The Red Hat Package Managers for LibreOffice "have recently been orphaned," according to a post by Red Hat manager Matthias Clasen on the "LibreOffice packages" mailing list, "and I thought it would be good to explain the reasons behind this." The Red Hat Display Systems team (the team behind most of Red Hat's desktop efforts) has maintained the LibreOffice packages in Fedora for years as part of our work to support LibreOffice for Red Hat Enterprise Linux. We are adjusting our engineering priorities for RHEL for Workstations and focusing on gaps in Wayland, building out HDR support, building out what's needed for color-sensitive work, and a host of other refinements required by Workstation users. This is work that will improve the workstation experience for Fedora as well as RHEL users, and which, we hope, will be positively received by the entire Linux community.

The tradeoff is that we are pivoting away from work we had been doing on desktop applications and will cease shipping LibreOffice as part of RHEL starting in a future RHEL version. This also limits our ability to maintain it in future versions of Fedora.

We will continue to maintain LibreOffice in currently supported versions of RHEL (RHEL 7, 8 and 9) with needed CVEs and similar for the lifetime of those releases (as published on the Red Hat website). As part of that, the engineers doing that work will contribute some fixes upstream to ensure LibreOffice works better as a Flatpak, which we expect to be the way that most people consume LibreOffice in the long term.

Any community member is of course free to take over maintenance, both for the RPMs [Red Hat Package Managers] in Fedora and the Fedora LibreOffice Flatpak, but be aware that this is a sizable block of packages and dependencies and a significant amount of work to keep up with.
Commenters on LWN.net are now debating its impact.

One pointed out that "You will still find it in GNOME Software, which will install a Flatpak from FlatHub rather than an RPM from the distro."

Linux Foundation Europe "has announced the RISC-V Software Ecosystem (RISE) Project to help facilitate more performant, commercial-ready software for the RISC-V processor architecture," reports Phoronix.

"Among the companies joining the RISE Project on their governing board are Andes, Google, Intel, Imagination Technologies, Mediatek, NVIDIA, Qualcomm, Red Hat, Rivos, Samsung, SiFive, T-Head, and Ventana."

It's top goal is "accelerate the development of open source software for RISC-V," according to the official RISE web site. The project's chair says it "brings together leaders with a shared sense of urgency to accelerate the RISC-V software ecosystem readiness in collaboration with RISC-V International." The CEO of RISC-V International, Calista Redmond, said "We are grateful to the thousands of engineers making upstream contributions and to the organizations coming together now to invest in tools and libraries in support of the RISC-V software ecosystem." RISE Project members will contribute financially and provide engineering talent to address specific software deliverables prioritized by the RISE Technical Steering Committee (TSC). RISE is dedicated to enabling a robust software ecosystem specifically for application processors that includes software development tools, virtualization support, language runtimes, Linux distribution integration, and system firmware, working upstream first with existing open source communities in accordance with open source best practices.

"The RISE Project is dedicated to enabling RISC-V in open source tools and libraries (e.g., LLVM, GCC, etc) to speed implementation and time-to-market," said Gabriele Columbro, General Manager of Linux Foundation Europe.
Google's director of engineering on Android said Google was "excited to partner with industry leaders to drive rapid maturity of the RISC-V software ecosystem in support of Android and more."

And the VP of system software at NVIDIA said "NVIDIA's accelerated computing platform — which includes GPUs, DPUs, chiplets, interconnects and software — will support the RISC-V open standard to help drive breakthroughs in data centers, and a wide range of industries, such as automotive, healthcare and robotics."

An anonymous reader quotes a report from ZDNet: Bluesky Social, the popular new beta social network, is taking a big open-source step forward. On May 15th, 2023, it open-sourced the codebase for its Bluesky Social app on GitHub. This fits well with its plans. From the start, its owner, BlueSky Public Benefit LLC, a public benefit corporation, was building an "open and decentralized" social network.

Unlike Twitter, which is still tripping over its own open source feet, Bluesky client code is for anyone who wants to work on improving the code or use it as the basis for their own social network. Twitter's recommendation code, on the other hand, is essentially unusable. The Bluesky code, licensed under the MIT License, can be used now. Indeed, while it's been out for only about 24 hours, it's already been forked 88 times and has earned over 1,300 GitHub Stars.

While it's specifically the Bluesky Social app's codebase, it's also a resource for AT Protocol programmers. This protocol supports a decentralized social network. Its features include connecting with anyone on a server that supports AT Protocol; controlling how users see the world via an open algorithm market; and enabling users to change hosts without losing their content, followers, or identity. The code itself is written in React Native. This is an open-source, user-interface JavaScript software framework. It's used primarily to build applications that run on both iOS and Android devices.

Long-time open source advocate Matt Asay writes in InfoWorld: OpenSearch shouldn't exist. The open source alternative to Elasticsearch started off as Amazon Web Services' (AWS) answer to getting outflanked by Elastic's change in Elasticsearch's license, which was in turn sparked by AWS building a successful Elasticsearch service but contributing little back. In 2019 when AWS launched its then Open Distro for Elasticsearch, I thought its reasons rang hollow and, frankly, sounded sanctimonious. This was, after all, a company that used more open source than it contributed. Two years later, AWS opted to fork Elasticsearch to create OpenSearch, committing to a "long-term investment" in OpenSearch.

I worked at AWS at the time. Privately, I didn't think it would work.

Rather, I didn't feel that AWS really understood just how much work was involved in running a successful open source project, and the company would fail to invest the time and resources necessary to make OpenSearch a viable competitor to Elasticsearch. I was wrong. Although OpenSearch has a long way to go before it can credibly claim to have replaced Elasticsearch in the minds and workloads of developers, it has rocketed up the search engine popularity charts, with an increasingly diverse contributor population. In turn, the OpenSearch experience is adding a new tool to AWS' arsenal of open source strengths....

As part of the AWS OpenSearch team, David Tippett and Eli Fisher laid out a few key indicators of OpenSearch's success as they gave their 2022 year in review. They topped more than 100 million downloads and gathered 8,760 pull requests from 496 contributors, a number of whom don't work for AWS. Not stated were other success factors, such as Adobe's earlier decision to replace Elasticsearch with OpenSearch in its Adobe Commerce suite, or its increasingly open governance with third-party maintainers for the project. Nor did they tout its lightning-fast ascent up the DB-Engines database popularity rankings, hitting the Top 50 databases for the first time.

OpenSearch, in short, is a bonafide open source success story. More surprisingly, it's an AWS open source success story. For many who have been committed to the "AWS strip mines open source" narrative, such success stories aren't supposed to exist. Reality bites.
The article notes that OpenSearch's success "doesn't seem to be blunting Elastic's income statement." But it also points out that Amazon now has many employees actively contributing to open source projects, including PostgreSQL and MariaDB. (Although "If AWS were to turn forking projects into standard operating procedure, that might get uncomfortable.")

"Fortunately, not only has AWS learned how to build more open source, it has also learned how to partner with open source companies."

Veteran open source report Steven J. Vaughan-Nichols, writing at The Register: We can all agree that securing our software is a good thing. Thanks to one security fiasco after another -- the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong -- we know we must secure our code. But the European Union's proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security. At the top level, it looks good. Brussels states that before "products with digital elements" are allowed on the EU market, manufacturers must follow best practices in four areas. Secure the product over its whole life; follow a coherent cybersecurity framework; show cybersecurity transparency; and ensure customers can use products securely. Sounds great, doesn't it? But the road to hell is paved with good intentions. The devil, as always, is in the details. Some of this has nothing to do with open source software. Good luck creating any program in any way that a clueless user can't screw up.

But the EU commissioners don't have a clue about how open source software works. Or, frankly, what it is. They think that open source is the same as proprietary software with a single company behind it that's responsible for the work and then monetizes it. Nope. Open source, as I've said over and over again, is not a business model. Sure, you can build businesses around it. Who doesn't these days? But just as the AWSes, Googles, and Facebooks of the world depend on open source software, they also use programs written by Tom, Denise, and Harry from around the world. The CRA's underlying assumption is that you can just add security to software, like adding a new color option to your car's paint job. We wish!

Securing software is a long, painful process. Many open source developers have neither the revenue nor resources to secure their programs to a government standard. The notional open source developer in Nebraska, thanklessly maintaining a vital small program, may not even know where Brussels is (it's in Belgium). They can't afford to secure their software to meet EU specifications. They often have no revenue. They certainly have no control over who uses their software. It's open source, for pity's sake! As open source developer Thomas Depierre recently blogged: "We are not suppliers. All the people writing and maintaining these projects, we are not suppliers. We do not have a business relationship with all these organizations. We are volunteers, writing code and putting it online under these Licenses." Exactly.

This month the Linux Foundation announced version 3.0 of DentOS, an open source network operating system using the Linux kernel, Switchdev, and other Linux-based projects for a standardized network operating system "without abstractions or overhead," according to the project's web page. "All underlying infrastructure — including ASIC and Silicon for networking and datapath — is treated equally; while existing abstractions, APIs, drivers, low-level overhead, and other open software are simplified. DENT unites silicon vendors, ODMs, SIs, OEMs, and end users across all verticals to enable the transition to disaggregated networks."

Or, as the Linux Foundation, the operating system provides "a flexible and customizable platform for network administrators to manage their networks." DENT provides access to open source-based switches at a lower cost and with more flexibility compared to proprietary switches with locked ecosystems. Network wiring closets in many facilities--including retail stores, warehousing, remote locations, enterprises, and small and mid-sized businesses--are often small, requiring a compact solution for network management. Additionally, staff expertise may be limited, and branch-office switches from leading suppliers can require costly contracts. DENT can be easily deployed on white-box hardware in small spaces, providing an efficient and cost-effective solution for network management. As a result, DENT deployment can significantly enhance network management in a wide range of environments, providing greater efficiency, reliability, and scalability...

DentOS enables Amazon's Just Walk Out Technology to connect and manage thousands of devices like cameras, sensors, entry and exit gates, and access points on the network edge.

For Red Hat's 30th anniversary, North Carolina's News & Observer newspaper ran a special four-part series of articles.

In the first article Red Hat co-founder Bob Young remembers Red Hat's first big breakthrough: winning InfoWorld's "OS of the Year" award in 1998 — at a time when Microsoft's Windows controlled 85% of the market. "How is that possible," Young said, "that one of the world's biggest technology companies, on this strategically critical product, loses the product of the year to a company with 50 employees in the tobacco fields of North Carolina?" The answer, he would tell the many reporters who suddenly wanted to learn about his upstart company, strikes at "the beauty" of open-source software.

"Our engineering team is an order of magnitude bigger than Microsoft's engineering team on Windows, and I don't really care how many people they have," Young would say. "Like they may have thousands of the smartest operating system engineers that they could scour the planet for, and we had 10,000 engineers by comparison...."

Young was a 40-year-old Canadian computer equipment salesperson with a software catalog when he noticed what Marc Ewing was doing. [Ewing was a recent college graduate bored with his two-month job at IBM, selling customized Linux as a side hustle.] It's pretty primitive, but it's going in the right direction, Young thought. He began reselling Ewing's Red Hat product. Eventually, he called Ewing, and the two met at a tech conference in New York City. "I needed a product, and Marc needed some marketing help," said Young, who was living in Connecticut at the time. "So we put our two little businesses together."

Red Hat incorporated in March 1993, with the earliest employees operating the nascent business out of Ewing's Durham apartment. Eventually, the landlord discovered what they were doing and kicked them out.
The four articles capture the highlights. ("A visual effects group used its Linux 4.1 to design parts of the 1997 film Titanic.") And it doesn't leave out Red Hat's skirmishes with Microsoft. ("Microsoft was owned by the richest person in the world. Red Hat engineers were still linking servers together with extension cords. ") "We were changing the industry and a lot of companies were mad at us," says Michael Ferris, Red Hat's VP of corporate development/strategy. Soon there were corporate partnerships with Netscape, Intel, Hewlett-Packard, Compaq, Dell, and IBM — and when Red Hat finally goes public in 1999, its stock sees the eighth-largest first-day gain in Wall Street history, rising in value in days to over $7 billion and "making overnight millionaires of its earliest employees."

But there's also inspiring details like the quote painted on the wall of Red Hat's headquarters in Durham: "Every revolution was first a thought in one man's mind; and when the same thought occurs to another man, it is the key to that era..." It's fun to see the story told by a local newspaper, with subheadings like "It started with a student from Finland" and "Red Hat takes on the Microsoft Goliath."

Something I'd never thought of. 2001's 9/11 terrorist attack on the World Trade Center "destroyed the principal data centers of many Wall Street investment banks, which were housed in the twin towers. With their computers wiped out, financial institutions had to choose whether to rebuild with standard proprietary software or the emergent open source. Many picked the latter." And by the mid-2000s, "Red Hat was the world's largest provider of Linux...' according to part two of the series. "Soon, Red Hat was servicing more than 90% of Fortune 500 companies." By then, even the most vehement former critics were amenable to Red Hat's kind of software. Microsoft had begun to integrate open source into its core operations. "Microsoft was on the wrong side of history when open source exploded at the beginning of the century, and I can say that about me personally," Microsoft President Brad Smith later said.

In the 2010s, "open source has won" became a popular tagline among programmers. After years of fighting for legitimacy, former Red Hat executives said victory felt good. "There was never gloating," Tiemann said.

"But there was always pride."
In 2017 Red Hat's CEO answered questions from Slashdot's readers.

Long-time software engineer Blake1024 (Slashdot reader #846,727) writes: We are thrilled to announce the release of Kiss v2.0, a comprehensive, Java-based, open-source, full-stack web development framework... Kiss v2.0 provides an even more seamless, out-of-the-box experience, including pre-configured front-end and back-end components... Key Features:

* Custom HTML controls
* RESTful web services
* Microservices architecture
* Built-in authentication
* SQL API integration
* Robust reporting capabilities

Kiss utilizes microservices, allowing developers to work on a running system without the need for rebuilds, redeploys, or server reboots... Production systems can be updated without any downtime.

With proven success in commercial applications, Kiss v2.0 is ready for prime time. It's not a beta, but a reliable solution for your web development needs.

Earlier this week TechCrunch reported that just like Stability AI, startup Hugging Face "has released an open source alternative to OpenAI's viral AI-powered chabot, ChatGPT, dubbed HuggingChat." Available to test through a web interface and to integrate with existing apps and services via Hugging Face's API, HuggingChat can handle many of the tasks ChatGPT can, like writing code, drafting emails and composing rap lyrics. The AI model driving HuggingChat was developed by Open Assistant, a project organized by LAION — the German nonprofit responsible for creating the dataset with which Stable Diffusion, the text-to-image AI model, was trained.

Open Assistant aims to replicate ChatGPT, but the group — made up mostly of volunteers — has broader ambitions than that. "We want to build the assistant of the future, able to not only write email and cover letters, but do meaningful work, use APIs, dynamically research information and much more, with the ability to be personalized and extended by anyone," Open Assistant writes on its GitHub page. "And we want to do this in a way that is open and accessible, which means we must not only build a great assistant, but also make it small and efficient enough to run on consumer hardware..."

HuggingChat joins a growing family of open source alternatives to ChatGPT. Just last week, Stability AI released StableLM, a set of models that can generate code and text given basic instructions.

An anonymous reader quotes a report from ZDNet, written by Steven Vaughan-Nichols: The latest Linux kernel is out with a slew of new features -- and, for once, this release has been nice and easy. [...] Speaking of Rust, everyone's favorite memory-safe language, the new kernel comes with user-mode Linux support for Rust code. Miguel Ojeda, the Linux kernel developer, who's led the efforts to bring Rust to Linux, said the additions mean we're, "getting closer to a point where the first Rust modules can be upstreamed."

Other features in the Linux 6.3 kernel include support and enablement for upcoming and yet-to-be-released Intel and AMD CPUs and graphics hardware. While these updates will primarily benefit future hardware, several changes in this release directly impact today's users' day-to-day experience. The kernel now supports AMD's automatic Indirect Branch Restricted Speculation (IBRS) feature for Spectre mitigation, providing a less performance-intensive alternative to the retpoline speculative execution.

Linux 6.3 also includes new power management drivers for ARM and RISC-V architectures. RISC-V has gained support for accelerated string functions via the Zbb bit manipulation extension, while ARM received support for scalable matrix extension 2 instructions. For filesystems, Linux 6.3 brings AES-SHA2-based encryption support for NFS, optimizations for EXT4 direct I/O performance, low-latency decompression for EROFS, and a faster Brtfs file-system driver. Bottom line: many file operations will be a bit more secure and faster.

For gamers, the new kernel provides a native Steam Deck controller interface in HID. It also includes compatibility for the Logitech G923 Xbox edition racing wheel and improvements to the 8BitDo Pro 2 wired game controllers. Who says you can't game on Linux? Single-board computers, such as BannaPi R3, BPI-M2 Pro, and Orange Pi R1 Plus, also benefit from updated drivers in this release. There's also support for more Wi-Fi adapters and chipsets. These include: Realtek RTL8188EU Wi-Fi adapter support; Qualcomm Wi-Fi 7 wireless chipset support; and Ethernet support for NVIDIA BlueField 3 DPU. For users dealing with complex networks that have both old-school and modern networks, the new kernel can also handle multi-path TCP handling mixed flows with IPv4 and IPv6. Linux 6.3 is available from kernel.org. You can learn how to compile the Linux kernel yourself here.

In a blog post today, the Free Software Foundation is calling on the Internal Revenue Service (IRS) to provide free/libre tax-filing software for Americans to file their taxes, citing upcoming legislation that allocates funds for the agency to explore a government-operated gratis tax return system. "Many feel they have no other option than to use nonfree software or a Service as a Software Substitute (SaaSS), giving up their freedom as well as their most private financial information to a third-party company, in order to file taxes," writes the FSF.

$15 million of the $80 billion that was approved for the IRS by the Inflation Reduction Act includes the promise to further explore an "electronic service to prepare and file tax returns directly with the IRS." To do so, the IRS intends to "study taxpayer preferences for products. The results of the study will inform if and how the IRS should design such a service." The FSF writes: Let's call on the IRS to make a website for filing your tax return which respects your freedom. This is your chance. Write to the new IRS commissioner Daniel Werfel with your message. [...] Look up the address of your state's tax filing institution and send your letter to this address. Post your letter on social media to inspire others to do the same.

An anonymous reader quotes a report from Ars Technica: On Wednesday, Stability AI released a new family of open source AI language models called StableLM. Stability hopes to repeat the catalyzing effects of its Stable Diffusion open source image synthesis model, launched in 2022. With refinement, StableLM could be used to build an open source alternative to ChatGPT. StableLM is currently available in alpha form on GitHub in 3 billion and 7 billion parameter model sizes, with 15 billion and 65 billion parameter models to follow, according to Stability. The company is releasing the models under the Creative Commons BY-SA-4.0 license, which requires that adaptations must credit the original creator and share the same license.

Stability AI Ltd. is a London-based firm that has positioned itself as an open source rival to OpenAI, which, despite its "open" name, rarely releases open source models and keeps its neural network weights -- the mass of numbers that defines the core functionality of an AI model -- proprietary. "Language models will form the backbone of our digital economy, and we want everyone to have a voice in their design," writes Stability in an introductory blog post. "Models like StableLM demonstrate our commitment to AI technology that is transparent, accessible, and supportive." Like GPT-4 -- the large language model (LLM) that powers the most powerful version of ChatGPT -- StableLM generates text by predicting the next token (word fragment) in a sequence. That sequence starts with information provided by a human in the form of a "prompt." As a result, StableLM can compose human-like text and write programs.

Like other recent "small" LLMs like Meta's LLaMA, Stanford Alpaca, Cerebras-GPT, and Dolly 2.0, StableLM purports to achieve similar performance to OpenAI's benchmark GPT-3 model while using far fewer parameters -- 7 billion for StableLM verses 175 billion for GPT-3. Parameters are variables that a language model uses to learn from training data. Having fewer parameters makes a language model smaller and more efficient, which can make it easier to run on local devices like smartphones and laptops. However, achieving high performance with fewer parameters requires careful engineering, which is a significant challenge in the field of AI. According to Stability AI, StableLM has been trained on "a new experimental data set" based on an open source data set called The Pile, but three times larger. Stability claims that the "richness" of this data set, the details of which it promises to release later, accounts for the "surprisingly high performance" of the model at smaller parameter sizes at conversational and coding tasks. According to Ars' "informal experiments," they found StableLM's 7B model "to perform better (in terms of outputs you would expect given the prompt) than Meta's raw 7B parameter LLaMA model, but not at the level of GPT-3." They added: "Larger-parameter versions of StableLM may prove more flexible and capable."

Last year Python's massive PyPI repository of pre-written software packages had 235.7 billion downloads — a 57% annual growth in its download counts and bandwidth. So now Python's nonprofit Python Software Foundation has an announcement.

Their director of infrastructure said today that they're rolling out "the first step in our plan to build financial support and long-term sustainability of PyPI, while simultaneously giving our users one of our most requested features: organization accounts." Organizations on PyPI are self-managed teams, with their own exclusive branded web addresses. Our goal is to make PyPI easier to use for large community projects, organizations, or companies who manage multiple sub-teams and multiple packages.

We're making organizations available to community projects for free, forever, and to corporate projects for a small fee. Additional priority support agreements will be available to all paid subscribers, and all revenue will go right back into PyPI to continue building better support and infrastructure for all our users... Having more people using and contributing to Python every year is an fantastic problem to have, but it is one we must increase organizational capacity to accommodate. Increased revenue for PyPI allows it to become a staffed platform that can respond to support requests and attend to issues in a timeframe that is significantly faster than what our excellent (but thinly spread) largely volunteer team could reasonably handle.

We want to be very clear — these new features are completely optional. If features for larger projects don't sound like something that would be useful to you as a PyPI maintainer, then there is no obligation to create an organization and absolutely nothing about your PyPI experience will change for you.

We look forward to discussing what other features PyPI users would like to see tackled next...

9to5Linux reports: KDE-focused and Arch Linux-inspired independent distribution KaOS Linux celebrates today 10 years of existence with a new stable ISO release that brings some of the latest GNU/Linux technologies and a preview of the upcoming KDE Plasma 6 desktop environment.

Yes, you're reading it right, KaOS is one of the very first GNU/Linux distributions to offer you a live ISO image with a pre-release version of the KDE Plasma 6 desktop, which, of course, is compiled against the latest Qt 6 open-source application framework...

Since this is a special ISO release, the devs also added an option to play music during the installation process.
"KaOS uses the Systemd-provided Systemd-boot for UEFI installs," according to the release notes.

The Python Software Foundation is "concerned that proposed EU cybersecurity laws will leave open source organizations and individuals unfairly liable for distributing incorrect code," according to the Register. The PSF reviewed the EU's proposed "Cyber Resilience Act" and "Product Liability Act" and reports "issues that put the mission of our organization and the health of the open-source software community at risk."

From the Register's report: "If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial product," the PSF said in a statement shared on Tuesday by executive director Deb Nicholson. "The existing language makes no differentiation between independent authors who have never been paid for the supply of software and corporate tech behemoths selling products in exchange for payments from end-users...."

The PSF argues the EU lawmakers should provide clear exemptions for public software repositories that serve the public good and for organizations and developers hosting packages on public repositories. "We need it to be crystal clear who is on the hook for both the assurances and the accountability that software consumers deserve," the PSF concludes. The PSF is asking anyone who shares its concerns to convey that sentiment to an appropriate EU Member of Parliament by April 26, while amendments focused on protecting open source software are being considered.

Bradley Kuhn, policy fellow at the Software Freedom Conservancy, told The Register that the free and open source (FOSS) community should think carefully about the scope of the exemptions being sought. "I'm worried that many in FOSS are falling into a trap that for-profit companies have been trying to lay for us on this issue," he said. "While it seems on the surface that a blanket exception for FOSS would be a good thing for FOSS, in fact, this an attempt for companies to get the FOSS community to help them skirt their ordinary product liability. For profit companies that deploy FOSS should have the same obligations for security and certainty for their users as proprietary software companies do."
The article points out that numerous tech organizations are urging clarifications in the proposed regulations, including NLnet Labs and the Eclipse Foundation.

An anonymous reader shares a report: About a year ago, Google announced its Assured Open Source Software (Assured OSS) service, a service that helps developers defend against supply chain security attacks by regularly scanning and analyzing some of the world's most popular software libraries for vulnerabilities. Today, Google is launching Assured OSS into general availability with support for well over a thousand Java and Python packages -- and while Google didn't initially disclose pricing when it first announced the service, the company has now revealed that it will be available for free.

Software development has long depended on third-party libraries (which are often maintained by only a single developer), but it wasn't until the industry got hit with a number of high-profile exploits that everyone (including the White House) perked up and started taking software supply chain security seriously. Now, you can't attend an open source conference without hearing about Software Bills of Materials (SBOMs), artifact registries and similar topics. It's no surprise then that Google, which has long been at the forefront of releasing open-source products, launched a service like Assured OSS.

Google promises that it will constantly keep these libraries up to date (without creating forks) and continuously scan for known vulnerabilities, do fuzz tests to discover new ones and then fix these issues and contribute these fixes back upstream. The company notes that when it first launched the service with around 250 Java libraries, it was responsible for discovering 48% of the new CVEs for these libraries and subsequently addressing them.

Slashdot reader unixbhaskar writes: A company in the U.K. calling itself Minifree has started to ship old Thinkpad (specifically the X series and T series models) with Libreboot firmware. Which is based on coreboot firmware.
More specifically, Libreboot is the free-as-in-speech replacement for proprietary BIOS/UEFI firmware, the site notes, "offering faster boots speeds, better security and many advanced features compared to most proprietary boot firmware." Those advanced features include the GNU project's multiple-OS-booting "grand unified bootloader" GNU GRUB directly in the boot flash, along with several other customization options. "The aim is simple: make it easy to have a computer that was made to run entirely on Free Software at every level, meaning no proprietary software of any kind. That includes the boot firmware, operating system, drivers and applications."

The Libreboot project's founder is also the founder of Minifree, and the profits from Minifree's sales directly fund the Libreboot project. (The whole Minifree web site runs on Libreboot-powered servers, on a network behind a Libreboot-powered router...) Their site points out that Minifree Ltd has also privately funded several new board ports to coreboot, including 90,000 USD to Raptor Engineering for ASUS KGPE-D16 and KCMA-D8 libreboot support, and 4000 AUD to Damien Zammit for Gigabyte GA-G41M-ES2L and Intel D510MO libreboot support.

The installed OS on the laptops is either encrypted Debian (KDE Plasma desktop environment), with full driver support, or "other Linux distro/BSD (e.g. OpenBSD, FreeBSD) at your request... Advanced features like encrypted /boot (GNU+Linux only), signed kernels and more are available." And the laptops are also shipped — worldwide — with "your choice of 480/960GB SSD or 2x480GB/2x960GB RAID1 SSDs, with good batteries and 16GB RAM. Free technical support via email/IRC plus 5-year warranty."

But judging by their FAQ, the support is even more extensive. "If you brick your Minifree laptop when updating Libreboot, Minifree will unbrick it for free if you send it back to us. Even if your warranty has expired! However, such bricking is rare."

An anonymous reader shares this report from Tom's Hardware: When we think about Raspberry Pi, we normally picture single-board computers, but the Raspberry Pi Foundation was started to help kids learn about computers and it wants to help whether or not you own its hardware. The non-profit arm of Raspberry Pi this week released its new, browser-based code editor that's designed for young people (or any people) who are learning.

The Raspberry Pi Code Editor, which is considered to be in beta, is available to everyone for free right now at editor.raspberrypi.org. The editor is currently designed to work with Python only, but the organization says that support for other languages such as HTML, JavaScript and CSS is coming....

The Raspberry Pi Foundation already had a nice set of Python tutorials on its site, but it has adapted some of them to open sample code directly in the online editor....The Pi Foundation says that it plans to add a number of features to the Code Editor, including sharing and collaboration. The organization also plans to release the editor as an open-source project so anyone can modify it.
There's a pane showing your code's output when you click the "Run" button (plus a smaller pane for adding additional files to a project).

Tom's Hardware notes that "Since the entire programming experience takes place online, there's no way (at least right now) to use Python to control local hardware on your PC or your Raspberry Pi." But on the plus side, "If you create a free account on raspberrypi.org, which I did, the system will save all of your projects in the cloud and you can reload them any time you want. You can also download all the files in a project as a .zip file."

Four new capabilities are planned for the JavaScript specification's next update, reports InfoWorld. Based on a list of finished proposals, InfoWorld expects the following in ECMAScript 2023: - Array find from last, a proposal for .findlast() and .findLastIndex() methods on array and typed array...

- Permitting symbols as keys in WeakMap keys, a proposal that extends the WeakMap API to allow the use of unique symbols as keys. Currently, WeakMaps are limited to allow only objects as keys.

- Change array by copy, a proposal that provides additional methods on Array.prototype and TypedArray.prototype to enable changes on the array by returning a new copy of it with the change.

- Hashbang grammar, a proposal to match the de facto usage in some CLI JS hosts that allow for Shebangs/Hashbang. These hosts strip the hashbang to generate valid JS source texts before passing to JS engines. This plan would move the stripping to engines and unify and standardize how that is done.

The Free Software Foundation certifies products that meet their standards in regard to users' freedom, control over the product, and privacy. And they put out a new "Respects Your Freedom" certification on Thursday for ThinkPenguin's free software gigabit mini VPN router, the TPE-R1400.

From the FSF's announcement: This is ThinkPenguin's first device to receive RYF certification in 2023, adding to their vast catalogue of certified devices from previous years. As with previous routers from ThinkPenguin, the Free Software Gigabit Mini VPN Router ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, the maintainer of libreCMC and a former FSF intern.

The router enables users to run their network connection through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers.

"We're pleased to see ThinkPenguin continue with their commitment to bringing out devices that put software freedom as their first priority under the RYF program. The release of this router shows that ThinkPenguin is committed to the privacy and freedom of their users," said the FSF's executive director, Zoë Kooyman....

"The latest version of ThinkPenguin's VPN router lets its users take advantage of gigabit per second Internet connections while protecting their rights and privacy," said FSF's copyright and licensing associate, Craig Topham.