Remember Haiku, the open source successor to the Be operating system? Long-time Slashdot reader GuerillaRadio quotes a new announcement from Haiku-os.org: It's been just about a month less than six years since Haiku's last release in November 2012 -- too long. As a result of such a long gap between releases, there are a lot more changes in this release than in previous ones, and so this document is weightier than it has been in the past. The notes are mostly organized in order of importance and relevance, not chronologically, and due to the sheer number of changes, thousands of smaller improvements simply aren't recognized here.

Please keep in mind that this is beta-quality software, which means it is feature complete but still contains known and unknown bugs. While we are mostly confident in its stability, we cannot provide assurances against data loss.

An anonymous reader quotes Microsoft's Developer blog: In March 2014, Microsoft released the source code to MS-DOS 1.25 and 2.0 via the Computer History Museum. The announcement also contains a brief history of how MS-DOS came to be for those new to the subject, and ends with many links to related articles and resources for those interested in learning more. Today, we're re-open-sourcing MS-DOS on GitHub. Why? Because it's much easier to find, read, and refer to MS-DOS source files if they're in a GitHub repo than in the original downloadable compressed archive file.... Enjoy exploring the initial foundations of a family of operating systems that helped fuel the explosion of computer technology that we all rely upon for so much of our modern lives!
While non-source modifications are welcome, "The source will be kept static," reads a note on the GitHub repo, "so please don't send Pull Requests suggesting any modifications to the source files."

"But feel free to fork this repo and experiment!"

An anonymous reader quotes iTWire: Linux developers who contribute code to the kernel cannot rescind those contributions, according to the software programmer who devised the GNU General Public Licence version 2.0, the licence under which the kernel is released. Richard Stallman, the head of the Free Software Foundation and founder of the GNU Project, told iTWire in response to queries that contributors to a GPLv2-covered program could not ask for their code to be removed. "That's because they are bound by the GPLv2 themselves. I checked this with a lawyer," said Stallman, who started the free software movement in 1984.

There have been claims made by many people, including journalists, that if any kernel developers are penalised under the new code of conduct for the kernel project -- which was put in place when Linux creator Linus Torvalds decided to take a break to fix his behavioural issues -- then they would ask for their code to be removed from the kernel... Stallman asked: "But what if they could? What would they achieve by doing so? They would cause harm to the whole free software community. The anonymous person who suggests that Linux contributors do this is urging them to [use a] set of nuclear weapons in pique over an internal matter of the development team for Linux. What a shame that would be."
Slashdot reader dmoberhaus shared an article from Motherboard with more perspetives from Eric S. Raymond and LWN.net founder Jonathan Corbet, which also traces the origins of the suggestion. "[A]n anonymous user going by the handle 'unconditionedwitness' called for developers who end up getting banned through the Code of Conduct in the future to rescind their contributions to the Linux kernel 'in a bloc' to produce the greatest effect.

"It is worth noting that the email address for unconditionedwitness pointed to redchan.it, a now defunct message board on 8chan that mostly hosted misogynistic memes, many of which were associated with gamergate."

Linus Torvalds oversees every line of code added to the Linux kernel, but in recent years the male-dominated community has become increasingly divided, reports BBC. Rows about sexism and rudeness led to the creation of a Code of Conflict (CoC) in 2015 which was short -- simply recommending people "be excellent to each other." That has now been replaced by a more detailed Code of Conduct -- which retains the acronym, but attempts to be more inclusive and eliminate insulting and derogatory comments and behaviour. Reader sinij writes: Recently Linux Community adopted a new controversial Code of Conduct authored by Contributor Covenant also known for authoring the Post-Meritocracy Manifesto. In an exclusive email interview with the BBC, Mr Torvalds shared his thoughts on his decision to temporarily step aside, the controversy behind the CoC, and the defects of the community he set up. His thoughts on CoC: The advantage of concentrating on technology is that you can have some mostly objective measures, and some basis for agreement, and you can have a very nice and healthy community around it all. I really am motivated by the technology, but the community around Linux has been a big positive too. But there are very tangible and immediate common goals in any technical project like Linux, and while there is occasionally disagreement about how to solve some particular issue, there is a very real cohesive force in that common goal of improving the project. And even when there are disagreements, people in the end often have fairly clear and objective measures of what is better. Code that is faster, simpler, or handles more cases naturally is just objectively 'better', without people really having to argue too much about it.

In contrast, the arguments about behaviour never seem to end up having a common goal. Except, in some sense, the argument itself. Have you read the Twitter feeds and other things by the people who seem to care more about the non-technical side? I think your 'hyped stories' is about as polite as you can put it. It's a morass of nastiness. Instead of a 'common goal', you end up with horrible fighting between different 'in-groups'. It's very polarising, and both sides love egging the other side on. It's not even a 'discussion', it's just people shouting at each other. That's actually the reason I for the longest time did not want to be involved with the whole CoC discussion in the first place. That whole subject seems to very easily just devolve and become unproductive. And I found a lot of the people who pushed for a CoC and criticised me for cursing to be hypocritical and pointless. I could easily point you to various tweet storms by people who criticise my 'white cis male' behaviour, while at the same time cursing more than I ever do.

So that's my excuse for dismissing a lot of the politically correct concerns for years. I felt it wasn't worth it. Anybody who uses the words 'white cis male privilege' was simply not worth my time even talking to, I felt. "And I'm still not apologising for my gender or the colour of my skin, or the fact that I happen to have the common sexual orientation. What changed? Maybe it was me, but I was also made very aware of some of the behaviour of the 'other' side in the discussion. Because I may have my reservations about excessive political correctness, but honestly, I absolutely do not want to be seen as being in the same camp as the low-life scum on the internet that think it's OK to be a white nationalist Nazi, and have some truly nasty misogynistic, homophobic or transphobic behaviour. And those people were complaining about too much political correctness too, and in the process just making my public stance look bad. And don't get me wrong, please -- I'm not making excuses for some of my own rather strong language. But I do claim that it never ever was any of that kind of nastiness. I got upset with bad code, and people who made excuses for it, and used some pretty strong language in the process. Not good behaviour, but not the racist/etc claptrap some people spout. So in the end, my 'I really don't want to be too PC' stance simply became untenable. Partly because you definitely can find some emails from me that were simply completely unacceptable, and I need to fix that going forward. But to a large degree also because I don't want to be associated with a lot of the people who complain about excessive political correctness.

An anonymous reader quotes MSPowerUser: Nearly every Linux distro is already available in the Microsoft Store, allowing developers to use Linux scripting and other tools running on the Windows Subsystem for Linux (WSL). Now another distro has popped up in the Store, and unlike the others it claims to be specifically optimised for WSL, meaning a smaller and more appropriate package with sane defaults which helps developers get up and running faster.

WLinux is based on Debian, and the developer, Whitewater Foundry, claims their custom distro will also allow faster patching of security and compatibility issues that appear from time to time between upstream distros and WSL... Popular development tools, including git and python3, are pre-installed. Additional packages can be easily installed via the apt package management system... A handful of unnecessary packages, such as systemd, have been removed to improve stability and security.
The distro also offers out of the box support for GUI apps with your choice of X client, according to the original submission.

WLinux is open source under the MIT license, and is available for free on GitHub. It can also be downloaded from Microsoft Store at a 50% discount, with the development company promising the revenue will be invested back into new features.

Linus Torvalds announced on Sunday that he was sorry for how he treated the community over the years. Torvalds, 48, said he planned to make some changes to how he conducted himself, and on that part, he said he would be taking some time off from Linux kernel development work. The New Yorker has published a story on Torvalds today in which it notes that it reached out to Torvalds days before he made the big announcement. From the story, which may be paywalled for some readers: Torvalds's decision to step aside came after The New Yorker asked him a series of questions about his conduct for a story on complaints about his abusive behavior discouraging women from working as Linux-kernel programmers. In a response to The New Yorker, Torvalds said, "I am very proud of the Linux code that I invented and the impact it has had on the world. I am not, however, always proud of my inability to communicate well with others -- this is a lifelong struggle for me. To anyone whose feelings I have hurt, I am deeply sorry."

Torvalds's response was conveyed by the Linux Foundation, which supports Linux and other open-source programming projects and paid Torvalds $1.6 million in annual compensation as of 2016. The foundation said that it supported his decision and has encouraged women to participate but that it has little control over how Torvalds runs the coding process. "We are able to have varying degrees of impact on these outcomes in newer projects," the statement said. "Older more established efforts like the Linux kernel are much more challenging to influence."

Linux's elite developers, who are overwhelmingly male, tend to share their leader's aggressive self-confidence. There are very few women among the most prolific contributors, though the foundation and researchers estimate that roughly ten per cent of all Linux coders are women. "Everyone in tech knows about it, but Linus gets a pass," Megan Squire, a computer-science professor at Elon University, told me, referring to Torvalds's abusive behavior. "He's built up this cult of personality, this cult of importance."

On Sunday, Linus Torvalds spoke about the confusion he had regarding Maintainer's Summit, but more importantly, how this incident gave him a chance to realize "that I really had been ignoring some fairly deep-seated feelings in the community." In an email to the Linux Kernel Mailing List, Torvalds apologized for hurting people with his behavior over the years, and possibly driving some people "away from kernel development entirely." On that end, said Torvalds, "I am going to take time off and get some assistance on how to understand people's emotions and respond appropriately." He wrote: [...] It's one thing when you can ignore these issues. Usually it's just something I didn't want to deal with. This is my reality. I am not an emotionally empathetic kind of person and that probably doesn't come as a big surprise to anybody. Least of all me. The fact that I then misread people and don't realize (for years) how badly I've judged a situation and contributed to an unprofessional environment is not good. This week people in our community confronted me about my lifetime of not understanding emotions. My flippant attacks in emails have been both unprofessional and uncalled for. Especially at times when I made it personal. In my quest for a better patch, this made sense to me. I know now this was not OK and I am truly sorry.

The above is basically a long-winded way to get to the somewhat painful personal admission that hey, I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely.I am going to take time off and get some assistance on how to understand people's emotions and respond appropriately.

Put another way: When asked at conferences, I occasionally talk about how the pain-points in kernel development have generally not been about the _technical_ issues, but about the inflection points where development flow and behavior changed. These pain points have been about managing the flow of patches, and often been associated with big tooling changes - moving from making releases with "patches and tar-balls" (and the _very_ painful discussions about how "Linus doesn't scale" back 15+ years ago) to using BitKeeper, and then to having to write git in order to get past the point of that no longer working for us. We haven't had that kind of pain-point in about a decade. But this week felt like that kind of pain point to me. To tie this all back to the actual 4.19-rc4 release (no, really, this_is_ related!) I actually think that 4.19 is looking fairly good, things have gotten to the "calm" period of the release cycle, and I've talked to Greg to ask him if he'd mind finishing up 4.19 for me, so that I can take a break, and try to at least fix my own behavior.

This is not some kind of "I'm burnt out, I need to just go away" break. I'm not feeling like I don't want to continue maintaining Linux. Quite the reverse. I very much *do* want to continue to do this project that I've been working on for almost three decades. This is more like the time I got out of kernel development for a while because I needed to write a little tool called "git". I need to take a break to get help on how to behave differently and fix some issues in my tooling and workflow.

And yes, some of it might be "just" tooling. Maybe I can get an email filter in place so at when I send email with curse-words, they just won't go out. Because hey, I'm a big believer in tools, and at least _some_ problems going forward might be improved with simple automation. [...]

An anonymous reader quotes ZDNet: With the Windows 7 end-of-support clock slowly winding down to January 14, 2020, Microsoft is announcing it will offer, for a fee, continuing security updates for the product through January 2023. This isn't the first time Microsoft has done this for a version of Windows, but it may be the first time it has been so public about its plans to do so.

The paid Windows 7 Extended Security Updates (ESUs) will be sold on a per-device basis, with the price increasing each year. These ESUs will be available to any Windows 7 Professional and Windows 7 Enterprise users with volume-licensing agreements, and those with Windows Software Assurance and/or Windows 10 Enterprise or Education subscriptions will get a discount. Office 365 ProPlus will continue to work on devices with Windows 7 Extended Security Updates through January 2023.

At this year's Open Source Summit, Linus Torvalds sat for a wide-ranging "keynote" interview with Dirk Hohndel, chief open source officer at VMWare, which has been partially transcribed below. And Linus explained, among other things, why the last merge window was harder than others: One of the issues we have is when we've had these hardware security issues, and they've kept happening now, the last year -- they're kept under wraps. So we knew about the issue for the last several months, but because it was secret and we weren't allowed to talk about it, we couldn't do our usual open development model. We do the best we can, and people really care deeply about getting a good product out, but when you have to do things in secret, and when you can't use all the nice infrastructure for development and for testing that we have for all the usual code, it just is way more painful than it should be. And then that just means that, especially when the information becomes public during what is otherwise a busy period anyway, it's just annoying...

I still love speculative execution. Don't get me wrong. I used to work for a CPU company. We did it in software, back when I worked there. I think a CPU has to do speculative execution. It's somewhat sad that then people didn't always think about or didn't always heed the warnings about what can go wrong when you take a few shortcuts in the name of making it slightly simpler for everybody, because you're going to throw away all that work anyway, so why bother to do it right. And that's when the security -- every single security problem we've had has been basically of that kind, where people knew that "Hey, this is speculative work. If something goes wrong we'll throw all the data away, so we don't need to be as careful as we would otherwise." I think it was a good lesson for the industry, but it was certainly not a fun lesson for us on the OS side, where we had to do a lot of extra work for problems that weren't our problems.

It feels somehow unfair. I mean, when we have a security bug that was our own fault, it's like, "Okay, it was us screwing up. It's fair that we have to do all the work to then fix our own bugs." But it feels slightly less fair when you have to fix somebody else's...
"The good news -- I mean the really good news, and I'm serious about this -- is that the bugs have become clearly more and more esoteric," Linus adds. "So it impacts fewer and fewer cases, and clearly hardware people at Intel and other places are now so aware of it that I'm hoping we're really getting to the dregs of the hardware security bugs, and going forward we'll have much fewer of them. I think we're going to the better days, when A.) we got the bugs fixed, and B.) people were thinking about them beforehand."

There's a lot more, so read on for more excerpts...

angry tapir writes: Just over 17 years since the project launched, and more than 18 years since the last release of the operating system that inspired it, the open source Haiku OS is nearing a beta release.

"The economics of Open Source software are fundamentally broken," argues Matt Klein, a senior software engineer at Lyft (who created Envoy). Here's a heavily-condensed version of his essay on Medium: If we take consulting, services, and support off the table as an option for high-growth revenue generation (the only thing VCs care about), we are left with open core [with some subset of features behind a paywall], software as a service, or some blurring of the two... Everyone wants infrastructure software to be free and continuously developed by highly skilled professional developers (who in turn expect to make substantial salaries), but no one wants to pay for it. The economics of this situation are unsustainable and broken...

[W]e now come to what I have recently called "loose" open core and SaaS. In the future, I believe the most successful OSS projects will be primarily monetized via this method. What is it? The idea behind "loose" open core and SaaS is that a popular OSS project can be developed as a completely community driven project (this avoids the conflicts of interest inherent in "pure" open core), while value added proprietary services and software can be sold in an ecosystem that forms around the OSS...

Unfortunately, there is an inflection point at which in some sense an OSS project becomes too popular for its own good, and outgrows its ability to generate enough revenue via either "pure" open core or services and support... [B]uilding a vibrant community and then enabling an ecosystem of "loose" open core and SaaS businesses on top appears to me to be the only viable path forward for modern VC-backed OSS startups.
Klein also suggests OSS foundations start providing fellowships to key maintainers, who currently "operate under an almost feudal system of patronage, hopping from company to company, trying to earn a living, keep the community vibrant, and all the while stay impartial..."

"[A]s an industry, we are going to have to come to terms with the economic reality: nothing is free, including OSS. If we want vibrant OSS projects maintained by engineers that are well compensated and not conflicted, we are going to have to decide that this is something worth paying for. In my opinion, fellowships provided by OSS foundations and funded by companies generating revenue off of the OSS is a great way to start down this path."

An anonymous reader quotes Motherboard: Less than 24 hours after a software developer revoked access to Lerna, a popular open-source software management program, for any organization that contracted with U.S. immigrations and Customs Enforcement, access has been restored for any organization that wishes to use it and the developer has been removed from the project... The modified version specifically banned 16 organizations, including Microsoft, Palantir, Amazon, Northeastern University, Johns Hopkins University, Dell, Xerox, LinkedIn, and UPS... Although open-source developer Jamie Kyle acknowledged that it's "part of the deal" that anyone "can use open source for evil," he told me he couldn't stand to see the software he helped develop get used by companies contracting with ICE.

Kyle's modification of Lerna's license was originally assented to by other lead developers on the project, but the decision polarized the open-source community. Some applauded his principled stand against ICE's human rights violations, while others condemned his violation of the spirit of open-source software. Eric Raymond, the founder of the Open Source Initiative and one of the authors of the standard-bearing Open Source Definition, said Kyle's decision violated the fifth clause of the definition, which prohibits discrimination against people or groups. "Lerna has defected from the open-source community and should be shunned by anyone who values the health of that community," Raymond wrote in a blog post on his website.
The core contributor who eventually removed Kyle also apologized for Kyle's licensing change, calling it a "rash decision" (which was also "unenforceable.")

Eric Raymond had called the decision "destructive of one of the deep norms that keeps the open source community functional -- keeping politics separated from our work."

darthcamaro writes: In a wide-ranging conversation at the Open Source Summit, Linus Torvalds admitted that he no longer knows everything that's in LInux. "Nobody knows the whole kernel anymore," Torvalds said. "Having looked at patches for many years, I know the big picture of all the areas in the kernel and I can look at a patch and know if it's right or wrong." Overall, he emphasized that being open source has enabled Linux to attract new developers that can pick up code and maintain all the various systems in Linux. In his view, the only way to deal with complexity is to be open. "When you have complexity you can't manage it in a closed environment, you need to have the people that actually find problems and give them the ability to get involved and help you to fix them," Torvalds said. "It's a complicated world and the only way to deal with complexity is the open exchange of ideas."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

It's been 27 years since Linus Torvalds let a group of people know about his "hobby" OS. OMGUbuntu blog writes: Did you know that Linux, like Queen Elizabeth II, actually has two birthdays? Some FOSS fans consider the first public release of (prototype) code, which dropped on October 5, 1991, as more worthy of being the kernel's true anniversary date. Others, ourselves included, take today, August 25, as the "birth" date of the project. And for good reason. This is the day on which, back in 1991, a young Finnish college student named Linus Torvalds sat at his desk to let the folks on comp.os.minix newsgroup know about the "hobby" OS he was working on. The "hobby OS" that wouldn't, he cautioned, be anything "big" or "professional." Even as Linux continues to have lion's share in the enterprise world, it has only managed to capture a tiny fraction of the consumer space. Further reading: Ask Slashdot: Whatever Happened To the 'Year of Linux on Desktop'?

Which Linux-based distro do you use? What changes, if any, would you like to see in it in the next three years?

A new voting system that uses open-source software for counting ballots has been approved by California elections officials. "The certification of the new tally system for the county paves the way for other improvements, including redesigned absentee ballot packets, in the Nov. 6 election," reports Los Angeles Times. "It is the first election system of its kind, using publicly available source code that has been certified for use in California." From the report: The ballot-counting equipment is part of a broader redesign of Los Angeles County's voting system, which will include new equipment while relying on a traditional paper ballot. The county's existing system, portions of which are now decades old, has been targeted for replacement for several years.

Long-time Slashdot reader tdailey spotted a new version of Pale Moon, a customised version of Firefox optimized for speed and efficiency. Beta News reports it's the first major update since November of 2016:

There are virtually no visual or obvious changes in this new major build, but the under-the-hood changes are both extensive and necessary.... Despite all the updates, Moonchild is keen to stress certain things haven't changed -- unlike Firefox, for example, Pale Moon continues to support NPAPI plugins, complete themes and a fully customizable user interface. There is also no DRM built into the browser, although third-party plugins such as Silverlight are supported. It will also continue to work with certain "legacy" plugins of the type abandoned by Firefox.
Pale Moon strips out what one reviewer calls "little-used components" of Firefox, including parental controls and accessbility features, as well as crash reports and support for Internet Explorer's ActiveX and ActiveX scripting technology.

"Proving that open source leads to great development, Pale Moon takes the already decent Firefox web browser and makes it even better and a faster."

BrianFagioli writes: Debian is one of the most important open source projects ever. The Debian Linux operating system is extremely popular in its own right, but also, it is used as the base for countless other distributions. Ubuntu, for instance -- one of the most-used distros -- is Debian-based. Even Linux Mint, which is based on Ubuntu, also has a Debian edition. Not to mention, Raspbian -- the official Raspberry Pi OS -- which is based on Debian too.

Today, Debian is celebrating a very important milestone -- a 25th birthday! Yes, it is seriously that old -- its development was announced on August 16, 1993. When the late Ian Murdock announced 25 years ago in comp.os.linux.development, the imminent completion of a brand-new Linux release, [...] the Debian Linux Release', nobody would have expected the 'Debian Linux Release' would become what's nowadays known as the Debian Project, one of the largest and most influential free software projects. "Its primary product is Debian, a free operating system (OS) for your computer, as well as for plenty of other systems which enhance your life. From the inner workings of your nearby airport to your car entertainment system, and from cloud servers hosting your favorite websites to the IoT devices that communicate with them, Debian can power it all," says Ana Guerrero Lopez of Debian. Further reading: Slackware, Oldest Actively Maintained GNU/Linux Distribution, Turns 25.

Tesla CEO Elon Musk announced he would share the source code for Tesla's car security software with other manufacturers, adding that it would be "extremely important" to ensure the safety of future self-driving cars. Engadget reports: Musk didn't provide a timeline for availability, and you might not want to get your hopes up when it took years for Tesla just to post any source code. And this isn't strictly a selfless gesture. If rival brands adopt Tesla's approach, it could set an unofficial standard for connected car security that would look good from a marketing standpoint. The code could provide a boost to connected car security if and when it arrives. There are few common frameworks (technical or legal) for safeguarding networked vehicles, and security might not always be a top priority. This could give companies a baseline level of security that would save brands the trouble of developing an effective defense from scratch.

At the DefCon hacking conference on Friday, Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, presented a number of studies they've conducted using machine learning techniques to de-anonymize the authors of code samples. "Their work could be useful in a plagiarism dispute, for instance, but it could also have privacy implications, especially for the thousands of developers who contribute open source code to the world," reports Wired. From the report: First, the algorithm they designed identifies all the features found in a selection of code samples. That's a lot of different characteristics. Think of every aspect that exists in natural language: There's the words you choose, which way you put them together, sentence length, and so on. Greenstadt and Caliskan then narrowed the features to only include the ones that actually distinguish developers from each other, trimming the list from hundreds of thousands to around 50 or so. The researchers don't rely on low-level features, like how code was formatted. Instead, they create "abstract syntax trees," which reflect code's underlying structure, rather than its arbitrary components. Their technique is akin to prioritizing someone's sentence structure, instead of whether they indent each line in a paragraph.

The method also requires examples of someone's work to teach an algorithm to know when it spots another one of their code samples. If a random GitHub account pops up and publishes a code fragment, Greenstadt and Caliskan wouldn't necessarily be able to identify the person behind it, because they only have one sample to work with. (They could possibly tell that it was a developer they hadn't seen before.) Greenstadt and Caliskan, however, don't need your life's work to attribute code to you. It only takes a few short samples.