Devin Ulibarri, the Free Software Foundation's outreach and communications coordinator, writes up an event he describes as meeting with some old and new friends: On Sunday, October 1, the Free Software Foundation (FSF) hosted a hackday to celebrate the fortieth anniversary of the GNU Project. Folks came from both near and far to join in the festivities at FSF headquarters, Boston, MA... Sadi moma bela loza, the Bulgarian melody from which The Free Software Song is set, could be heard faintly playing in a nearby room, its distinctive odd-metered tune performed by a fully-liberated X200...

All in all, the event succeeded in our goal of welcoming both long-time members as well as introducing new people to free software and our cause. A few college students from local universities, for example, were able to ask questions seeking to better understand free software licenses and GNU Project history. We received multiple requests from attendees to host similar events again in the near future. And one parent, whose son played NetHack at the event, reported that, the following morning, his son asked to go to the FSF office after school to play it again. When playing he mastered the "vi" movement keys immediately. We hope they serve him well...!

Happy hacking and please stay tuned for more FSF-hosted events, including LibrePlanet 2024!

Thursday ZDNet reported... As security holes go, CVE-2023-4911, aka "Looney Tunables," isn't horrid. It has a Common Vulnerability Scoring System score of 7.8, which is ranked as important, not critical.

On the other hand, this GNU C Library's (glibc) dynamic loader vulnerability is a buffer overflow, which is always big trouble, and it's in pretty much all Linux distributions, so it's more than bad enough. After all, its discoverers, the Qualys Threat Research Unit, were able to exploit "this vulnerability (a local privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13." Other distributions are almost certainly vulnerable to attack. The one major exception is the highly secure Alpine Linux. Thanks to this vulnerability, it's trivial to take over most Linux systems as a root user. As the researchers noted, this exploitation method "works against almost all of the SUID-root programs that are installed by default on Linux...."

The good news is that Red Hat, Ubuntu, Debian, and Gentoo have all released their own updates. In addition, the upstream glibc code has been patched with the fix. If you can't patch it, Red Hat has a script that should work on most Linux systems to mitigate the problem by setting your system to terminate any setuid program invoked with GLIBC_TUNABLES in the environment.

Wednesday the Free Software Foundation celebrated "the 40th anniversary of the GNU operating system and the launch of the free software movement," with an announcement calling it "a turning point in the history of computing.

"Forty years later, GNU and free software are even more relevant. While software has become deeply ingrained into everyday life, the vast majority of users do not have full control over it... " On September 27, 1983, a computer scientist named Richard Stallman announced the plan to develop a free software Unix-like operating system called GNU, for "GNU's not Unix." GNU is the only operating system developed specifically for the sake of users' freedom, and has remained true to its founding ideals for forty years. Since 1983, the GNU Project has provided a full, ethical replacement for proprietary operating systems. This is thanks to the forty years of tireless work from volunteer GNU developers around the world.

When describing GNU's history and the background behind its initial announcement, Stallman (often known simply as "RMS") stated, "with a free operating system, we could again have a community of cooperating hackers — and invite anyone to join. And anyone would be able to use a computer without starting out by conspiring to deprive his or her friends."

"When we look back at the history of the free software movement — or the idea that users should be in control of their own computing — it starts with GNU," said Zoë Kooyman, executive director of the FSF, which sponsors GNU's development. "The GNU System isn't just the most widely used operating system that is based on free software. GNU is also at the core of a philosophy that has guided the free software movement for forty years."

Usually combined with the kernel Linux, GNU forms the backbone of the Internet and powers millions of servers, desktops, and embedded computing devices. Aside from its technical advancements, GNU pioneered the concept of "copyleft," the approach to software licensing that requires the same rights to be preserved in derivative works, and is best exemplified by the GNU General Public License (GPL). As Stallman stated, "The goal of GNU was to give users freedom, not just to be popular. So we needed to use distribution terms that would prevent GNU software from being turned into proprietary software. The method we use is called 'copyleft.'"

The free software community has held strong for forty years and continues to grow, as exemplified by the FSF's annual LibrePlanet conference on software freedom and digital ethics.

Kooyman continues, "We hope that the fortieth anniversary will inspire hackers, both old and new, to join GNU in its goal to create, improve, and share free software around the world. Software is controlling our world these days, and GNU is a critique and solution to the status quo that we desperately need in order to not have our technology control us."
"In honor of GNU's fortieth anniversary, its organizational sponsor the FSF is organizing a hackday for families, students, and anyone interested in celebrating GNU's anniversary. It will be held at the FSF's offices in Boston, MA on October 1."

Liam Proven writes via The Register: Steam OS is the Arch-based distro for a handheld Linux games console, and Valve is aggressively pushing Linux's usability and Windows interoperability for the device. Two unusual companies, Valve Software and Igalia, are working together to improve the Linux-based OS of the Steam Deck handheld games console. The device runs a Linux distro called Steam OS 3.0, but this is a totally different distro from the original Steam OS it announced a decade ago. Steam OS 1 and 2 were based on Debian, but Steam OS 3 is based on Arch Linux, as Igalia developer Alberto Garcia described in a talk entitled How SteamOS is contributing to the Linux ecosystem.

He explained that although Steam OS is built from some fairly standard components -- the normal filesystem hierarchy, GNU user space, systemd and dbus -- Steam OS has quite a few unique features. It has two distinct user interfaces: by default, it starts with the Steam games launcher, but users can also choose an option called Switch to Desktop, which results in a regular KDE Plasma desktop, with the ability to install anything: a web browser, normal Linux tools, and non-Steam games.

Obviously, though, Steam OS's raison d'etre is to run Steam games, and most of those are Windows games which will never get native Linux versions. Valve's solution is Proton, an open-source tool to run Windows games on Linux. It's formed from a collection of different FOSS packages, notably: [Wine, DXVK, VKD3D-Proton, and GStreamer]. The result is a remarkable degree of compatibility for some of the most demanding Windows apps around [...]. You can view Garcia's 49-page presentation here (PDF).

slack_justyb writes: Richard Stallman revealed his diagnosis of lymphoma at the GNU Hacker's meeting in Biel, Switzerland yesterday. He did not share much about his health condition but did indicate that it is "manageable" and that he expects to be around for many more years ahead.

This week saw the public beta-testing release of "Linux Mint Debian Edition". Besides listing download locations, its release notes also list out the project's three goals:

- Ensure Linux Mint would be able to continue to deliver the same user experience
- See how much work would be involved if Ubuntu was ever to disappear.
- Guarantee the software we develop is compatible outside of Ubuntu.

9to5Linux reports: Based on the Debian GNU/Linux 12 "Bookworm" operating system series, Linux Mint Debian Edition 6 is powered by the long-term supported Linux 6.1 LTS kernel series and features the latest Cinnamon 5.8 desktop environment that was introduced with the Linux Mint 21.2 "Victoria" release in July 2023⦠[T]his release comes with a new look and feel thanks to newly added folder icons with different color variants, improved consistency of tooltips to look the same across different apps and desktops, support for symbolic icons that adapt to their background, and full support for HEIF and AVIF

Free and open software have transformed the tech industry. But we still have a lot to work out to make them healthy, equitable enterprises. From a report: When Xerox donated a new laser printer to MIT in 1980, the company couldn't have known that the machine would ignite a revolution. While the early decades of software development generally ran on a culture of open access, this new printer ran on inaccessible proprietary software, much to the horror of Richard M. Stallman, then a 27-year-old programmer at the university.

A few years later, Stallman released GNU, an operating system designed to be a free alternative to one of the dominant operating systems at the time: Unix. The free-software movement was born, with a simple premise: for the good of the world, all code should be open, without restriction or commercial intervention. Forty years later, tech companies are making billions on proprietary software, and much of the technology around us is inscrutable. But while Stallman's movement may look like a failed experiment, the free and open-source software movement is not only alive and well; it has become a keystone of the tech industry.

Libreboot is a distribution of coreboot "aimed at replacing the proprietary BIOS firmware contained by most computers," according to Wikipedia. It was briefly part of the GNU project, until maintainer Leah Rowe and the GNU project agreed to part ways in 2017.

But here in 2023, the GNU project has created a fork of Libreboot named GNU Boot... The GNU Boot fork "currently does not have a website and does not have any releases of its own," points out Libreboot's Leah Rowe, adding "My intent is to help them, and they are free — encouraged — to re-use my work... " But things have gotten messy, writes Rowe: They forked Libreboot, due to disagreement with Libreboot's Binary Blob Reduction Policy. This is a pragmatic policy, enacted in November 2022, to increase the number of coreboot users by increasing the amount of hardware supported in Libreboot... I wish GNU Boot all the best success. Truly. Although I think their project is entirely misguided (for reasons explained by modern Libreboot policy), I do think there is value in it. It provides continuity for those who wish to use something resembling the old Libreboot project...

When GNU Boot first launched, as a failed hostile fork of Libreboot under the same name, I observed: their code repository was based on Libreboot from late 2022, and their website based on Libreboot in late 2021. Their same-named Libreboot site was announced during LibrePlanet 2023... [N]ow they are calling themselves GNU Boot, and it is indeed GNU, but it still has the same problem as of today: still based on very old Libreboot, and they don't even have a website. According to [the FSF's Savannah software repository], GNU Boot was created on 11 June 2023. Yet no real development, in over a month since then...

I've decided that I want to help them... I decided recently that I'd simply make a release for them, exactly to their specifications (GNU Free System Distribution Guidelines), talking favourably about FSF/GNU, and so on. I'm in a position to do it (thus scratching the itch), so why not? I did this release for them — it's designated non-GeNUine Boot 20230717, and I encourage them to re-use this in their project, to get off the ground. This completely leapfrogs their current development; it's months ahead. Months. It's 8 months ahead, since their current revision is based upon Libreboot from around ~October 2022...

The GNU Boot people actually sent me a cease and desist email, citing trademark infringement. Amazing...

I complied with their polite request and have renamed the project to non-GeNUine Boot. The release archive was re-compiled, under this new brand name and the website was re-written accordingly. Personally, I like the new name better.

Reactions continue to Red Hat's announcement that they'd start limiting access to Red Hat Enterprise Linux sources, reports Ars Technica: Rocky Linux, launched by CentOS co-founder Greg Kurtzer as a replacement RHEL-compatible distro, announced Thursday that it believes Red Hat's moves "violate the spirit and purpose of open source." Using a few different methods (Universal Base Image containers, pay-per-use public cloud instances), Rocky Linux intends to maintain what it considers legitimate access to RHEL code under the GNU General Public License (GPL) and make the code public as soon as it exists.
"These methods are possible because of the power of GPL," explains Rocky Linux's blog post. "No one can prevent redistribution of GPL software. To reiterate, both of these methods enable us to legitimately obtain RHEL binaries and SRPMs without compromising our commitment to open source software or agreeing to TOS or EULA limitations that impede our rights. Our legal advisors have reassured us that we have the right to obtain the source to any binaries we receive, ensuring that we can continue advancing Rocky Linux in line with our original intentions.... [O]ur unwavering dedication and commitment to open source and the Enterprise Linux community remain steadfast."

"In the unfortunate event that Red Hat decides to ramp up efforts to negatively impact the community, Rocky Linux will persist to continue serving the best interests of the entire open source community. As a reminder, we welcome everyone to contribute to our efforts. You can learn more about how you can join us and all of the various ways to contribute on our wiki."

Ars Technica notes that AlmaLinux is "also working to keep providing RHEL-compatible updates and downstream rebuilds." "The process is more labor intensive as we require gathering data and patches from several sources, comparing them, testing them, and then building them for release," wrote Jack Aboutboul, community manager for AlmaLinux, in a blog post. "But rest assured, updates will continue flowing just as they have been."

The Software Freedom Conservancy's Bradley M. Kuhn weighed in last week with a comprehensive overview of RHEL's business model and its tricky relationship with GPL compliance. Red Hat's business model "skirts" GPL violation but had only twice previously violated the GPL in newsworthy ways, Kuhn wrote. Withholding Complete Corresponding Source (CCS) from the open web doesn't violate the GPL itself, but by doing so, Red Hat makes it more difficult for anyone to verify the company's GPL compliance.

Kuhn expressed sadness that "this long road has led the FOSS community to such a disappointing place."
Red Hat argued that they "do not find value in a RHEL rebuild." Rocky Linux dismissed this view as "narrow-minded," and RHEL-derived AlmaLinux even responded with specific examples, also noting its contributions to the RHEL and CentOS communities. AlmaLinux's community manager wrote "When executed properly, downstream rebuilds provide tremendous value and are a tremendous asset to upstream projects."

And ITWire shares one more reaction: German open source vendor SUSE says it will not be making any changes to its policies on source code access, emphasising "that the freedom to access, modify, and distribute software should remain open to all".

GCC is the GNU project's free and open-source cross-platform compiler collection. Now an anonymous reader shared this announcement from the mailing list for GCC: The GCC Steering Committee has decided to adopt a Code of Conduct for interactions in GCC project spaces, including mailing lists, bugzilla, and IRC.

The vast majority of the time, the GCC community is a very civil, cooperative space. On the rare occasions that it isn't, it's helpful to have something to point to to remind people of our expectations. It's also good for newcomers to have something to refer to, for both how they are expected to conduct themselves and how they can expect to be treated...

At this time the CoC is preliminary: the code itself should be considered active, but the CoC committee (and so the reporting and response procedures) are not yet in place.
There's also an official FAQ, and GCC's Code of Conduct begins with this introduction. "Like the free software community as a whole, the GCC community is made up of a mixture of professionals and volunteers from all over the world, working on every aspect of the project — including mentorship, teaching, and connecting people."

Where this leads to issues and unhappiness, "we have a few ground rules that we ask people to adhere to... [T]ake it in the spirit in which it's intended — a guide to make it easier to enrich all of us, the project, and the broader communities in which we participate."

America's Federal Trade Commission is soliciting public comments on the business practices of cloud computing providers, trying to understand security risks and competitive dynamics. (Questions include "To what extent are particular segments of the economy reliant on a small handful of cloud service providers and what are the data security impacts of this reliance?") They've already received dozens of comments (including one from Red Hat).

But there's also three questions about open-source software:


"To what extent do cloud providers offer products based on open-source software?"

- "What is the impact of such offerings on competition?"

- "How have recent changes to the terms of open-source licenses affected cloud providers' ability to offer products based on open-source software?"


This has drawn a response from the Free Software Foundation — and they're urging others to join in. "Since it isn't every day that the FTC solicits public comments on subjects in which the free software community is so well-versed, let's take this opportunity to submit comments that support digital sovereignty." The hope is to persuade policy makers to make software freedom and privacy a central part of any future considerations made in the areas of storage, computation, and services. Such comments will be made part of the public record, so any participation promises to have a lasting impact...

[W]e have prepared the following points for consideration:


- When considering rules and regulations in technology that stand to protect people's fundamental civil liberties, it is important to start from the question, "does this decision improve digital sovereignty or diminish it?"

- In the case of computing, (e.g. word processing, spreadsheet, and graphic design programs), the typical options diminish digital sovereignty because the computations are being run on another computer under someone else's control, inaccessible to the end user, who therefore does not have the essential freedoms to share, modify, and study the computations (i.e. the program). The only real solution to this is to offer free "as in freedom" replacements of those programs, so that end users may maintain control over their computing.

- In the case of storage, today's typical options diminish digital sovereignty because many storage providers only provide unencrypted options for storage. It is imperative that individuals and businesses who choose third-party storage always have the choice to encrypt their storage, and the encryption keys must be entirely within the control of the end user, not the third-party provider.

- In the case of services (such as email, teleconferencing, and videoconferencing), while the source code that runs services need not necessarily be made public, end users deserve to be able to access such services via a free software client. In such cases, it is imperative that service providers implement a design of interoperability, so that end users may use the service with any choice of client.

- Free software allows end users to inspect the software for possible security flaws, while proprietary software does not. Therefore free software is the only realistic option for an end user to achieve verifiable security...


Unfortunately, the FTC's website requires nonfree JavaScript (reCAPTCHA, specifically) to comment on a document, and the FTC has declined repeated requests for instructions for how to submit comments by paper form.

If you're not in the habit of avoiding nonfree JavaScript for the sake of your freedom, which we recommend, you can also leave comments on the FTC's website. While you're there, let webmaster@ftc.gov know about the injustice of proprietary JavaScript and encourage them to respect the freedom of their users...

The deadline to submit is June 21, which is just enough time to publish something meaningful on the topic in support of free software.

Slashdot reader e065c8515d206cb0e190 shared the big announcement from Debian.org: After 1 year, 9 months, and 28 days of development, the Debian project is proud to present its new stable version 12 (code name bookworm).

bookworm will be supported for the next 5 years thanks to the combined work of the Debian Security team and the Debian Long Term Support team...

This release contains over 11,089 new packages for a total count of 64,419 packages, while over 6,296 packages have been removed as obsolete. 43,254 packages were updated in this release. The overall disk usage for bookworm is 365,016,420 kB (365 GB), and is made up of 1,341,564,204 lines of code.

bookworm has more translated man pages than ever thanks to our translators who have made man-pages available in multiple languages such as: Czech, Danish, Greek, Finnish, Indonesian, Macedonian, Norwegian (Bokmål), Russian, Serbian, Swedish, Ukrainian, and Vietnamese. All of the systemd man pages are now completely available in German.

The Debian Med Blend introduces a new package: shiny-server which simplifies scientific web applications using R. We have kept to our efforts of providing Continuous Integration support for Debian Med team packages. Install the metapackages at version 3.8.x for Debian bookworm.

The Debian Astro Blend continues to provide a one-stop solution for professional astronomers, enthusiasts, and hobbyists with updates to almost all versions of the software packages in the blend. astap and planetary-system-stacker help with image stacking and astrometry resolution. openvlbi, the open source correlator, is now included.

Support for Secure Boot on ARM64 has been reintroduced: users of UEFI-capable ARM64 hardware can boot with Secure Boot mode enabled to take full advantage of the security feature.
9to5Linux has screenshots, and highlights some new features: Debian 12 also brings read/write support for APFS (Apple File System) with the apfsprogs and apfs-dkms utilities, a new tool called ntfs2btrfs that lets you convert NTFS drives to Btrfs, a new malloc implementation called mimalloc, a new kernel SMB server called ksmbd-tools, and support for the merged-usr root file system layout...

This release also includes completely new artwork called Emerald, designed (once again) by Juliette Taka. New fonts are also present in this major Debian release, along with a new fnt command-line tool for accessing 1,500 DFSG-compliant fonts.
Debian 12 "bookworm" ships with several desktop environments, including:

• Gnome 43,
• KDE Plasma 5.27,
• LXDE 11,
• LXQt 1.2.0,
• MATE 1.26,
• Xfce 4.18

In a blog post today, the Free Software Foundation is calling on the Internal Revenue Service (IRS) to provide free/libre tax-filing software for Americans to file their taxes, citing upcoming legislation that allocates funds for the agency to explore a government-operated gratis tax return system. "Many feel they have no other option than to use nonfree software or a Service as a Software Substitute (SaaSS), giving up their freedom as well as their most private financial information to a third-party company, in order to file taxes," writes the FSF.

$15 million of the $80 billion that was approved for the IRS by the Inflation Reduction Act includes the promise to further explore an "electronic service to prepare and file tax returns directly with the IRS." To do so, the IRS intends to "study taxpayer preferences for products. The results of the study will inform if and how the IRS should design such a service." The FSF writes: Let's call on the IRS to make a website for filing your tax return which respects your freedom. This is your chance. Write to the new IRS commissioner Daniel Werfel with your message. [...] Look up the address of your state's tax filing institution and send your letter to this address. Post your letter on social media to inspire others to do the same.

9to5Linux reports: KDE-focused and Arch Linux-inspired independent distribution KaOS Linux celebrates today 10 years of existence with a new stable ISO release that brings some of the latest GNU/Linux technologies and a preview of the upcoming KDE Plasma 6 desktop environment.

Yes, you're reading it right, KaOS is one of the very first GNU/Linux distributions to offer you a live ISO image with a pre-release version of the KDE Plasma 6 desktop, which, of course, is compiled against the latest Qt 6 open-source application framework...

Since this is a special ISO release, the devs also added an option to play music during the installation process.
"KaOS uses the Systemd-provided Systemd-boot for UEFI installs," according to the release notes.

"The fact remains that Google Chrome is the arbiter of web standards," argues FSF campaigns manager Greg Farough (while adding that Firefox, "through ethical distributions like GNU IceCat and Abrowser, can weaken that stranglehold.")

"Google's deprecation of the JPEG-XL image format in February in favor of its own patented AVIF format might not end the web in the grand scheme of things, but it does highlight, once again, the disturbing amount of control it has over the platform generally." Part of Google's official rationale for the deprecation is the following line: "There is not enough interest from the entire ecosystem to continue experimenting with JPEG-XL." Putting aside the problematic aspects of the term "ecosystem," let us remark that it's easy to gauge the response of the "entire ecosystem" when you yourself are by far the largest and most dangerous predator in said "ecosystem." In relation to Google's overwhelming power, the average web user might as well be a microbe. In supposedly gauging what the "ecosystem" wants, all Google is really doing is asking itself what Google wants...

While we can't link to Google's issue tracker directly because of another freedom issue — its use of nonfree JavaScript — we're told that the issue regarding JPEG-XL's removal is the second-most "starred" issue in the history of the Chromium project, the nominally free basis for the Google Chrome browser. Chromium users came out of the woodwork to plead with Google not to make this decision. It made it anyway, not bothering to respond to users' concerns. We're not sure what metric it's using to gauge the interest of the "entire ecosystem," but it seems users have given JPEG-XL a strong show of support. In turn, what users will be given is yet another facet of the web that Google itself controls: the AVIF format.

As the response to JPEG-XL's deprecation has shown, our rallying together and telling Google we want something isn't liable to get it to change its mind. It will keep on wanting what it wants: control; we'll keep on wanting what we want: freedom.

Only, the situation isn't hopeless. At the present moment, not even Google can stop us from creating the web communities that we want to see: pages that don't run huge chunks of malicious, nonfree code on our computers. We have the power to choose what we run or do not run in our browsers. Browsers like GNU IceCat (and extensions like LibreJS and JShelter> ) help with that. Google also can't prevent us from exploring networks beyond the web like Gemini. What our community can do is rally support behind those free browsers that choose to support JPEG-XL and similar formats, letting the big G know that even if we're smaller than it, we won't be bossed around.

Slashdot reader unixbhaskar writes: A company in the U.K. calling itself Minifree has started to ship old Thinkpad (specifically the X series and T series models) with Libreboot firmware. Which is based on coreboot firmware.
More specifically, Libreboot is the free-as-in-speech replacement for proprietary BIOS/UEFI firmware, the site notes, "offering faster boots speeds, better security and many advanced features compared to most proprietary boot firmware." Those advanced features include the GNU project's multiple-OS-booting "grand unified bootloader" GNU GRUB directly in the boot flash, along with several other customization options. "The aim is simple: make it easy to have a computer that was made to run entirely on Free Software at every level, meaning no proprietary software of any kind. That includes the boot firmware, operating system, drivers and applications."

The Libreboot project's founder is also the founder of Minifree, and the profits from Minifree's sales directly fund the Libreboot project. (The whole Minifree web site runs on Libreboot-powered servers, on a network behind a Libreboot-powered router...) Their site points out that Minifree Ltd has also privately funded several new board ports to coreboot, including 90,000 USD to Raptor Engineering for ASUS KGPE-D16 and KCMA-D8 libreboot support, and 4000 AUD to Damien Zammit for Gigabyte GA-G41M-ES2L and Intel D510MO libreboot support.

The installed OS on the laptops is either encrypted Debian (KDE Plasma desktop environment), with full driver support, or "other Linux distro/BSD (e.g. OpenBSD, FreeBSD) at your request... Advanced features like encrypted /boot (GNU+Linux only), signed kernels and more are available." And the laptops are also shipped — worldwide — with "your choice of 480/960GB SSD or 2x480GB/2x960GB RAID1 SSDs, with good batteries and 16GB RAM. Free technical support via email/IRC plus 5-year warranty."

But judging by their FAQ, the support is even more extensive. "If you brick your Minifree laptop when updating Libreboot, Minifree will unbrick it for free if you send it back to us. Even if your warranty has expired! However, such bricking is rare."

The Free Software Foundation certifies products that meet their standards in regard to users' freedom, control over the product, and privacy. And they put out a new "Respects Your Freedom" certification on Thursday for ThinkPenguin's free software gigabit mini VPN router, the TPE-R1400.

From the FSF's announcement: This is ThinkPenguin's first device to receive RYF certification in 2023, adding to their vast catalogue of certified devices from previous years. As with previous routers from ThinkPenguin, the Free Software Gigabit Mini VPN Router ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, the maintainer of libreCMC and a former FSF intern.

The router enables users to run their network connection through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers.

"We're pleased to see ThinkPenguin continue with their commitment to bringing out devices that put software freedom as their first priority under the RYF program. The release of this router shows that ThinkPenguin is committed to the privacy and freedom of their users," said the FSF's executive director, Zoë Kooyman....

"The latest version of ThinkPenguin's VPN router lets its users take advantage of gigabit per second Internet connections while protecting their rights and privacy," said FSF's copyright and licensing associate, Craig Topham.

The Free Software Foundation held their annual LibrePlanet conference last week — and announced that Eli Zaretskii, co-maintainer of GNU Emacs, won their "Advancement of Free Software" award. "He has been a contributor to Emacs for more than thirty years," notes the FSF announcement, "and as co-maintainer, coordinates the work of more than two hundred active contributors. During Zaretskii's tenure as co-maintainer, the Emacs development community has implemented several important new features, including native compilation of the editor's Emacs Lisp backbone into machine code."

Zaretskii was honored with a recorded message from the original author/principal maintainer of GNU Emacs back in 1985, Richard Stallman: "For many years, I was the principal maintainer of GNU Emacs, but then others came along to do the work, and I haven't been heavily involved in Emacs development for many, many years. Nowadays, our principal maintainer of Emacs is extremely diligent and conscientious and has brought about a renaissance in new features and new packages added to Emacs, and the result is very impressive. So I'm happy to give the Free Software Award to Eli Zaretskii, principal maintainer of GNU Emacs. Thank you for your work."

In his recorded acceptance of the award, Zaretskii said, "The truth is my contribution to free software in general and to Emacs development in particular is quite modest, certainly compared to those who won this award before me.... And even my modest achievement as the Emacs developer and lately the co-maintainer would have been impossible without all the other contributors and the Emacs community as a whole. No significant free software project can be developed, maintained, and led forward without participation and support of its members. And Emacs is no exception."
Their award for Outstanding New Free Software Contributor went to Tad (SkewedZeppelin), the chief developer of DivestOS, a fork of Android which removes many proprietary binaries "and which puts freedom, security, and device longevity as its main concerns," according to the FSF's announcement. "Tad has also contributed to the Replicant distribution of Android, a project fiscally sponsored by the FSF."

And their award for Project of Social Benefit went to GNU Jami, a free software videoconferencing tool "that is fully decentralized and encrypted, allowing thousands around the world to communicate in both freedom and security. In contrast to proprietary conferencing programs like Zoom, which are nonfree software, Jami is an official GNU package licensed under the GNU GPLv3+."

Slashdot reader sleeping cat shares a recent FOSDEM talk by a compiler engineer on the team building Rust-GCC, "an alternative compiler implementation for the Rust programming language."

"If gccrs interprets a program differently from rustc, this is considered a bug," explains the project's FAQ on GitHub.

The FAQ also notes that LLVM's set of compiler technologies — which Rust uses — "is missing some backends that GCC supports, so a gccrs implementation can fill in the gaps for use in embedded development." But the FAQ also highlights another potential benefit: With the recent announcement of Rust being allowed into the Linux Kernel codebase, an interesting security implication has been highlighted by Open Source Security, inc. When code is compiled and uses Link Time Optimization (LTO), GCC emits GIMPLE [an intermediate representation] directly into a section of each object file, and LLVM does something similar with its own bytecode. If mixing rustc-compiled code and GCC-built code in the Linux kernel, the compilers will be unable to perform a full link-time optimization pass over all of the compiled code, leading to absent CFI (control flow integrity).

If Rust is available in the GNU toolchain, releases can be built on the Linux kernel (for example) with CFI using LLVM or GCC.
Started in 2014 (and revived in 2019), "The effort has been ongoing since 2020...and we've done a lot of effort and a lot of progress," compiler engineer Arthur Cohen says in the talk. "We have upstreamed the first version of gccrs within GCC. So next time when you install GCC 13 — you'll have gccrs in it. You can use it, you can start hacking on it, you can please report issues when it inevitably crashes and dies horribly."

"One big thing we're doing is some work towards running the rustc test suite. Because we want gccrs to be an actual Rust compiler and not a toy project or something that compiles a language that looks like Rust but isn't Rust, we're trying really hard to get that test suite working."

Read on for some notes from the talk...

In a keynote at FOSDEM 2023, NASA's science data officer Steve Crawford explored NASA's use of open-source software.

But LWN.net notes that the talk went far beyond just the calibration software for the James Webb Space Telescope and the Mars Ingenuity copter's flight-control framework. In his talk, Crawford presented NASA's Open-Source Science Initiative. Its goal is to support scientists to help them integrate open-science principles into the entire research workflow. Just a few weeks before Crawford's talk, NASA's Science Mission Directorate published its new policy on scientific information.

Crawford summarized this policy with "as open as possible, as restricted as necessary, always secure", and he made this more concrete: "Publications should be made openly available with no embargo period, including research data and software. Data should be released with a Creative Commons Zero license, and software with a commonly used permissive license, such as Apache, BSD, or MIT. The new policy also encourages using and contributing to open-source software." Crawford added that NASA's policies will be updated to make it clear that employees can contribute to open-source projects in their official capacity....

As part of its Open-Source Science Initiative, NASA has started its five-year Transform to Open Science (TOPS) mission. This is a $40-million mission to speed up adoption of open-science practices; it starts with the White House and all major US federal agencies, including NASA, declaring 2023 as the "Year of Open Science". One of NASA's strategic goals with TOPS is to enable five major scientific discoveries through open-science principles, Crawford said.
Interesting tidbit from the article: "In 2003 NASA created a license to enable the release of software by civil servants, the NASA Open Source Agreement. This license has been approved by the Open Source Initiative (OSI), but the Free Software Foundation doesn't consider it a free-software license because it does not allow changes to the code that come from third-party free-software projects."

Thanks to Slashdot reader guest reader for sharing the article!