pacopico writes: GitHub's CEO Nat Friedman traveled to Svalbard in October to stash Linux, Android, and 6,000 other open-source projects in a permafrost-filled, abandoned coal mine. It's part of a project to safeguard the world's software from existential threats and also just to archive the code for posterity. As Friedman says, "If you told someone 20 years ago that in 2020, all of human civilization will depend on and run on open-source code written for free by volunteers in countries all around the world who don't know each other, and it'll just be downloaded and put into almost every product, I think people would say, 'That's crazy, that's never going to happen. Software is written by big, professional companies.' It's sort of a magical moment. Having a historical record of this will, I think, be valuable to future generations." GitHub plans to open several more vaults in other places around the world and to store any code that people want included.

Slashdot reader dryriver writes: More and more professional 3D software like 3DMax, Maya, AutoCAD (Autodesk) and Substance Painter (Adobe) is now only available on a monthly or yearly subscription basis — you cannot buy any kind of perpetual license for these industry standard 3D tools anymore, cannot offline install or activate the tools, and the tools also phone home every few days over the internet to see whether you have "paid your rent". Stop paying your rent, and the software shuts down, leaving you unable to even look at any 3D project files you may have created with software.

This has caused so much frustration, concern and anxiety among 3D content creators that, increasingly, everybody is trying to replace their commercial 3D software with Open Source 3D tools. Thankfully, open source 3D tools have grown up nicely in recent years. Some of the most popular FOSS 3D tools are the complete 3D suite Blender, polygon modeling tool Wings 3D, polygon modeling tool Dust3D, CAD modeling tool FreeCAD, PBR texturing tool ArmorPaint, procedural materials generator Material Maker, image editing tool GIMP, painting tool Krita, vector illustration tool Inkscape and the 2D/3D game engine Godot Engine.

Along with these tools comes a beguiling possibility — while working with commercial 3D tools pretty much forced you to use Windows X in terms of OS choice in the past, all of the FOSS 3D tool alternatives have Linux versions. This means that for the first time, professional 3D users can give Windows a miss and work with Linux as their OS instead.
In a comment on the original submission, dryriver offers some anecdotal evidence: Go on any major 3D software forum on the Internet and it is filled with enraged 3D users revolting against forced software subscriptions and threatening to switch to FOSS Blender as soon as possible.

Some major 3D animation studios are also working Blender into their CGI pipeline. Companies like EPIC and Nvidia have begun donating to the Blender foundation. Its happening. The move away from commercial closed source tools - which are expensive, stagnant and don't offer you permanent licenses anymore - is in full swing. The fact that Blender has an innovative GPU accelerated realtime render engine called EEVEE that none of the commercial software has has only accelerated this trend.

Blender is widely believed to have 2 - 3 million active users already, and the fact that V 2.80 comes with a much more usable UI is only accelerating things.

"Despite its own solvency concerns, NPM Inc on Tuesday deployed code changes that add a 'funding' command to the latest version of the npm command-line tool, namely v6.13.0," reports the Register: Henceforth, developers creating packages for the JavaScript runtime environment Node.js can declare metadata that describes where would-be donors can go to offer financial support. Doing so involves adding a funding field to package.json, a file that lists various module settings and dependencies. The funding field should be a URL that points to an online funding service, like Patreon, or payment-accepting website....

In a phone interview with The Register, NPM Inc co-founder and co-CTO Isaac Schlueter said: "The problem we're solving is open source projects need funding and there are very few ways people can get that information in front of people using their code...." Schlueter allowed that NPM Inc's funding mechanism may reward good marketers more than it rewards good developers. But he believes it will work against that. "One thing nice about this approach is that it does take some of the marketing skill out of the equation," he said. "Because all you really have to do is set up a payment URL and then put that in your packages. You don't have to craft the message expertly, you'll show up on that list at the end of the install."
"At the end of August, we made a promise to the community to invest time & effort to better support package maintainers," explains an announcement on the NPM blog.

"This work is just the first, small step toward creating a means/mechanism for a more sustainable open source development ecosystem."

On Hackaday's hosting site Hackaday.io, an electrical engineer with a background in semiconductor physics argues that Linux's small market share is due to a lack of marketing: Not only does [Linux] have dominance when raw computing ability is needed, either in a supercomputer or a webserver, but it must have some ability to effectively work as a personal computer as well, otherwise Android wouldn't be so popular on smartphones and tablets. From there it follows that the only reason that Microsoft and Apple dominate the desktop world is because they have a marketing group behind their products, which provides customers with a comfortable customer service layer between themselves and the engineers and programmers at those companies, and also drowns out the message that Linux even exists in the personal computing realm...

Part of the problem too is that Linux and most of its associated software is free and open source. What is often a strength when it comes to the quality of software and its flexibility and customizablity becomes a weakness when there's no revenue coming in to actually fund a marketing group that would be able to address this core communications issue between potential future users and the creators of the software. Canonical, Red Hat, SUSE and others all had varying successes, but this illistrates another problem: the splintered nature of open-source software causes a fragmenting not just in the software itself but the resources. Imagine if there were hundreds of different versions of macOS that all Apple users had to learn about and then decide which one was the best for their needs...

I have been using Linux exclusively since I ditched XP for 5.10 Breezy Badger and would love to live in a world where I'm not forced into the corporate hellscape of a Windows environment every day for no other reason than most people already know how to use Windows. With a cohesive marketing strategy, I think this could become a reality, but it won't happen through passionate essays on "free as in freedom" or the proper way to pronounce "GNU" or the benefits of using Gentoo instead of Arch. It'll only come if someone can unify all the splintered groups around a cohesive, simple message and market it to the public.

Ever wondered what would manifest if you mixed 1990s nostalgia with a clever name and some futuristic hacking tech? The answer is the Pwnagotchi: a DIY, open source gadget for hacking Wi-Fi that gets smarter the more networks it gets exposed to using machine learning. From a report: It also has an adorable interface that reflects different "moods" depending on what it's doing, and echoes the Tamagotchi digital pets of the 90s. The idea is for its user to take it around the city and "feed" it with Wi-Fi handshakes, the process that allows phones or laptops to communicate with other wireless devices like a router or a smart TV. In theory, these handshakes can then be cracked to reveal the Wi-Fi network's password, which would be useful if the Pwnagotchi user wanted to hack into the Wi-Fi network at a later time. Hackers, of course, love it. The software for the Pwnagotchi was publicly released on September 19. Barely a month later, and with little promotion other than on Twitter, there's already an enthusiastic community of hundreds of security researchers and hackers all over the world who are playing with it, modding it, writing plugins to improve it, and helping each other out on a Slack channel.

Project Trident is moving from FreeBSD to Void Linux, reports Its FOSS: According to a later post, the move was motivated by long-standing issues with FreeBSD. These issues include "hardware compatibility, communications standards, or package availability continue to limit Project Trident users". According to a conversation on Telegram, FreeBSD has just updated its build of the Telegram client and it was nine releases behind everyone else.

The lead dev of Project Trident, Ken Moore, is also the main developer of the Lumina Desktop. The Lumina Desktop has been on hold for a while because the Project Trident team had to do so much work just to keep their packages updated. (Once they complete the transition to Void Linux, Ken will start working on Lumina again.)

After much searching and testing, the Project Trident team decided to use Void Linux as their new base.
More from the Project Trident site: It's important to reiterate that Project Trident is a distribution of an existing operating system. Project Trident has never been a stand-alone operating system. The goal of Project Trident is enhancing the usability of an operating system as a graphical workstation through all sorts of means: custom installers, automatic setup routines, graphical utilities, and more...

The more we've tested Void Linux, the more impressed we have been. We look forward to working with an operating system that helps Project Trident continue to provide a stable, high-quality graphical desktop experience.

Google appears to be removing apps that have donation links, including open-source apps where donations are one of the main sources of revenue. WireGuard, a free and open-source VPN, has been reportedly dropped over this according to WireGuard lead developer Jason Donenfeld. Phoronix reports: After waiting days for Google to review the latest version of their secure VPN tunnel application, it was approved and then removed and delisted -- including older versions of WireGuard. The reversal comes on the basis of violating their "payments policy." The only bit of possible "payments" within the WireGuard app is a donation link within the program taking the user to the WireGuard website should anyone want to donate to support this promising open-source secure networking tech. An appeal to the situation was also rejected by Google, Donenfeld has confirmed this morning on their mailing list. In trying to make it back into Android's Play Store, Jason has dropped the donation link from the Android app version while it's still awaiting review from Google. UPDATE: WireGuard lead developer Jason Donenfeld says the app "has been relisted on the Play Store in its usual location," adding: "Sorry again for any inconvenience this has caused users, or caused developers who depend on the availability of our app for use by their own users. We won't be making any similar changes unless we're certain that we won't be delisted."

Continuing its embracing of open source, Microsoft has today announced two new open source projects. From a report: The first is Open Application Model (OAM), a new standard for developing and operating applications on Kubernetes and other platforms. The second project is Dapr (Distributed Application Runtime), designed to make it easier to build microservice applications. Microsoft says that both OAM and Dapr "help developers remove barriers when building applications for cloud and edge." Microsoft has worked on OAM with Alibaba, and the aim is to simplify the development and deployment of applications. The company explains that: "OAM is a specification for describing applications so that the application description is separated from the details of how the application is deployed onto and managed by the infrastructure. This separation of concerns is helpful for multiple reasons." The second open source project is Dapr, which Microsoft describes as "an open source, portable, event-driven runtime that makes it easy for developers to build resilient, microservice stateless and stateful applications that run on the cloud and edge."

exomondo shares a report from The Hacker News: A vulnerability has been discovered in Sudo -- one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access. Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments -- most often, for running commands as the root user.

The vulnerability, tracked as CVE-2019-14287 and discovered by Joe Vennix of Apple Information Security, is more concerning because the sudo utility has been designed to let users use their own login password to execute commands as a different user without requiring their password. What's more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID "-1" or "4294967295." That's because the function which converts user id into its username incorrectly treats -1, or its unsigned equivalent 4294967295, as 0, which is always the user ID of root user. The vulnerability affects all Sudo versions prior to the latest released version 1.8.28, which has been released today.

System76, the Denver-based Linux PC manufacturer and developer of Pop OS, has some stellar news for those who prefer their laptops a little more open. Later this month the company will begin shipping two of their laptop models with its Coreboot-powered open source firmware. From a report: Beginning today, System76 will start taking pre-orders for both the Galago Pro and Darter Pro laptops. The systems will ship out later in October, and include the company's Coreboot-based open source firmware which was previously teased at the 2019 Open Source Firmware Conference. (Coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.) What's so great about ripping out the proprietary firmware included in machines like this and replacing it with an open alternative? To begin with, it's leaner. System76 claims that users can boot from power off to the desktop 29% faster with its Coreboot-based firmware.

[...] Both of these laptops can be kitted out with 10th-Generation Intel CPUs (specifically the i5-10210U and the i7-10510U), and both have glare-resistant matte 1080p IPS displays. Beginning at $949, the Galago Pro features an all-aluminum chassis, a wealth of connectivity options including HDMI, DisplayPort to USB-C and Thunderbolt, and can be configured with up to 32GB of RAM and up to 6TB of storage space. The Darter Pro, meanwhile, can be built out with 32GB of RAM and up to 2TB of storage, and features up to 10 hours of battery life.

Collapse OS is a new open-source operating system built specifically for use during humanity's darkest days. According to its creator, software developer Virgil Dupras, Collapse OS is what the people of the future will need to reconfigure their scavenged iPhones. For now, though, he's hosting the project on GitHub and looking for contributors. Motherboard reports: According to the Collapse OS site, Dupras envisions a world where the global supply chain collapses by 2030. In this possible future -- kind of a medium-apocalypse -- populations won't be able to mass produce electronics anymore, but they'll still be an enormous source of political and social power. Anyone who can scavenge electronics and reprogram them will gain a huge advantage over those who don't. Dupras believes that the biggest problem for tech savvy post-apocalyptic people will be microcontrollers -- tiny computers embedded in circuit boards that control the functions of computer systems.

Collapse OS will work with Z80 8-bit microprocessors. Though less common today than 16- and 32-bit components, the 8-bit Z80 can be found in desktop computers, cash registers, musical instruments, graphing calculators, and everything in between. In a Reddit Q&A, Dupras explained that the Z80 was chosen "because it's been in production for so long and because it's been used in so many machines, scavenger have good chances of getting their hands on it." According to the product page, Collapse OS currently can run on a homebrew Z80-based computer called the RC2014, and on Reddit Dupras said it could theoretically run on a Sega Genesis console.

An anonymous reader quotes a report from ZDNet: At the 2019 Linux Plumbers Conference, I talked to Linus Torvalds and several other of the Linux kernel's top programmers. They universally agreed Microsoft wants to control Linux, but they're not worried about it. That's because Linux, by its very nature and its GPL2 open-source licensing, can't be controlled by any single third-party. Torvalds said: "The whole anti-Microsoft thing was sometimes funny as a joke, but not really. Today, they're actually much friendlier. I talk to Microsoft engineers at various conferences, and I feel like, yes, they have changed, and the engineers are happy. And they're like really happy working on Linux. So I completely dismissed all the anti-Microsoft stuff."

But that doesn't mean the Microsoft leopard can't change its spots. Sure, he hears, "This is the old Microsoft, and they're just biding their time." But, Torvalds said, "I don't think that's true. I mean, there will be tension. But that's true with any company that comes into Linux; they have their own objectives. And they want to do things their way because they have a reason for it." So, with Linux, "Microsoft tends to be mainly about Azure and doing all the stuff to make Linux work well for them," he explained. Torvalds emphasized this is normal: "I mean, that's just being part of the community." James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, sees Microsoft as going through the same process as all other corporate Linux supporters: "This is a thread that runs through Linux. You can't work on the kernel to your own proprietary advantage. A lot of companies, as they came in with the proprietary business model, assumed they could. They have to be persuaded that, if you want something in Linux, that will assist your business -- absolutely fine. But it has to go through an open development process. And if someone else finds it useful, you end up cooperating or collaborating with them to produce this feature." That means, to get things done, even Microsoft is "eventually forced to collaborate with others."

Bottomley concluded: "So it doesn't matter if Microsoft has a competing agenda to Red Hat or IBM or anybody else. Developers are still expected to work together in the Linux kernel with a transparent agenda."

The Transaction Processing Performance Council is a many-decades-old nonprofit that defines transaction processing and database benchmarks and shares its performance results with the industry.

Long-time Slashdot reader hackingbear says they've just released some surprising news: The TPC organization reported on October 5 that OceanBase, an open-source relational database from Ant Financial, a business unit of Chinese e-commerce giant Alibaba Group, has topped the TPC-C benchmark, more than doubling the score achieved by Oracle Corp. which had held the world record for the past 9 years.

OceanBase v2.2 Enterprise Edition with Partitioning scored at 60,880,800, while Oracle Database 11g R2 Enterprise Edition w/RAC and Partitioning achieved 30,249,688.

TPC Benchmark C is industrial standard OLTP benchmark, measuring on-line transactions per minute (tpmC).

Google has been testing the Linux kernel with its "sanitizer" testing software that hunts for memory corruption bugs and undefined behaviors. Now Phoronix reports on Google's newest sanitizer: Kernel Concurrency Sanitizer (KCSAN) is focused on discovering data-race issues within the kernel code. This dynamic data-race detector is an alternative to the Kernel Thread Sanitizer. In their testing just last month, in two days they found over 300 unique data race conditions within the mainline kernel.

There was a recent discussion about the Kernel Concurrency Sanitizer on the LKML.

An anonymous reader quotes ZDNet: Microsoft has launched a new 44-part series called Python for Beginners on YouTube, consisting of three- to four-minute lessons from two self-described geeks at Microsoft who love programming and teaching.

The course isn't quite for total beginners as it assumes people have done a little programming in JavaScript or played around with the MIT-developed Scratch visual programming language aimed at kids. But it could help beginners kick-start ambitions to build machine-learning apps, web applications, or automate processes on a desktop.... It has published a page on GitHub containing additional resources, including slides and code samples to help students become better at Python.

The NLNet Foundation is a non-profit supporting privacy, security, and the "open internet". Now the open source Libre RISC-V hybrid CPU/GPU is applying for eight additional grants from the NLNet Foundation, according to this update from the project's Luke Kenneth Casson Leighton (Slashdot reader #517,947): Details on each Grant Application are on the newly-opened RISC-V Community Forum.

The general idea is to kick RISC-V into a commercially-viable mass-volume high gear by putting forward funding proposals for NEON/SSE-style Video Acceleration to be upstreamed for use by ffmpeg, vlc, mplayer and gstreamer; hardware-assisted Mesa 3D (a port of the RADV Vulkan Driver to RISC-V), and a hardware-accelerated OpenCL port to RISC-V. This all in a "Hybrid" fashion (a la NEON/SSE) as opposed to the "usual" way that 3D and Video is done, which hugely complicate both software drivers and applications debugging.

In addition, the Libre RISC-V SoC itself is applying for grants to do a gcc port supporting its Vectorisation Engine including auto-vectorisation, and, crucially, to do an entirely Libre-licensed ASIC Layout using LIP6.fr coriolis2, working in tandem with Chips4Makers to create a 180nm commercially-viable single-core dual-issue test ASIC.

The process takes approximately 2-3 months for approval. Once accepted, anyone may be the direct (tax-deductible) recipient of NLNet donations, for sub-tasks completed. Worth noting: Puri.sm is sponsoring the project, and, given NLNet's Charitable Status, donations from Corporations (or individuals) are 100% tax-deductible.

"It's that time of year again when we come together to support and celebrate the open source technologies we use and love," announces a post on Digital Ocean's blog. Hacktoberfest is a monthlong celebration of open source software. It was started at DigitalOcean as a way to foster a sense of community and encourage more participation in open source projects. To reward Hacktoberfest contributors, we've designed a limited edition T-shirt for those who complete the challenge each year. This year, the first 50,000 participants will be eligible to receive the limited edition shirt...

One of the enticing elements of this celebration is that you don't have to leave the comfort of your office or home to participate. But each year, more and more Hacktoberfest events have been organized since we introduced the Event Kit. In 2018 alone, there were 251 Hacktoberfest events. All of these took place during October and happened in 50 countries. With October five days away, we're already expecting to exceed last year's number of events! Wow... if you're in or around New York City, we invite you to join us at the Hacktoberfest kickoff celebration at the DigitalOcean headquarters...

This year, we're also hoping to drive awareness of the negative impacts many people around the world are experiencing due to the many environmental crises we're faced with -- and encourage participation in projects that are targeting these causes. We've identified a handful of projects on GitHub that focus on supporting the environment, which you can find in our Climate section. We hope you'll consider contributing to some of the impactful work being done by activists, scientists, and mission-driven organizations around the globe... Let's join forces to make a difference!
Last year's Hacktoberfest saw 401,231 pull requests on GitHub, according to the blog post.

On Tuesday Purism announced their first Librem 5 smartphones were rolling off the assembly line and heading to customers. "Seeing the amazing effort of the Purism team, and holding the first fully functioning Librem 5, has been the most inspirational moment of Purism's five year history," said their founder and CEO Todd Weaver.

On Wednesday they posted a video announcing that the phones were now shipping, and Friday they posted a short walk-through video. "The crowdsourced $700 Linux phone is actually becoming a real product," reports Ars Technica: Purism's demand that everything be open means most of the major component manufacturers were out of the question. Perhaps because of the limited hardware options, the internal construction of the Librem 5 is absolutely wild. While smartphones today are mostly a single mainboard with every component integrated into it, the Librem 5 actually has a pair of M.2 slots that house full-size, off-the-shelf LTE and Wi-Fi cards for connectivity, just like what you would find in an old laptop. The M.2 sockets look massive on top of the tiny phone motherboard, but you could probably replace or upgrade the cards if you wanted...

[Y]ou're not going to get cutting-edge hardware at a great price with the Librem 5. That's not the point, though. The point is that you are buying a Linux phone, with privacy and open source at the forefront of the design. There are hardware kill switches for the camera, microphone, WiFi/Bluetooth, and baseband on the side of the phone, ensuring none of the I/O turns on unless you want it to. The OS is the Free Software Foundation-endorsed PureOS, a Linux distribution that, in this case, has been reworked with a mobile UI. Purism says it will provide updates for the "lifetime" of the device, which would be a stark contrast to the two years of updates you get with an Android phone.

PureOS is a Debian-based Linux distro, and on the Librem 5, you'll get to switch between mobile versions of the Gnome and KDE environments. If you're at all interested in PureOS, Purism's YouTube page is worth picking through. Dozens of short videos show that, yes, this phone really runs full desktop-class Linux. Those same videos show the dev kit running things like the APT package manager through a terminal, a desktop version of Solitaire, Emacs, the Gnome disk utility, DOSBox, Apache Web Server, and more. If it runs on your desktop Linux computer, it will probably run on the Librem 5, albeit with a possibly not-touch-friendly UI. The Librem 5 can even be hooked up to a monitor, keyboard, and mouse, and you can run all these Linux apps with the normal input tools...

Selling a smartphone is a cutthroat business, and we've seen dozens of companies try and fail over the years. Purism didn't just survive long enough to ship a product -- it survived in what is probably the hardest way possible, by building a non-Android phone with demands that all the hardware components use open code. Making it this far is an amazing accomplishment.

Matthew Garrett is a security developer at Google and a Linux contributor who in 2014 won the Free Software Foundation's annual "Advancement of Free Software" award. But now he's asking if we need to re-think what free software is: If users can pay Amazon to provide a hosted version of a piece of software, there's little incentive for them to pay the authors of that software. This has led to various projects adopting license terms such as the Commons Clause that effectively make it nonviable to provide such a service, forcing providers to pay for a commercial use license instead. In general the entities pushing for these licenses are VC backed companies who are themselves benefiting from free software written by volunteers that they give nothing back to, so I have very little sympathy. But it does raise a larger issue -- how do we ensure that production of free software isn't just a mechanism for the transformation of unpaid labour into corporate profit...?

At the same time, people are spending more time considering some of the other ethical outcomes of free software. Copyleft ensures that you can share your code with your neighbour without your neighbour being able to deny the same freedom to others, but it does nothing to prevent your neighbour using your code to deny other fundamental, non-software, freedoms. As governments make more and more use of technology to perform acts of mass surveillance, detention, and even genocide, software authors may feel legitimately appalled at the idea that they are helping enable this by allowing their software to be used for any purpose. The JSON license includes a requirement that "The Software shall be used for Good, not Evil", but the lack of any meaningful clarity around what "Good" and "Evil" actually mean makes it hard to determine whether it achieved its aims.

As stewards of the free software definition, the Free Software Foundation should be taking the lead in ensuring that these issues are discussed. The priority of the board right now should be to restructure itself to ensure that it can legitimately claim to represent the community and play the leadership role it's been failing to in recent years, otherwise the opportunity will be lost and much of the activist energy that underpins free software will be spent elsewhere. If free software is going to maintain relevance, it needs to continue to explain how it interacts with contemporary social issues. If any organisation is going to claim to lead the community, it needs to be doing that.

It's been five years since the release of CentOS 7, but Indy1 (Slashdot reader #99,447) reminded us that CentOS 8 finally arrived this week -- along with a big new plan for rolling releases.

It Pro Today points out that CentOS already runs on about 16% of all servers, "a number that's only bested by Ubuntu with an estimated 28%," and says that this move "points to CentOS taking a more important role within Red Hat [and] indicates a sea change not only for CentOS, but for the Red Hat Enterprise Linux (RHEL) development pipeline." According to Karanbir Singh, CentOS project lead and Red Hat engineer, Stream will contain the code under development for the next minor RHEL release, which will allow the developer community to discuss, suggest, and contribute features and fixes into RHEL more quickly. "To do this, Red Hat Engineering is planning to move parts of RHEL development into the CentOS Project in order to collaborate with everyone on updates to RHEL," he said.

This would seem to mean that not only will CentOS remain under Red Hat's care and protection, but that CentOS will play a more important role within Red Hat going forward.