According to The Record, New Hampshire will pilot a new kind of voting machine that will use open-source software to tally the votes. The Record reports: The software that runs voting machines is typically distributed in a kind of black box -- like a car with its hood sealed shut. Because the election industry in the U.S. is dominated by three companies -- Dominion, Election Systems & Software and Hart InterCivic -- the software that runs their machines is private. The companies consider it their intellectual property and that has given rise to a roster of unfounded conspiracy theories about elections and their fairness. New Hampshire's experiment with open-source software is meant to address exactly that. The software by its very design allows you to pop the hood, modify the code, make suggestions for how to make it better, and work with other people to make it run more smoothly. The thinking is, if voting machines run on software anyone can audit and run, it is less likely to give rise to allegations of vote rigging.

The effort to make voting machines more transparent is the work of a group called VotingWorks. [...] On November 8, VotingWorks machines will be used in a real election in real time. New Hampshire is the second state to use the open-source machines after Mississippi first did so in 2019. Some 3,000 voters will run their paper ballots through the new machines, and then, to ensure nothing went awry, those same votes will be hand counted in a public session in Concord, N.H. Anyone who cares to will be able to see if the new machines recorded the votes correctly. The idea is to make clear there is nothing to hide. If someone is worried that a voting machine is programmed to flip a vote to their opponent, they can simply hire a computer expert to examine it and see, in real time.

The Godot Engine now has its own foundation to continue funding themselves. Previously, they teamed up with the Software Freedom Conservancy to handle fiscal sponsorship duties. Phoronix reports: The Godot engine developers and Software Freedom Conservancy mutually agreed to move the open-source game engine project to its own foundation. The Godot Foundation has been setup in the Netherlands as its own organization modeled after the policies of the SFC. The Godot Foundation is to help this game engine achieve its next level of growth and project a stronger image for the project. "We have just started the process of moving to the Foundation," writes Godot Engine lead developer, Juan Linietsky, in a blog post. "For now all of Godot's funding and contractors are still managed by the SFC. The SFC will gradually reduce its work for Godot and the new foundation will slowly ramp up. Stay tuned for announcements in the future as we finalize the Foundation's organizational structure and officially begin operations."

More details can be found via the Godot Engine blog.

An anonymous reader quotes a report from TechCrunch: As part of its larger commitment to combat "cyberflashing," the dating app Bumble is open sourcing its AI tool that detects unsolicited lewd images. First debuted in 2019, Private Detector (let's take a moment to let that name sink in) blurs out nudes that are sent through the Bumble app, giving the user on the receiving end the choice of whether to open the image. "Even though the number of users sending lewd images on our apps is luckily a negligible minority -- just 0.1% -- our scale allows us to collect a best-in-the-industry dataset of both lewd and non-lewd images, tailored to achieve the best possible performances on the task," the company wrote in a press release.

Now available on GitHub, a refined version of the AI is available for commercial use, distribution and modification. Though it's not exactly cutting-edge technology to develop a model that detects nude images, it's something that smaller companies probably don't have the time to develop themselves. So, other dating apps (or any product where people might send dick pics, AKA the entire internet?) could feasibly integrate this technology into their own products, helping shield users from undesired lewd content. When Bumble first introduced this AI, the company claimed it had 98% accuracy. "There's a need to address this issue beyond Bumble's product ecosystem and engage in a larger conversation about how to address the issue of unsolicited lewd photos -- also known as cyberflashing -- to make the internet a safer and kinder place for everyone," Bumble added.

First released in 1998, the BSD-licensed software Zeek (originally named "Bro") is about to get more widely adopted, writes long-time Slashdot reader skinfaxi: Zeek, the open source network security monitoring platform, is being integrated into Windows and "is now deployed on more than one billion global endpoints," according to an announcement from Corelight.
From Corelight's press release: Corelight, the leader in open network detection and response, today announced the integration of Zeek, the world's most popular open source network security monitoring platform, as a component of Microsoft Windows and Defender for Endpoint. The integration will help security teams respond to the most challenging attacks by providing "richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities."

Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory, Zeek transforms network traffic into compact and high-fidelity logs, file content, and behavioral analytics to accelerate security operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy's Office of Science. As adoption increased, Corelight was founded to provide a financial model and corporate sponsor for the project....

"Microsoft is strongly committed to supporting open source projects and ecosystems," said Rob Lefferts, corporate vice president for Microsoft. "We're proud to be working with Zeek and are thrilled to bring this level of network intelligence and monitoring to our customers."

"This is an amazing development for Zeek and its community of contributors and users," said Paxson. "I never imagined that the tool I developed for network monitoring would find broader application in defending endpoints — but that's part of the creative magic of open source development.

"We are grateful for Microsoft's contributions and support, and we are excited that the project's impact, and that of the community of contributors, will increase so dramatically."

Google unveiled a new open source security project on Thursday centered around software supply chain management. The Record reports: Given the acronym GUAC -- which stands for Graph for Understanding Artifact Composition -- the project is focused on creating sets of data about a software's build, security and dependency. Google worked with Purdue University, Citibank and supply chain security company Kusari on GUAC, a free tool built to bring together many different sources of software security metadata. Google has also assembled a group of technical advisory members to help with the project -- including IBM, Intel, Anchore and more.

Google's Brandon Lum, Mihai Maruseac, Isaac Hepworth pitched the effort as one way to help address the explosion in software supply chain attacks -- most notably the widespread Log4j vulnerability that is still leaving organizations across the world exposed to attacks. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," they wrote in a blog post. "GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding."

Google shared a proof of concept of the project, which allows users to search data sets of software metadata. The three explained that GUAC effectively aggregates software security metadata into a database and makes it searchable. They used the example of a CISO or compliance officer that needs to understand the "blast radius" of a vulnerability. GUAC would allow them to "trace the relationship between a component and everything else in the portfolio." Google says the tool will allow anyone to figure out the most used critical components in their software supply chain ecosystem, the security weak points and any risky dependencies. As the project evolves, Maruseac, Lum and Hepworth said the next part of the work will center around scaling the project and adding new kinds of documents that can be submitted and ingested by the system.

Longtime Slashdot reader lazyeye writes: The 53rd release of OpenBSD, version 7.2, has officially been released. Support for new platforms such as the Ampere Altra, Apple M2 chip, and support for Lenovo ThinkPad x13s and other machines using the Qualcomm Snapdragon 8cx Gen 3 (SC8280XP) SoC are now included, along with various kernel improvements. The announcement with all the details are available at the link [here] from the openbsd-announce mailing list.

Last Friday, Google announced the release of KataOS, a security-minded operating system focused on embedded devices running ambient machine learning workloads. As Phoronix notes, it uses the Rust programming language and is "built atop the seL4 microkernel as its foundatin." From Google's Open-Source Blog: As the foundation for this new operating system, we chose seL4 as the microkernel because it puts security front and center; it is mathematically proven secure, with guaranteed confidentiality, integrity, and availability. Through the seL4 CAmkES framework, we're also able to provide statically-defined and analyzable system components. KataOS provides a verifiably-secure platform that protects the user's privacy because it is logically impossible for applications to breach the kernel's hardware security protections and the system components are verifiably secure. KataOS is also implemented almost entirely in Rust, which provides a strong starting point for software security, since it eliminates entire classes of bugs, such as off-by-one errors and buffer overflows.

The current GitHub release includes most of the KataOS core pieces, including the frameworks we use for Rust (such as the sel4-sys crate, which provides seL4 syscall APIs), an alternate rootserver written in Rust (needed for dynamic system-wide memory management), and the kernel modifications to seL4 that can reclaim the memory used by the rootserver. KataOS code is being worked on via GitHub under the AmbiML umbrella.

The Clearing House, a banking association and payments company owned by the largest commercial banks in the U.S., has joined the Open Invention Network (OIN) -- the world's largest patent nonaggression consortium. ZDNet reports: The OIN has long protected Linux and Linux-related software from patent aggression by rival companies. With the increase in patent troll attacks, the OIN is also defending companies from these assaults. You may not think financial companies and banks are subject to such attacks. I mean, TCH's roots go all the way back to 1853. Think again.

As Keith Bergelt, CEO of OIN, said in June, "The most sophisticated and compelling global banking and fintech companies have essentially become technology companies that employ open-source software to deliver their services at scale." Further, patent trolls "appear to be targeting them for this reason, along with the fact that financial services companies have not historically been active patent filers." That's because, historically, they've purchased most of their tech from third-party vendors.

That was then. This is now. Today, financial institutions generate more tech in-house, so they're more concerned about being granted patents, building patent portfolios, and related patent issues. Indeed, these days fintech businesses have their own Fintech Open Source Foundation (FINOS), the financial sector branch of the Linux Foundation. So, Bergelt said in a release Wednesday, "Advancements in financial services and fintech increasingly rely on open-source technologies. As the most experienced payment company in the US, and a keystone for the financial services industry, we are pleased that The Clearing House is committed to patent nonaggression in core Linux and adjacent open-source technologies."

Pine64 has announced a new "sub $10 Linux capable single board computer" called the Ox64.

Liliputing says the tiny SBC "looks a lot like a Raspberry Pi Pico. But while Raspberry Pi's tiny board is powered by an RP2040 microcontroller, the Ox64 has a dual-core RISC-V processor, 64MB of embedded RAM, and support for up to 128Mb of flash storage plus a microSD card for additional storage." It's expected to support RTOS and Linux and blurs the lines between a microcontroller and a (very low power) single-board PC. It's expected to go on sale in November with prices starting at $6 for an RTOS-ready version of the board and $8 for a Linux-compatible model.

As spotted by CNX Software earlier this month, the board is designed to be a small, inexpensive single-board computer with a RISC-V processor that's aimed at developers.
Pine64's October update also reveals that their Star64 and QuartzPro64 single-board computers "now boot Linux (and run it well too already!)"

Greg Lavender, CTO of Intel, spoke to VentureBeat about the company's efforts to help developers build applications that can run on any operating system. From the report: "Today in the accelerated computing and GPU world, you can use CUDA and then you can only run on an Nvidia GPU, or you can go use AMD's CUDA equivalent running on an AMD GPU,â Lavender told VentureBeat. "You can't use CUDA to program an Intel GPU, so what do you use?" That's where Intel is contributing heavily to the open-source SYCL specification (SYCL is pronounced like "sickle") that aims to do for GPU and accelerated computing what Java did decades ago for application development. Intel's investment in SYCL is not entirely selfless and isn't just about supporting an open-source effort; it's also about helping to steer more development toward its recently released consumer and data center GPUs. SYCL is an approach for data parallel programming in the C++ language and, according to Lavender, it looks a lot like CUDA.

To date, SYCL development has been managed by the Khronos Group, which is a multi-stakeholder organization that is helping to build out standards for parallel computing, virtual reality and 3D graphics. On June 1, Intel acquired Scottish development firm Codeplay Software, which is one of the leading contributors to the SYCL specification. "We should have an open programming language with extensions to C++ that are being standardized, that can run on Intel, AMD and Nvidia GPUs without changing your code," Lavender said. Lavender is also a realist and he knows that there is a lot of code already written specifically for CUDA. That's why Intel developers built an open-source tool called SYCLomatic, which aims to migrate CUDA code into SYCL. Lavender claimed that SYCLomatic today has coverage for approximately 95% of all the functionality that is present in CUDA. He noted that the 5% SYCLomatic doesn't cover are capabilities that are specific to Nvidia hardware.

With SYCL, Lavender said that there are code libraries that developers can use that are device independent. The way that works is code is written by a developer once, and then SYCL can compile the code to work with whatever architecture is needed, be it for an Nvidia, AMD or Intel GPU. Looking forward, Lavender said that he's hopeful that SYCL can become a Linux Foundation project, to further enable participation and growth of the open-source effort. [...] "We should have write once, run everywhere for accelerated computing, and then let the market decide which GPU they want to use, and level the playing field," Lavender said.

VideoLAN, the developer and operator of popular media player VLC, has filed a legal notice to India's IT and Telecom ministries, alleging that the Indian bodies failed to notify the software developer prior to blocking the website and did not afford it a chance for an explanation. From a report: Indian telecom operators have been blocking VideoLAN's website, where it lists links to downloading VLC, since February of this year, VideoLan president and lead developer Jean-Baptiste Kempf told TechCrunch in an earlier interview. India is one of the largest markets for VLC. "Most major ISPs [internet service providers] are banning the site, with diverse techniques," he said of the blocking in India. The telecom operators began blocking the VideoLan website on February 13 of this year, when the site saw a drop of 80% in traffic from the South Asian market, he said. Now, VideoLAN, in assistance with local advocacy group Internet Freedom Foundation, is using legal means to get answers and redressal. It has sought a copy of the blocking order for banning VideoLAN website in India and an opportunity to defend the case through a virtual hearing. In the notice, VideoLAN argues that the way Indian ministries have enforced the ban on the website, they violate their own local laws.

An anonymous reader quotes a report from Ars Technica: A stable version of Linux 6.0 is out, with 15,000 non-merge commits and a notable version number for the kernel. And while major Linux releases only happen when the prior number's dot numbers start looking too big -- there is literally no other reason" -- there are a lot of notable things rolled into this release besides a marking in time. Most notable among them could be a patch that prevents a nearly two-decade slowdown for AMD chips, based on workaround code for power management in the early 2000s that hung around for far too long. [...]

Intel's new Arc GPUs are supported in their discrete laptop form in 6.0 (though still experimental). Linux blog Phoronix notes that Intel's ARC GPUs all seem to run on open source upstream drivers, so support should show up for future Intel cards and chipsets as they arrive on the market. Linux 6.0 includes several hardware drivers of note: fourth-generation Intel Xeon server chips, the not-quite-out 13th-generation Raptor Lake and Meteor Lake chips, AMD's RDNA 3 GPUs, Threadripper CPUs, EPYC systems, and audio drivers for a number of newer AMD systems. One small, quirky addition points to larger things happening inside Linux. Lenovo's ThinkPad X13s, based on an ARM-powered Qualcomm Snapdragon chip, get some early support in 6.0. ARM support is something Linux founder Linus Torvalds is eager to see [...].

Among other changes you can find in Linux 6.0, as compiled by LWN.net (in part one and part two):
- ACPI and power management improvements for Sapphire Rapids CPUs
- Support for SMB3 file transfer inside Samba, while SMB1 is further deprecated
- More work on RISC-V, OpenRISC, and LoongArch technologies
- Intel Habana Labs Gaudi2 support, allowing hardware acceleration for machine-learning libraries
- A "guest vCPU stall detector" that can tell a host when a virtual client is frozen Ars' Kevin Purdy notes that in 2022, "there are patches in Linux 6.0 to help Atari's Falcon computers from the early 1990s (or their emulated descendants) better handle VGA modes, color, and other issues."

Not included in this release are Rust improvements, but they "are likely coming in the next point release, 6.1," writes Purdy.

Michael Larabel writes via Phoronix: Debian developers have been figuring out an updated stance to take on non-free firmware considering the increasing number of devices now having open-source Linux drivers but requiring closed-source firmware for any level of functionality. The voting on the non-free firmware matter has now concluded and the votes tallied... The debian votes option 5 as winning: "Change SC for non-free firmware in installer, one installer."

Basically the Debian Installer media will now be allowed to include non-free firmware and to automatically load/use it where necessary while informing the user of it, etc. Considering the state of the hardware ecosystem these days, it's reasonable and common sense since at least users will be able to easily make use of their graphics cards, network adapters, and more. Plus a number of modern CPU security mitigations also requiring the updated closed-source microcode. So all in, I am personally happy with this decision as it will allow for a more pleasant experience for Debian on modern systems and one akin to what is found with other Linux distributions. The solution is described in full via the Debian Wiki.

Speech recognition remains a challenging problem in AI and machine learning. In a step toward solving it, OpenAI today open-sourced Whisper, an automatic speech recognition system that the company claims enables "robust" transcription in multiple languages as well as translation from those languages into English. TechCrunch reports: Countless organizations have developed highly capable speech recognition systems, which sit at the core of software and services from tech giants like Google, Amazon and Meta. But what makes Whisper different, according to OpenAI, is that it was trained on 680,000 hours of multilingual and "multitask" data collected from the web, which lead to improved recognition of unique accents, background noise and technical jargon.

"The primary intended users of [the Whisper] models are AI researchers studying robustness, generalization, capabilities, biases and constraints of the current model. However, Whisper is also potentially quite useful as an automatic speech recognition solution for developers, especially for English speech recognition," OpenAI wrote in the GitHub repo for Whisper, from where several versions of the system can be downloaded. "[The models] show strong ASR results in ~10 languages. They may exhibit additional capabilities ... if fine-tuned on certain tasks like voice activity detection, speaker classification or speaker diarization but have not been robustly evaluated in these area."

Whisper has its limitations, particularly in the area of text prediction. Because the system was trained on a large amount of "noisy" data, OpenAI cautions Whisper might include words in its transcriptions that weren't actually spoken -- possibly because it's both trying to predict the next word in audio and trying to transcribe the audio itself. Moreover, Whisper doesn't perform equally well across languages, suffering from a higher error rate when it comes to speakers of languages that aren't well-represented in the training data. Despite this, OpenAI sees Whisper's transcription capabilities being used to improve existing accessibility tools.

An anonymous reader quotes a report from the Washington Post: When researchers discovered a vulnerability in the ubiquitous open-source log4j system last year that could've affected hundreds of millions of devices, the executive branch snapped into action and major tech companies huddled with the White House. Now, leaders of the Senate Homeland Security and Governmental Affairs Committee are introducing legislation to help secure open-source software, first reported by The Cybersecurity 202. Chairman Gary Peters (D-Mich.) and top ranking Republican Rob Portman (Ohio) plan to hold a vote next week on the bill they're co-sponsoring.

The Peters/Portman legislation would direct the Cybersecurity and Infrastructure Security Agency to develop a way to evaluate and reduce risk in systems that rely on open-source software. Later, CISA would study how that framework could apply to critical infrastructure. The log4j "incident presented a serious threat to federal systems and critical infrastructure companies -- including banks, hospitals, and utilities -- that Americans rely on each and every day for essential services," Peters said in a written statement. "This common-sense, bipartisan legislation will help secure open source software and further fortify our cybersecurity defenses against cybercriminals and foreign adversaries who launch incessant attacks on networks across the nation." Here's how the Peters-Portman legislation works, as outlined in the report: - It directs CISA to hire open-source experts "to the greatest extent practicable."
- It gives the agency a year to publish a framework on open-source code risk. A year later and periodically thereafter, CISA would perform an assessment of open-source code components that federal agencies commonly use.
- Also, two years after publishing the initial framework, CISA would have to study whether it could be used in critical infrastructure outside the government and potentially work with one or more critical infrastructure sectors to voluntarily test the idea.
- Other agencies would have roles as well, such as the Office of Management and Budget publishing guidance to federal chief information officers on secure use of open-source software.

The Document Foundation, the organization that tends the open source productivity suite LibreOffice, has decided to start charging for one version of the software. The Register reports: LibreOffice is a fork of OpenOffice and is offered under the free/open source Mozilla Public License Version 2.0. A Monday missive from the Document Foundation reveals the org will begin charging 8.99 euros for the software -- but only when sold via Apple's Mac App Store. That sum has been styled a "convenience fee ... which will be invested to support development of the LibreOffice project."

The foundation suggests paying up in the Mac App Store is ideal for "end users who want to get all of their desktop software from Apple's proprietary sales channel." Free downloads of LibreOffice for macOS from the foundation's site will remain available and arguably be superior to the App Store offering, because that version will include Java. The foundation argued that Apple does not permit dependencies in its store, so it cannot include Java in the 8.99 euro offering. The version now sold in the App Store supersedes a previous offering provided by open source support outfit Collabora, which charged $10 for a "Vanilla" version of the suite and threw in three years of support. The foundation's marketing officer Italo Vignoli said the change was part of a "new marketing strategy."

"The Document Foundation is focused on the release of the Community version, while ecosystem companies are focused on a value-added long-term supported versions targeted at enterprises," Vignoli explained. "The distinction has the objective of educating organizations to support the FOSS project by choosing the LibreOffice version which has been optimized for deployments in production and is backed by professional services, and not the Community version generously supported by volunteers."

"The objective is to fulfil the needs of individual and enterprise users in a better way," Vignoli added, before admitting "we know that the positive effects of the change will not be visible for some time. Educating enterprises about FOSS is not a trivial task and we have just started our journey in this direction."

An anonymous reader quotes a report from The Register: About 40 percent of industry professionals say their organizations have reduced their usage of open source software due to concerns about security, according to a survey conducted by data science firm Anaconda. The company's 2022 State of Data Science report solicited opinions in April and May from 3,493 individuals from 133 countries and regions, targeting academics, industry professionals, and students. About 16 percent of respondents identified as data scientists. About 33 percent of surveyed industry professionals said they had not scaled back on open source, 7 percent said they had increased usage, and 20 percent said they weren't sure. The remaining 40 percent said they had.

By industry professionals, or commercial respondents as Anaconda puts it, the biz means a data-science-leaning mix of business analysts, product managers, data and machine-learning scientists and engineers, standard IT folks such as systems administrators, and others in technology, finance, consulting, healthcare, and so on. And by scale back, that doesn't mean stop: 87 percent of commercial respondents said their organization still allowed the use of open source. It appears a good number of them, though, are seeking to reducing the risk from relying on too many open source dependencies.

Anaconda's report found that incidents like Log4j and reports of "protestware" prompted users of open source software to take security concerns more seriously. Of the 40 percent who scaled back usage of open source, more than half did so after the Log4j fiasco. Some 31 percent of respondents said security vulnerabilities represent the biggest challenge in the open source community today. Most organizations use open source software, according to Anaconda. But among the 8 percent of respondents indicating that they don't, more than half (54 percent, up 13 percent since last year) cited security risks as the reason. Other reasons for not using open source software include: lack of understanding (38 percent); lack of confidence in organizational IT governance (29 percent); "open-source software is deemed insecure, so it's not allowed" (28 percent); and not wanting to disrupt current projects (26 percent).

The Linux Foundation has announced plans for a new collaborative initiative designed to support interoperability across digital wallets, built on an open source bedrock. From a report: The OpenWallet Foundation (OWF), as the new effort is called, is the brainchild of Daniel Goldscheider, CEO of open banking startup Yes.com, though today's announcement reveals a broad gamut of buy-ins from multiple industry players including Okta, Ping Identity, Accenture, CVS Health, OpenID Foundation, among several other public and private bodies. With the Linux Foundation serving as the project's host, this gives OWF sizeable clout as it strives to enable what Goldscheider calls a "plurarity of wallets based on a common core," according to a press release. The news also comes as regulatory bodies across the globe are moving to support competition through enforcing interoperability across systems, including Europe which is currently trying to make messaging interoperability a thing.

Hammeh writes: PyTorch, the open source AI framework led by Meta researchers, is to become a project governed under the Linux Foundation. It moves governance of the project to a neutral home, with the promise of greater trust to act as a catalyst for more rapid development.

An anonymous reader quotes a report from TechCrunch: Proposed EU rules could limit the type of research that produces cutting-edge AI tools like GPT-3, experts warn in a new study. The nonpartisan think tank Brookings this week published a piece decrying the bloc's regulation of open source AI, arguing it would create legal liability for general-purpose AI systems while simultaneously undermining their development. Under the EU's draft AI Act, open source developers would have to adhere to guidelines for risk management, data governance, technical documentation and transparency, as well as standards of accuracy and cybersecurity.

If a company were to deploy an open source AI system that led to some disastrous outcome, the author asserts, it's not inconceivable the company could attempt to deflect responsibility by suing the open source developers on which they built their product. "This could further concentrate power over the future of AI in large technology companies and prevent research that is critical to the public's understanding of AI," Alex Engler, the analyst at Brookings who published the piece, wrote. "In the end, the [E.U.'s] attempt to regulate open-source could create a convoluted set of requirements that endangers open-source AI contributors, likely without improving use of general-purpose AI."

In 2021, the European Commission -- the EU's politically independent executive arm -- released the text of the AI Act, which aims to promote "trustworthy AI" deployment in the EU as they solicit input from industry ahead of a vote this fall, EU. institutions are seeking to make amendments to the regulations that attempt to balance innovation with accountability. But according to some experts, the AI Act as written would impose onerous requirements on open efforts to develop AI systems. The legislation contains carve-outs for some categories of open source AI, like those exclusively used for research and with controls to prevent misuse. But as Engler notes, it'd be difficult -- if not impossible -- to prevent these projects from making their way into commercial systems, where they could be abused by malicious actors. "The road to regulation hell is paved with the EU's good intentions," said Oren Etzioni, founding CEO of the Allen Institute for AI. "Open source developers should not be subject to the same burden as those developing commercial software. It should always be the case that free software can be provided 'as is' -- consider the case of a single student developing an AI capability; they cannot afford to comply with EU regulations and may be forced not to distribute their software, thereby having a chilling effect on academic progress and on reproducibility of scientific results."

Instead, Etzioni argues that EU regulators should focus on specific applications of AI. "There is too much uncertainty and rapid change in AI for the slow-moving regulatory process to be effective. Instead, AI applications such as autonomous vehicles, bots, or toys should be the subject of regulation."