Though Mozilla laid off 250 people last week, the Rust Core Team wrote a blog post Tuesday reminding the world that "the Rust project as a whole is very resilient to such events..." it is a common misconception that all of the Mozilla employees who participated in Rust leadership did so as a part of their employment. In fact, many Mozilla employees in Rust leadership contributed to Rust in their personal time, not as a part of their job. Finally, we would like to emphasize that membership in Rust teams is given to individuals and is not connected to one's employer. Mozilla employees who are also members of the Rust teams continue to be members today, even if they were affected by the layoffs...
But they've still got some news: We've developed legal and financial needs that our current organization lacks the capacity to fulfill. While we were able to be successful with Mozilla's assistance for quite a while, we've reached a point where it's difficult to operate without a legal name, address, and bank account. "How does the Rust project sign a contract?" has become a question we can no longer put off....

The Rust Core Team and Mozilla are happy to announce plans to create a Rust foundation. The Rust Core Team's goal is to have the first iteration of the foundation up and running by the end of the year... The various trademarks and domain names associated with Rust, Cargo, and crates.io will move into the foundation, which will also take financial responsibility for the costs they incur.... As an immediate step the Core Team has selected members to form a project group driving the efforts to form the foundation. Expect to see follow-up blog posts from the group with more details about the process and opportunities to give feedback...

We're excited to start the next chapter of the project by forming a foundation. We would like to thank everyone we shared this journey with so far: Mozilla for incubating the project and for their support in creating a foundation, our team of leaders and contributors for constantly improving the community and the language, and everyone using Rust for creating the powerful ecosystem that drives so many people to the project. We can't wait to see what our vibrant community does next.

InfoQ reports on a new security group that launched last week: Supported by The Linux Foundation, the Open Source Security Foundation (OpenSSF) aims to create a cross-industry forum for a collaborative effort to improve open source software security. The list of initial members includes Google, Microsoft, GitHub, IBM, Red Hat, and more.

"As open source has become more pervasive, its security has become a key consideration for building and maintaining critical infrastructure that supports mission-critical systems throughout our society. It is more important than ever that we bring the industry together in a collaborative and focused effort to advance the state of open source security. The world's technology infrastructure depends on it."

Microsoft CTO for Azure Mark Russinovich explained clearly why open source security must be a community effort:

"Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. [...] Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process."
Also joining the group are Intel, IBM, Uber, and VMWare, according to Foundation's inaugural announcement, which promises its governance and decisions "will be transparent, and any specifications and projects developed will be vendor agnostic."

Microsoft just launched a new website "to showcase how it's embracing open source to 'bring choice, technology and community to our customers,'" reports ZDNet: Microsoft, under CEO Satya Nadella, has said and done a lot to shed its image as a pariah of Linux and open-source software communities. With a Linux kernel for Windows 10, GitHub, a new Android Surface Duo, and the commercial cloud as its main source of revenue, Microsoft is a very different company than it was 30 years ago when it was afraid open-source software would gobble up its intellectual property and revenues.

Nowadays, it's got a growing number of open-source projects, including its hugely popular cross-platform code editor Visual Studio Code (VS Code), .NET Core, the hit JavaScript-based programming language TypeScript, and new open-source Windows developer tools like PowerToys and Windows Terminal... According to the company, over 35,000 engineers at the company are using GitHub Enterprise Cloud to host and release official Microsoft open-source projects, samples, and documentation....

Jeff Wilcox, a software engineer with the Microsoft Open Source Programs Office, announced the new site Thursday. He notes that it is "built by the Ruby open-source project Jekyll (that also powers GitHub Pages)".

Ton Roosendaal, Chairman of Blender Foundation (which accepts donations to support activities to provide free and open accessible services for all Blender contributors), writes: Microsoft makes use of Blender to generate synthetic 3D models and images of humans that can be used to train AI models. For researchers, having access to high quality free/opensource 3D software has proven to be of great benefit for scientific projects. You can check some of their work here. To express their support, Microsoft is joining the Blender Foundation's Development Fund as a Corporate Gold member per July 1st, 2020. We at Blender are very proud of this support statement, it's another important signal that the industry migrates to open source and finds ways to contribute to it.

emil (Slashdot reader #695) writes: The advent of quantum computing poses a well-recognized threat to RSA and other well-known asymmetric cryptosystems. It has been four years since NIST opened the post-quantum cryptography competition, and we are seeing extensive delays compared to AES.

A new and (hopefully) quantum-secure SSH key exchange, based on NTRU Prime, has been present in OpenSSH since January 2019, first implemented in TinySSH shortly before. This key exchange is marked by OpenSSH as experimental, and not enabled by default.

For those ready to evaluate NTRU Prime, or otherwise seeking an SSH server with "state-of-the-art crypto" (as described by TinySSH author Jan Mojí), a complete procedure for a Musl build and Busybox container deployment is presented, with additional focus on supplemental servers and key conversion.

SUSE has released the next versions of its flagship operating system, SUSE Linux Enterprise (SLE) 15 Service Pack 2 and its latest infrastructure management program, SUSE Manager 4.1. ZDNet reports: SLE 15 SP2 is available on the x86-64, Arm, IBM POWER, IBM Z, and LinuxONE hardware architectures. This new Linux server edition is based on the Linux 5.3 kernel. This new kernel release includes upstream features such as utilization clamping support in the task scheduler, and power-efficient userspace waiting. Other new and noteworthy features include:

- Support for migration from openSUSE Leap to SUSE Linux Enterprise Server (SLES). With this, you can try the free, community openSUSE Linux distro, and then, if you find it's a good choice for your business, upgrade to SLES.
- Extended Package Search. By using the new Zypper, SUSE's command line package manager, command option -- zypper search-packages -- sysadmins can now search across all SUSE repositories, even unenabled ones. This makes it easier for administrators to find required software packages.
- SLE Software Development Kit (SDK) is now integrated into SLE. Development packages are packaged alongside regular packages. - Python 3: SLE 15 offers full support for Python 3 development. SLE still supports Python 2 for the time being.
- 389 Directory Server replaces OpenLDAP as the LDAP directory service.
- Repository Mirroring Tool (RMT) replaces Subscription Management Tool (SMT). RMT allows mirroring SUSE repositories and custom repositories. You can then register systems directly with RMT. In environments with tightened security, RMT can also proxy other RMT servers.
- Better business continuity with improved SLE Live Patching. SUSE claims Live Patching increases system uptime by up to 12 months. SLE Live Patching is also now available for IBM Z and LinuxONE mainframe architectures.

As for SUSE Manager 4.1, this is an improved open-source infrastructure management and automation solution that lowers costs, identifies risk, enhances availability, and reduces complexity in edge, cloud, and data center environments. With SUSE Manager you can keep servers, VMs, containers, and clusters secure, healthy, compliant, and low maintenance whether in private, public, or hybrid cloud. That's especially important these days thanks to coronavirus pandemic IT staff disruptions. SUSE Manager 4.1 can also be used with the Salt DevOps program. Its vertical-market brother, SUSE Manager for Retail 4.1, is optimized and tailored specifically for retail. This release comes with enhancements for small store operations, enhanced offline capabilities and image management over Wi-Fi, and enhanced virtual machine management and monitoring capabilities. Simultaneously it can scale retail environments to tens of thousands of end-point devices and help modernize point-of-service rollouts.

The Linux Foundation Public Health initiative has chosen the Covid Tracker Ireland app as one of its first two open-source Covid-19 projects. From a report: Since its launch, more than 1.3m people have downloaded the Covid Tracker Ireland app, which was developed to help track the future spread of the coronavirus. Now, the app has been chosen as one of the first two open-source contact-tracing projects by the newly established Linux Foundation Public Health (LFPH) initiative. Nearform, the Waterford-based company that developed the app with the HSE, has been made one of the initiative's seven premium members, along with Cisco, Doc.ai, Geometer, IBM, Tencent and VMware. Under the project name 'Covid Green', the source code of the Irish app is being made available for other public health authorities and their developers across the world to use and customise. As part of the agreement, Nearform will manage the source code repository on GitHub. In its announcement, the LFPH pointed to the "extraordinarily high" adoption rate of the Covid Tracker Ireland app.

Microsoft-owned GitHub has finally moved its snapshot of all active public repositories on the site to a vault in Norway. ZDNet reports: GiHub announced the archiving plan last November and on February 20 followed through with the 21 terabyte snapshot written to 186 reels of film. GitHub cancelled plans for a team to "personally escort the world's open-source code to the Arctic" due to the coronavirus pandemic, leaving the job to local partners who received the boxed films and deposited them in an old coal mine on July 8. The archive is being stored in Svalbard, Norway, a group of islands that's also home to the global seed bank.

"The code landed in Longyearbyen, a town of a few thousand people on Svalbard, where our boxes were met by a local logistics company and taken into intermediate secure storage overnight," said Julia Metcalf, director of strategic programs at GitHub. "The next morning, it traveled to the decommissioned coal mine set in the mountain, and then to a chamber deep inside hundreds of meters of permafrost, where the code now resides fulfilling their mission of preserving the world's open-source code for over 1,000 years." The repository includes public code repositories and significant dormant repos. The snapshot consists of the HEAD of the default branch of each repository, minus any binaries larger than 100kB in size. Each repository is then packaged as a single TAR file, and for efficiency's sake, most of the data will be stored as QR codes. A human-readable index and guide will itemize the location of each repository and explain how to recover the data.

An anonymous reader quotes a report from ZDNet: Google has announced it is launching a new organization, Open Usage Commons (OUC), to host the trademarks for three of its most important new open-source projects. These are Angular, a web application framework for mobile and desktop; Gerrit, a web-based team code-collaboration tool; and Istio, a popular open mesh platform to connect, manage, and secure microservices. While it only covers three Google projects, for now, OUC is meant to give open-source projects a neutral, independent home for their project trademarks. The organization will also assist with conformance testing, establishing mark usage guidelines, and handling trademark usage issues. The organization will not provide services that are outside the realm of usage, such as technical mentorship, community management, project events, or project marketing. "Having an entity like this does make some sense for a certain number of use cases," says Andrew "Andy" Updegrove, open-source standards and patent expert and founding partner of top-technology law firm Gesmer Updegrove. "The most obvious one is an unincorporated OSS project. An amorphous group of individuals can't own a trademark efficiently, so there's no way to protect the project name unless they agree on a singular owner. There are many cases where an individual member has owned a project mark, and that has often led to downstream problems. So simply having a neutral owner is a community good without going any farther than that."

Updegrove also said noted trademarks have usually been achieved by a project "approaching a host, like The Apache Foundation or Linux Foundation and asking them to take over as host. But that usually requires taking the project under the umbrella, and subject to the rules, of that foundation."

Updegrove wonders if there's "more to the story than meets the eye." He notes there is one important difference by only handing over the trademarks: "A project that is primarily important to a single vendor and primarily staffed and controlled by developers employed by that employer can continue to exercise effective control while avoiding the market suspicion that might arise if the vendor owned the mark." He suspects Google is doing this "to up the credibility of some of its projects [to the open-source community] while not taking the more extreme step of turning the project over to a foundation in connection with which a new and more independent governance structure is put in place."

Nokia has become the first major telecom equipment maker to commit to adding open interfaces in its products that will allow mobile operators to build networks that are not tied to a vendor. Reuters reports: The new technology, dubbed Open Radio Access Network (Open RAN), aims to reduce reliance on any one vendor by making every part of a telecom network interoperable and allowing operators to choose different suppliers for different components. Currently, Nokia along with Ericsson and Huawei supplies most of the equipment for building telecom networks and mobile operators can only pick one for each part of their network.

As part of the implementation plan, Nokia plans to deploy Open RAN interfaces in its baseband and radio units, a spokesman said. An initial set of Open RAN functionalities will become available this year, while the full suite of interfaces is expected to be available in 2021, the company said. Nokia, unlike other vendors, had been promising to participate in the development of open RAN technology and have joined several industry alliances.

Long-time Slashdot reader PCM2 shares a report from CBS News: Gov. Gavin Newsom on Thursday announced a new COVID-19 modeling website as well as new open-source tools designed to help California residents understand the data informing local health departments and empower what he called "citizen scientists." The governor introduced the new coronavirus modeling website [...] as a way for residents to see the raw data that is driving the decisions of state and county officials with full transparency.

The new website features three sections: a "Nowcast" section that provides the most current information on how fast COVID-19 is spreading in the state and by county; a "Forecasts" section that provides short-term COVID-19 forecasts in the state and by county; and a "Scenarios" section that projects the possible long-term impacts under different scenarios and responses to COVID-19, again for the whole state and by county. "We want to open up our site to 'netizen-tists' ... of citizen-scientists, people that are out there doing coding every single day," said Newsom. "We want to give them access through an open-source platform to all of the available data that we have, that I have, that our health professionals have, in a way that we don't believe has been done before anywhere in the United States. This is a deep dive for transparency and openness. This is a new resource that we are making available today."

Volkswagen wants to use an open-source approach to refine elements of a software-based car operating system being developed by the carmaker, Christian Senger, its board member responsible for digital services and software, said. From a report: With the advent of autonomous driving, carmakers have been forced to link up radar, camera and ultrasonic sensors and connect them to braking and steering components, something which requires thousands of lines of software code. "There is a race to create automotive operating systems. We are seeing that many non-automotive players are building up competence in this area," Senger told Reuters. By 2025, VW wants to increase its own share of software development on its cars to 60%, from 10% at present, and to design the electronics and vehicle architecture as well.

Volkswagen board member Thomas Ulbrich said in March that U.S. electric car manufacturer Tesla has a 10-year start on rivals when it comes to building electric cars and software. "In future there will likely be fewer automotive operating systems than carmakers," Senger explained. Volkswagen will define the core operating system but may seek an open source approach to enhance elements of it. "The operating system is not something that we will control on our own. We will define its core and then quickly include open-source components, to create standards. This will create opportunities for partnerships," Senger said.

The head of the Open Technology Fund (OTF) Corporation, which funds internet freedom projects and technologies, resigned Wednesday because she said she became aware of a lobbying effort that would push the group's funds toward closed-source tools rather than the open-source ones it has traditionally championed. From a report: In a resignation email sent to an OTF mailing list, Libby Liu, the inaugural OTF CEO, mentioned that the Trump administration had recently sworn in Michael Peck as the new head of the U.S. Agency for Global Media (USAGM), which is the OTF's grantor. She said that she learned of lobbying efforts to push money to closed-source tools. "As you all know, OTF's flexible, transparent, and competitive funding model has been essential to our success in supporting the most secure and effective internet freedom technologies and innovative projects available," she wrote. "I have become aware of lobbying efforts to convince the new USAGM [U.S. Agency for Global Media] CEO to interfere with the current FY2020 OTF funding stream and redirect some of our resources to a few closed-source circumvention tools."

This week long-time open source advocate Matt Asay warned employers that the best way to keep their developers happy was to let them contribute to open source projects: SlashData recently surveyed over 16,000 developers to see what makes them tick... what they care about. The data is collected in SlashData's State of the Developer Nation, though let me give you the tl;dr: 59% of developers contribute to open source software today. Why do they contribute? The top two reasons are: To improve coding skills and because they believe in open source.

Want to keep those developers happy and employed with you? Let them contribute...

[Y]our employees want to contribute both code and knowledge — they want to be part of something. Talking to Bert Hubert, founder of PowerDNS, a supplier of open source DNS software, services, and support, he stressed that an open source project must be "a fun place where people feel that they are learning things, that they're contributing things, that they're being valued." Perhaps not surprisingly, these are the same elements developers expect from their employers. By making open source a valued part of workplace expectations, employers tick both boxes.

Is it an absolute requirement that you encourage your developers to contribute to open source projects? No. But many of your best developers will chafe at keeping their talents locked up behind the firewall, and other developers simply won't apply if you have a reputation for being an open source scrooge.
The article was written by Matt Asay, a former COO of Canonical now working at AWS. (Right before becoming Canonical's COO, Matt answered questions from Slashdot readers).

The survey he cites also found that out of 17,000 developers they talked to, just 3% said they were paid to contribute to open source.

The other 97% contributed for free.

watha2020 writes: Spot, the four-legged robot made famous by its YouTube dance video, is being tested as a remote triage system at Boston's Brigham Women's Hospital. A Spot robot carrying an iPad allows doctors to interview possibly infected patients at a safe distance. [Spot is also carrying a pouch near the robot's "tail," which allows it to deliver small items such as bottled water to infected patients, without the need to send in a nurse. The report adds that an upgraded model will add cameras that can measure a patient's respiration rate and body temperature, with no need to make physical contact.] An anonymous Slashdot reader also shares news that Boston Dynamics today open-sourced its health care robotics toolkit on GitHub. "The company hopes that existing Boston Dynamics customers and other mobile robot providers can use the toolkit, which includes documentation and CAD files of enclosures and mounts, to help health care workers and essential personnel and ultimately save lives," reports VentureBeat. "The mobile robot provider outlined four use cases for its toolkit: telemedicine (which it has already deployed), remote vitals inspection, disinfection, and delivery."

Motherboard reports on a new open source program "that superimposes someone else's face onto yours in real-time, during video meetings." Programmer Ali Aliev used the open-source code from the "First Order Motion Model for Image Animation," published on the arxiv preprint server earlier this year [and developed by researchers at the University of Trento in Italy as well as Snap]... With other face-swap technologies, like deepfakes, the algorithm is trained on the face you want to swap, usually requiring several images of the person's face you're trying to animate. This model can do it in real-time, by training the algorithm on similar categories of the target (like faces)...

Aliev made a video of himself as Elon Musk, pretending to join the wrong meeting, to demonstrate the tech. It's pretty clear that it's a fake, but the eyes and head move around well enough that it'd be a neat trick for a few seconds, before the rest of the call looks any closer.
He's released his program on GitHub, naming it "Avatarify". But Motherboard warns it requires "a bit of programming knowledge" plus a powerful gaming PC.

"You have to run Zoom or Skype, as well as streaming software and Avatarify at the same time, which takes a decent amount of computing power."

The editor of TFIR posed an interesting question to Rob Hirschfeld, the Founder/CEO of RackN (which automates and integrates bare-metal infrastructure). Will the financial impact of the COVID-19 pandemic affect the sustainability of open source software?

Hirschfeld responded: "The idea that big companies are maintaining open-source projects for the community good is going to get tested, as companies look for places where they can conserve revenue. I think that's a really critical thing."

"The same is going to be true with open-source startups that are hoping to monetize support or consulting but have no real gate across the front of their infrastructure... Companies might decide they can use the open-source project and not pay the sustaining engineers that are working in that project.

"These are really serious concerns about the whole open-source model, which relies on goodwill and free money."

"Sales of Raspberry Pi's single-board computers hit 640,000 in March, the second-biggest month for sales since they started selling," reports TechRepublic, "as consumers flocked to inexpensive ways to work and learn from home." But that's not all, Eben Upton tells them: With the pandemic having highlighted shortages in personal protective equipment (PPE), 3D-printing manufacturers and hobbyists have been building face shields printed on plastic acetate that can be quickly assembled and delivered to hospitals, for free. "A lot of that is Pi-driven," Upton explained, noting that OctoPrint, which is the most popular platform for managing 3D printers, runs on Raspberry Pi... "[M]aking face shields seems to be a community effort. You have people with a home printer, printing these things once a week and then going to a post office and sending them," he said.

"Then you'll have some people sat in a hack space receiving the parcels, cutting the acetate and the elastic, assembling them into face shields then sending them to the hospital. It's amazing." Upton suggested this effort could eventually be ramped up to a "massively distributed scale", with the benefit of open source being that, once you have a good design that works, it can be rapidly iterated. In the long term, this could even include the ventilators themselves, he said.

"One thing we're seeing with this is people finding a niche within which open hardware really works," he said.

Slashdot reader and managing director of Adafruit, Phillip Torrone, a.k.a. ptorrone, writes: Tom's Hardware talked to Adafruit about what it's like to switch from selling tech to selling protective gear, and when hobbyists can expect things to return to normal. In March of 2020, Adafruit was deemed an essential service and business for critical manufacturing in NYC by executive order 202.6, making face shields and making/shipping critical components and electronics for COVID-19 related efforts and testing. "We've always needed to make essential electronics for people," Torrone said, stressing that this isn't new for them. "When this hit, there was a very specific short term need. And that was for face shields. And because we have 3D printers, we have laser cutters, we have production capabilities, [when] New York City put out the call, our name came up right away because that's one of the things we do."

On top of that, "we can make components for ventilators," Torrone added: "We can make components for the fast track FDA medical devices that people are trying to get out as fast as possible, from testing equipment to you name it, any type of temperature sensing or pressure sensing...We make electronic components that are used in many, many things. So no matter what, we would still need to be making those components for medical devices...electronics are electronics, so this temperature sensor that we used to use for other things, is going to be used for this now. This barometric pressure sensor, or that barometric pressure sensor [is going to be used for other things]...So for us, it was like 'Oh, this is just going in a different type of box for different types of application.'"

Since Adafruit's shift to essential medical and protective gear, the company's other products are now shipping out on a "when we can do it" basis. Tom's Hardware notes that the company "is still selling to select university and military researchers, but all others will have to wait until an unspecified time in the future to buy their usual Adafruit tech." Thankfully, Torrone says the customer response to the delay of normal business has been largely positive. "We've always been a good cause and a good business with a really good community. So our customers said, 'I'm still going to order and just ship it when you can.' So for regular orders for our customers, they've been fantastic."

The Bay Area Newsgroup just interviewed the author of "Abolish Silicon Valley: How to liberate technology from capitalism". Q: How do you fix this broken system?

A: Overall the goal that I'm thinking about is that you have the private sector so overfunded and glorified that it seems like the only way to do things, but things could be much better serviced by the public sector without the profit motive that the private sector demands. Reclaim the wealth from capital, push back capital and fund public innovation... Right now the way it works is all these tech companies are predicated on a very particular way of regulating work and will hire people short-time and pay them nothing and not provide them with safety nets.

There are also companies that shouldn't necessarily exist. A lot of companies are being funded to do something the public sector could've provided. Instead of good public transit, we have Uber. Instead of a good social mobility system, we get paid scooters. What people want is to streamline a centralized system that is run in a way that is accountable and actually serves the public...

My Utopian view is to put tech companies in full public view. Expropriate platforms and turn them into municipal services, public services and make them open-source.