In June GitHub announced they'd retire their customizable text editor Atom on December 15th — so they could focus their development efforts on the IDEs Microsoft Visual Studio Code and GitHub Codespaces. "As new cloud-based tools have emerged and evolved over the years, Atom community involvement has declined significantly," according to a post on GitHub's blog.

So while "GitHub and our community have benefited tremendously from those who have filed issues, created extensions, fixed bugs, and built new features on Atom," this now means that:

- Atom package management will stop working
- No more security updates
- Teletype will no longer work
- Deprecated redirects that supported downloading Electron symbols and headers will no longer work
- Pre-built Atom binaries can continue to be downloaded from the atom repository releases

Fortunately, in 2014 GitHub open sourced the code for Atom. And according to It's FOSS News: A community build for it is already available; however, there seems to be a new version (Pulsar) that aims to bring feature parity with the original Atom and introduce modern features and updated architecture....

The reason why they made a separate fork is because of different goals for the projects. Pulsar wants to modernize everything to present a successor to Atom. Of course, the user interface is much of the same. Considering Pulsar hasn't had a stable release yet, the branding could sometimes seem all over the place. However, the essentials seem to be there with the documentation, packages, and features like the ability to install packages from Git repositories....

As of now, it is too soon to say if Pulsar will become something better than what the Atom community version offers. However, it is something that we can keep an eye on.... You can head to its official download page to get the package required for your system and test it out.
Like Atom, Pulsar is cross-platform support (supporting Linux, macOS, and Windows).

The Linux Foundation "sponsors the work of Linux creator Linus Torvalds and lead maintainer Greg Kroah-Hartman," according to its page on Wikipedia. And now the Linux Foundation "is pleased to announce the launch of the Overture Maps Foundation," according to their December newsletter.

It's a collaborative effort "to enable current and next-generation map products by creating reliable, easy-to-use, and interoperable open map data as a shared asset that can strengthen mapping services worldwide." The initiative was founded by Amazon Web Services (AWS), Meta, Microsoft, and TomTom and is open to all communities with a common interest in building open map data. To get involved, please visit overturemaps.org.
And they're also announcing plans to form the Open Metaverse Foundation: In October, we brought top experts from diverse sectors together with leaders from many of the projects across the Linux Foundation to discuss what it will take to transform the emerging concept of the Metaverse from promise to reality.... As the next step in this amazing journey, we welcome the Open Metaverse Foundation (OMF) into the Linux Foundation as another piece of the puzzle. With your help, we can realize the promise of the open Metaverse. Learn more about what's next, join us, and get involved at openmv.org.
The Foundation has also published three new research papers:

• The 2022 State of Open Source in Financial Services

• WebAssembly (Wasm) for Legal Professionals

• Data and Storage Trends 2022.

The newsletter also points out that through Tuesday the foundation is offering 35% off any of their training courses, certifications, bundles or bootcamps.

An anonymous reader quotes a report from Ars Technica: Pine64, makers of ARM-based, tinker-friendly gadgets, is making the PineTab 2, a sequel to its Linux-powered tablet that mostly got swallowed up by the pandemic and its dire global manufacturing shortages. The PineTab 2, as described in Pine64's "December Update," is based around the RK3566, made by RockChip. Pine64 based its Quartz64 single-board system on the system-on-a-chip (SoC), and has all but gushed about it across several blog posts. It's "a dream-of-a-SoC," writes Community Director Lukasz Erecinski, a "modern mid-range quad-core Cortex-A55 processor that integrates a Mali-G52 MP2 GPU. And it should be ideal for space-constrained devices: it runs cool, has a variety of I/O options, solid price-to-performance ratio, and "is genuinely future-proof."

The PineTab 2 is a complete redesign, Erecinski claims. It has a metal chassis that "is very sturdy while also being easy to disassemble for upgrades, maintenance, and repair." The tablet comes apart with snap-in tabs, and Pine64 will offer replacement parts. The insides are modular, too, with the eMMC storage, camera, daughter-board, battery, and keyboard connector all removable "in under 5 minutes." The 10.1-inch IPS display, with "modern and reasonably thin bezels," should also be replaceable, albeit with more work. On that easily opened chassis are two USB-C ports, one for USB 3.0 I/O and one for charging (or USB 2.0 if you want). There's a dedicated micro-HDMI port, and a front-facing 2-megapixel camera and rear-facing 5-megapixel (not the kind of all-in-one media production machine Apple advertises, this tablet), a microSD slot, and a headphone jack. While a PCIe system is exposed inside the PineTab, most NVMe SSDs will not fit, according to Pine64. All of this is subject to change before final production, however.

As with the original PineTab, this model comes with a detachable, backlit keyboard cover, included by default. That makes supporting a desktop OS for the device far more viable, Erecinski writes. The firmware chipset is the same as in the PineBook Pro, which should help with that. No default OS has been decided as of yet, according to Pine64. The tablet should ship with two memory/storage variants, 4GB/64GB and 8GB/128GB. It's due to ship "sometime after the Chinese New Year" (January 22 to February 5), though there's no firm date. No price was announced, but "it will be affordable regardless of which version you'll settle on." A video version of the "December Update" can be found on YouTube.

The Z-Wave Alliance, the Standards Development Organization (SDO) dedicated to advancing the smart home and Z-Wave technology, today announced the completion of the Z-Wave Source Code project, which has been published and made available on GitHub to Alliance members. From a report: The Z-Wave Source Code Project opens development of Z-Wave and enables members to contribute code to shape the future of the protocol under the supervision of the new OS Work Group (OSWG). The goal of the project is to provide a rich development environment that contains the relevant source code and sample applications to those seeking to play a direct role in the advancement of the Z-Wave standard. The quality and interoperability of products utilizing Z-Wave Source Code will also be enforced by a new mandatory Silicon & Stack Certification program. Full Z-Wave certification will continue to test and certify for Z-Wave S2 security, network connectivity, range, battery life, and interoperability including backwards and forwards compatibility.

"The Z-Wave Alliance is deeply committed to the global smart home market," said Mitch Klein, Executive Director of the Z-Wave Alliance. "This year the smart home conversations have focused largely on Matter. Shiny and new, and with big brands supporting the initiative, Matter is bringing a lot of attention to the smart home. This makes it easy to overlook Z-Wave as the most established, trusted, and secure smart home protocol, that also happens to have the largest certified interoperable ecosystem in the market. We firmly expect that Z-Wave will play a key role in connecting devices and delivering the experience users really want."

Amazon and Amazon Web Services (AWS) have joined the Open Invention Network (OIN) -- the world's largest patent non-aggression consortium. ZDNet reports: OIN has long protected Linux and Linux-related software from patent aggression by rival companies. With the recent increase in patent troll attacks, the OIN is also defending companies from these assaults. This is a natural move for Amazon. Besides relying on Linux and open-source software both for its retail and cloud businesses, Amazon has a strict policy against patent infringement, and users who engage in this behavior can have their listings removed or accounts deleted. Nevertheless, like all large companies, Amazon has also been sued for patent violations. Joining the OIN simply makes good business sense. Nithya Ruff, the Amazon Open Source Program Office director, added: "Linux and open source are essential to many of our customers and a key driver of innovation across Amazon. We are proud to support a broad range of open-source projects, foundations, and partners, and we are committed to the long-term success and sustainability of open source as a whole. By joining OIN, we are continuing to strengthen open source communities and helping to ensure technologies like Linux remain thriving and accessible to everyone."

An anonymous reader quotes a report from TorrentFreak: The Blender Institute develops Blender, a free and open source 3D graphics tool used to create animated films. Sintel and Big Buck Bunny are among Blender's most recognizable titles and due to Creative Commons licensing (CC BY), they are widely shared, used, remixed and reshared. According to original Blender creator Ton Roosendaal, "Open licenses are essential for sharing our films and their source material." Right now, a company is claiming that Blender's free content is actually their content and as a result, must be immediately removed from the internet. We're talking about content that was created with Blender's explicit blessing but even after multiple appeals, not even YouTube will see reason.

Bruno Fernandez-Ruiz is the co-founder and CTO at AI-focused driver safety company, Nexar. On Sunday he informed TorrentFreak that he's also an independent film composer and producer, working with music production libraries, and distributing to the main music platforms. TorrentFreak contacted Bruno after noticing a post he made on a music production forum. He wrote that after uploading a video containing a clip from the Blender movie Caminandes 3 -- Llamigos, YouTube notified him that a rightsholder had filed a copyright complaint, his video had been taken down, and a copyright strike had been issued to his account. The complaint, sent by Uzbekistan-based media/news company ZO'R TV, was not the result of automatic matching under Content ID. It was filed as a formal DMCA notice, meaning that someone probably reviewed the details before sending the complaint. The notice claimed that Bruno had infringed ZO'R TV's copyrights by reproducing content (6:21 to 8:26) from this YouTube video published in 2018.

Since the content in question is obviously from Blender's film Caminandes 3, ZO'R TV was in no position to issue a DMCA notice. On that basis, Bruno followed the recognized procedure by sending a DMCA counternotice to YouTube. It didn't go well. After filing his counternotice with YouTube, Bruno was informed that since he'd provided insufficient information, YouTube could not process it. However, YouTube did inform Bruno of the risks of filing a counternotice, including that his name could be sent to the claimant, ZO'R TV in this case. Determined to have his video restored, Bruno accepted the risks and sent another counternotice to YouTube. This time there was no indication that the counternotice was deficient. YouTube thanked him for filing it -- but still declined to process it. YouTube's email advised Bruno that counternotices should only be filed in case of a mistake or misidentification. Consulting with a lawyer first might be helpful, YouTube added. After three attempts to restore the video and have the copyright strike removed, YouTube responded once again. The message contained yet more disappointment for Bruno. "Based on the information that you have provided, it appears that you do not have the necessary rights to post the content on YouTube. Therefore, we regretfully cannot honor your request," it advised. This signaled the end of the debate as far as YouTube was concerned and by rejecting Bruno's right to send a counternotice, the platform denied him an opportunity to have the video restored, stand up for Blender's rights, and get the strike removed. After notifying Blender of the situation, Blender developed Ton Roosendaal replied, saying the company has "no staff here available to go after situations like this" but suggested they could "escalate it to the Creative Commons organization."

"After all, it's their mission," he added.

For the last thirteen years the Free Software Foundation has published its Ethical Tech Giving Guide, notes a recent FSF blog post. "The right to determine what a device you've purchased does or doesn't do is something too valuable to lose."

Or, as they put it in the guide: It's time to reclaim our freedom from the abuse of multinational corporations, who use proprietary software and malicious "antifeatures" to keep us powerless, dependent, and surveilled by the devices that we use. There's no time at which it's more important to turn these unfortunate facts into positive action than the holiday season.

The gifts that we recommend here might not be making headlines, but they're the rare exception to the apparent rule that devices should mistreat their users.
For technical users, the guide recommends pairing the FSF-sponsored Replicant, a fully-free distribution of Android, with the F-Droid app repository, which has hundreds of applications including Syncthing, Tor, Minetest, and Termux.

They also praise the X200 laptop, "one of the few home user devices that's able to run fully free software from top to bottom." With easy-to-repair hardware, it's the laptop most frequently used in the FSF's own office — just one of several freedom-respecting devices from Vikings. And there's shout-outs to MNT's Reform laptop, products from PINE64 and Purism, plus a freedom-respecting VPN, and a mini wifi adapter .

The guide even recommends places to buy DRM-free ebooks, including No Starch Press, Smashwords, Leanpub, Standard Ebooks, Nantucket E-Books, Libreture (which also offers a storage solution). Meanwhile for print books, there's the Gnu Press Shop

And it also recommends sources for DRM-free music (including Bandcamp, Emusic, the Smithsonian Institute's Folkways, the classic punk label Dischord, HDTracks, and Mutopia).

And it also tells you where to find free (as in freedom) films...

Kite, a start-up that has been developing artificial intelligence technology to help developers write code for nearly a decade, is saying farewell and open-sourcing its code. Silicon Republic reports: Based in San Francisco, Kite was founded in 2014 as an early pioneer in the emerging field of AI that assists software developers in writing code -- an 'autocomplete' for programming of sorts. But now, after eight years of pursuing its vision to be a leader in AI-assisted programming, founder Adam Smith announced on the company website that the business is now wrapping up. According to him, even state-of-the-art machine learning models today don't understand the structure of code -- and too few developers are willing to pay for available services. "We failed to deliver our vision of AI-assisted programming because we were 10-plus years too early to market, ie, the tech is not ready yet," Smith explained. "You can see this in GitHub Copilot, which is built by GitHub in collaboration with OpenAI. As of late 2022, Copilot shows a lot of promise but still has a long way to go."

Copilot was first revealed in June 2021 as an AI assistant for programmers that essentially does for coding what predictive text does for writing emails. Developed in collaboration with OpenAI, GitHub had kept Copilot in technical preview until this summer, during which time it had been used by more than 1.2m developers. The AI was made available to all developers in June, at a cost of $10 a month or $100 a year. However, Smith said that the inadequacy of machine learning models in understanding the structure of code, such as non-local context, has been an insurmountable challenge for the Kite team. "We made some progress towards better models for code, but the problem is very engineering intensive. It may cost over $100m to build a production-quality tool capable of synthesizing code reliably, and nobody has tried that quite yet."

While the business could have still been successful without necessarily increasing developer productivity by 10 times using AI, Smith said he thinks that Kite's delay and unsuccessful attempt at monetizing the service prevented the start-up from taking flight. "We sequenced building our business in the following order: First we built our team, then the product, then distribution and then monetization," he explained, adding that Kite did not reach product-market fit until 2019, five years after starting the company. Despite the time taken to get to the market, Smith said Kite was able to capture 500,000 monthly active developers using its AI with "almost zero marketing spend." But the product failed to generate revenue because the developers refused to pay for it. Smith says most of their code has been open sourced on GitHub, including their "data-driven Python type inference engine, Python public-package analyzer, desktop software, editor integrations, GitHub crawler and analyzer, and more more."

Michael Larabel, reporting for Phoronix: This summer AMD announced the Radeon Raytracing Analyzer "RRA" as part of their developer software suite for helping to profile ray-tracing performance/issues on Windows and Linux with both Direct3D 12 and the Vulkan API. Initially the RRA 1.0 release was binary-only but now AMD has made good on their "GPUOpen" approach and made it open-source.

As noted back in my original article from July on the Radeon Raytracing Analyzer release: "Radeon Raytracing Analyzer is hosted on GitHub but the only content in the actual Git repository right now is documentation, so it would appear that at least initially this is a closed-source package though some documentation also says it's MIT licensed."

Last week that was cleared up with the Radeon Raytracing Analyzer source code going public. There are build instructions for compiling the RRA 1.0 sources on both Microsoft Windows and Linux while the Linux instructions are tailoring to Ubuntu use. Building the Radeon Raytracing Analyzer depends upon the Qt 5.15 toolkit.

He's been a contributing editor at the Linux foundation's Linux.com, a contributor to Linux Journal, and a blogger for Linux Pro magazine. Now Bruce Byfield has teamed with the lead editor for the Open Office authors volunteer group (who was also co-lead on Open Office's documentation project) to co-author a second edition of Byfield's book Designing with LibreOffice.

From the official announcement: The book is available as an .ODT or .PDF file under the Creative Commons Attribution/Sharealike License version 4.0 or later from https://designingwithlibreoffice.com. ["Under this license, you can share or copy the book, or even add to it," explains the book's site, "so long as you mention the writer's name and release your changes under the same license."]

The first edition was published in 2016, and was downloaded over thirty-five thousand times. Michael Meeks, one of the co-founders of LibreOffice, described the first edition as "an outstanding contribution to help people bring the full power of LibreOffice into their document...."

The second edition updates the original, removing outdated information and adding updated screenshots and new information about topics such as Harfbuzz font shaping codes, export to EPUB formats for ereaders, the Zotero extension for bibliographies, and Angry Reviewer, a Grammarly-like extension for editing diction.

In the future, the writers plan to release other editions as necessary to keep Designing with LibreOffice current.
Thanks to long-time Slashdot reader nanday for sharing the news.

The creator of the Linux/macOS package manager Homebrew has a new package manager named Tea. But according to Stack Overflow's podcast, the software also "aims to solve the problem of providing funding for popular open source projects." While he is not a crypto bull, Max was inspired with a solution for the open source funding dilemma by his efforts to buy and sell an NFT. A contract written in code and shared in public enforced a rule sending a portion of his proceeds to the digital objects original creator. What if the same funding mechanism could be applied to open source projects? In March of 2022, Max and his co-founder launched Tea, a sort of spirtual successor to Homebrew. It has a lot of new features Max wanted in a package manager, plus a blockchain based approach to ensuring that creators, maintainers, and contributors of open source software can all get paid for their efforts.

You can read Max's launch post on Tea here and yes, of course there is a white paper.
The paper describes the proposed solution as "a decentralized system for fairly remunerating open-source developers based on their contributions to the entire ecosystem and enacted through the tea incentive algorithm applied across all entries in the tea registry." And the launch post calls tea "our revolution against a failing system," arguing "We're taking our knowledge of how to make development more efficient and throwing innovations nobody has ever really considered before.

"Package managers haven't been sexy. Until now. Most importantly, we're moving the package registry on-chain (relax, we'll use a low-energy proof of stake chain). This has numerous benefits due to the inherent benefits of blockchain technology." For starters, decentralized storage will make the packages always-available and immutable, signed by maintainers themselves. But there's more: web3 has enabled novel new ways to distribute value, and with our system people who care about the health of the open source ecosystem buy some token and stake it. Periodically, we reward this staking because it is securing our token network. We give a portion of these rewards to the staker and a portion to packages of their choice along with all the dependencies of those packages.

Note that no portion goes to us. We're not like the other app stores.... tea is the home to a DAO that will ensure the open source maintainers that keep the Internet running are rewarded as they deserve.
An introduction to the white paper adds that in the spirit of the open source movement, "we're inviting developers, speculators, and enthusiasts alike to contribute to our white paper and help brew the future of the internet. This is our revolutionary undertaking to create equitable openâsource for web3, and we want you to be a part of laying its groundwork."

Thanks to guest reader for submitting the story.

An anonymous reader quotes a report from ZDNet: For years, 5G wasn't able to deliver on its high-speed, low-latency promises. Things have changed. Today, 5G is finally delivering on its performance promises. A big reason for that, proclaimed Arpit Joshipura, the Linux Foundation's general manager of Networking, Edge, and IoT at ONE Summit North America, a networking trade show, is 5G's open-source networking foundation. Joshipura said, "The industry has surpassed the tipping point when it comes to leveraging open source for enabling digital transformation. Leading organizations are using our projects' code -- which continues to evolve and mature -- in real-world deployments to scale."

How big a tipping point? According to Joshipura, 5G deployment is now over 50%. And according to some analysts, by 2030, 5G will reach $7 trillion -- that's trillion, not billion -- in economic value. Behind all this, Joshipura said, "is a radical shift toward open networks and frameworks. This continues irrespective of economic and political headwinds. Indeed, open source is probably the only area that hasn't been impacted because of its ability to cross borders and boundaries to do what needs doing." The Linux Foundation is working on an End-to-End, 5G Super Blueprint to bring together a wide variety of open-source networking programs and projects.

"While still a work in progress, it maps out a way to bring together multiple open-source and cloud-native projects into a relatively simple 5G deployment map," adds ZDNet. "It's designed so that any telecom can put together a high-bandwidth, low-latency, scalable, and cost-effective digital networking infrastructure all the way from end-user devices to the edge to cloud applications."

The Linux Foundation Europe (LF Europe) -- the recently launched European offshoot of the open source Linux Foundation -- today announced the launch of Project Sylva, which aims to create an open source telco cloud framework for European telcos and vendors. TechCrunch: This is the first project hosted by LF Europe and is a good example of what the organization is trying to achieve. The project aims to create a production-grade open source telco cloud stack and a common framework and reference implementation to "reduce fragmentation of the cloud infrastructure layer for telecommunication and edge services." Currently, five carriers (Telefonica, Telecom Italia, Orange, Vodafone and Deutsche Telekom) and two vendors (Ericsson and Nokia) are working on the project.

"There's a whole bunch of Linux Foundation networking projects already that have taken telecommunications into the open source era," Arpit Joshipura, the general manager for Networking, Edge and IoT at the Linux Foundation, told me. "All those projects are under what is called the [LF] Networking foundation. [â¦] So whatever that work is that is done by the telcos, Sylva is going to leverage and build on top of it with these European vendors to solve EU specific requirements. Those are security, energy, federated computing, edge and data trust." At the core of Sylva is a framework for a compute platform that can be agnostic to whether a workload is running on the telco access network, edge or in the core. The project aims to build a reference implementation, leveraging all of the work already being done by LF Networking, the Cloud Native Computing Foundation (the home of Kubernetes and other cloud-native infrastructure projects), LF Energy and others.

Linux magazine explores how to breath fresh life into old Android devices: Every mobile device needs its own Android build because of numerous drivers that are not available in the source code. The need to maintain every version of Android for every mobile device means that many manufacturers eventually stop supporting updates. Often, smartphones or tablets that still work perfectly can no longer be used without worry because the manufacturer has simply ceased to offer bug fixes and security updates....

The LineageOS project, the successor to the CyanogenMod project, which was discontinued in 2016, proves that it is not impossible to keep these devices up-to-date. Unpaid volunteers at LineageOS do the work that many manufacturers do not want to do: They combine current Android releases with the required device-specific drivers.

The LineageOS project (Figure 1) provides Android systems with a fresh patch status every month for around 300 devices. The builds are released weekly, unless there is a problem during the build. The Devices page on the LineageOS Wiki provides the details of whether a LineageOS build is available for your smartphone or tablet....

I recommend the LineageOS project as the first port of call for anyone who wants to protect an older smartphone or tablet that is no longer maintained and doesn't receive Google security patches. The LineageOS derivatives LineageOS for MicroG and /e/OS make it even easier to enjoy a Google-free smartphone without too many restrictions.
The article also describes how to use TWRP to flash a manufacturer-independent recovery system (while also creating a restoreable backup of the existing system) as an alternative to LineageOS's own recovery tools.

And it even explains how to unlock the bootloader — although there may be other locks set up separately by the manufacturer. "Some manufacturers require you to register the device to unlock it, and then — after telling you that the warranty is now void — they hand over a code. Others refuse to unlock the device altogether."

Thanks to Slashdot reader DevNull127 for submitting the article.

"Microsoft's GitHub Copilot is being sued in a class action lawsuit that claims the AI product is committing software piracy on an unprecedented scale," reports IT Pro.

Programmer/designer Matthew Butterick filed the case Thursday in San Francisco, saying it was on behalf of millions of GitHub users potentially affected by the $10-a-month Copilot service: The lawsuit seeks to challenge the legality of GitHub Copilot, as well as OpenAI Codex which powers the AI tool, and has been filed against GitHub, its owner Microsoft, and OpenAI.... "By training their AI systems on public GitHub repositories (though based on their public statements, possibly much more), we contend that the defendants have violated the legal rights of a vast number of creators who posted code or other work under certain open-source licences on GitHub," said Butterick.

These licences include a set of 11 popular open source licences that all require attribution of the author's name and copyright. This includes the MIT licence, the GNU General Public Licence, and the Apache licence. The case claimed that Copilot violates and removes these licences offered by thousands, possibly millions, of software developers, and is therefore committing software piracy on an unprecedented scale.

Copilot, which is entirely run on Microsoft Azure, often simply reproduces code that can be traced back to open-source repositories or licensees, according to the lawsuit. The code never contains attributions to the underlying authors, which is in violation of the licences. "It is not fair, permitted, or justified. On the contrary, Copilot's goal is to replace a huge swath of open source by taking it and keeping it inside a GitHub-controlled paywall...." Moreover, the case stated that the defendants have also violated GitHub's own terms of service and privacy policies, the DMCA code 1202 which forbids the removal of copyright-management information, and the California Consumer Privacy Act.
The lawsuit also accuses GitHub of monetizing code from open source programmers, "despite GitHub's pledge never to do so."

And Butterick argued to IT Pro that "AI systems are not exempt from the law... If companies like Microsoft, GitHub, and OpenAI choose to disregard the law, they should not expect that we the public will sit still." Butterick believes AI can only elevate humanity if it's "fair and ethical for everyone. If it's not... it will just become another way for the privileged few to profit from the work of the many."

Reached for comment, GitHub pointed IT Pro to their announcement Monday that next year, suggested code fragments will come with the ability to identify when it matches other publicly-available code — or code that it's similar to.

The article adds that this lawsuit "comes at a time when Microsoft is looking at developing Copilot technology for use in similar programmes for other job categories, like office work, cyber security, or video game design, according to a Bloomberg report."

According to The Record, New Hampshire will pilot a new kind of voting machine that will use open-source software to tally the votes. The Record reports: The software that runs voting machines is typically distributed in a kind of black box -- like a car with its hood sealed shut. Because the election industry in the U.S. is dominated by three companies -- Dominion, Election Systems & Software and Hart InterCivic -- the software that runs their machines is private. The companies consider it their intellectual property and that has given rise to a roster of unfounded conspiracy theories about elections and their fairness. New Hampshire's experiment with open-source software is meant to address exactly that. The software by its very design allows you to pop the hood, modify the code, make suggestions for how to make it better, and work with other people to make it run more smoothly. The thinking is, if voting machines run on software anyone can audit and run, it is less likely to give rise to allegations of vote rigging.

The effort to make voting machines more transparent is the work of a group called VotingWorks. [...] On November 8, VotingWorks machines will be used in a real election in real time. New Hampshire is the second state to use the open-source machines after Mississippi first did so in 2019. Some 3,000 voters will run their paper ballots through the new machines, and then, to ensure nothing went awry, those same votes will be hand counted in a public session in Concord, N.H. Anyone who cares to will be able to see if the new machines recorded the votes correctly. The idea is to make clear there is nothing to hide. If someone is worried that a voting machine is programmed to flip a vote to their opponent, they can simply hire a computer expert to examine it and see, in real time.

The Godot Engine now has its own foundation to continue funding themselves. Previously, they teamed up with the Software Freedom Conservancy to handle fiscal sponsorship duties. Phoronix reports: The Godot engine developers and Software Freedom Conservancy mutually agreed to move the open-source game engine project to its own foundation. The Godot Foundation has been setup in the Netherlands as its own organization modeled after the policies of the SFC. The Godot Foundation is to help this game engine achieve its next level of growth and project a stronger image for the project. "We have just started the process of moving to the Foundation," writes Godot Engine lead developer, Juan Linietsky, in a blog post. "For now all of Godot's funding and contractors are still managed by the SFC. The SFC will gradually reduce its work for Godot and the new foundation will slowly ramp up. Stay tuned for announcements in the future as we finalize the Foundation's organizational structure and officially begin operations."

More details can be found via the Godot Engine blog.

An anonymous reader quotes a report from TechCrunch: As part of its larger commitment to combat "cyberflashing," the dating app Bumble is open sourcing its AI tool that detects unsolicited lewd images. First debuted in 2019, Private Detector (let's take a moment to let that name sink in) blurs out nudes that are sent through the Bumble app, giving the user on the receiving end the choice of whether to open the image. "Even though the number of users sending lewd images on our apps is luckily a negligible minority -- just 0.1% -- our scale allows us to collect a best-in-the-industry dataset of both lewd and non-lewd images, tailored to achieve the best possible performances on the task," the company wrote in a press release.

Now available on GitHub, a refined version of the AI is available for commercial use, distribution and modification. Though it's not exactly cutting-edge technology to develop a model that detects nude images, it's something that smaller companies probably don't have the time to develop themselves. So, other dating apps (or any product where people might send dick pics, AKA the entire internet?) could feasibly integrate this technology into their own products, helping shield users from undesired lewd content. When Bumble first introduced this AI, the company claimed it had 98% accuracy. "There's a need to address this issue beyond Bumble's product ecosystem and engage in a larger conversation about how to address the issue of unsolicited lewd photos -- also known as cyberflashing -- to make the internet a safer and kinder place for everyone," Bumble added.

First released in 1998, the BSD-licensed software Zeek (originally named "Bro") is about to get more widely adopted, writes long-time Slashdot reader skinfaxi: Zeek, the open source network security monitoring platform, is being integrated into Windows and "is now deployed on more than one billion global endpoints," according to an announcement from Corelight.
From Corelight's press release: Corelight, the leader in open network detection and response, today announced the integration of Zeek, the world's most popular open source network security monitoring platform, as a component of Microsoft Windows and Defender for Endpoint. The integration will help security teams respond to the most challenging attacks by providing "richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities."

Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory, Zeek transforms network traffic into compact and high-fidelity logs, file content, and behavioral analytics to accelerate security operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy's Office of Science. As adoption increased, Corelight was founded to provide a financial model and corporate sponsor for the project....

"Microsoft is strongly committed to supporting open source projects and ecosystems," said Rob Lefferts, corporate vice president for Microsoft. "We're proud to be working with Zeek and are thrilled to bring this level of network intelligence and monitoring to our customers."

"This is an amazing development for Zeek and its community of contributors and users," said Paxson. "I never imagined that the tool I developed for network monitoring would find broader application in defending endpoints — but that's part of the creative magic of open source development.

"We are grateful for Microsoft's contributions and support, and we are excited that the project's impact, and that of the community of contributors, will increase so dramatically."

Google unveiled a new open source security project on Thursday centered around software supply chain management. The Record reports: Given the acronym GUAC -- which stands for Graph for Understanding Artifact Composition -- the project is focused on creating sets of data about a software's build, security and dependency. Google worked with Purdue University, Citibank and supply chain security company Kusari on GUAC, a free tool built to bring together many different sources of software security metadata. Google has also assembled a group of technical advisory members to help with the project -- including IBM, Intel, Anchore and more.

Google's Brandon Lum, Mihai Maruseac, Isaac Hepworth pitched the effort as one way to help address the explosion in software supply chain attacks -- most notably the widespread Log4j vulnerability that is still leaving organizations across the world exposed to attacks. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," they wrote in a blog post. "GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding."

Google shared a proof of concept of the project, which allows users to search data sets of software metadata. The three explained that GUAC effectively aggregates software security metadata into a database and makes it searchable. They used the example of a CISO or compliance officer that needs to understand the "blast radius" of a vulnerability. GUAC would allow them to "trace the relationship between a component and everything else in the portfolio." Google says the tool will allow anyone to figure out the most used critical components in their software supply chain ecosystem, the security weak points and any risky dependencies. As the project evolves, Maruseac, Lum and Hepworth said the next part of the work will center around scaling the project and adding new kinds of documents that can be submitted and ingested by the system.