An anonymous reader quotes a report from TechCrunch: The burgeoning low-code and no-code movement is showing little sign of waning, with numerous startups continuing to raise sizable sums to help the less-technical workforce develop and deploy software with ease. Arguably one of the most notable examples of this trend is Airtable, a 10-year-old business that recently attained a whopping $11 billion valuation for a no-code platform used by firms such as Netflix and Shopify to create relational databases. In tandem, we're also seeing a rise in "open source alternatives" to some of the big-name technology incumbents, from Google's backend-as-a-service platform Firebase to open source scheduling infrastructure that seeks to supplant the mighty Calendly. A young Dutch company called Baserow sits at the intersection of both these trends, pitching itself as an open source Airbase alternative that helps people build databases with minimal technical prowess. Today, Baserow announced that it has raised $5.2 million in seed funding to launch a suite of new premium and enterprise products in the coming months, transforming the platform from its current database-focused foundation into a "complete, open source no-code toolchain," co-founder and CEO Bram Wiepjes told TechCrunch.

So what, exactly, does Baserow do in its current guise? Well, anyone with even the most rudimentary spreadsheet skills can use Baserow for use-cases spanning content marketing, such as managing brand assets collaboratively across teams; managing and organizing events; helping HR teams or startups manage and track applicants for a new role; and countless more, which Baserow provides pre-built templates for. [...] Baserow's open source credentials are arguably its core selling point, with the promise of greater extensibility and customizations (users can create their own plug-ins to enhance its functionality, similar to how WordPress works) -- this is a particularly alluring proposition for businesses with very specific or niche use cases that aren't well supported from an off-the-shelf SaaS solution. On top of that, some sectors require full control of their data and technology stack for security or compliance purposes. This is where open source really comes into its own, given that businesses can host the product themselves and circumvent vendor lock-in.

With a fresh 5 million euros in the bank, Baserow is planning to double down on its commercial efforts, starting with a premium incarnation that's officially launching out of an early access program later this month. This offering will be available as a SaaS and self-hosted product and will include various features such as the ability to export in different formats; user management tools for admin; Kanban view; and more. An additional "advanced" product will also be made available purely for SaaS customers and will include a higher data storage limit and service level agreements (SLAs). Although Baserow has operated under the radar somewhat since its official foundation in Amsterdam last year, it claims to have 10,000 active users, 100 sponsors who donate to the project via GitHub and 800 users already on the waiting list for its premium version. Later this year, Baserow plans to introduce a paid enterprise version for self-hosting customers, with support for specific requirements such as audit logs, single sign-on (SSO), role-based access control and more.

One of the GNOME developers has suggested that the next major release of Gtk could drop support for the X window system. The Register reports: Emmanuele Bassi opened a discussion last week on the GNOME project's Gitlab instance that asked whether the developers could drop X.11 support in the next release of Gtk. At this point, it is only a suggestion, but if it gets traction, this could significantly accelerate the move to the Wayland display server and the end of X.11.

Don't panic: Gtk 5 is not imminent. Gtk is a well-established toolkit, originally designed for the GIMP bitmap editing program back in 1998. Gtk 4 arrived relatively recently, shortly before the release of GNOME 40 in 2021. GNOME 40 has new user-interface guidelines, and as a part of this, Gtk 4 builds GNOME's Adwaita theme into the toolkit by means of the new libadwaita library, which is breaking the appearance of some existing apps.

Also, to be fair, as we recently covered, the X window system is very old now and isn't seeing major changes, although new releases of parts of it do still happen. This discussion is almost certain to get wildly contentious, and the thread on Gitlab has been closed to further comments for now. If this idea gains traction, one likely outcome might well be a fork of Gtk, just as happened when GNOME 3 came out. [...] A lot of the features of the current version, X.11, are no longer used or relevant to most users. Even so, X.12 is barely even in the planning stages yet.

Open hardware company Pine64 says it's preparing to launch a single-board computer (SBC) that will be its most powerful RISC-V powered device yet. Liliputing reports: While Pine64 hasn't provided detailed specs yet (some are still being worked out), the company says that the upcoming SBC have a RISC-V chip that offers comparable performance to the Rockchip RK3566 quad-core ARM Cortex-A55 processor at the heart of Pine64's Quartz64 board.

The RISC-V board will be available with 4GB or 8GB of RAM and features support for USB 3.0, Gigabit Ethernet, and a PCIe slot. And while Pine64 hasn't revealed which RISC-V processor it's using yet, the company notes that that the chip features an Imagination Technologies BXE-2-32 GPU which is designed for "entry-level" and "mid-range" applications and for which Imagination plans to make source code available soon. Pine64 says the board will follow the "Model A" form factor, meaning it'll measure around 133 x 80 x 19mm (5.24" x 3.15" x 0.75"). That makes it a bit larger than a Raspberry Pi Model B, but the extra space means there's room for that PCIe slot and other I/O connectors.

An anonymous reader quotes a report from The Register: The Software Freedom Conservancy (SFC), a non-profit focused on free and open source software (FOSS), said it has stopped using Microsoft's GitHub for project hosting -- and is urging other software developers to do the same. In a blog post on Thursday, Denver Gingerich, SFC FOSS license compliance engineer, and Bradley M. Kuhn, SFC policy fellow, said GitHub has over the past decade come to play a dominant role in FOSS development by building an interface and social features around Git, the widely used open source version control software. In so doing, they claim, the company has convinced FOSS developers to contribute to the development of a proprietary service that exploits FOSS. "We are ending all our own uses of GitHub, and announcing a long-term plan to assist FOSS projects to migrate away from GitHub," said Gingerich and Kuhn.

The SFC mostly uses self-hosted Git repositories, they say, but the organization did use GitHub to mirror its repos. The SFC has added a Give Up on GitHub section to its website and is asking FOSS developers to voluntarily switch to a different code hosting service. "While we will not mandate our existing member projects to move at this time, we will no longer accept new member projects that do not have a long-term plan to migrate away from GitHub," said Gingerich and Kuhn. "We will provide resources to support any of our member projects that choose to migrate, and help them however we can."

For the SFC, the break with GitHub was precipitated by the general availability of GitHub Copilot, an AI coding assistant tool. GitHub's decision to release a for-profit product derived from FOSS code, the SFC said, is "too much to bear." Copilot, based on OpenAI's Codex, suggests code and functions to developers as they're working. It's able to do so because it was trained "on natural language text and source code from publicly available sources, including code in public repositories on GitHub," according to GitHub. Gingerich and Kuhn see that as a problem because Microsoft and GitHub have failed to provide answers about the copyright ramifications of training its AI system on public code, about why Copilot was trained on FOSS code but not copyrighted Windows code, and whether the company can specify all the software licenses and copyright holders attached to code used in the training data set. "We don't believe Amazon, Atlassian, GitLab, or any other for-profit hoster are perfect actors," said Gingerich and Kuhn. "However, a relative comparison of GitHub's behavior to those of its peers shows that GitHub's behavior is much worse. GitHub also has a record of ignoring, dismissing and/or belittling community complaints on so many issues, that we must urge all FOSS developers to leave GitHub as soon as they can."

An anonymous reader quotes a report from Ars Technica: A few months ago, we reviewed the MNT Reform, which attempts to bring the dream of entirely open source hardware to an audience that doesn't want to design and build a laptop totally from scratch. Now, MNT is bringing its open-hardware ethos to a second PC, a 7-inch "Pocket Reform" laptop that recalls the design of old clamshell Pocket PCs, just like the big Reform references the design of chunky '90s ThinkPads.

The Pocket Reform borrows many of the big Reform laptop's design impulses, including a low-profile mechanical keyboard and trackball-based pointing device and a chunky, retro-throwback design. The device includes a 7-inch 1080p screen, a pair of USB-C ports (one of which is used for charging), a microSD slot for storage expansion, and a micro HDMI port for connecting to a display when you're at your desk. [...] The version of the Pocket Reform in the announcement isn't ready to launch yet, and MNT says it represents "near-final specs and design." For users interested in the Pocket Reform's imminent early beta program, there's a newsletter sign-up link at the bottom of the announcement. One of the main complaints Ars noted about the big Reform was the "miserably slow ARM processor," which will be included in the Pocket Reform.

With that said, MNT has addressed other complaints about the big Reform by "adding reinforced metal side panels to cover the ports and a redesigned battery system that won't let the batteries fully discharge if the laptop is left unplugged."

slack_justyb shares a report from ZDNet: For over three decades, Linux has been written in the C programming language. Indeed, Linux is C's most outstanding accomplishment. But the last few years have seen a growing momentum to make the Rust programming language Linux's second Linux language. At the recent Open Source Summit in Austin, Texas, Linux creator Linus Torvald said he could see Rust making it into the Linux kernel as soon as the next major release. "I'd like to see the Rust infrastructure merging to be started in the next release, but we'll see." Linux said after the summit. "I won't force it, and it's not like it's going to be doing anything really meaningful at that point -- it would basically be the starting point. So, no promises."

Now, you may ask: "Why are they adding Rust at all?" Rust lends itself more easily to writing secure software. Samartha Chandrashekar, an AWS product manager, said it "helps ensure thread safety and prevent memory-related errors, such as buffer overflows that can lead to security vulnerabilities." Many other developers agree with Chandrashekar. Torvalds also agrees and likes that Rust is more memory-safe. "There are real technical reasons like memory safety and why Rust is good to get in the kernel." Mind you, no one is going to be rewriting the entire 30 or so million lines of the Linux kernel into Rust. As Linux developer Nelson Elhage said in his summary of the 2020 Linux Plumber's meeting on Rust in Linux: "They're not proposing a rewrite of the Linux kernel into Rust; they are focused only on moving toward a world where new code may be written in Rust." The three areas of potential concern for Rust support are making use of the existing APIs in the kernel, architecture support, and dealing with application binary interface (ABI) compatibility between Rust and C.

Today I learned Turkey's Scientific and Technological Research Council has a subsidiary developing a GNU/Linux distro called Pardus, "redesigned to be used in accordance with the practices and habits of users in Turkey."

And this week the Free Software Foundation published a post from the proud project leader of Pardus, explaining exactly why open source was chosen in the district of Eyüpsultan (on the European side of Istanbul) and how they got it implemented: After the municipal elections held in 2014, the new administration realized (through internal financial analysis reports) that a large amount of money was being spent on licensing proprietary software. Looking to cut costs, management asked for a study to be carried out for solutions. As the Eyüpsultan municipality's IT department, we recommended to replace Microsoft Windows with Pardus GNU/Linux instead. We described our preference to transition to free software as "the desire to be independent from a company as well as the savings to be gained from cutting hefty license fees."

Additionally, we spoke about how the four freedoms would improve things outside of the budget. For example, we told the administration that users, when using free software, can fully benefit from the rights they have over the programs running on their computers. We also informed everyone that, when the software they run is proprietary, it means that a company claims rights over the user, and that such a claim of ownership can place restrictions on users in how they may or may not use the software. We told them that this is unacceptable. Arguments such as these were among the deciding factors that influenced our transition to free software.

The plan was presented to the municipal administration and widely accepted.

The municipal administration approved the project, and in January, 2015, the Eyüpsultan municipality started using free software applications such as LibreOffice (e.g. Writer, Calc, Impress, etc.). Prior to the implementations, basic user training on LibreOffice software was provided to the personnel of the institution. Over time, users were gradually and steadily directed to free systems, and, notably, without receiving backlash from users.... Training was an important item in the transition to Pardus GNU/Linux.
Besides an online support forum, they've also set up a live call center to answer questions. "I think we may be the only distribution that helps with issues via a call center."

So how do they feel now about that transition, eight years later? Free software has many advantages, including flexibility, high performance, major cost savings from licensing fees, independence from any particular company, and compliance with interoperability standards. Therefore, the transition of Eyüpsultan municipality to free software has resulted in benefits that were both strategic and practical. We believe, in the near future, more organizations will need to understand the philosophy of free software and the opportunities that free software provides.

The municipal budget has freed up money as a result of the moving from proprietary software to free software. The savings from the "proprietary software licenses" line of the budget was applied to the district in the form of new projects. The money goes now to, among other things, increasing the number of new parks and gardens, bicycle paths, and security cameras in the parks. Additionally, by increasing the number of classes we provide technical training, we started to provide classes in robotics and computation to young people. The Eyüpsultan municipality is now increasing the opportunities for students to further develop their personalities, abilities, goals, and self-discovery. It introduces young people to technology and encourages them to produce new technologies.
One final effect of using free software? It encourages others to do the same: As a result of this brave decision, many of the Istanbul district municipalities have started working to switch or have already made the switch to the Pardus GNU/Linux operating system. Institutions in other cities of the country have also expressed growing interest by asking questions about the Pardus operating system and free software.

The nonprofit Linux Foundation pays Linus Torvalds' salary and supports many other open source projects. But they also launched a new podcast series this week covering "The Untold Stories of Open Source."

"Each week we explore the people who are supporting Open Source projects, how they became involved with it, and the problems they faced along the way," explains the podcast's GitHub page (where you can put in a pull request to suggest future episodes or track the project's progress.)

The podcast is available on its official web page, as well as on Spotify, Apple, Google, or "wherever you listen to your podcasts," according to an announcement from the Linux Foundation. An introductory page says the podcast will be "used to inform the Linux and Open Source communities as to the current state in development of open source initiatives and Linux Foundation Projects. It is vendor neutral, with no interviews of commercial product vendors or sales teams."

Here's the first four episodes:

• Balancing Priorities at the Cloud Native Computing Foundation, with Priyanka Sharma, general manager

• A Life in Open Source, with Brian Behlendorf, general manager at Open Source Security Foundation

• A New Model for Technical Training, with Clyde Seepersad, senior vice president of the Linux Foundation's training/certification project

• The Business Side of Open Source, with Patrick Debois, "godfather of DevOps"

Microsoft updated the Microsoft Store policies yesterday to prohibit publishers from charging fees for software that is open source or generally available for free. They're also no longer allowed to set irrationally high price tags for their products. gHacks reports: If you have been to the Microsoft Store in the past couple of years, you may have noticed that it is home to more and more open source and free products. While that would be a good thing if the original developer would have uploaded the apps and games to the store, it is not, because the uploads have been made by third-parties. Even worse is the fact that many of these programs are not freely available, but available as paid applications. In other words: Microsoft customers have to pay money to buy a Store version of an app that is freely available elsewhere. Sometimes, free and paid versions exist side by side in the Store. Having to pay for a free application is bad enough, but this is not the only issue that users may experience when they make the purchase. Updates may be of concern as well, as the copycat programs may not be updated as often or as quickly as the source applications.

Open source and free products may not be sold anymore on the Microsoft Store, if generally available for free, and publishers are not allowed to set irrationally high price tags for their products anymore. The developers of open source and free applications may charge for their products on the Microsoft Store, the developer of Paint.net does that, for example. If Microsoft enforces the policies, numerous applications will be removed from the Store. Developers could report applications to Microsoft before, but the new policies give Microsoft control over application listings and submissions directly.

"Linux Mint is taking over development of Timeshift, a popular open-source backup tool," reports the blog OMG! Ubuntu: Anyone familiar with Mint will be familiar with this utility. Timeshift is, as the distro's own lead Clement Lefebvre says in the latest monthly update, a central plank in the system's backup and update 'strategy'.

Sadly, as happens, the creator of Timeshift is unable to keep working on it owing to other responsibilities. Not keen to see it stagnate, Mint says it 'got in touch' to see how they could help. Long story short: Linux Mint is assuming maintenance of the app henceforth.

And as part of the process Timeshift is becoming an official member of the XApp family (this is Mint's stable of home-grown software it designs and develops to be distro-agnostic for widest possible use).

From Google's Open Source blog: The Google Hardware Toolchains team is launching a new developer portal, developers.google.com/silicon, to help the developer community get started with its Open MPW shuttle program.

This will allow anyone to submit open source integrated circuit designs to get manufactured at no-cost.

Since November 2020, when Skywater Technologies announced their partnership with Google to open source their Process Design Kit for the SKY130 process node, the Hardware Toolchains team here at Google has been on a journey to make building open silicon accessible to all developers. Having access to an open source and manufacturable PDK changes the status-quo in the custom silicon design industry and academia:

— Designers are now free to start their projects liberated from NDAs and usage restrictions

— Researchers are able to make their research reproducible by their fellow peers

— Open source EDA tools can integrate deeply with the manufacturing process

Together we've built a community of more than 3,000 members, where hardware designers and software developers alike, can all contribute in their own way to advance the state of the art of open silicon design....

We need to go beyond cramming more transistors into smaller areas and toward more efficient dedicated hardware accelerators. Given the recent global chip supply chain struggles, and the lead time for popular ICs sometimes going over a year, we need to do this by leveraging more of the existing global foundry capacity that provides access to older and proven process node technologies....

By combining open access to PDKs, and recent advancements in the development of open source ASIC toolchains like OpenROAD, OpenLane, and higher level synthesis toolchain like XLS, we are getting us one step closer to bringing software-like development methodology and fast iteration cycles to the silicon design world. Free and open source licensing, community collaboration, and fast iteration transformed the way we all develop software. We believe we are at the edge of a similar revolution for custom accelerator development, where hardware designers compete by building on each other's works rather than reinventing the wheel....

To help you on-board on future shuttles, we created a new developer portal that provides pointers to get started with the various tools of the open silicon ecosystem: so make sure to check out the portal and start your open silicon journey!

The /e/OS-powered Murena One is the first smartphone from Murena that does its best to free you from Google without sacrificing too many core features. There are no Google apps, Google Play Services, or even the Google Assistant. It's all been replaced by open-source software alternatives with privacy-respecting features. ZDNet's Steven Vaughan-Nichols reports: Murena and Mandrake Linux founder Gael Duval was sick of it by 2017. He wanted his data to be his data, and he wanted open-source software. Almost five years later, Duval and his co-developers launched the Murena One X2. It's the first high-end Android phone using the open-source /e/OS Android fork to arrive on the market. The privacy heart of the Murena One is /e/OS V1. There have been many attempts to create an alternative to Google-based Android and Apple's iOS -- Ubuntu One, FirefoxOS, and Windows Mobile -- but all failed. Duval's approach isn't to reinvent the mobile operating system wheel, but to clean up Android of its squeaky Google privacy-invading features and replace them with privacy-respecting ones. To make this happen, Duval started with LineageOS -- an Android-based operating system, which is descended from the failed CyanogenMod Android fork. It also blends in features from the Android Open Source Project (AOSP) source-code trees.

In the /e/OS, most (but not all) Google services have been removed and replaced with MicroG services. MicroG replaces Google's libraries with purely open-source implementations without hooks to Google's services. This includes libraries and apps which provide Google Play, Maps, Geolocation, and Messaging services for Android applications. In addition, /e/OS does its best to free you from higher-level Google services. For instance, Google's default search engine has been replaced with Murena's own meta-search engine. Other internet-based services, such as Domain Name Server (DNS) and Network Time Protocol (NTP), use non-Google servers. Above the operating system, you'll find Google-free applications. This includes a web browser; an e-mail client; a messaging app; a calendar; a contact manager; and a maps app that relies on Mozilla Location Service and OpenStreetMap. While it's not here yet, Murena is also working on its own take on Google Assistant, Elivia-AI. You can also run many, but not all Android apps. You'll find these apps on the operating system's App Lounge. [...]

There's still one big problem: the App Lounge still relies on you logging in with your Google account. In short, the App Lounge is mainly a gateway to Google Store apps. Munera assures me that the Lounge anonymizes your data -- except if you use apps that require payment. Still, this is annoying for people who want to cut all their ties with Google. The fundamental problem is this: Muena does all it can to separate its operating system and applications from Google, but it can't -- yet -- replace Google's e-commerce and software store system. As for hardware specs, the $379 Murena One features a 6.5-inch IPS LCD display, eight-core MediaTek Helio P60 processor, side-mounted fingerprint scanner, three rear cameras (48MP + 8MP + 5MP) and 25MP front camera, and 4,500mAh battery. It also features a microSD card slot for expandable storage and headphone port.

Munich-based developer Aaron Ardiri is Slashdot reader #245,358, with a profile that still identifies him as a Palm OS developer. Which surprised me, because Palm OS's last update was in 2007. (Then again, ardiri's Slashdot profile also still includes his screen name on AOL Instant Messenger.)

So, a long-time Slashdot reader. And this week he stopped by to share a little history — in more ways than one. ardiri writes: Before the iOS and Android entered the scene — heck, even before the smartphone concept — was the handheld personal digital assistant, with the likes of Newton, Palm OS, Windows Mobile and Symbian.

Palm OS had a thriving gaming scene; with the likes of emulators and implementations/clones of classics such as LodeRunner, Lemmings, and the classic Game and Watch.
But the real news of ardiri's original submission is hidden in its headline. "Palm OS developer releases source to classic games, 20+ years after release." Written mainly in C and optimizations in assembler — maybe these games will make their way to the various Arduino like micro-controllers out there; designed for low memory, low processing power environments they would port perfectly.

As part of its landmark campaign for its 75th anniversary celebrations, the Association for Computing Machinery (ACM) is "opening up a large portion of its archives, making the first 50 years of its published records -- more than 117,500 documents dating from 1951 to 2000 -- accessible to the public without a login," writes Ernie Smith via Associations Now. From the report: Vicki L. Hanson, the group's CEO, noted that the ACM Digital Library initiative is part of a broader effort to make its archives available via open access by 2025. "Our goal is to have it open in a few years, but there's very real costs associated with [the open-access work]," Hanson said. "We have models so that we can pay for it." While the organization is still working through its open-access effort, it saw an opportunity to make its "backfile" of materials available, timed to the organization's 75th anniversary. "It's nice to link it to the 75th celebration year in general, but the emphasis was really coming from what it takes to get the Digital Library fully open," she said. "All those seminal articles from years ago can be made available to everyone."

The collection has some of what you'd expect: technical documents, magazine articles, and research papers, many of which highlight the history of computing -- for example, one of the first documents ACM ever published was about the groundbreaking UNIVAC system. But the treasure trove also goes to the heart of ACM itself, with a number of pieces related to the creation of the organization and how it was run, with in-depth records from early conferences included within the digital library.

The opening of ACM's digital backfile is one of many components to marking the organization's 75th anniversary -- the largest of which, a celebratory panel, will take place June 10 as a hybrid event that will bring together well-known figures in computer science, such as noted social media scholar danah boyd of Microsoft Research, Stanford University's Jure Leskovec, and Google chief economist Hal Varian. ACM is also highlighting its history on its social media channels, including by showcasing notable papers within its archives.

An anonymous reader quotes a report from ZDNet: The Software Freedom Conservancy (SFC), a non-profit organization that promotes open-source software and defends the free software General Public License (GPL), recently sued major TV vendor Vizio for abusing the GPL with its Linux-based SmartCast OS. Vizio replied that the SFC had no right to ask for the source code. On May 13, however, the SFC succeeded in federal court with its motion to have its lawsuit against Vizio remanded back to Superior Court in Orange County, CA.

Doesn't sound like that big a deal? Think again. The important part of the decision by U.S. District Court Judge Josephine L. Staton stated that SFC's claim "that the [GPLv2] enforcement of 'an additional contractual promise separate and distinct from any rights provided by the copyright laws' amounts to an 'extra element,' and therefore, SFC's claims are not preempted." Karen M. Sandler, SFC's executive director, explained, "The ruling is a watershed moment in the history of copyleft licensing. This ruling shows that the GPL agreements function both as copyright licenses and as a contractual agreement." Sandler added that even in the Free and Open Source Software (FOSS) legal community people argue incorrectly that the GPL and other copyleft licenses only function as copyright licenses. This decision clearly states that the GPL also acts as a contract. Further, this decision makes it the first case to show individual consumers have rights to the source code as third-party beneficiaries of the GPL.

Google announced a new initiative Tuesday aimed at securing the open-source software supply chain by curating and distributing a security-vetted collection of open-source packages to Google Cloud customers. From a report: The new service, branded Assured Open Source Software, was introduced in a blog post from the company. In the post, Andy Chang, group product manager for security and privacy at Google Cloud, pointed to some of the challenges of securing open-source software and stressed Google's commitment to open source. "There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks," Chang wrote, citing last year's major log4j vulnerability as an example. "Google continues to be one of the largest maintainers, contributors, and users of open source and is deeply involved in helping make the open source software ecosystem more secure." Per Google's announcement, the Assured Open Source Software service will extend the benefits of Google's own extensive software auditing experience to Cloud customers. All open-source packages made available through the service are also used internally by Google, the company said, and are regularly scanned and analyzed for vulnerabilities.

ZDNet reports there's more than just the one Microsoft-created Linux distribution for internal use only called CBL (Common Base Linux) Mariner.

"It turns out there's another Microsoft-developed Linux distribution that's also for internal use that's known as CBL-Delridge or CBL-D." I discovered the existence of CBL-D for the first time this week in a rather round-about way. I stumbled onto a February 2 blog post from Hayden Barnes. a Senior Engineering Manager at SuSE who led the Windows on Rancher engineering team, which traced his steps in discovering and building his own image of CBL-D. Barnes noted that Microsoft published CBL-Delridge in 2020, the same year that it also published CBL-Mariner. The main difference between the two: Delridge is a custom Debian derivative, while Mariner is a custom Linux From Scratch-style distribution.

CBL-D powers Azure's Cloud Shell. The Azure Cloud Shell provides a set of cloud-management tools packaged in a container. In a note on the GitHub repo for the Cloud Shell, officials noted that "the primary difference between Debian and CBL-D is that Microsoft compiles all the packages included in the CBL-D repository internally. This helps guard against supply chain attacks...."

CBL-Mariner and CBL-Delridge are just two of the Microsoft-developed Linux-related deliverables from the Linux Systems Group. Others include the Windows Subsystem for Linux version 2 (WSL2), which is part of Windows 10; an Azure-tuned Linux kernel which is designed for optimal performance as Hyper-V guests; and Integrity Policy Enforcement (IPE), a proposed Linux Security Module (LSM) from the Enterprise and Security team.

Red Hat's CEO/president Paul Cormier assessed the last two years in a speech at this week's Red Hat Summit. "Globally we saw nearly every industry go to 100% remote working overnight." Regardless of industry and size, organizations learned to operate virtually and on-demand. Companies needed to deliver goods and services to customers without a set brick-and-mortar footprint. We saw new tech hubs emerge in unlikely places because workers we no longer bound by needing to be based in specific cities. Newly-remote workers realized that they didn't have to be tied to a physical office, and organizations focused on hiring new talent based on skill and not location.

These are not insignificant achievements, and while this way of working was unfamiliar to those who were forced to adapt during the pandemic, to the open source world, it was just another day.

Every open source project is worked on remotely and has been since their inception. Just look at the Linux Foundation, which supports more than 2,300 projects. There were more than 28,000 active contributors to these projects in 2021, adding more than 29 million lines of code each week and with community participants coming from nearly every country around the globe. Most of these contributors will never meet face to face, but they are still able to drive the next generation of open technologies.

Whether we realized it or not, our accomplishments during the pandemic brought us closer to the open source model, and this is why open source innovation is now driving much of the software world. Through this new way of working, we saw new revenue streams, found new ways to become more efficient, and discovered new ways to engage with our customers. As we approach what, hopefully, is the tail end of an incredibly difficult few years, it's time to accelerate. It's time to take the lessons that we learned and applied as we transformed to digital-first and use them to improve our businesses, cultures and global communities.

The term "new normal" is now used like it's pre-determined and static. It isn't. You get to define your new normal. What do you want your business to look like? How do you want to embrace the next generation of IT?

An anonymous reader quotes a report from ZDNet: Securing the open-source software supply chain is a huge deal. Last year, the Biden administration issued an executive order to improve software supply chain security. This came after the Colonial Pipeline ransomware attack shut down gas and oil deliveries throughout the southeast and the SolarWinds software supply chain attack. Securing software became a top priority. In response, The Open Source Security Foundation (OpenSSF) and Linux Foundation rose to this security challenge. Now, they're calling for $150 million in funding over two years to fix ten major open-source security problems.

The government will not be paying the freight for these changes. $30 million has already been pledged by Amazon, Ericsson, Google, Intel, Microsoft, and VMWare. More is already on the way. Amazon Web Services (AWS) has already pledged an additional $10 million. At the White House press conference, OpenSSF general manager Brian Behlendorf said, "I want to be clear: We're not here to fundraise from the government. We did not anticipate needing to go directly to the government to get funding for anyone to be successful."

Here are the ten goals the open-source industry is committed to meeting:

1. Security Education: Deliver baseline secure software development education and certification to all.
2. Risk Assessment: Establish a public, vendor-neutral, objective-metrics-based risk assessment dashboard for the top 10,000 (or more) OSS components.
3. Digital Signatures: Accelerate the adoption of digital signatures on software releases.
4. Memory Safety: Eliminate root causes of many vulnerabilities through the replacement of non-memory-safe languages.
5. Incident Response: Establish the OpenSSF Open Source Security Incident Response Team, security experts who can step in to assist open source projects during critical times when responding to a vulnerability.
6. Better Scanning: Accelerate the discovery of new vulnerabilities by maintainers and experts through advanced security tools and expert guidance.
7. Code Audits: Conduct third-party code reviews (and any necessary remediation work) of up to 200 of the most-critical OSS components once per year.
8. Data Sharing: Coordinate industry-wide data sharing to improve the research that helps determine the most critical OSS components.
9. Software Bill of Materials (SBOMs): Everywhere Improve SBOM tooling and training to drive adoption.
10. Improved Supply Chains: Enhance the 10 most critical open-source software build systems, package managers, and distribution systems with better supply chain security tools and best practices.

Today at the Open Source Software Security Summit II in Washington, D.C., OpenSSF announced an ambitious, multipronged plan with 10 key goals to better secure the entire open-source software ecosystem. From a report: While open-source software itself can sometimes be freely available, securing it will have a price. OpenSSF has estimated that its plan will require $147.9 million in funding over a two-year period. In a press conference held after the summit, Brian Behlendorf, general manager of OpenSSF, said that $30 million has already been pledged by OpenSSF members including Amazon, Intel, VMware, Ericsson, Google and Microsoft.