Microsoft

Say Hi To Microsoft's Own Linux: CBL-Mariner (zdnet.com) 110

An anonymous reader quotes a report from ZDNet, written by Steven J. Vaughan-Nichols: Microsoft now has its very own, honest-to-goodness general-purpose Linux distribution: Common Base Linux, (CBL)-Mariner. And, just like any Linux distro, you can download it and run it yourself. Microsoft didn't make a big fuss about releasing CBL-Mariner. It quietly released the code on GitHub and anyone can use it. Indeed, Juan Manuel Rey, a Microsoft Senior Program Manager for Azure VMware, recently published a guide on how to build an ISO CBL-Mariner image. Before this, if you were a Linux expert, with a spot of work you could run it, but now, thanks to Rey, anyone with a bit of Linux skill can do it.

CBL-Mariner is not a Linux desktop. Like Azure Sphere, Microsoft's first specialized Linux distro, which is used for securing edge computing services, it's a server-side Linux. This Microsoft-branded Linux is an internal Linux distribution. It's meant for Microsoft's cloud infrastructure and edge products and services. Its main job is to provide a consistent Linux platform for these devices and services. Just like Fedora is to Red Hat, it keeps Microsoft on Linux's cutting edge. CBL-Mariner is built around the idea that you only need a small common core set of packages to address the needs of cloud and edge services. If you need more, CBL-Mariner also makes it easy to layer on additional packages on top of its common core. Once that's done, its simple build system easily enables you to create RPM packages from SPEC and source files. Or, you can also use it to create ISOs or Virtual hard disk (VHD) images.

As you'd expect the basic CBL-Mariner is a very lightweight Linux. You can use it as a container or a container host. With its limited size also comes a minimal attack surface. This also makes it easy to deploy security patches to it via RPM. Its designers make a particular point of delivering the latest security patches and fixes to its users. For more about its security features see CBL-Mariner's GitHub security features list. Like any other Linux distro, CBL-Mariner is built on the shoulders of giants. Microsoft credits VMware's Photon OS Project, a secure Linux, The Fedora Project, Linux from Scratch -- a guide to building Linux from source, the OpenMamba distro, and, yes, even GNU and the Free Software Foundation (FSF). To try it for yourself, you'll build it on Ubuntu 18.04. Frankly, I'd be surprised if you couldn't build it on any Ubuntu Linux distro from 18.04 on up. I did it on my Ubuntu 20.04.2 desktop. You'll also need the latest version of the Go language and Docker.

Open Source

Experimental Rust Support Patches Submitted to Linux Kernel Mailing List (theregister.com) 55

"The Rust for Linux project, sponsored by Google, has advanced..." reported the Register earlier this week: A new set of patches submitted to the Linux kernel mailing list summarizes the progress of the project to enable Rust to be used alongside C for implementing the Linux kernel. The progress is significant.

- ARM and RISC-V architectures are now supported, thanks to work on rustc_codgen_gcc, which is a GCC codegen for rustc. This means that rustc does the initial compilation of Rust code but GCC (the GNU Compiler Collection) does the backend compilation, enabling support for the architectures that GCC supports...

- Overall, "the Rust support is still to be considered experimental. However, as noted back in April, support is good enough that kernel developers can start working on the Rust abstractions for subsystems and write drivers and other modules," continued project leader Miguel Ojeda, a computer scientist at CERN in Geneva, Switzerland, now working full time on Rust for Linux...

There is substantial support for the project across the industry. Google said in April "we feel that Rust is now ready to join C as a practical language for implementing the kernel" and that it would reduce the number of potential bugs and security vulnerabilities. Google is sponsoring Ojeda to work full time on the project for a year, via the ISRG (Internet Security Research Group), which said last month that it is part of "efforts to move the internet's critical software infrastructure to memory safe code," under the project name Prossimo. The ISRG is also the nonprofit organisation behind Let's Encrypt free security certificates. Ojeda also mentioned that Microsoft's Linux Systems Group is contributing and hopes to submit "select Hyper-V drivers written in Rust." Arm is promising assistance with Rust for Linux on ARM-based systems. IBM has contributed Rust kernel support for its PowerPC processor.

More detail is promised at the forthcoming Linux Plumber's Conference in September. In the meantime, the project is on GitHub here.

"In addition, we would like to announce that we are organizing a new conference that focuses on Rust and the Linux kernel..." Ojeda posted. "Details will be announced soon." And for context, the Register adds: Linus Torvalds has said on several occasions that he welcomes the possibility of using Rust alongside C for kernel development, and told IT Wire in April that it is "getting to the point where maybe it might be mergeable for 5.14 or something like that."
Open Source

Free Software Foundation Announces 'Next Step' for Improving Board Governance (fsf.org) 71

The Free Software Foundation shared an update on its "series of actions to strengthen and modernize the foundation's governance structure and processes." After a series of interviews with various firms, the board has retained a professional consultant to help the FSF devise and execute the changes needed to optimize the impact of the board and the organization.

During an initial six-month engagement, the firm will work with board members and FSF stakeholders to devise a range of systems and infrastructure that lead to:

- A transparent community-supported process for identifying new board members and evaluating current board members;

- A board member agreement that clearly outlines the responsibilities of all board members;

- A code of ethics that articulates the values of the FSF and conveys a set of principles to guide its decision making and activities, as well as the behavior of its board members, officers, employees, and volunteers; and,

- More focused and streamlined board processes that encourage consistent attention on FSF's most pressing needs .In addition, FSF executive director John Sullivan has begun recruiting candidates to succeed him as the organization's chief employed officer...

The board is also evaluating the first proposed changes to its bylaws since 2002. The goals of these revisions are to ensure that user freedom cannot be compromised by changes in the board, members, or hostile courts, with particular focus on the future of the various GNU General Public Licenses (GPL); to codify the implementation of the staff seat created on March 25, 2021; and, to align the bylaws with the outcomes of the ongoing effort to modernize the foundation's governance structure and processes.

As FSF continues to pursue its mission, the board believes these collective efforts will strengthen the organization's governance, ensuring that it is transparent, accountable, and professional for current and future board members, associate members, staff, and the broader free software movement. These efforts also underscore the board's recognition of the need to attract a new generation of activists for software freedom and to grow the movement.

GNU is Not Unix

FSF Prioritizes Creation of a Free-Software eBook Reader, Urges Avoiding DRM eBooks (fsf.org) 65

Since most ebook readers run some version of the kernel Linux (with some even run the GNU/Linux operating system), "This puts ebook readers a few steps closer to freedom than other devices," notes a recent call-to-action in the Free Software Foundation Bulletin.

But with e-ink screens and DRM-laden ebooks, "closing the gap will still require a significant amount of work." Accordingly, as we announced at the LibrePlanet 2021 conference, we've decided this year to prioritize facilitating the process for an ebook reader to reach the high standards of our Respects Your Freedom (RYF) hardware certification program, whether this means adapting an existing one from a manufacturer, or even contracting its production ourselves...

The free software community has made some good strides in the area of freeing ebooks. Denis "GNUToo" Carikli has composed a page on the LibrePlanet wiki documenting the components of ebook readers and other single-board computers; this has laid the groundwork for our investigation into releasing an ebook reader, and is one of the wiki's more active projects. Also, earlier in the year, a user on the libreplanet-discuss mailing list documented their project to port Parabola GNU/Linux to the reMarkable tablet, thereby creating a free ebook reader at the same time. It's steps like these that make us feel confident that we can bring an ebook reader that respects its user's freedom to the public, both in terms of hardware and the software that's shipped with the device...

If the FSF is successful in landing RYF certification on an ebook reader, which I fully believe we will be, we can ensure that users will have the ability to read digitally while retaining their freedom.

It's up to all of us to make sure we have the right to read, by avoiding ebook DRM in each and every case, and celebrating free (as in freedom) resources like Wikibooks and the Internet Archive, bridging the divide between the movement for free software and the movement for free culture, empowering both readers and computer users around the globe.

The article also warns that ebook DRM has gotten more restrictive over the years. "It's common for textbooks to now require a constant and uninterrupted Internet connection, and that they load only a discrete number of pages at a time... Even libraries fell victim to 'lending' services like Canopy, putting an artificial lock on digital copies of books, the last place it makes sense for them to be."
Linux

The ISRG Wants To Make the Linux Kernel Memory-safe With Rust (arstechnica.com) 124

mrflash818 writes: The Internet Security Research Group (ISRG) -- parent organization of the better-known Let's Encrypt project -- has provided prominent developer Miguel Ojeda with a one-year contract to work on Rust in Linux and other security efforts on a full-time basis. Rust is a low-level programming language offering most of the flexibility and performance of C -- the language used for kernels in Unix and Unix-like operating systems since the 1970s -- in a safer way. Efforts to make Rust a viable language for Linux kernel development began at the 2020 Linux Plumbers conference, with acceptance for the idea coming from Linus Torvalds himself. Torvalds specifically requested Rust compiler availability in the default kernel build environment to support such efforts -- not to replace the entire source code of the Linux kernel with Rust-developed equivalents, but to make it possible for new development to work properly. Using Rust for new code in the kernel -- which might mean new hardware drivers or even replacement of GNU Coreutils -- potentially decreases the number of bugs lurking in the kernel. Rust simply won't allow a developer to leak memory or create the potential for buffer overflows -- significant sources of performance and security issues in complex C-language code.
The Internet

Also Leaving Freenode: FSF, GNU, plus Linux and Python support channels (fsf.org) 65

Freenode's Linux support channel has an official web page at freenode.linux.community, which now bears this announcement:

22+ year old ##linux on freenode has been seized by freenode staff

The community's (multi-platform) site reminds visitors of the alternative channels #linux on Libera and Linux.Chat on Discord.

But they're not the only ones making changes. "[T]he FSF and GNU have decided to relocate our IRC channels to Libera.Chat," reads an official announcement on the FSF blog. "Effective immediately, Libera is the official home of our channels, which include but are not limited to all those in the #fsf, #gnu, and #libreplanet namespaces." As we have had nearly twenty years of positive experiences with the Freenode staff, most of whom now comprise the staff of the Libera network, we are confident in their technical and interpersonal expertise, as well as their ability to make the network as long-lasting and integral to the free software community as they made Freenode. We look forward to joining the large number of free software and free culture projects who have already made Libera.Chat their home, and hope to stay there for many years to come.
Also making a move: freenode's #Python channel. Software developer Ned Batchelder, one of the channel's operators (and also an architect at edX), shared a recent experience in a new blog post this morning. When they'd decided to move #python to the new Libera.chat network (run by former Freenode staffers), they also stayed in Freenode's channel "to let people know where everyone had gone." Yesterday, after a heated debate in the Freenode channel where I was accused of splitting the community, I got k-lined (banned entirely from Freenode). The reason given was "spamming", because of my recurring message about the move to Libera. Then the entire Freenode #python channel was closed... Was it malice or was it mistake? Does it matter? It's not a good way to run a network. After the channel was closed, people asking staff about what happened were banned from asking. That wasn't a mistake... [T]he new staff seems to be using force to silence people asking questions. It's clear that transparency is not a strong value for them.

Setting aside network drama, the big picture here is that the Freenode #python community isn't split: it's alive and well. It's just not on Freenode anymore, it's on Libera.

Freenode was a good thing. But the domain name of the server was the least important part of it, just a piece of technical trivia. There's no reason to stick with Freenode just because it is called Freenode. As with any way of bringing people together, the important part is the people. If all of the people go someplace else, follow them there, and continue.

See you on Libera.

GNU is Not Unix

GCC Will No Longer Require Copyrights Be Assigned to the FSF (devclass.com) 70

Version 9.4 of the GNU Compiler Collection "encompasses more than 190 bug fixes for GCC 9.3, which has been available since March 2020," reports DevClass.

But they add that in addition, "Developers who want to contribute to the GNU Compiler Collection but don't feel like signing over copyright to the Free Software Foundation can get busy committing now." GCC Steering Committee member David Edelsohn informed contributors via the mailing list that the committee "decided to relax the requirement to assign copyright for all changes" to the FSF. Speaking for the committee, he wrote that the GCC project "will now accept contributions with or without an FSF copyright assignment", a practice thought of as consistent with that "of many other major Free Software projects, such as the Linux kernel". GCC "will continue to be developed, distributed and licensed" under the GPLv3, so nothing should change for those adding to the project under the old assumptions.

There are those who have had troubles with that arrangement before, with Apple often cited as a popular example. They are now free to contribute utilising the Developer Certificate of Origin instead of agreeing to an FSF Copyright Assignment.

A reason was not given, though the last sentence of the statement, which affirms the principles of Free Software, might give a clue. In March 2021, the committee commented on the removal of Richard Stallman from the project's steering committee website with a similar declaration... [T]hey felt like an association with Stallman was not serving the best interests of the GCC developers and user community, given that the "GCC Steering Committee is committed to providing a friendly, safe and welcoming environment for all."

The Register notes that Red Hat senior principal engineer Mark Wielaard asked why there was no public discussion before making the change.
GNU is Not Unix

Free Software Foundation's Executive Director Resigns (fsf.org) 41

John Sullivan became the Free Software Foundation's Executive Director back in 2010. But now after 11 years, "I've decided to resign my position..." he tweeted Friday, "effective at the end of a transition period."

"We'll be sharing further details, including information about that transition, and a few more words, in the coming days."

Meanwhile, the Free Software Foundation announced Thursday that it's seeking "a principled, compassionate, and capable leader" to be its new executive director, working remotely out of their Boston office with the Foundation's current staff and board of directors. "The executive director, working with the president, is the public face of the Foundation." The FSF faces many challenges as software becomes increasingly central in the exercise of all fundamental human freedoms, including speech, association, privacy, and movement, and as software owners seek to exploit their control over us to profit at the expense of those freedoms. The executive director has a vital role in enabling the FSF to continue meeting these challenges, starting from the strong base that has been built in the last thirty-five years. The Foundation has recently reached record-high membership numbers and was awarded a perfect score from Charity Navigator, as well as its eighth consecutive four-star rating. Efforts to improve the Foundation's governance are underway.

The executive director is the FSF's chief employed officer. The position reports to the president/CEO and the board of directors, and is responsible for management of all other staff, all day-to-day operations, and oversight of the Boston physical office. The successful candidate will have the opportunity to hire for additional key positions in the management team.

One interesting item on their list of job responsibilities:
  • Mentor, inspire, coordinate, and manage all FSF staff, building a culture that upholds the FSF's ideological principles and includes accountability, empathy, efficiency, and excellence

A blog post on the FSF site also notes that the last month saw 11 new GNU releases. "A number of GNU packages, as well as the GNU operating system as a whole, are looking for maintainers and other assistance: please see https://www.gnu.org/server/takeaction.html#unmaint if you'd like to help."


GNU is Not Unix

The FSF Says ThinkPenguin's Wireless-N Mini Router 'Respects Your Freedom' (fsf.org) 36

Friday the Free Software Foundation awarded their coveted "Respects Your Freedom" (RYF) certification to another new product: the Free Software Wireless-N Mini Router v3 (TPE-R1300) from ThinkPenguin, Inc.

Just 45 products currently hold the FSF's certification "that these products meet the FSF's standards in regard to users' freedom, control over the product, and privacy." (That is to say, they run on 100% free software, allow the installation of modified software, and are free from DRM, spyware and tracking.) The FSF writes: As with previous routers from ThinkPenguin, the Free Software Wireless-N Mini Router v3 ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, who is the maintainer of libreCMC and a former FSF intern.

The router enables users to run multiple devices on a network through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers...

"ThinkPenguin once again demonstrates a long-standing commitment to protecting the rights of their users. With the latest iteration of the Wireless-N Mini Router, users know that they'll have up to date hardware they can trust for years to come," said the FSF's licensing and compliance manager, Donald Robertson, III.

Phoronix points its readers to the device's page at ThinkPenguin.com "should you be looking to build out your wireless network using the decade old 802.11n standard."
GNU is Not Unix

The FSF Clarifies Richard Stallman's Role (fsf.org) 127

Long-time Slashdot reader destinyland writes: This week the Free Software Foundation posted some new answers to frequently-asked questions "as the FSF board sets about the work of strengthening the Foundation's governance structure." The FAQ notes that most of their financial support comes from individuals, and that "At this moment, the FSF has more associate members than at any time in its history," adding that it's in good financial health. (And the FAQ also reminds readers that all board members are uncompensated volunteers.)

But it also confirms that a seat on the board was created for union staff "in the aftermath of the March 2021 controversy over the election of Richard Stallman to the board." And apparently in light of Stallman's return, the first question is "What are the responsibilities of a member of the FSF board?"

Answer: The board of directors does not usually deal with the everyday work of the FSF, focusing instead on the long-term direction and financial stability of the Foundation, as well as the appointment of the officers. In addition, members of the board do not speak for the board or for the FSF. Outside of the deliberations of the board, they are private citizens. The right to speak for the Foundation is reserved to the president of the FSF and other FSF officers, such as the executive director.

When the board does make statements, each statement is carefully deliberated. No one member has this individual authority.


The FAQ also clarifies that while Stallman is also a voting board member, "Voting member meetings normally discuss only who should be on the board. They do not take up the issues that come before the board itself... When the Foundation was formed in 1985, the founders were advised that, to qualify for a tax exemption, board members should not be chosen solely by other board members. Legal counsel advised the founders that there should be two bodies with some overlap, one being the active board and the other being a body that appointed the active board.

"Governance standards have since changed, and this structure is no longer required. As part of the effort to improve FSF governance, the board can consider possible changes to this overall structure."

It also adds that "There is no formal term limit for a board member. Board members are evaluated by the voting members at regular intervals, and occasionally by the other directors."

The last question on the list? "In addition to holding a board seat, what other role or roles does Richard Stallman play in the FSF?"

The answer? "Richard Stallman frequently gives talks on free software, in his personal capacity, and, when he does so, he sells merchandise from the FSF shop, recruits volunteers for FSF and GNU, and raises donations for FSF. He is the primary author and editor of two books sold by the FSF."

GNU is Not Unix

Richard Stallman's Blog Asks: Am I Doctor Stallman? (stallman.org) 291

Friday on Richard Stallman's personal web site, he posed the question: Am I Doctor Stallman?

He's received 15 doctorates honoris causa — doctorates "for honor" — in the company of others whose achievements impressed him... So I was shocked to read an article which describes this as a sleazy marketing scheme, and claims that recipients of these degrees are not supposed to call themselves "Doctor."

The article says that universities hand out "honorary doctorates" readily to donors who have essentially bought them, and to performing artists so that they will entertain the students at graduation...

But my experience is totally different. I am not an entertainer, except for a few minutes when I don the robe and halo of Saint iGNUcius, and that is comic relief for a long, serious talk. I never donated money to the universities that gave me doctorates, nor could they expect me to. What's more, I never saw such people receive degrees along with me. The other recipients, when there were others, were likewise being honored for their work, not as a quid-pro-quo.

Why this difference? My doctorates come from universities in other countries, not in the US. I conjecture that buy-a-doctorate and sing-for-your-doctorate are found in the US only. (How sad for the US...!)

[O]n reading that Florida Atlantic University explicitly says that recipients of doctorates honoris causa are not permitted the title of Doctor, I began to wonder about the policies of the universities which had given me degrees, so I asked people at some of those universities about their policies.

The replies were quite disparate. One said, like Florida Atlantic, that it was not permitted. Another said I should write "Dr.(h.c.)." Another said it had no objection. So it seems that I am entitled to call myself Dr. Stallman.

Why do I do that? The personal reason is that these doctorates recognize decades of work for an important cause, and I am proud of them.

The reason that is beyond personal is so that people who know little or nothing of my career may decide, based on the title of "Doctor", to pay a little attention to that work and that cause, which is the free software movement. That may help us defeat the totalitarian control that today's digital technology is designed to impose.

Unix

FreeBSD 13 Released (phoronix.com) 66

"FreeBSD, the other Linux, reached version 13," writes long-time Slashdot reader undoman. "The operating system is known for its stable code, native ZFS support, and use of the more liberal BSD licenses." Phoronix highlights some of the major new improvements: FreeBSD 13.0 delivers on performance improvements (particularly for Intel CPUs we've seen in benchmarks thanks to hardware P-States), upgrading to LLVM Clang 11 as the default compiler toolchain, POWER 64-bit support improvements, a wide variety of networking improvements, 64-bit ARM (AArch64) now being a tier-one architecture alongside x86_64, EFI boot improvements, AES-NI is now included by default for generic kernel builds, the default CPU support for i386 is bumped to i686 from i486, and a variety of other hardware support improvements. Various obsolete GNU tools have been removed like an old version of GNU Debugger used for crashinfo, obsolete GCC 4.2.1 and Binutils 2.17 were dropped from the main tree, and also switching to a BSD version of grep. The release announcement can be found here.
Linux

Reactions to Arch Linux's New Guided Installer (linuxreviews.org) 108

Long-time Slashdot reader xiando quotes LinuxReviews: The community distribution Arch Linux has up to now required you to manually install it by entering a whole lot of scary commands in a terminal. Arch version 2021.04.01 features a new guided installer [reached by] typing python -m archinstall guided into the console you get when you boot the Arch Linux installation ISO.

It is not very novice-friendly, or user-friendly, but it gets the job done and it will work fine for those with some basic GNU/Linux knowledge.

Tech Radar writes that previously Arch Linux had "a rather convoluted installation process, which has given rise to a stream of Arch-based distros that are easier to install," adding that the new installer "was reportedly promoted as an official installation mechanism back in January, and was actively worked upon leading to its inclusion in the installation medium." Users have been calling on Arch Linux for simplifying the installation process for a long time, to bring it in line with other Linux distros. However, the Arch philosophy has always been to put the users in charge of every aspect of their installation, which is the antithesis of automated installers.
Phoronix calls the new installer "very quick and easy," although "granted not as user-friendly / polished as say the Debian Installer, Red Hat's Anaconda installer, even Ubuntu's Subiquity, and other TUI/GUI Linux installers out there." They also note that Archinstall "does allow automatically partitioning the drive with your choice of file-system options, automatically installing a desktop environment if desired, configuring the network interfaces, and all the other basics." The method is quick enough that I'll likely use archinstall for future Arch Linux benchmarks on Phoronix as it also then applies a sane set of defaults for users... Five minutes or less and off to the races, ready for Arch Linux."
But Slashdot reader I75BJC still favors "scary commands in a terminal," leaving this comment on the original submission: If you can't type with the big adults, stay on your PlayStation.

Even Apple, with its very good GUI has a command line. The command line commands are more flexible, more specific, more subtle than the pointy-clicky GUI.

Debian

Results of Debian Vote On Stallman To Be Known By April 17 (itwire.com) 387

New submitter juul_advocate shares a report from iTWire: The outcome of a general resolution proposed by the Debian GNU/Linux project, to decide how to react to the return of Free Software Foundation founder Richard Stallman to the board, will be known on April 17, with voting now underway. The original proposal for a GR was made by Steve Langasek, who also works for Canonical, the company behind Ubuntu, and calls for co-signing an existing letter which wants Stallman gone and the FSF board sacked. There has been a lot of discussion around the issue.

Six alternatives have been proposed. The proposals are:
- remove the entire FSF board as in an existing letter;
- seek Stallman's resignation from all FSF bodies;
- discourage collaboration with the FSF while Stallman remains in a leading position;
- ask FSF to further its governance processes;
- support Stallman's reinstatement;
- denounce the witch hunt against Stallman and the FSF; and
- issue no public statement on the issue.
During the organization's LibrePlanet virtual event on March 19, Stallman announced that he was rejoining the board and does not intend to resign again. His return has drawn condemnation from many people in the free software community. Just days after his announcement, an open letter calling for Stallman to be removed again and for the FSF's entire board to resign was signed by hundreds of people.

Linux giant Red Hat has decided to pull funding, while the 'Open Source Initiative' said that it "will not participate in any events that include Richard M. Stallman," adding that it "cannot collaborate with the Free Software Foundation until Stallman is removed from the organization's leadership."
GNU is Not Unix

FSF Management Team Resigns, as FSF Now Seeks 'Improved Transparency' (arstechnica.com) 308

Richard Stallman's name has now been taken off the official web page of the steering committee for GCC, reports IT Wire.

But they also note new changes this week in the management team of the Free Software Foundation: A statement from [FSF executive director John] Sullivan, deputy director John Hsieh, and chief technology officer Ruben Rodriguez on 30 March said: "As members of FSF management, we have decided to resign, with specific end dates to be determined. We believe in the importance of the FSF's mission and feel a new team will be better placed to implement recent changes in governance..." The resignations come in the wake of FSF founder Richard Stallman announcing on 19 March, during the organisation's annual LibrePlanet conference this year that he was rejoining the board.
"Some of our colleagues in the FSF have decided to resign," reads an official response from the FSF. "We are grateful for the good work they have done for so long, and we will miss them. We regret losing them; we regret the situation that has motivated them to leave."

Another FSF board member also resigned last week.

Meanwhile, Ars Technica reports the FSF has created a new seat on the board to be filled by someone from FSF union staff, with acting FSF President Geoffrey Knauth calling it "an important step in the FSF's effort to recognize and support new leadership, to connect that leadership to the community, to improve transparency and accountability, and to build trust. There is still considerable work to be done, and that work will continue."

Ars Technica adds: The elephant in the room that the FSF's remaining board members seem determined to ignore is the continued presence of Stallman himself — who, along with the rest of the FSF board, will soon need to undergo its new "transparent, formal process for identifying [members] who are wise, capable, and committed to the FSF's mission."
Open Source

Richard Stallman's Return Denounced by the EFF, Tor Project, Mozilla, and the Creator of Rust (itwire.com) 640

Sunday IT Wire counted up the number of signatories on two open letters, one opposing Richard Stallman's return to the FSF and one supporting it.

- The pro-Stallman letter had 3,632 individual signers
- The anti-Stallman letter had 2,812 individual signers (plus 48 companies and organizations).

But the question of Stallman's leadership has now also arisen in the GCC community:

A long-time developer of GCC, the compiler created by the GNU Project and used in Linux distributions, has issued a call for the removal of Free Software Founder Richard Stallman from the GCC steering committee. Nathan Sidwell [also a software engineer at Facebook] said in a post directed to the committee that if it was unwilling to remove Stallman, then the panel should explain why it was not able to do so.

Stallman is also the founder of the GNU Project and the original author of GCC.

"RMS [Stallman] is no longer a developer of GCC, the most recent commit I can find regards SCO in 2003," Sidwell wrote in a long email. "Prior to that there were commits in 1997, but significantly less than 1994 and earlier. GCC's implementation language is now C++, which I believe RMS neither uses nor likes.

"When was RMS' most recent positive input to the GCC project? Even if it was recent and significant, that doesn't mean his toxic behaviour should be accepted."

Meanwhile, the following groups have also issued statements opposing Stallman's return to the FSF:

- Mozilla: We can't demand better of the internet if we don't demand better of our leaders, colleagues and ourselves. We're with the Open Source Diversity Community, Outreachy & the Software Conservancy project in supporting this petition.
- The Tor Project: The Tor Project is joining calls for Richard M. Stallman to be removed from board, staff, volunteer, and other leadership positions in the FOSS community, including the Free Software Foundation and the GNU Project.
Rust creator Graydon Hoare: He's been saying sexist shit & driving women away for decades. He can't change, the FSF board knows it, is sending a "sexism doesn't matter" message. This is bad leadership and I'm sad about all of it, agree with calls to resign.

If someone is a public leader their public behaviour matters. I don't criticize private individuals here and I don't think twitter-justice is especially nuanced. But this is so far over the line, such a stupid and tone-deaf choice, and it is about community leadership.

The EFF: We at EFF are profoundly disappointed to hear of the re-election of Richard Stallman to a leadership position at the Free Software Foundation, after a series of serious accusations of misconduct led to his resignation as president and board member of the FSF in 2019. We are also disappointed that this was done despite no discernible steps taken by him to be accountable for, much less make amends for, his past actions or those who have been harmed by them. Finally, we are also disturbed by the secretive process of his re-election, and how it was belatedly conveyed to FSF's staff and supporters.

Stallman's re-election sends a wrong and hurtful message to free software movement, as well as those who have left that movement because of Stallman's previous behavior.

Free software is a vital component of an open and just technological society: its key institutions and individuals cannot place misguided feelings of loyalty above their commitment to that cause. The movement for digital freedom is larger than any one individual contributor, regardless of their role. Indeed, we hope that this moment can be an opportunity to bring in new leaders and new ideas to the free software movement.

We urge the voting members of the FSF1 to call a special meeting to reconsider this decision, and we also call on Stallman to step down: for the benefit of the organization, the values it represents, and the diversity and long-term viability of the free software movement as a whole.

Finally, the Free Software Foundation itself has now pinned the following tweet at the top of its Twitter feed: No LibrePlanet organizers (staff or volunteer), speakers, award winners, exhibitors, or sponsors were made aware of Richard Stallman's announcement until it was public.
Open Source

Free Software Advocates Seek Removal of Richard Stallman and Entire FSF Board (arstechnica.com) 495

AmiMoJo shares a report from Ars Technica: Richard Stallman's return to the Free Software Foundation's board of directors has drawn condemnation from many people in the free software community. An open letter signed by hundreds of people today called for Stallman to be removed again and for the FSF's entire board to resign. Letter signers include Neil McGovern, GNOME Foundation executive director and former Debian Project Leader; Deb Nicholson, general manager of the Open Source Initiative; Matthew Garrett, a former member of the FSF board of directors; seven of the eight members of the X.org Foundation board of directors; Elana Hashman of the Debian Technical Committee, Open Source Initiative, and Kubernetes project; Molly de Blanc of the Debian Project and GNOME Foundation; and more than 300 others. That number has been rising quickly today: the open letter contains instructions for signing it.

The letter said all members of the FSF board should be removed because they 'have enabled and empowered RMS for years. They demonstrate this again by permitting him to rejoin the FSF Board. It is time for RMS to step back from the free software, tech ethics, digital rights, and tech communities, for he cannot provide the leadership we need.' The letter also called for Stallman to be removed from his position leading the GNU Project. "We urge those in a position to do so to stop supporting the Free Software Foundation," they wrote. "Refuse to contribute to projects related to the FSF and RMS. Do not speak at or attend FSF events, or events that welcome RMS and his brand of intolerance. We ask for contributors to free software projects to take a stand against bigotry and hate within their projects. While doing these things, tell these communities and the FSF why."
UPDATE: For a quick summary of the controversy, long-time Slashdot reader Jogar the Barbarian recommends this article from It's Foss.
Open Source

VideoLAN, Maker of Popular Media Player VLC, Turns 20 53

VideoLAN, in a blog post: The VideoLAN project and the VideoLAN non-profit organization are happy to celebrate today the 20th anniversary of the open-sourcing of the project. VideoLAN originally started as a project from the Via Centrale Reseaux student association, after the successful Network 2000 project. But the true release of the project to the world was on 1st of February 2001, the Ecole Centrale Paris director, Mr. Gourisse, allowed the open-sourcing of the whole VideoLAN project under the GNU GPL. This open sourcing concerned all the software developed by the VideoLAN project, including VideoLAN Client, VideoLAN Server, VideoLAN Bridge, VideoLAN Channel Switcher, but also libraries to decode DVDs, like libdca, liba52 or libmpeg2. At that time, this was a risky decision for the Ecole Centrale Paris, and the VideoLAN project is very grateful.

Since then, the project evolved to become a French non-profit organization, and continued developing numerous solutions around the free software multimedia world. Today, VLC media player is used regularly by hundreds of millions of users, and has been downloaded more than 3.5 billion times over the years. VLC is today available on Windows, macOS, Linux, Android (including TV and Auto versions), iOS (and AppleTV), OS/2 and BSD. Over the years, around 1000 volunteers worked to make VLC a reality.
GNU is Not Unix

A 'Severe' Bug Was Found In Libgcrypt, GnuPG's Cryptographic Library (helpnetsecurity.com) 39

Early Friday the principal author of GNU Privacy Guard (the free encryption software) warned that version 1.9.0 of its cryptographic library Libgcrypt, released January 19, had a "severe" security vulnerability and should not be used.

A new version 1.9.1, which fixes the flaw, is available for download, Help Net Security reports: He also noted that Fedora 34 (scheduled to be released in April 2021) and Gentoo Linux are already using the vulnerable version... [I]t's a heap buffer overflow due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.

It was discovered and flagged by Google Project Zero researcher Tavis Ormandy and affects only Libgcrypt v1.9.0.

"Exploiting this bug is simple and thus immediate action for 1.9.0 users is required..." Koch posted on the GnuPG mailing list. "The 1.9.0 tarballs on our FTP server have been renamed so that scripts won't be able to get this version anymore."
Open Source

The Ethical Source Movement Launches a New Kind of Open-Source Organization (zdnet.com) 258

ZDNet takes a look at a new nonprofit group called the Organization for Ethical Source (OES): The OES is devoted to the idea that the free software and open-source concept of "Freedom Zero" are outdated. Freedom Zero is "the freedom to run the program as you wish, for any purpose." It's fundamental to how open-source software is made and used... They hate the notion that open-source software can be used for any purpose including "evil" purposes. The group states:

The world has changed since the Open Source Definition was created — open source has become ubiquitous, and is now being leveraged by bad actors for mass surveillance, racist policing, and other human rights abuses all over the world. The OES believes that the open-source community must evolve to address the magnitude and complexity of today's social, political, and technological challenges...

How does this actually work in a license...?

The Software shall not be used by any person or entity for any systems, activities, or other uses that violate any Human Rights Laws. "Human Rights Laws" means any applicable laws, regulations, or rules (collectively, "Laws") that protect human, civil, labor, privacy, political, environmental, security, economic, due process, or similar rights....

This latest version of the license was developed in collaboration with a pro-bono legal team from Corporate Accountability Lab (CAL). It has been adopted by many open-source projects including the Ruby library VCR; mobile app development tool Gryphon; Javascript mapping library react-leaflet; and WeTransfer's entire open-source portfolio...

The organization adds, though, the license's most significant impact may be the debate it sparked between ethical-minded developers and open-source traditionalists around the primacy of Freedom Zero.

The article includes this quote from someone described as an open source-savvy lawyer.

"To me, ethical licensing is a case of someone with a very small hammer seeing every problem as a nail, and not even acknowledging that the nail is far too big for the hammer."

Slashdot Top Deals