OpenAI sees Whisper's transcription capabilities being used to improve existing accessibility tools.

An anonymous reader quotes a report from the Washington Post: When researchers discovered a vulnerability in the ubiquitous open-source log4j system last year that could've affected hundreds of millions of devices, the executive branch snapped into action and major tech companies huddled with the White House. Now, leaders of the Senate Homeland Security and Governmental Affairs Committee are introducing legislation to help secure open-source software, first reported by The Cybersecurity 202. Chairman Gary Peters (D-Mich.) and top ranking Republican Rob Portman (Ohio) plan to hold a vote next week on the bill they're co-sponsoring.

The Peters/Portman legislation would direct the Cybersecurity and Infrastructure Security Agency to develop a way to evaluate and reduce risk in systems that rely on open-source software. Later, CISA would study how that framework could apply to critical infrastructure. The log4j "incident presented a serious threat to federal systems and critical infrastructure companies -- including banks, hospitals, and utilities -- that Americans rely on each and every day for essential services," Peters said in a written statement. "This common-sense, bipartisan legislation will help secure open source software and further fortify our cybersecurity defenses against cybercriminals and foreign adversaries who launch incessant attacks on networks across the nation." Here's how the Peters-Portman legislation works, as outlined in the report: - It directs CISA to hire open-source experts "to the greatest extent practicable."
- It gives the agency a year to publish a framework on open-source code risk. A year later and periodically thereafter, CISA would perform an assessment of open-source code components that federal agencies commonly use.
- Also, two years after publishing the initial framework, CISA would have to study whether it could be used in critical infrastructure outside the government and potentially work with one or more critical infrastructure sectors to voluntarily test the idea.
- Other agencies would have roles as well, such as the Office of Management and Budget publishing guidance to federal chief information officers on secure use of open-source software.