Red Hat developer Matthias Clasen has announced the release of GNOME 3.34, bringing many performance improvements and better Wayland support. Phoronix reports: Making GNOME 3.34 particularly exciting is the plethora of optimizations/fixes in tow with this six-month update. Equally exciting are a ton of improvements and additions around the Wayland support to ensure its performance and feature parity to X11. GNOME 3.34 also brings other improvements like sandboxed browsing with Epiphany, GNOME Music enhancements, GNOME Software improvements, and a ton of other refinements throughout GNOME Shell, Mutter, and the many GNOME applications. More details can be found via release announcement and release notes.

urdak writes: Four years ago, ScyllaDB introduced Scylla -- a new open-source NoSQL database, compatible with the popular Cassandra but 10 times faster. Today, the project announced support for the DynamoDB API as well. This will allow applications that use Amazon's DynamoDB to be migrated to other public or private clouds -- running on Scylla instead of DynamoDB. Beyond the added choice, large users may also see their cloud bills drastically reduced by moving to Scylla: ScyllaDB reported in the past that the total cost of running Scylla is only one seventh the cost of DynamoDB.

Forbes.com shares some big Linux news: Since 2011, Arch Linux-based Manjaro has focused on being a simple-to-use, accessible Linux desktop distribution with a friendly community... But as of today, Manjaro Linux is no longer just a Linux distribution -- it's officially transforming into a company with ambitious plans for its future. Say hello to Manjaro GmbH & Co. KG.

The announcement happened just hours ago, via Manjaro developer Philip Müller. It's not the catchiest name, but the advantages to this move seem beneficial to the both the Manjaro project and the community using it. Müller says that for quite some time he's been researching "ways to secure the project in its current form and how to allow for activities which can't be undertaken as a 'hobby project.'" Crucially, he and the team wanted to reach new heights and be able to invest considerably more time into the project, without compromising the way its currently operating. To that end, the Manjaro team is announcing the formation of an established company, Manjaro GmbH & Co. KG, "to enable full-time employment of maintainers and exploration of future commercial opportunities." They'll also be taking on Blue Systems -- a German IT company specializing in Free and Libre software -- as an advisor.

Additionally, the team will transfer the ownership of all donations -- and the allocation of donations -- to fiscal hosts CommunityBridge and OpenCollective, which will both secure donations and make their use transparent... At this stage is look like there's a distinction between what will change in the immediate future, and what the company will strive for. The biggest immediate change -- one that Manjaro supporters may applaud -- is that developers Philip Müller and Bernhard Landauer can now commit to the distribution in a full-time capacity, with an eye toward taking on even more employees down the road. "One of our main goals is to improve our infrastructure and continuously work on the essentials and requirements of our distro as a professional endeavor," writes Müller. "Our hope is to soon be able to include additional contributors on a paid basis."

"It's here! Purism announces shipment of the Librem 5," writes long-time Slashdot reader Ocean Consulting: Librem 5 is a landmark mobile device with a dedicated platform, runs PureOS Linux, and is the first mobile phone to seek hardware certification from the Free Software Foundation. Initially a crowd sourced funding campaign, the phone embraces principles of free software and user privacy. IP native communication is supported via Matrix. Privacy features include hardware kill switches for camera, microphone, cellular, wifi, Bluetooth and GPS.
"The Librem 5 phone is built from the ground up to respect the privacy, security, and freedoms of society," reads the site's official announcement. "It is a revolutionary approach to solving the issues that people face today around data exploitation -- putting people in control of their own digital lives."

They're adopting an "iterative" shipping schedule -- publishing a detailed schedule defining specific batches and their features with corresponding shipping dates. "Each iteration improves upon the prior in a rapid rolling release throughout the entire first version of the phone... As slots in a particular early batch free up, we will open it up for others in a later batch to join in, according to the date of the order."

pacopico writes: Aerospace technology has gotten better. The price of rocket launches has come down. So much so that a group of space friends in Silicon Valley now think it's possible to create their own settlement on the moon for less than $3 billion. They've formed a non-profit called the Open Lunar Foundation that looks to begin launching probes to the lunar surface and then to start work on a habitat. The idea is to build a settlement in the spirit of open-source technology where data and hardware designs can be shared and where policies around the settlement are shaped by people all over the world rather than a particular nation state or billionaire. So far the team is small and working off a few million dollars, but there's an all-star cast of advisors, including former astronauts, NASA heads and aerospace execs.

Garabito writes: Free Software advocate Richard M. Stallman gave a talk at Microsoft Campus yesterday. Stallman was invited by Microsoft Research. Stallman's talk was related -- as most of his talks -- with Free Software, Privacy and the GPLv3. He also had a list of small requests to Microsoft: "make Github push users to better software license hygiene, make hardware manufacturers to publish their hardware specs, make it easier to workaround Secure Boot." While Microsoft has changed its attitude toward Open Source Software in the last years, this does not mean RMS has made peace with Microsoft: "If you're wondering whether Stallman's distaste for Microsoft has lessened over the years, his personal home page makes it clear that it has not".

Gregor Hohpe: A significant share of architectural energy is spent on reducing or avoiding lock-in. That's a rather noble objective: architecture is meant to give us options and lock-in does the opposite. However, lock-in isn't a simple true-or-false matter: avoiding being locked into one aspect often locks you into another. Also, popular notions, such as open source automagically eliminating lock-in, turn out to be not entirely true. Time to have a closer look at lock-in, so you don't get locked up into avoiding it!

Top Linux kernel developer Greg Kroah-Hartman gave a new 30-minute interview with TFIR during the Open Source Summit, 2019. He discusses security in the post-Spectre world, remembers when Microsoft joined the Linux distros mailing list, and acknowledges good-naturedly that he and Richard Stallman "approach things from a different standpoint".

An anonymous reader writes: In the interview Kroah-Hartman talks about downsides of living in the Hague. "My son's school actually mandates that they all have MacBooks. So he has a MacBook, my wife has a MacBook, and that's about it." But of course, Kroah-Hartman himself is always using Linux.

So what distro does he use? "I don't use openSUSE any more, I use Arch. And my build system I think is actually running Fedora. I have a number of virtual machines still running Gentoo, Dubya, and Fedora to do some testing on some userspace tools. But yeah, all my laptops and everything is switched over to Arch these days... I have a Chromebook that I play around with, and you can run Linux applications, and you can of course SSH into anything..."

Why Arch? "At the moment it had something that I needed. I don't remember what it was, the latest development version, what not -- and I've known a number of the Arch developers over the years. Their idea of a constantly rolling, forward-moving system is the way to go... It's neutral, it's community-based, it has everything I need. It works really really well. I've actually converted my cloud instances that I have all to Arch... It's nice." And in addition, "Their Wiki is amazing. The documentation -- it's like one of the best resources out there these days... If you look up any userspace program and how to configure it and use it. Actually, the systemd Arch Wiki pages are one of the most amazing resources out there...

"One of the main policies of Arch, or philosophies, is you stay as close to the upstream as possible. And as a developer, I want that... They're really good in feedback to the community. Because I want that testing -- I want to make sure that things are fixed. And if it is broken, I learn about it quickly and I fix it and push the stuff out. So that's actually a really good feedback loop. And that's some of the reasons I need it."

An anonymous reader quotes Phoronix: Back on the AMD EPYC 7002 "Rome" launch day I wrote about how AMD is working to return to open-source BIOS/Coreboot support and now there's further confirmation of their work in that direction. We were tipped off Friday that AMD's Head of Platform Firmware, Edward Benyukhis, publicly posted on LinkedIn that he is "looking to hire someone with solid Coreboot and UEFI background." If you have Coreboot experience or know someone who is, see LinkedIn for contacting Benyukhis.

That's exciting itself and certainly noteworthy, but also notable is AMD is now sponsoring next week's Open-Source Firmware Conference. AMD has joined the likes of Amazon AWS, Arm, System76, TrustedFirmware.org, and other companies in sponsoring this conference about Coreboot, LinuxBoot, and related open-source firmware projects.

Exactly 28 years ago today, a 21-year-old student named Linus Torvalds made a fateful announcement on the Usenet newsgroup comp.os.minix.

i-Programmer commemorates today's anniversary with some interesting trivia: Back in 1991 the fledgling operating system didn't have a name, according to Joey Sneddon's 27 Interesting Facts about Linux:

Linux very nearly wasn't called Linux! Linus wanted to call his "hobby" project "FreaX" (a combination of "free", "freak" and "Unix"). Thankfully, he was persuaded otherwise by the owner of the server hosting his early code, who happened to prefer the name "Linux" (a combination of "Linus" and "Unix").

One fact I had been unaware of is that the original version of Linux wasn't open source software. It was free but was distributed with a license forbidding commercial use or redistribution. However, for version 0.12, released in 1992, the GPL was adopted making the code freely available.
Android Authority describes the rest of the revolution: Torvalds announced to the internet that he was working on a project he said was "just a hobby, won't be big and professional." Less than one month later, Torvalds released the Linux kernel to the public. The world hasn't been the same since...

To commemorate the nearly 30 years that Linux has been available, we compiled a shortlist of ways Linux has fundamentally changed our lives.

- Linux-based operating systems are the number-one choice for servers around the world... As of 2015, web analytics and market share company W3Cook estimated that as many as 96.4% of all servers ran Linux or one of its derivatives. No matter the exact number, it's safe to say that the kernel nearly powers the entire web...

- In Oct. 2003, a team of developers forked Android from Linux to run on digital cameras. Nearly 16 years later, it's the single most popular operating system in the world, running on more than 2 billion devices. Even Chrome OS, Android TV, and Wear OS are all forked from Linux. Google isn't the only one to do this either. Samsung's own in-house operating system, Tizen, is forked from Linux as well, and it's is even backed by The Linux Foundation.

- Linux has even changed how we study the universe at large. For similar reasons cars and supercomputers use Linux, NASA uses it for most of the computers aboard the International Space Station. Astronauts use these computers to carry out research and perform tasks related to their assignments. But NASA isn't the only galaxy studying organization using Linux. The privately-owned SpaceX also uses Linux for many of its projects. In 2017, SpaceX sent a Linux-powered supercomputer developed by HP to space and, according to an AMA on Reddit, even the Dragon and Falcon 9 run Linux.
"Without it," the article concludes, "there would be no science or social human development, and we would all still be cave-people."

Standard, a popular Javascript style guide library that is downloaded about three million times each month, is beginning to show ads when installed through npm, a developer announced this week. The move, which has been pegged as an experiment, comes as the developer looks to find sustainable ways to support contributions to the open source development. In a post, Feross Aboukhadijeh, a developer of Standard, said whenever Standard 14 is installed, "we'll display a message from a company that supports open source. The sponsorship pays directly for maintainer time. That is, writing new features, fixing bugs, answering user questions, and improving documentation."

The announcement has sparked a debate in the community with some suggesting that there should be a better way to support the FOSS developers without seeing ads on the terminal.

"A rash of supply chain attacks hitting open source software over the past year shows few signs of abating, following the discovery this week of two separate backdoors slipped into a dozen libraries downloaded by hundreds of thousands of server administrators," reports Ars Technica: The compromises of Webmin and the RubyGems libraries are only the latest supply chain attacks to hit open source software. Most people don't think twice about installing software or updates from the official site of a known developer. As developers continue to make software and websites harder to exploit, black hats over the past few years have increasingly exploited this trust to spread malicious wares by poisoning code at its source...

To be fair, closed-source software also falls prey to supply-side attacks -- as evidenced by those that hit computer maker ASUS on two occasions, the malicious update to tax-accounting software M.E.Doc that seeded the NotPetya outbreak of 2017, and another backdoor that infected users of the CCleaner hard drive utility that same year. But the low-hanging fruit for supply chain attacks seems to be open source projects, in part because many don't make multi-factor authentication and code signing mandatory among its large base of contributors.

"The recent discoveries make it clear that these issues are becoming more frequent and that the security ecosystem around package publication and management isn't improving fast enough," Atredis Partners Vice President of Research and Development HD Moore told Ars. "The scary part is that each of these instances likely resulted in even more developer accounts being compromised (through captured passwords, authorization tokens, API keys, and SSH keys). The attackers likely have enough credentials at hand to do this again, repeatedly, until all credentials are reset and appropriate MFA and signing is put in place."

IBM makes the Power Series chips, and as part of that has open sourced some of the underlying technologies to encourage wider use of these chips. The open source pieces have been part of the OpenPower Foundation. Today, the company announced it was moving the foundation under The Linux Foundation, and while it was at it, announced it was open sourcing several other important bits. From a report: Ken King, general manager for OpenPower at IBM, says that at this point in his organization's evolution, they wanted to move it under the auspices of the Linux Foundation. But IBM didn't stop there. It also announced that it was open sourcing some of the technical underpinnings of the Power Series chip to make it easier for developers and engineers to build on top of the technology. Perhaps most importantly, the company is open sourcing the Power Instruction Set Architecture (ISA). These are "the definitions developers use for ensuring hardware and software work together on Power," the company explained.

King sees open sourcing this technology as an important step for a number of reasons around licensing and governance. "The first thing is that we are taking the ability to be able to implement what we're licensing, the ISA instruction set architecture, for others to be able to implement on top of that instruction set royalty free with patent rights," he explained. The company is also putting this under an open governance workgroup at the OpenPower Foundation.

"Slackware is the longest active Linux distribution project, founded in 1993," writes TheBAFH (Slashdot reader #68,624).

"Today there are many Linux distributions available, but I've remained dedicated to this project as I believe it still holds an important place in the Linux ecosystem," writes Patrick J. Volkerding on a new Patreon page. He adds that Slackware's users "know that Slackware can be trusted not to constantly change the way things work, so that your investment in learning Slackware lasts longer than it would with a system that's a moving target... Your support is greatly appreciated, and will make it possible for me to continue to maintain this project."

TheBAFH writes: The authenticity of the Patreon page has been confirmed by Mr. Volkerding in a post in the Slackware forum of LinuxQuestions.org. "I was going to wait to announce it until I had a few more planned updates done in -current that would be getting things closer to an initial 15.0 beta release, but since it's been spotted in the wild I'll confirm it."
Slashdot also emailed Patrick J. Volkerding at Slackware.com last summer and confirmed that that is indeed the account that he's posting from on LinuxQuestions. At the time, he was still trying to find the time to get a Patreon page set up.

"I've been trying to catch up on nearly a decade of neglecting everything other than Slackware, but I'm at least getting more caught up."

Friday Google open-sourced "the speech engine that powers its Android speech recognition transcription tool Live Transcribe," reports Venture Beat: The company hopes doing so will let any developer deliver captions for long-form conversations. The source code is available now on GitHub.

Google released Live Transcribe in February. The tool uses machine learning algorithms to turn audio into real-time captions. Unlike Android's upcoming Live Caption feature, Live Transcribe is a full-screen experience, uses your smartphone's microphone (or an external microphone), and relies on the Google Cloud Speech API. Live Transcribe can caption real-time spoken words in over 70 languages and dialects. You can also type back into it — Live Transcribe is really a communication tool. The other main difference: Live Transcribe is available on 1.8 billion Android devices. (When Live Caption arrives later this year, it will only work on select Android Q devices.)

The Japanese anime studio, Khara, is moving to Blender, the the open-source 3D creation software. "It'll begin partially using the software for its current development 'EVANGELION:3.0+1.0' but will make the full switch once that project is finished," reports Neowin. "The current project is expected to end in June next year, so after that point, its employees will start using Blender for the majority of their work." From the report: At the moment, Khara uses 3ds Max from Autodesk on a subscription basis; however, the company found that it had to reach out to small and medium-sized businesses for its projects. Due to the limitations of those companies, it's harder for them to afford 3ds Max. By switching to Blender, Khara says it can work better with external firms.

While Blender will be used for the bulk of the work, Khara does have a backup plan if there's anything Blender struggles with; Hiroyasu Kobayashi, General Manager of Digital Dpt. and Director of Board of Khara, said: "There are currently some areas where Blender cannot take care of our needs, but we can solve it with the combination with Unity. Unity is usually enough to cover 3ds Max and Maya as well. Unity can be a bridge among environments."

Just a few months ago, the editor of the recently-departed Linux Journal wrote that in many ways the golden age of Linux and FOSS was 2007. "Linux was now mainstream in corporate IT, and it was much rarer to meet much resistance when you wanted to set up Linux servers, unless your company was a 100% Windows shop... FOSS companies were making a lot of money, and developers were being paid to work on Linux and FOSS full time."

He also wrote that when Linux Journal later folded (the first time), "It became clearer than ever to me that while Linux and FOSS had won the battle over the tech giants a decade before, new ones had taken their place in the meantime, and we were letting them win."

And he offered this final assessment in April: Today, Linux has wide hardware support, and a number of vendors offer hardware with Linux pre-installed and supported. The internet itself is full of FOSS projects, and one of the first things people do when they are about to start on a software project is to look on GitHub to see if anything that meets their needs already exists. Linux absolutely dominates the cloud in terms of numbers of VMs that run it, and much cloud infrastructure also runs FOSS services. Linux also is in many people's pockets and home appliances. Linux and FOSS are more ubiquitous than ever.

Linux and FOSS also are more hidden than ever. So many of those FOSS projects on GitHub ultimately are used as building blocks for proprietary software. So many companies that seem to champion FOSS by helping upstream projects they rely on also choose to keep the projects they write themselves proprietary. Although Linux dominates the cloud, more and more developers and system administrators who use the cloud do so via proprietary APIs and proprietary services. New developers and sysadmins get less exposure to Linux servers and FOSS services if they use the cloud how the providers intended. And, while Linux runs in your pocket and in your home, it's hidden underneath a huge layer of proprietary applications.

For the most part, the FOSS philosophy that defined Linux in its early days is hidden as well. Many people in the community tout FOSS only in terms of the ability to see code or as a way to avoid writing code themselves. It has become rarer for people to tout the importance of the freedoms that come along with FOSS and the problems that come from proprietary software. Indeed, most Linux application development in the cloud these days is done on Mac or Windows machines -- something that would have been considered unthinkable in the early days of Linux... I encourage everyone from all corners of the community not to take FOSS and Linux for granted. The world of readily available code and mostly open protocols you enjoy today isn't a given. If current trends continue, we could be back to a world of proprietary software, vendor lock-in and closed protocols like the world before 1994.

This new battle we find ourselves in is much more insidious. The ways that proprietary software and protocols have spread, in particular on mobile devices, has made it much more challenging for FOSS to win compared to in the past. If we want to win this battle, we need the whole community to work together toward a common goal.

InfoWorld's Matt Asay argues we're in (or near) "the golden age of open source." Here and there an open source company might struggle to make a buck, but as a community of communities, open source has never been healthier. There are a few good indicators for this.

The first is that the clouds -- yes, all of them -- are open sourcing essential building blocks that expose their operations. Google rightly gets credit for moving first on this with projects like Kubernetes and TensorFlow, but the others have followed suit. For example, Microsoft Azure released Azure Functions, which "extends the existing Azure application platform with capabilities to implement code triggered by events occurring in virtually any Azure or third-party service as well as on-premises systems...." More recently, AWS released Firecracker, a lightweight, open source virtualization technology for running multi-tenant container workloads that emerged from AWS' serverless products (Lambda and Fargate). In a textbook example of how open source is supposed to work, Firecracker was derived from the Google-spawned crosvm but then spawned its own upgrade in the form of Weave Ignite, which made Firecracker much easier to manage.

These are just a few examples of the interesting open source projects emerging from the public clouds. (Across the ocean, Alibaba has been open sourcing its chip architecture, among other things.) More remains to be done, but these offer hope that the public clouds come not to bury open source, but rather to raise it...

it's not hard to believe that the more companies get serious about becoming software companies, the more they're going to encourage their developers to get involved in the open source communities upon which they depend... [I]t's not just the upstarts. Old-school enterprises like Home Depot host code on GitHub, while financial services companies like Capital One go even further, sponsoring open source events to help foster community around their proliferating projects.... So, again, not everybody is doing it. Not yet. But far more organizations are involved in open source today than were back in 2008... Such involvement is happening both at the elite level (public clouds) and in more mainstream ways, ushering in a golden era of open source.

"In the 3D content creation space, where are lot of professional 3D software costs anywhere from 2K to 8K Dollars a license, people have always hoped that the free, open source 3D software Blender would some day be up to the job of replacing expensive commercial 3D software packages," writes Slashdot reader dryriver: This never happened, not because Blender didn't have good 3D features technically, but rather because the Blender Foundation simply did not listen to thousands of 3D artists screaming for a "more standard UI design" in Blender. Blender's eccentric GUI with reversed left-click-right-click conventions, keyboard shortcuts that don't match commercial software and other nastiness just didn't work for a lot of people.

After years of screaming, Blender finally got a much better and more familiar UI design in release 2.80, which can be downloaded here. Version 2.80 has many powerful features, but the standout feature is that after nearly 10 years of asking, 3D artists finally get a better, more standard, more sensible User Interface. This effectively means that for the first time, Blender can compete directly with expensive commercial 3D software made by industry leaders like Autodesk, Maxon, NewTek and SideFX.

Why the Blender Foundation took nearly a decade to revise the software's UI is anybody's guess.

Long-time Slashdot reader Artem S. Tashkinov writes: A security researcher has published proof-of-concept (PoC) code for a vulnerability in the KDE software framework. A fix is not available at the time of writing. The bug was discovered by Dominik "zer0pwn" Penner and impacts the KDE Frameworks package 5.60.0 and below. The KDE Frameworks software library is at the base of the KDE desktop environment v4 and v5 (Plasma), currently included with a large number of Linux distributions.

The vulnerability occurs because of the way the KDesktopFile class (part of KDE Frameworks) handles .desktop or .directory files. It was discovered that malicious .desktop and .directory files could be created that could be used to run malicious code on a user's computer. When a user opens the KDE file viewer to access the directory where these files are stored, the malicious code contained within the .desktop or .directory files executes without user interaction — such as running the file.

Zero user interaction is required to trigger code execution — all you have to do is to browse a directory with a malicious file using any of KDE file system browsing applications like Dolphin.
When ZDNet contacted KDE for a comment Tuesday, their spokesperson provided this response.

"We would appreciate if people would contact security@kde.org before releasing an exploit into the public, rather than the other way around, so that we can decide on a timeline together."