The blog OMG Ubuntu reports: Ubuntu's key developers have agreed to switch to Matrix as the primary platform for real-time development communications involving the distro. From March, Matrix will replace IRC as the place where critical Ubuntu development conversations, requests, meetings, and other vital chatter must take place... Only the current #ubuntu-devel and #ubuntu-release Libera IRC channels are moving to Matrix, but other Ubuntu development-related channels can choose to move — officially, given some projects were using Matrix over IRC already.

As a result, any major requests to/of the key Ubuntu development teams with privileged access can only be actioned if requests are made on Matrix. Canonical-employed Ubuntu developers will be expected to be present on Matrix during working hours... The aim is to streamline organisation, speed up decision making, ensure key developers are reliably reachable, and avoid discussions and conversations from fragmenting across multiple platforms... It's hoped that in picking one platform as the 'chosen one' the split in where the distro's development discourse takes place can be reduced and greater transparency in how and when decisions are made restored.

IRC remains popular with many Ubuntu developers but its old-school, lo-fi nature is said to be off-putting to newer contributors. They're used to richer real-time chat platforms with more features (like discussion history, search, offline messaging, etc). It's felt this is why many newer developers employed by Canonical prefer to discuss and message through the company's internal Mattermost instance — which isn't publicly accessible. Many Ubuntu teams, flavours, and community chats already take place on Matrix...
"End-users aren't directly affected, of course," they point out. But an earlier post on the same blog notes that Matrix "is increasingly ubiquitous in open-source circles. GNOME uses it, KDE embraces it, Linux Mint migrated last year, Mozilla a few years before, and it's already widely used by Ubuntu community members and developers." IRC remains unmatched in many areas but is, rightly or wrongly, viewed as an antiquated communication platform. IRC clients aren't pretty or plentiful, the syntax is obtuse, and support for 'modern' comforts like media sending, read receipts, etc., is lacking.To newer, younger contributors IRC could feel ancient or cumbersome to learn.

Though many of IRC's real and perceived shortcomings are surmountable with workarounds, clients, bots, scripts, and so on, support for those varies between channels, clients, servers, and user configurations. Unlike IRC, which is a centralised protocol relying on individual servers, Matrix is federated. It lets users on different servers to communicate without friction. Plus, Matrix features encryption, message history, media support, and so, meeting modern expectations.

Wednesday the Linux Foundation wrote that both "regulatory compliance" and "increased cybersecurity risk" were "creating burdens...that must be met" for open source communities.

And so, as Steven J. Vaughan-Nichols writes, "the Linux Foundation has released a comprehensive guide to help open source developers navigate the complex landscape of the U.S. Office of Foreign Assets Control (OFAC) sanctions..." These rules, aimed at achieving economic, foreign policy, and national security goals, apply to various interactions, including those in the open source community. The total Sanctions Programs and Country list amounts to over 17 thousand entries ranging from individuals to terrorist organizations to countries.

If that rings a bell, it's because, in October 2024, the Linux kernel developers ran right into this issue. The Linux kernel's leadership, including Greg Kroah-Hartman, the stable Linux kernel maintainer, and Linus Torvalds, Linux's founder, announced that eleven Russian kernel developers had been removed from their roles working on the Linux kernel. Why? Because, as Torvalds said, of "Russian sanctions." This, he added, in a Linux kernel mailing list (LKML) message was because "the 'various compliance requirements' are not just a US thing."

For developers, this means exercising caution about who they interact with and where their contributions originate. The sanctions target specific countries, regions, and individuals or organizations, many of which are listed on the Specially Designated Nationals and Blocked Persons (SDN) List... Most OFAC sanctions are exempted for "informational materials," which generally include open source code. However, this only applies to existing code and not to requests for new code or modifications. So, for example, working with a Russian developer on a code patch could land you in hot water... While reviewing unsolicited patches from contributors in sanctioned regions is generally acceptable, actively engaging them in discussions or improvements could cross legal boundaries... Developers are warned to be cautious of sanctioned entities attempting to contribute indirectly through third parties or developers acting "individually."
Countries currently sanctioned include:

• Russia
• Cuba
• Iran
• North Korea
• Syria
• The following regions of Ukraine: Crimea, Donetsk and Luhansk regions of the Ukraine.

The Linux Foundation had written that the OFAC sanctions rules are "strict liability" rules, "which means it does not matter whether you know about them or not. Violating these rules can lead to serious penalties, so it's important to understand how they might affect your open source work." But J. Vaughan-Nichols offers this quote from open source licensing attorney Heather Meeker.

"Let's be honest: Smaller companies usually ignore regulations like this because they just don't have the resources to analyze them, and a government usually ignores smaller companies because it doesn't have the resources to enforce against them. Big companies that are on the radar need specialized counsel."

An anonymous reader quotes a report from TechCrunch: To cap off a day of product releases, OpenAI researchers, engineers, and executives, including OpenAI CEO Sam Altman, answered questions in a wide-ranging Reddit AMA on Friday. OpenAI the company finds itself in a bit of a precarious position. It's battling the perception that it's ceding ground in the AI race to Chinese companies like DeepSeek, which OpenAI alleges might've stolen its IP. The ChatGPT maker has been trying to shore up its relationship with Washington and simultaneously pursue an ambitious data center project, while reportedly laying groundwork for one of the largest financing rounds in history. Altman admitted that DeepSeek has lessened OpenAI's lead in AI, and he also said he believes OpenAI has been "on the wrong side of history" when it comes to open-sourcing its technologies. While OpenAI has open-sourced models in the past, the company has generally favored a proprietary, closed-source development approach.

"[I personally think we need to] figure out a different open source strategy," Altman said. "Not everyone at OpenAI shares this view, and it's also not our current highest priority [] We will produce better models [going forward], but we will maintain less of a lead than we did in previous years." In a follow-up reply, Kevin Weil, OpenAI's chief product officer, said that OpenAI is considering open-sourcing older models that aren't state-of-the-art anymore. "We'll definitely think about doing more of this," he said, without going into greater detail.

Google has open-sourced the PebbleOS, with the original founder, Eric Migicovsky, starting a company to continue where he left off in 2016. "This is part of an effort from Google to help and support the volunteers who have come together to maintain functionality for Pebble watches after the original company ceased operations in 2016," said Google in a blog post. The Verge reports: The company -- which can't be named Pebble because Google still owns that -- doesn't have a name yet. For now, Migicovsky is hosting a waitlist and news signup at a website called RePebble. Later this year, once the company has a name and access to all that Pebble software, the plan is to start shipping new wearables that look, feel, and work like the Pebbles of old. The reason, Migicovsky tells me, is simple. "I've tried literally everything else," he says, "and nothing else comes close." Sure, he may just have a very specific set of requirements -- lots of people are clearly happy with what Apple, Garmin, Google, and others are making. But it's true that there's been nothing like Pebble since Pebble. "For the things I want out of it, like a good e-paper screen, long battery life, good and simple user experience, hackable, there's just nothing."

The core of Pebble, he says, is a few things. A Pebble should be quirky and fun and should feel like a gadget in an important way. It shows notifications, lets you control your music with buttons, lasts a long time, and doesn't try to do too much. It sounds like Migicovsky might have Pebble-y ambitions beyond smartwatches, but he appears to be starting with smartwatches. If that sounds like the old Pebble and not much else, that's precisely the point. [...] Migicovsky also hopes to be part of a broader open-source community around Pebble OS. The Pebble diehards still exist: a group of developers at Rebble have worked to keep many of the platform's apps alive, for instance, along with the Cobble app for connecting to phones, and the Pebble subreddit is surprisingly active for a product that hasn't been updated since the Obama administration. Migicovsky says he plans to open-source whatever his new company builds and hopes lots of other folks will build stuff, too. Thank you Slashdot reader sziring for sharing this story.

July saw the news that Meta had launched a powerful open-source AI model, Llama 3.1.

But the Free Software Foundation evaluated Llama 3.1's license agreement, and announced this week that "this is not a free software license and you should not use it, nor any software released under it." Not only does it deny users their freedom, but it also purports to hand over powers to the licensors that should only be exercised through lawmaking by democratically-elected governments.

Moreover, it has been applied by Meta to a machine-learning (ML) application, even though the license completely fails to address software freedom challenges inherent in such applications....

We decided to review the Llama license because it is being applied to an ML application and model, while at the same time being presented by Meta as if it grants users a degree of software freedom. This is certainly not the case, and we want the free software community to have clarity on this.
In other news, the FSF also announced the winner of the logo contest for their big upcoming 40th anniversary celebration.

An anonymous reader quotes an op-ed from 404 Media's Jason Koebler: If it wasn't already obvious, the last 72 hours have made it crystal clear that it is urgent to build and mainstream alternative, decentralized social media platforms that are resistant to government censorship and control, are not owned by oligarchs and dominated by their algorithms, and in which users own their follower list and can port it elsewhere easily and without restriction. [...] Mastodon's ActivityPub and Bluesky's AT.Protocol have provided the base technology layer to make this possible, and have laid important groundwork over the last few years to decorporatize and decentralize the social internet.

The problem with decentralized social media platforms thus far is that their user base is minuscule compared to platforms like TikTok, Facebook, and Instagram, meaning the cultural and political influence has lagged behind them. You also cannot directly monetize an audience on Bluesky or Mastodon -- which, to be clear, is a feature, not a bug -- but also means that the value proposition for an influencer who makes money through the TikTok creator program or a small business that makes money selling chewing gum on TikTok shop or a clothes brand that has figured out how to arbitrage Instagram ads to sell flannel shirts is not exactly clear. I am not advocating for decentralized social media to implement ads and creator payment programs. I'm just saying that many TikTok influencers were directing their collective hundreds of millions of fans to follow them to Instagram or YouTube, not a decentralized alternative.

This doesn't mean that the fediverse or that a decentralized Instagram or TikTok competitor that runs on the AT.Protocol is doomed. But there is a lot of work to do. There is development work that needs to be done (and is being done) to make decentralized protocols easier to join and use and more interoperable with each other. And there is a massive education and recruitment challenge required to get the masses to not just try out decentralized platforms but to earnestly use them. Bluesky's growing user base and rise as a legitimately impressive platform that one can post to without feeling like it's going into the void is a massive step forward, and proof that it is possible to build thriving alternative platforms. The fact that Meta recently blocked links to a decentralized Instagram alternative shows that big tech sees these platforms, potentially, as a real threat. "This is all to say that it is possible to build alternatives to Elon Musk's X, Mark Zuckerberg's Instagram, and whatever TikTok will become," concludes Koebler. "It is happening, and it is necessary. The richest, most powerful people in the world have all aligned themselves and their platforms with Donald Trump. But their platforms' relevance and importance doesn't necessarily have to last forever. A different way is possible, if we build it."

Further reading: 'The Tech Oligarchy Arrives' (The Atlantic)

In 2022 Google released a tool to easily scan for vulnerabilities in dependencies named OSV-Scanner. "Together with the open source community, we've continued to build this tool, adding remediation features," according to Google's security blog, "as well as expanding ecosystem support to 11 programming languages and 20 package manager formats... Users looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities..."

Thursday they also announced an extensible library for "software composition analysis" scanning (as well as file-system scanning) named OSV-SCALIBR (Open Source Vulnerability — Software Composition Analysis LIBRary). The new library "combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as:

• Software composition analysis for installed packages, standalone binaries, as well as source code

• OSes package scanning on Linux (COS, Debian, Ubuntu, RHEL, and much more), Windows, and Mac

• Artifact and lockfile scanning in major language ecosystems (Go, Java, Javascript, Python, Ruby, and much more)

• Vulnerability scanning tools such as weak credential detectors for Linux, Windows, and Mac

• Software Bill of Materials (SBOM) generation in SPDX and CycloneDX, the two most popular document formats

• Optimization for on-host scanning of resource constrained environments where performance and low resource consumption is critical

"OSV-SCALIBR is now the primary software composition analysis engine used within Google for live hosts, code repos, and containers. It's been used and tested extensively across many different products and internal tools to help generate SBOMs, find vulnerabilities, and help protect our users' data at Google scale. We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface."

Independent developer Sebastian Vogelsang is building a photo-sharing app for the decentralized social network Bluesky, leveraging its AT Protocol and his earlier app, Skeets. The app, called Flashes, will offer features like photo and short video posts while integrating seamlessly with Bluesky. TechCrunch reports: When launched, Flashes could tap into growing consumer demand for alternatives to Big Tech's social media monopoly. [...] To make this work, Flashes simply filters Bluesky's existing timeline for posts with photos and video posts. (In the future, Vogelsang also plans to add metadata to Flashes' posts so Bluesky users would have a way to keep their feeds on Bluesky's main app from being flooded with photo posts if that became a problem.) Flashes didn't take too long to build because it was able to reuse Skeets' existing code. The app will also be able to market to Skeets' existing user base, who have now downloaded the app some 30,500 times to date.

Vogelsang says he's now working to integrate subscription-based features from both his apps so users don't have to pay twice for the premium features, like Skeets' bookmarks, drafts, muting, rich push notifications, and others specific to Flashes. (Both apps are free to use without a subscription, we should note.) Later, Vogelsang says he wants to launch a video-only app, too, called Blue Screen.

At launch, Flashes will support photo posts of up to four images and videos of up to 1 minute in length, just like Bluesky. Users who post to Flashes will also have their posts appear on Bluesky and comments on those posts will also feed back into the app as if it were just another Bluesky client. It will also support Bluesky's direct messages. The developer expects to be able to launch Flashes to the public in a matter of weeks with a TestFlight beta arriving ahead of that. Interested users can follow Flashes' account on Bluesky for further updates. Flashes could satiate the growing demand for alternatives to Big Tech's social media monopoly, especially after Meta CEO Mark Zuckerberg announced that he will end fact-checking on its platforms.

The Register's Simon Sharwood reports: Broadcom has lost another sizable customer for its VMware platform: Austrian cloud provider Anexia has moved 12,000 VMs, some of them rented by major European businesses, to an open-source system based on the KVM hypervisor. Anexia was founded in 2006, is based in Austria, and provides cloud services from over 100 locations around the world by placing equipment in third party datacenters. Clients include remote access and control vendor TeamViewer, and airline Lufthansa -- plus plenty more outfits that need reliable hosting and service to match.

CEO Alexander Windbichler told The Register that after Broadcom acquired VMware, increased licensing costs, and made big changes to its partner program, Anexia remained eligible to operate a VMware-powered cloud. But Windbichler felt he couldn't afford to continue, because Broadcom offered new terms that saw the cost of VMware licenses rise sharply. The CEO preferred not to enumerate the increase precisely however The Register understands it exceeded 500 percent. Whatever the actual figure, Windbichler said the cost increase "Would have been existential for us."

"We used to pay for VMware software one month in arrears," he said. "With Broadcom we had to pay a year in advance with a two-year contract." That arrangement, the CEO said, would have created extreme stress on company cashflow. "We would not be able to compete with the market," he said. "We had customers on contracts, and they would not pay for a price increase." Windbichler considered legal action, but felt the fight would have been slow and expensive. Anexia therefore resolved to migrate, a choice made easier by its ownership of another hosting business called Netcup that ran on a KVM-based platform.

WordPress co-creator (and Automattic CEO) Matt Mullenweg "has deactivated the accounts of several WordPress.org community members," reports TechCrunch, "some of whom have been spearheading a push to create a new fork of the open source WordPress project." Joost de Valk — creator of WordPress-focused SEO tool Yoast (and former marketing and communications' lead for the WordPress Foundation) — last month published his "vision for a new WordPress era," alluding to a potential fork in the form of "federated and independent repositories." Karim Marucchi, CEO of enterprise web consulting firm Crowd Favorite, echoed these thoughts in a separate blog post. WP Engine indicated it was on standby to lend a corporate hand. Mullenweg, for his part, has publicly supported the notion of a new WordPress fork.
But when Automattic slashed its contributions to Wordpress.org, things heated up: This spurred de Valk to take to X.com on Friday to indicate that he was willing to lead on the next release of WordPress, with Marucchi adding that his "team stands ready." Collectively, de Valk and Marucchi contribute around 10 hours per week to various aspects of the WordPress open source project. However, in a sarcasm-laden blog post published this morning, Mullenweg said that to give their independent effort the "push it needs to get off the ground," he was deactivating their WordPress.org accounts. "I strongly encourage anyone who wants to try different leadership models or align with WP Engine to join up with their new effort," Mullenweg wrote.

At the same time, Mullenweg also revealed he was deactivating the accounts of three other people, with little explanation given: Sé Reed, Heather Burns, and Morten Rand-Hendriksen. Reed, it's worth noting, is president and CEO of a newly established non-profit called the WP Community Collective, which is setting out to serve as a "neutral home for collaboration, contribution, and resources" around WordPress and the broader open source ecosystem. Burns, a former contributor to the WordPress project, took to X this morning to express surprise at her deactivation, noting that she hadn't been involved in the project since 2020...

It's worth noting that deactivating a WordPress.org account prevents affected users from contributing through that channel, be it to the core project or any other plugins or themes they may be involved with.
Rand-Hendriksen posted on BlueSky: So why is he targeting Heather and me? Because we started talking about the need for proper governance, accountability, conflict of interest policies, and other things back in 2017. We both left the project in 2019, and apparently he still holds a grudge.
And while Mullenweg headlined his blog post "Joost/Karim Fork," Rand-Hendriksen wrote on BlueSky "there is no fork in the works as far as I know. He made that up, as he has done before. Heather and I have no involvement with any of this so I don't know why he grouped the five of us together like this. It smells like attempted harassment."

Later Rand-Hendriksen claimed "this is not the first time he's accused critics of forking WordPress" and that he's "convinced any fork will fail... I think he thinks saying someone is forking WordPress is an epic burn that discredits them in the eyes of the community."

VLC media player, the popular open-source software developed by nonprofit VideoLAN, has topped 6 billion downloads worldwide and teased an AI-powered subtitle system. From a report: The new feature automatically generates real-time subtitles -- which can then also be translated in many languages -- for any video using open-source AI models that run locally on users' devices, eliminating the need for internet connectivity or cloud services, VideoLAN demoed at CES.

China's Xiangshan project aims to deliver a high-performance RISC-V processor by 2025. If it succeeds, it could be "enormously significant" for three reasons, writes The Register's Simon Sharwood. It would elevate RISC-V from low-end silicon to datacenter-level capabilities, leverage the open-source Mulan PSL-2.0 license to disrupt proprietary chip models like Arm and Intel, and reduce China's dependence on foreign technology, mitigating the impact of international sanctions on advanced processors. From the report: The prospect of a 2025 debut appeared on Sunday in a post to Chinese social media service Weibo, penned by Yungang Bao of the Institute of Computing Technology at the Chinese Academy of Sciences. The academy has created a project called Xiangshan that aims to use the permissively licensed RISC-V ISA to create a high-performance chip, with the Scala source code to the designs openly available.

Bao is a leader of the project, and has described the team's ambition to create a company that does for RISC-V what Red Hat did for Linux -- although he said that before Red Hat changed the way it made the source code of RHEL available to the public. The Xiangshan project has previously aspired to six-monthly releases, though it appears its latest design to be taped out was a second-gen chip named Nanhu that emerged in late 2023. That silicon ran at 2GHz and was built on a 14nm process node. The project has since worked on a third-gen design, named Kunminghu, and published the image [here] depicting an overview of its non-trivial micro-architecture.

This week New York Times technology columnist Kevin Roose published his annual "Good Tech" awards to "shine the spotlight on a few tech projects that I think contributed positively to humanity."

And high on the list is "Andres Freund, and every open-source software maintainer saving us from doom." The most fun column I wrote this past year was about a Microsoft database engineer, Andres Freund, who got some odd errors while doing routine maintenance on an obscure open-source software package called xz Utils. While investigating, Freund inadvertently discovered a huge security vulnerability in the Linux operating system, which could have allowed a hacker to take control of hundreds of millions of computers and bring the world to its knees.

It turns out that much of our digital infrastructure rests on similar acts of nerdy heroism. After writing about Freund's discovery, I received tips about other near disasters involving open-source software projects, many of which were averted by sharp-eyed volunteers catching bugs and fixing critical code just in time to foil the bad guys. I could not write about them all, but this award is to say: I see you, open-source maintainers, and I thank you for your service.
Roose also acknowledges the NASA engineers who kept Voyager 1 transmitting back to earth from interstellar space — and Bluesky, "for making my social media feeds interesting again."

Roose also notes it was a big year for AI. There's a shout-out to Epoch AI, a small nonprofit research group in Spain, "for giving us reliable data on the AI boom." ("The firm maintains public databases of AI models and AI hardware, and publishes research on AI trends, including an influential report last year about whether AI models can continue to grow at their current pace. Epoch AI concluded they most likely could until 2030.") And there's also a shout-out to groups "pushing AI forward" and positive uses "to improve health care, identify new drugs and treatments for debilitating diseases and accelerate important scientific research."

• The nonprofit Arc Institute released Evo, an AI model that "can predict and generate genomic sequences, using technology similar to the kind that allows systems like ChatGPT to predict the next words in a sequence."

• A Harvard University lab led by Dr. Jeffrey Lichtman teamed with researchers from Google for "the most detailed map of a human brain sample ever created. The team used AI to map more than 150 million synapses in a tiny sample of brain tissue at nanometer-level resolution..."

• Researchers at Stanford and McMaster universities developed SyntheMol, "a generative AI model that can design new antibiotics from scratch."

TPM is a dedicated chip or firmware enabling hardware-level security, housing encryption keys, certificates, passwords, and sensitive data, "and shielding them from unauthorized access," Microsoft senior product manager Steven Hosking wrote last month, declaring TPM 2.0 to be "a non-negotiable standard for the future of Windows."

Or, as BleepingComputer put it, Microsoft "made it abundantly clear... that Windows 10 users won't be able to upgrade to Windows 11 unless their systems come with TPM 2.0 support." (This despite the fact that Statcounter Global data "shows that more than 61% of all Windows systems worldwide still run Windows 10.") They add that Microsoft "announced on October 31 that Windows 10 home users will be able to delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates."

But last week the Free Software Foundation's campaigns manager delivered a message on the FSF's official blog: "Keep putting pressure on Microsoft." Grassroots organization against a corporation as large as Microsoft is never easy. They have the advertising budget to claim that they "love Linux" (sic), not to mention the money and political willpower to corral free software developers from around the world on their nonfree platform Microsoft GitHub. This year's International Day Against DRM took aim at one specific injustice: their requiring a hardware TPM module for users being forced to "upgrade" to Windows 11. As Windows 10 will soon stop receiving security updates, this is a (Microsoft-manufactured) problem for users still on this operating system. Normally, offloading cryptography to a different hardware module could be seen as a good thing — but with nonfree software, it can only spell trouble for the user...

What's crucial now is to keep putting pressure on Microsoft, whether that's through switching to GNU/Linux, avoiding new releases of their software, or actions as simple as moving your projects off of Microsoft GitHub. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions.

Samsung and Google are introducing Eclipsa Audio, an open-source 3D audio standard set to debut on select YouTube videos and Samsung's 2025 TVs and soundbars. The new format "could eventually serve as a free alternative to Dolby Atmos, the dominant 3D audio format that hardware makers like Samsung pay to license for TVs and other equipment," reports The Verge. "Samsung says that similar to Atmos, this audio format supports adjusting 'audio data such as the location and intensity of sounds, along with spatial reflections' to create a 3D experience." From the report: The two companies first announced a partnership to develop spatial audio technology in 2023, initially calling it Immersive Audio Model and Formats (IAMF). At the time, Samsung spatial audio head WooHyun Nam said the format would provide "a complete open-source framework for 3D audio, from creation to delivery and playback."

The IAMF spec has also been adopted by the Alliance for Open Media, a group that has been pushing for royalty-free codec support since 2015 and counts companies like Amazon, Apple, Microsoft, and Netflix -- along with Samsung and Google -- among its members. If they also add support for this audio format, it could help it catch on, although it's already taken years for their AV1 video codec to see more use. Samsung and Google are also creating a certification program with the Telecommunications Technology Association "to ensure consistent audio quality" across devices using the format, which also sounds similar to the way companies like Dolby and THX manage the labeling for their specs.

Bruce Perens, original co-founder of the Open Source Initiative, has responded to questions from Slashdot readers about a new alternative he's developing that hopefully helps "Post Open" developers get paid.

But first, "One of the things that's clear from the Slashdot patter is that people are not aware of what I've been doing, in general," Perens says. "So, let's start by filling that in..."

Read on for the rest of his wide-ranging answers....

Bruce Perens wrote the original Open Source definition back in 1997, and then co-founded the Open Source Initiative with Eric Raymond in 1998. But after resigning from the group in 2020, Perens is now diligently developing an alternative he calls "Post Open" to "meet goals that Open Source fails at today" — even providing a way to pay developers for their work.

To make it all happen, he envisions software developers owning (and controlling) a not-for-profit corporation developing a body of software called "the Post Open Collection" and collecting its licensing fees to distribute among developers. The hope? To "make it possible for an individual developer to stay at home and code all day, and make their living that way without having to build a company."

The not-for-profit entity — besides actually enforcing its licensing — could also:

• Provide tech support, servicing all Post-Open software through one entity.
• Improve security by providing developers with cryptographic-hardware-backed authentication guaranteeing secure software chain-of-custody.
• Handle onerous legal requirements like compliance with the EU Cyber Resilience Act "on behalf of all developers in the Post Open Collection".
• Compensate documentation writers.
• Fund lobbying on behalf of developers, along with advocacy for their software's privacy-preserving features.

"We've started to build the team," Perens said in a recent interview, announcing weeks ago that attorneys are already discussing the structure of the future organization and its proposed license.

But what do you think? Perens has agreed to answer questions from Slashdot readers...

He's also Slashdot reader #3,872. (And Perens is also an amateur radio operator, currently on the board of M17 — a community of open source developers and radio enthusiasts — and in general support of Open Source and Amateur Radio projects through his non-profit HamOpen.org.) But more importantly, Perens "was the person to announce 'Open Source' to the world," according to his official site. Now's your chance to ask him about his next new big idea...

Ask as many questions as you'd like, but please, one per comment. We'll pick the very best questions — and forward them on to Bruce Perens himself to answer!

UPDATE: Bruce Perens has answered your questions!

Friday the Software Freedom Conservancy announced the production release of the new OpenWrt One network router — designed specifically for running the Linux-based router OS OpenWrt (a member project of the SFC). "This is the first wireless Internet router designed and built with your software freedom and right to repair in mind.

"The OpenWrt One will never be locked down and is forever unbrickable." This device services your needs as its owner and user. Everyone deserves control of their computing. The OpenWrt One takes a great first step toward bringing software rights to your home: you can control your own network with the software of your choice, and ensure your right to change, modify, and repair it as you like.

The OpenWrt One demonstrates what's possible when hardware designers and manufacturers prioritize your software right to repair; OpenWrt One exuberantly follows these requirements of the copyleft licenses of Linux and other GPL'd programs. This device provides the fully copyleft-compliant source code release from the start. Device owners have all the rights as intended on Day 1; device owners are encouraged to take full advantage of these rights to improve and repair the software on their OpenWrt One. Priced at US$89 for a complete OpenWrt One with case (or US$68.42 for a caseless One's logic board), it's ready for a wide variety of use cases...

This new product has completed full FCC compliance tests; it's confirmed that OpenWrt met all of the FCC compliance requirements. Industry "conventional wisdom" often argues that FCC requirements somehow conflict with the software right to repair. SFC has long argued that's pure FUD. We at SFC and OpenWrt have now proved copyleft compliance, the software right to repair, and FCC requirements are all attainable in one product!

You can order an OpenWrt One now! Since today is the traditional day in the USA when folks buy gifts for love ones, we urge you to invest in a wireless router that can last! We do expect that for orders placed today, sellers will deliver by December 22 in most countries... Regardless of where you buy from, for every purchase of a new OpenWrt One, a US$10 donation will go to the OpenWrt earmarked fund at Software Freedom Conservancy. Your purchase not only improves your software right to repair, but also helps OpenWrt and SFC continue to improve the important software and software freedom on which we all rely!
LWN.net points out that OpenWrt has also "served as the base on which a lot of network-oriented development (including the bufferbloat-reduction work) has been done." The OpenWrt One was designed to be a functional network router that would serve as a useful tool for the development of OpenWrt itself. To that end, the hope was to create a device that was entirely supported by upstream free software, and which was as unbrickable as it could be... The OpenWrt One comes with a two-core Arm Cortex-A53 processor, 1GB of RAM, and 256MB of NAND flash memory. There is also a separate, read-only 16MB NOR flash array in the device. Normally, the OpenWrt One will boot and run from the NAND flash, but there is a small switch in the back that will cause it to boot from the NOR instead. This is a bricking-resistance feature; should a software load break the device, it can be recovered by booting from NOR and flashing a new image into the NAND array. ..

After booting into the new image, the One behaved like any other OpenWrt router... What could be more interesting is seeing this router get into the hands of developers and enthusiasts who will use it to make OpenWrt (and other small-system distributions) better.
Long-time Slashdot reader dumfrac writes: The intent to build the device was announced on the OpenWRT forums earlier this year. It is based on MediaTek MT7981B (Filogic 820) SoC and MediaTek MT7976C dual-band WiFi 6 chipset and the board is made by Banana Pi. A poll to select the logo was run in April on the OpenWRT forums, and now the hardware is available for purchase. .

LWN: The long-awaited release of the GNU Image Manipulation Program (GIMP) 3.0 is on the way, marking the first major update since version 2.10 was released in April 2018. It now features a GTK 3 user interface and GIMP 3.0 introduces significant changes to the core platform and plugins. This release also brings performance and usability improvements, as well as more compatibility with Wayland and complex input sources.

GIMP 3.0 is the first release to use GTK 3, a more modern foundation than the GTK 2 base of prior releases. GTK 4 has been available for a few years now, and is on the project's radar, but the plan was always to finish the GTK 3 work first. Moving to GTK 3 brings initial Wayland compatibility and HiDPI scaling. In addition, this allows for GIMP users to take advantage of multi-touch input, bringing pinch-to-zoom gestures to the program, and offering a better experience when working with complex peripherals, such as advanced drawing tablets. These features were not previously possible due to the limitations of GTK 2.

A secondary result of the transition to GTK 3 is a refreshed user interface (UI), now with support for CSS themes included. In this release, four themes are available by default, including light, dark, and gray themes, along with a high-contrast theme for users with visual impairments. Additionally, this release has transitioned to using GTK's header bar component, typically used to combine an application's toolbar and title bar into one unit. To maintain familiarity with previous releases, however, GIMP 3.0 still supports the traditional menu interface.

An anonymous reader quotes a report from ZDNet, written by Steven Vaughan-Nichols: At KubeCon North America, SUSE announced a significant rebranding effort, several new product offerings, and the launch of SUSE AI, a secure platform for deploying and running generative AI (gen AI) applications. SUSE has renamed its entire portfolio to make product names more descriptive and customer-friendly. Notable changes include:

- Rancher, SUSE's Kubernetes offering, is now SUSE Rancher.
- Liberty Linux, the company's Red Hat Enterprise Linux (RHEL)/CentOS clone and support offering, becomes SUSE Multi Linux Support.
- Harvester is rebranded as SUSE Virtualization
- Longhorn is now SUSE Storage.

[...] Also, like everyone else, SUSE now has an AI offering: SUSE AI. This isn't an AI chatbot, like Red Hat's Lightspeed AI tool. No, it's a secure platform for deploying and running gen AI applications. This new offering addresses key challenges faced by enterprises as they move from AI experimentation to deployment, particularly in areas of security and compliance. These are SUSE AI's top features, as highlighted by Vaughan-Nichols:

1. Security by Design: SUSE AI provides security and certifications at the software infrastructure level, along with zero-trust security tools, templates, and compliance playbooks.
2. Multifaceted Trust: The platform ensures that generated data is correct and private customer and IP data remain secure. It supports deployment across various environments, including on-premise, hybrid, cloud, and air-gapped setups.
3. Choice and Flexibility: SUSE AI allows customers to select and deploy their preferred AI components and LLMs.
4. Simplified Operations: The platform provides simplified cluster operations, persistent storage, and easy access to pre-configured shared tools and services.