Phoronix reports on a new concern about Qt, the free and open-source widget toolkit for creating GUIs and cross-platform applications: Wednesday a KDE developer who serves on the board of the KDE Free Qt Foundation commented that The Qt Company is evaluating restricting new releases to paying customers for 12 months. That was said to be under consideration due to COVID19 / coronavirus impacting their finances and needing to boost short-term revenues... [Slashdot editor's note: the comment also claims the Qt Company "says that they are willing to reconsider the approach only if we offer them concessions in other areas."] This comes months after The Qt Company already shifted to make Qt long-term support releases customer-only, among other steps to boost their commercial business at the beginning of the year.

Following all the speculation and concerns from the statement by KDE's Olaf Schmidt-Wischhöfer, The Qt Company released this very brief statement:

There have been discussions on various internet forums about the future of Qt open source in the last two days. The contents do not reflect the views or plans of The Qt Company.

The Qt Company is proud to be committed to its customers, open source, and the Qt governance model.
But in the event of a one-year freeze on free releases, Phoronix now reports, "several individuals and projects are already expressing interest in a Qt fork should it come to it." The hope is first and foremost that The Qt Company and KDE / KDE Free Qt Foundation can reach a mutual agreement without this embargo on future releases, which would effectively close up its development... Among those backing the concept of forking Qt as a last resort if necessary has been developers from consulting firm KDAB, the Qute browser developer, and the QGIS project as one of the leading geographic information system software packages, among many KDE developers themselves.

The mailing list thread is quite active in talking about the possible fork if necessary, including aspects like web-hosting down to what such a fork should be called ("Kt" seems to be a popular choice so far with several different members in the community).

Python knocked C++ out of the top 3 on TIOBE's index of the most popular programming languages this month, while C# rose into the #5 position, overtaking Visual Basic.

But the biggest surprise was when last month's #26 most popular programming language suddenly jumped six spots into the #20 position, writes the CEO of TIOBE Software. "At first sight this might seem a bit strange for a programming language that is designed to teach children how to program." But if you take into account that there are in total more than 50 million projects "written" in Scratch and each month 1 million new Scratch projects are added, it can't be denied any more that Scratch is popular...

Since computers are getting more and more an integral part of life, it is actually quite logical that languages to teach children programming are getting popular.
TIOBE notes that Scratch is sponsored by major tech companies like Google and Intel (as well as the Cartoon Network and LEGO Foundation). But Jaxenter also applauds how the Scratch interface lets users remix or comment on existing projects in addition to sharing their own: The community not only introduces children to teamwork, creative problem solving, logical thinking, and collaboration, but it also introduces concepts such as open source communities and code review. They will learn concepts that might later become useful in Agile software development and DevOps.
TIOBE bases its rankings on the number of search engine results for courses, third party vendors, and programmers -- making the programming news site DevClass wonders if the spike came from "school aged children...stuck at home while schools are closed."

TIOBE still shows Java as the #1 most popular programming language (followed by C, Python, and C++). And this month's index also shows PHP rising into the #9 position -- overtaking SQL.

And COBOL is now #26 on the list, making it more popular than Rust.

An anonymous reader quotes a report from Motherboard: A global group of scientists and lawyers announced their efforts to make their intellectual property free for use by others working on coronavirus pandemic relief efforts -- and urged others to do the same -- as part of the "Open Covid Pledge." Mozilla, Creative Commons, and Intel are among the founding members of this effort; Intel contributed to the pledge by opening up its portfolio of over 72,000 patents, according to a press release. Participants are asked to publicly take the pledge by announcing it on their own websites and issuing a press release.

"Immediate action is required to halt the COVID-19 Pandemic and treat those it has affected," the pledge states. "It is a practical and moral imperative that every tool we have at our disposal be applied to develop and deploy technologies on a massive scale without impediment. We therefore pledge to make our intellectual property available free of charge for use in ending the COVID-19 pandemic and minimizing the impact of the disease." From there, people and companies are asked to adopt a license detailing the terms and conditions their intellectual property will be available; while pledgers are permitted to write their own license based on their needs, the organizers wrote "Open COVID License 1.0" as a template for immediate use, which grants usage rights to anyone working toward "minimizing the impact of the disease, including without limitation the diagnosis, prevention, containment, and treatment of the COVID-19 Pandemic." The license is effective until one year after the World Health Organization declares the pandemic to be over. Other participants include Berkeley and UCSF's Innovative Genomics Institute, Fabricatorz Foundation, and United Patents.

schwit1 shares a report from VentureBeat: A team of Microsoft and Huazhong University researchers this week open-sourced an AI object detector -- Fair Multi-Object Tracking (FairMOT) -- they claim outperforms state-of-the-art models on public data sets at 30 frames per second. If productized, it could benefit industries ranging from elder care to security, and perhaps be used to track the spread of illnesses like COVID-19. As the team explains, most existing methods employ multiple models to track objects: (1) a detection model that localizes objects of interest and (2) an association model that extracts features used to reidentify briefly obscured objects. By contrast, FairMOT adopts an anchor-free approach to estimate object centers on a high-resolution feature map, which allows the reidentification features to better align with the centers. A parallel branch estimates the features used to predict the objects' identities, while a "backbone" module fuses together the features to deal with objects of different scales.

Cybersecurity firm Sophos announced today that it has open-sourced the Sandboxie Windows sandbox-based isolation utility 15 years after it was released. Bleeping Computer reports: Sandboxie was initially developed by Ronen Tzur and released on June 26, 2004, as a simple utility to help run Internet Explorer within a secure and isolated sandbox environment. Later, Tzur upgraded Sandboxie to also support sandboxing any other Windows applications that required a secure virtual sandbox for while running. Invincea acquired Sandboxie from Tzur in December 2013 and the app eventually moved under Sophos' software umbrella after the cybersecurity firm announced Invincea's acquisition in February 2017.

"We are thrilled to give the code to the community," Sophos Director of Product Marketing Seth Geftic said. "The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level. The Sandboxie user base represents some of the most passionate, forward-thinking, and knowledgeable members of the security community, and we hope this announcement will spawn a fresh wave of ideas and use cases." You can download Sandboxie and its source code here.

Linux 5.6 "has a bit more changes than I'd like," Linus Torvalds posted on the kernel mailing list, "but they are mostly from davem's networking fixes pulls, and David feels comfy with them. And I looked over the diff, and none of it looks scary..." TechRadar reports that the new changes include support for USB4 and GeForce RTX 2000 series graphics cards with the Nouveau driver: Yes, Turing GPU support has arrived with the open source Nouveau driver, along with the proprietary firmware images, as Phoronix.com reports. However, don't get too excited, as re-clocking doesn't work yet (getting the GPU to operate at stock clocks), and other important pieces of the puzzle are missing (like no Vulkan support with Nouveau). For the unfamiliar, Nouveau is an alternative to Nvidia's proprietary drivers on Linux, and although it remains in a relatively rough state in comparison, it's still good to see things progressing for Linux gamers with one of Nvidia's latest cards in their PC.

Linux 5.6 also introduces fresh elements on the AMD front, with better reset support for Navi and Renoir graphics cards (which helps the GPU recover if it hits a problem)... Another notable move is the introduction of WireGuard support, a newcomer VPN protocol which makes a potentially nifty alternative to OpenVPN.

Linux 5.6 also supports the Amazon Echo speaker, and naturally comes with a raft of other minor improvements...
Linus's post also notes that for the next release's timing they'll "play it by ear... It's not like the merge window is more important than your health, or the health of people around you." But he says he hasn't seen signs that the pandemic could affect its development (other than the possibility of distraction by the news).

"I suspect a lot of us work from home even normally, and my daughter laughed at me and called me a 'social distancing champ' the other day..."

"The Eclipse Foundation just released version 1.0 of an open-source alternative to Visual Studio Code called Eclipse Theia," reports SD Times: Theia is an extensible platform that allows developers to create multi-language cloud and desktop IDEs, allowing them to create entirely new developer experiences.

According to the Eclipse Foundation, the differences between Theia and Visual Studio Code are that Theia has a more modular architecture, Theia was designed from the ground to run on desktop and cloud, and Theia was developed under community-driven and vendor-neutral governance of the Eclipse Foundation. The Theia project was started by Ericsson and TypeFox in 2016, and since then it has become an integral part of cloud solutions globally. The project approached the Eclipse Foundation about becoming a potential host in 2019.

Early contributors to the project include ARM, Arduino, EclipseSource, Ericsson, Google Cloud, IBM, Red Hat, SAP, and TypeFox.
"We are thrilled to see Eclipse Theia deliver on its promise of providing a production-ready, vendor-neutral, and open source framework for creating custom and white-labeled developer products," announced Mike Milinkovich, the Eclipse Foundation's executive director. "Visual Studio Code is one of the world's most popular development environments. Not only does Theia allow developers to install and reuse VS Code extensions, it provides an extensible and adaptable platform that can be tailored to specific use cases, which is a huge benefit for any organization that wants to deliver a modern and professional development experience. Congratulations to all the Theia committers and contributors on achieving this milestone."

InfoWorld points out that "thus far Theia is intended to be fitted into third-party products. An end-user version is on the roadmap for release later this year."

But programming columnist Mike Melanson notes that "Chances are, you've already run into Theia without even realizing it, as it already serves as the basis for Red Hat's CodeReady Workspaces, the Eclipse Foundation's own Eclipse Che, and Google Cloud Shell."

Dan Goodin writes via Ars Technica: For almost three years, OpenWRT -- the open source operating system that powers home routers and other types of embedded systems -- has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital signature verifications are easy to bypass, a researcher said. Security researcher Guido Vranken, however, recently found that updates and installation files were delivered over unencrypted HTTPs connections, which are open to attacks that allow adversaries to completely replace legitimate updates with malicious ones. The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.
[...]
The researcher said that OpenWRT maintainers have released a stopgap solution that partially mitigates the risk the bug poses. The mitigation requires new installations to be "set out from a well-formed list that would not sidestep the hash verification. However, this is not an adequate long-term solution because an attacker can simply provide an older package list that was signed by the OpenWRT maintainers." From there, attackers can use the same exploits they would use on devices that haven't received the mitigation. OpenWRT maintainers didn't immediately respond to questions asking why installation and update files are delivered over HTTP and when a longer-term fix might be available. In the meantime, OpenWRT users should install either version 18.06.7 or 19.07.1, both of which were released in February. These updates provide the stopgap mitigation.

HPE announced on Tuesday it's working with Intel and the Linux Foundation on a new open source software project to help automate the roll out of 5G across multiple sites. From a report: The new partnership, which will be under the Linux Foundation umbrella, is called the Open Distributed Infrastructure Management Framework. The partnership represents HPE's move into the 5G core network space as it branches out from its enterprise roots. Other partners for the open source project include AMI, Apstra, IBM's Red Hat, Tech Mahindra and World Wide Technology. HPE will also introduce an enterprise offering, the HPE Open Distributed Infrastructure Management Resource Aggregator.

The state of New York hopes to "amplify" its response to COVID-19 by launching tech-driven products with top companies, and it's looking for professional volunteers with experience in software development, hardware deployment/end-user support, and data science (as well as areas like product management, design, operations management).

Meanwhile, IBM's 2020 "Call for Code Global Challenge" is a virtual hackathon with a $200,000 prize, and they've now "expanded its focus" to include the effects of COVID-19.

Tech columnist Mike Melanson writes: But this is just the beginning of the COVID-19 hackathon boom, which now includes efforts organized by tech giants, state governments, and grassroots initiatives alike. For example, the World Health Organization got together with technology companies and platforms such as AWS, Facebook, Giphy, Microsoft, Pinterest, Salesforce, Slack, TikTok, Twitter and WeChat to launch the COVID-19 Global Hackathon 1.0, which is running as we speak with a deadline for submissions of March 30th at 9 AM PST. If you're too late, fret not, for there are many more, such as the CODEVID-19 hackathon we mentioned last week that has a weekly rolling deadline. And deadlines aside, the U.S. Digital Response for COVID-19 is working to pair technology, data, and government professionals with those who need them, in a form of nationwide, technological mutual aid...

[T]he COVID-19 open-source help desk is "a fast-track 'stack overflow' where you can get answers from the very people who wrote the software that you use or who are experts in its use." And if you happen to be either an open source author or expert, feel free to pitch in on answering questions...

On the open data side of things, for example, GitHub offers a guide on open collaboration on COVID-19, while StackOverflow looks at the myriad ways to help the fight against COVID-19 from home. ProgrammableWeb has a list of developer hackathons to combat COVID-19, and even the Golang team offers some guidance for Go, the Go community, and the pandemic, with Erlang also joining in.

gavron writes: While most politicians are pro copyright maximalism and patent exclusivity, Elizabeth Warren's campaign just open-sourced a bunch of software and are proud of having used open source to save money, and build upon the shoulders of other giants. Way to go! "Our tech team worked hard to make getting involved with @ewarren's campaign as easy as possible," reads a tweet from @TeamWarren. "We leaned heavily on open source technology, and we want to contribute back. So we're open-sourcing some of our most important projects for anyone to use." The Warren for President Tech Team is open-sourcing the following projects:

-Spoke: Spoke is a peer-to-peer texting platform originally developed by MoveOn, with several forks under active development.
-Pollaris, our polling location lookup tool: While the DNC provides a polling locator interface with IWillVote.org, we wanted a polling place locator that integrated with our website and tools, so we built our own interface and API, using polling location data provided by the DNC and state democratic parties.
-Caucus App: Going into the Iowa caucuses, we wanted to give our supporters and precinct captains a way to quickly calculate delegates and report results from each precinct.
-Switchboard (FE and BE): [W]e built a piece of software that took new potential volunteers, or "hot leads," from our online channels and assigned them to state-based volunteer leads for personal follow up calls offering ways to get involved with the campaign. As it turned out, this also ended up being a great tool for event recruitment.
-Automated organizing email: Our Mobilization and Tech teams worked together to scale email outreach to the widest possible audience and free our incredible organizers from tedious manual tasks.
-Redhook: Campaigns run on data, and redhook is a tool that makes data happen. As a system, Redhook ingests web hook data and delivers it to Redshift/Civis in near real time.
-I90: This tool was not deployed during the campaign, but there was a need to make short links out of long complicated links moving forward. I90 does that.

You can read more about the projects and the team's efforts via this Medium post.

couchslug shares an excerpt from Ars Technica: When software and operating system giant Microsoft announced its support for inclusion of the exFAT filesystem directly into the Linux kernel back in August, it didn't get a ton of press coverage. But filesystem vendor Paragon Software clearly noticed this month's merge of the Microsoft-approved, largely Samsung-authored version of exFAT into the VFS for-next repository, which will in turn merge into Linux 5.7 -- and Paragon doesn't seem happy about it. Yesterday, Paragon issued a press release about European gateway-modem vendor Sagemcom adopting its version of exFAT into an upcoming series of Linux-based routers. Unfortunately, it chose to preface the announcement with a stream of FUD (Fear, Uncertainty, and Doubt) that wouldn't have looked out of place on Steve Ballmer's letterhead in the 1990s.

An anonymous reader quotes a report from TechCrunch: In a great example of what can happen when smart, technically-oriented people come together in a time of need, an open-source hardware project started by a group including Irish entrepreneur Colin Keogh and Breeze Automation CEO and co-founder Gui Calavanti has produced a prototype ventilator using 3D-printed parts and readily available, inexpensive material. The ventilator prototype was designed and produced in just seven days, after the project spun up on Facebook and attracted participation from over 300 engineers, medical professionals and researchers.

The prototype will now enter into a validation process by the Irish Health Services Executive (HSE), the country's health regulatory body. This will technically only validate it for use in Ireland, which ironically looks relatively well-stocked for ventilator hardware, but it will be a key stamp of approval that could pave the way for its deployment across countries where there are shortages, including low-income nations. The group behind the ventilator also recently changed the focus of their Facebook community, renaming the group from the Open Source Ventilator Project to the Open Source COVID19 Medical Supplies community. They're looking at expanding their focus to finding ways to cheaply and effectively build and validate other needed equipment, including protective gear like masks, sanitizer and protective face guards for front-line healthcare workers.

An anonymous reader quotes SD Times: The Free Software Foundation (FSF) announced plans to launch a public code hosting and collaboration platform ("forge") this year. Members of the FSF tech team are currently reviewing ethical web-based software that will help teams work on their projects, with features like merge requests, bug tracking, and other common tools.

"Infrastructure is very important for free software, and it's unfortunate that so much free software development currently relies on sites that don't publish their source code, and require or encourage the use of proprietary software," FSF wrote in a blog post. "Our GNU ethical repository criteria aim to set a high standard for free software code hosting, and we hope to meet that with our new forge."

As of now, the team said it has been researching a list of candidate programs and analyzing them in terms of ethical and practical criteria.
The FSF blog post adds that "We plan on contributing improvements upstream for the new forge software we choose, to boost its score on those criteria...

"We'll communicate with the upstream developers to request improvements and help clarify any questions related to the ethical repository criteria."

An anonymous reader shares a report: FreeNAS is a free and open source operating system designed for network-attached storage (NAS) devices. For much of the past decade, the project has been led by the folks at iXsystems, which has also produced an enterprise version of the software called TrueNAS. Now iXsystems has announced that FreeNAS and TrueNAS are merging. Moving forward there will be a single operating system called TrueNAS rather than two different, but closely related operating systems. According to the company, the latest versions of the operating systems (FreeNAS 11.3 and TrueNAS 11.3) already share about 95-percent of the same source code. Starting with TrueNAS 12, there will only be a single OS image. But the company will offer two editions:
TrueNAS CORE: open source edition
TrueNAS Enterprise: commercial version with enterprise management and support.

The CEO of the RISC-V Foundation (a former IBM executive) touted the open-source CPU architecture at this year's HiPEAC conference, arguing there's "a growing demand for custom processors purpose-built to meet the power and performance requirements of specific applications..." As I've been travelling across the globe to promote the benefits of RISC-V at events and meet with our member companies, it's really stuck me how the level of commitment to drive the mainstream adoption of RISC-V is like nothing I've seen before. It's exhilarating to witness our community collaborate across industries and geographies with the shared goal of accelerating the RISC-V ecosystem...With more than 420 organizations, individuals and universities that are members of the RISC-V Foundation, there is a really vibrant community collaborating together to drive the progression of ratified specs, compliance suites and other technical deliverables for the RISC-V ecosystem.

While RISC-V has a BSD open source license, designers are welcome to develop proprietary implementations for commercial use as they see fit. RISC-V offers a variety of commercial benefits, enabling companies to accelerate development time while also reducing strategic risk and overall costs. Thanks to these design and cost benefits, I'm confident that members will continue to actively contribute to the RISC-V ecosystem to not only drive innovation forward, but also benefit their bottom line... I don't have a favorite project, but rather I love the amazing spectrum that RISC-V is engaged in — from a wearable health monitor to scaled out cloud data centres, from universities in Pakistan to the University of Bologna in Italy or Barcelona Supercomputing Center in Spain, from design tools to foundries, from the most renowned global tech companies to entrepreneurs raising their first round of capital. Our community is broad, deep, growing and energized...

The RISC-V ecosystem is poised to significantly grow over the next five years. Semico Research predicts that the market will consume a total of 62.4 billion RISC-V central processing unit (CPU) cores by 2025! By that time I look forward to seeing many new types of RISC-V implementations including innovative consumer devices, industrial applications, high performance computing applications and much more... Unlike legacy instruction set architectures (ISAs) which are decades old and are not designed to handle the latest workloads, RISC-V has a variety of advantages including its openness, simplicity, clean-slate design, modularity, extensibility and stability. Thanks to these benefits, RISC-V is ushering in a new era of silicon design and processor innovation.
They also highlighted a major advantage. RISC-V "provides the flexibility to create thousands of possible custom processors. Since implementation is not defined at the ISA level, but rather by the composition of the system-on-chip and other design attributes, engineers can choose to go big, small, powerful or lightweight with their designs."

The Linux Foundation's Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) have revealed -- in "Vulnerabilities in the Core, a preliminary report and Census II of open-source software" -- the most frequently used components and the vulnerabilities they share. From a report: This Census II analysis and report is the first major study of its kind but isn't a final analysis. It takes important first steps and lays out a methodology for understanding and addressing open-source software structural and security complexities. Specifically, it also identifies the most commonly used free and open-source software (FOSS) components in production applications and examines them for potential vulnerabilities. To create this work, CII and LISH partnered with Software Composition Analysis (SCAs) and application security companies such as Snyk and Synopsys Cybersecurity Research Center. They combined private usage data with publicly available datasets for identifying over 200 of the most used open-source software projects.

These are not the programs -- Apache, MySQL, Linux -- that probably spring to your mind. For all their foundational importance, it's the small building block programs that are most widely used. They may be small, sometimes less than a hundred lines of code (LoC), but they're vital. As Frank Nagle, a professor at Harvard Business School and co-director of the Census II project, said: "FOSS was long seen as the domain of hobbyists and tinkerers. However, it has now become an integral component of the modern economy and is a fundamental building block of everyday technologies like smart phones, cars, the Internet of Things, and numerous pieces of critical infrastructure. Understanding which components are most widely used and most vulnerable will allow us to help ensure the continued health of the ecosystem and the digital economy."

Long-time Slashdot reader lkcl writes: Michael Larabel, of Phoronix, writes that the OpenPower Foundation has released a license agreement for Hardware Vendors to implement the Power ISA RISC instruction set in their processors. Hugh Blemings, the Director of OpenPower, was responsible for ensuring that the EULA is favourable and friendly towards Libre and Open Hardware projects and businesses.

Of particular interest is that IBM's massive patent portfolio is automatically granted, royalty-free as long as two conditions apply: firstly, the hardware must be fully and properly Power ISA compliant, and secondly, the implementor must not "try it on" as a patent troll.

Innovation in the RISC space just got a little more interesting.
"Amidst the fully free and open RISC-V ISA making headway into the computing market, and ARM feeling pressured to loosen up its licensing, it seems they figured that it's best to join the party early," argues Hackaday.

Slashdot reader golden_donkey quotes Forbes: Are you booting up your Windows 10 machine and discovering you can't log in to your profile? It appears you're not alone. Reports are increasing across Twitter and Microsoft forums that following the most recent Patch Tuesday update (KB4532693), users are complaining that their profiles and desktop files are missing, and that custom icons and wallpaper have all been reset to their default state...

The KB4532693 update is allegedly causing much more serious headaches for some users. A newer report by Windows Latest cites multiple users in their comments section complaining that the data is nowhere to be found and allegedly not recoverable.
Microsoft has now "yanked KB4524244 from its update servers..." reports ZDNet, "after acknowledging reports of 'an issue affecting a sub-set of devices.'" Microsoft says customers who have successfully installed the update don't need to take any further steps. Those who have configured PCs to defer installation of updates by at least four days should also be unaffected.

For those who are experiencing issues related to this update, Microsoft recommends uninstalling the update.
Forbes also shared a video "on a related note." Its title? "How To Choose A Linux Distro That's Right For You..."

b-dayyy quotes Linux Security: As AI becomes more and more ingrained in our daily lives through consumer products, we can't help but be concerned that proprietary software will comprise the market. And we are not talking about a million-dollar market, but a bigger one that may reach US$118.6 billion by 2025. Many industries and end-users would thus benefit from more open-source AI projects and tools for developers' use. That would save tons of individuals and companies money to build their own AI-powered apps.

In this post, we explore five open-source AI projects or tools that are compatible with Linux and delve into the pros and cons of open-source AI and AI in general.
The list includes TensorFlow by Google's AI research team, as well as Microsoft Cognitive Toolkit. The article points out that open-source AI "is also being explored in developing hardware, specifically microprocessors that are more secure," and suggests some other possible transformative uses (including smart farming technologies "that aid in livestock and crop monitoring, irrigation, weather forecasting, and overall farm management... [H]ealthcare becomes more factual than intuitive, increases in revenue can be seen more clearly in marketing efforts, and food security becomes a reality rather than a dream.

"However, we should not discount the fact that AI can also be weaponized, empowering the wrong people. Cybersecurity systems must also be upgraded to counter AI-powered cyberattacks. And when developing AI-powered machines, it is critical to ensure that they are not vulnerable to attacks."