Mishaal Rahman reports via Android Authority: Earlier today, a Senior Staff Software Engineer at Google who, according to their LinkedIn, leads the Android Systems Team and works on Android's Linux kernel fork, submitted a series of patches to AOSP that "remove ACK's support for riscv64." The description of these patches states that "support for risc64 GKI kernels is discontinued."

ACK stands for Android Common Kernel and refers to the downstream branches of the official kernel.org Linux kernels that Google maintains. The ACK is basically Linux plus some "patches of interest to the Android community that haven't been merged into mainline or Long Term Supported (LTS) kernels." There are multiple ACK branches, including android-mainline, which is the primary development branch that is forked into "GKI" kernel branches that correspond to a particular combination of supported Linux kernel and Android OS version. GKI stands for Generic Kernel Image and refers to a kernel that's built from one of these branches. Every certified Android device ships with a kernel based on one of these GKI branches, as Google currently does not certify Android devices that ship with a mainline Linux kernel build.

Since these patches remove RISC-V kernel support, RISC-V kernel build support, and RISC-V emulator support, any companies looking to compile a RISC-V build of Android right now would need to create and maintain their own fork of Linux with the requisite ACK and RISC-V patches. Given that Google currently only certifies Android builds that ship with a GKI kernel built from an ACK branch, that means we likely won't see certified builds of Android on RISC-V hardware anytime soon. Our initial interpretation of these patches was that Google was preparing to kill off RISC-V support in Android since that was the most obvious conclusion. However, a spokesperson for Google told us this: "Android will continue to support RISC-V. Due to the rapid rate of iteration, we are not ready to provide a single supported image for all vendors. This particular series of patches removes RISC-V support from the Android Generic Kernel Image (GKI)." Based on Google's statement, Rahman suggests that "there's still a ton of work that needs to be done before Android is ready for RISC-V."

"Even once it's ready, Google will need to redo the work to add RISC-V support in the kernel anyway. At the very least, Google's decision likely means that we might need to wait even longer than expected to see commercial Android devices running on a RISC-V chip."

After convincing the world to buy open source and give up the Morse Code test for ham radio licenses, Bruce Perens has a new gambit: develop a license that ensures software developers receive compensation from large corporations using their work. The new Post-Open Zero Cost License seeks to address the financial disparities in open source software use and includes provisions against using content to train AI models, aligning its enforcement with non-profit performing rights organizations like ASCAP. Here's an excerpt from an interview The Register conducted with Perens: The license is one component among several -- the paid license needs to be hammered out -- that he hopes will support his proposed Post-Open paradigm to help software developers get paid when their work gets used by large corporations. "There are two paradigms that you can use for this," he explains in an interview. "One is Spotify and the other is ASCAP, BMI, and SESAC. The difference is that Spotify is a for-profit corporation. And they have to distribute profits to their stockholders before they pay the musicians. And as a result, the musicians complain that they're not getting very much at all."

"There are two paradigms that you can use for this," he explains in an interview. "One is Spotify and the other is ASCAP, BMI, and SESAC. The difference is that Spotify is a for-profit corporation. And they have to distribute profits to their stockholders before they pay the musicians. And as a result, the musicians complain that they're not getting very much at all." Perens wants his new license -- intended to complement open source licensing rather than replace it -- to be administered by a 501(c)(6) non-profit. This entity would handle payments to developers. He points to the music performing rights organizations as a template, although among ASCAP, BMI, SECAC, and GMR, only ASCAP remains non-profit. [...]

The basic idea is companies making more than $5 million annually by using Post-Open software in a paid-for product would be required to pay 1 percent of their revenue back to this administrative organization, which would distribute the funds to the maintainers of the participating open source project(s). That would cover all Post-Open software used by the organization. "The license that I have written is long -- about as long as the Affero GPL 3, which is now 17 years old, and had to deal with a lot more problems than the early licenses," Perens explains. "So, at least my license isn't excessively long. It handles all of the abuses of developers that I'm conscious of, including things I was involved in directly like Open Source Security v. Perens, and Jacobsen v. Katzer."

"It also makes compliance easier for companies than it is today, and probably cheaper even if they do have to pay. It creates an entity that can sue infringers on behalf of any developer and gets the funding to do it, but I'm planning the infringement process to forgive companies that admit the problem and cure the infringement, so most won't ever go to court. It requires more infrastructure than open source developers are used to. There's a central organization for Post-Open (or it could be three organizations if we divided all of the purposes: apportioning money to developers, running licensing, and enforcing compliance), and an outside CPA firm, and all of that has to be structured so that developers can trust it." You can read the full interview here.

ReneR writes: A major T2 Linux milestone has been released, shipping with full support for 25 CPU architectures and several C libraries, as well as restored support for Intel IA-64 Itanium. Additionally, many vintage X.org DDX drivers were fixed and tested to work again, as well as complete support for the latest KDE 6 and GNOME 46.

T2 is known for its sophisticated cross compile support and support for nearly all existing CPU architectures: Alpha, Arc, ARM(64), Avr32, HPPA(64), IA64, M68k, MIPS(64), Nios2, PowerPC(64)(le), RISCV(64), s390x, SPARC(64), and SuperH x86(64). T2 is an increasingly popular choice for embedded systems and virtualization. It also still supports the Sony PS3, Sgi, Sun and HP workstations, as well as the latest ARM64 and RISCV64 architectures.

The release contains a total of 5,140 changesets, including approximately 5,314 package updates, 564 issues fixed, 317 packages or features added and 163 removed, and around 53 improvements. Usually most packages are up-to-date, including Linux 6.8, GCC 13, LLVM/Clang 18, as well as the latest version of X.org, Mesa, Firefox, Rust, KDE 6 and GNOME 46!

More information, source and binary distribution are open source and free at T2 SDE.

An anonymous reader shared a report this week from Reuters: The U.S. Department of Commerce is reviewing the national security implications of China's work in open-source RISC-V chip technology, according to a letter sent to U.S. lawmakers...

The technology is being used by major Chinese tech firms such as Alibaba Group Holding and has become a new front in the strategic competition over advanced chip technology between the U.S. and China. In November, 18 U.S. lawmakers from both houses of Congress pressed the Biden administration for its plans to prevent China "from achieving dominance in ... RISC-V technology and leveraging that dominance at the expense of U.S. national and economic security."

In a letter last week to the lawmakers that was seen by Reuters on Tuesday, the Commerce Department said it is "working to review potential risks and assess whether there are appropriate actions under Commerce authorities that could effectively address any potential concerns."

But the Commerce Department also noted that it would need to tread carefully to avoid harming U.S. companies that are part of international groups working on RISC-V technology.

1,000 petabytes.
A million terabytes.
One quintillion bytes (or 1,000,000,000,000,000,000).

That's the amount of storage reported by users of the Ceph storage solution (across more than 3,000 Ceph clusters).

The Ceph Foundation is a "directed fund" of the Linux Foundation, providing a neutral home for Ceph, "the most popular open source storage solution for modern data storage challenges" (offering an architecture that's "highly scalable, resilient, and flexible"). It's a software-defined storage platform, providing object storage, block storage, and file storage built on a common distributed cluster foundation.

And Friday they announced the release of Ceph Squid, "which comes with several performance and space efficiency features along with enhanced protocol support." Ceph has solidified its position as the cornerstone of open source data storage. The release of Ceph Squid represents a significant milestone toward providing scalable, reliable, and flexible storage solutions that meet the ever-evolving demands of digital data storage.

Features of Ceph Squid include improvements to BlueStore [a storage back end specifically designed for managing data on disk for Ceph Object Storage Daemon workloads] to reduce latency and CPU requirements for snapshot intensive workloads. BlueStore now uses RocksDB compression by default for increased average performance and reduced space usage. [And the next-generation Crimson OSD also has improvements in stability and read performance, and "now supports scrub, partial recovery and osdmap trimming."]

Ceph continues to drive the future of storage, and welcomes developers, partners, and technology enthusiasts to get involved.
Ceph Squid also brings enhancements for the CRUSH algorithm [which computes storage locations] to support more flexible and cost effective erasure coding configurations.

Microsoft releases one of the most popular versions of MS-DOS as open source today. stikves shares a post:Ten years ago, Microsoft released the source for MS-DOS 1.25 and 2.0 to the Computer History Museum, and then later republished them for reference purposes. This code holds an important place in history and is a fascinating read of an operating system that was written entirely in 8086 assembly code nearly 45 years ago.

Today, in partnership with IBM and in the spirit of open innovation, we're releasing the source code to MS-DOS 4.00 under the MIT license. There's a somewhat complex and fascinating history behind the 4.0 versions of DOS, as Microsoft partnered with IBM for portions of the code but also created a branch of DOS called Multitasking DOS that did not see a wide release.

prisoninmate shares a report from 9to5Linux: Canonical released today Ubuntu 24.04 LTS (Noble Numbat) as the latest version of its popular Linux-based operating system featuring some of the latest GNU/Linux technologies and Open Source software. Powered by Linux kernel 6.8, Ubuntu 24.04 LTS features the latest GNOME 46 desktop environment, an all-new graphical firmware update tool called Firmware Updater, Netplan 1.0 for state-of-the-art network management, updated Ubuntu font, support for the deb822 format for software sources, increased vm.max_map_count for better gaming, and Mozilla Thunderbird as a Snap by default.

It also comes with an updated Flutter-based graphical desktop installer that's now capable of updating itself and features a bunch of changes like support for accessibility features, guided (unencrypted) ZFS installations, a new option to import auto-install configurations for templated custom provisioning, as well as new default installation options, such as Default selection (previously Minimal) and Extended selection (previously Normal)."

An anonymous reader quotes a report from Ars Technica: Home Assistant, until recently, has been a wide-ranging and hard-to-define project. The open smart home platform is an open source OS you can run anywhere that aims to connect all your devices together. But it's also bespoke Raspberry Pi hardware, in Yellow and Green. It's entirely free, but it also receives funding through a private cloud services company, Nabu Casa. It contains tiny board project ESPHome and other inter-connected bits. It has wide-ranging voice assistant ambitions, but it doesn't want to be Alexa or Google Assistant. Home Assistant is a lot.

After an announcement this weekend, however, Home Assistant's shape is a bit easier to draw out. All of the project's ambitions now fall under the Open Home Foundation, a non-profit organization that now contains Home Assistant and more than 240 related bits. Its mission statement is refreshing, and refreshingly honest about the state of modern open source projects. "We've done this to create a bulwark against surveillance capitalism, the risk of buyout, and open-source projects becoming abandonware," the Open Home Foundation states in a press release. "To an extent, this protection extends even against our future selves -- so that smart home users can continue to benefit for years, if not decades. No matter what comes." Along with keeping Home Assistant funded and secure from buy-outs or mission creep, the foundation intends to help fund and collaborate with external projects crucial to Home Assistant, like Z-Wave JS and Zigbee2MQTT.

Home Assistant's ambitions don't stop with money and board seats, though. They aim to "be an active political advocate" in the smart home field, toward three primary principles:

- Data privacy, which means devices with local-only options, and cloud services with explicit permissions
- Choice in using devices with one another through open standards and local APIs
- Sustainability by repurposing old devices and appliances beyond company-defined lifetimes

Notably, individuals cannot contribute modest-size donations to the Open Home Foundation. Instead, the foundation asks supporters to purchase a Nabu Casa subscription or contribute code or other help to its open source projects. Further reading: The Verge's interview with Home Assistant founder Paulus Schoutsen

Remember when Apple filed a lawsuit against chip startup Rivos (saying that in one year Rivos hired more than 40 former Apple employees to work on competing system-on-a-chip technology)? Apple settled that suit in February.

And now Tuesday Rivos announced that it raised $250 million, according to Reuters, "in a funding round that will enable it to manufacture its first server chip geared for artificial intelligence," combining a CPU with an AI-accelerating component optimized for LLMs and data analytics. Nvidia gobbled up more than 80% market share of AI chips in 2023. But a host of startups and chip giants have started to launch competing products, such as Intel's Gaudi 3 and Meta's inference chip — both unveiled last week. Rivos is tight-lipped about the specifics of the product, but has disclosed that its plans include designing chips based on the RISC-V architecture, which is an open source alternative to the architectures made by Arm, Intel, and Advanced Micro Devices.. [U]sing the open source alternative means Rivos does not have to pay a license fee to Arm. "RISC-V doesn't have a (large) software ecosystem, so I decided to form a company and then build software-defined hardware — just like what CUDA did with Nvidia," said Lip-Bu Tan, founding managing partner at Walden Catalyst, one of Rivos' investors.
Meanwhile, there's a rumor that Allen Wu, former chief executive of Arm China, has founded a new company that will develop chips based on RISC-V. Tom's Hardware writes: Under the leadership of the controversial Allen Wu, Zhongzhi Chip is reportedly attracting a notable influx of talent, including numerous former employees of Arm, indicating the new company's serious ambitions in the chip sector... [T]he company's operational focus remains partially unclear, with speculation around whether it will primarily engage in its own R&D initiatives or represent Tenstorrent in China as its agent... which develops HPC CPUs and AI processors based on the RISC-V ISA... Based on the source report, Zhongzhi Chip is leveraging its connections and forming alliances with several other leading global RISC-V chip developers.

Michael Larabel reports via Phoronix: While Fedora 41 in late 2024 is aiming to have more reproducible package builds, openSUSE Factory has already achieved a significant milestone in bit-by-bit reproducible builds. Since last month openSUSE Factory has been producing bit-by-bit reproducible builds sans the likes of embedded signatures. OpenSUSE Tumbleweed packages for that rolling-release distribution are being verified for bit-by-bit reproducible builds. SUSE/openSUSE is still verifying all packages are yielding reproducible builds but so far it's looking like 95% or more of packages are working out. You can learn more via the openSUSE blog.

The Linux Foundation-backed project OpenTofu "has gotten legal pushback from HashiCorp," according to a report — just seven months after forking OpenTofu's code from HashiCorp's IT deployment software Terraform: On April 3, HashiCorp issued a strongly-worded Cease and Desist letter to OpenTofu, accusing that the project has "repeatedly taken code HashiCorp provided only under the Business Software License (BSL) and used it in a manner that violates those license terms and HashiCorp's intellectual property rights." It goes on to note that "In at least some instances, OpenTofu has incorrectly re-labeled HashiCorp's code to make it appear as if it was made available by HashiCorp originally under a different license." Last August, HashiCorp announced that it would be transitioning its software from the open source Mozilla Public License (MPL 2.0) to the Business Source License (BSL), a license that permits the source to be viewed, but not run in production environments without explicit approval by the license owner. HashiCorp gave OpenTofu until April 10 to remove any allegedly copied code from the OpenTofu repository, threatening litigation if the project fails to do so.
Others are also covering the fracas, including Steven J. Vaughan-Nichols at DevOps.com: OpenTofu replied, "The OpenTofu team vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused HashiCorp's BSL code. All such statements have zero basis in facts." In addition, it said, HashiCorp's claims of copyright infringement are completely unsubstantiated. As for the code in question, OpenTofu claims it can clearly be shown to have been copied from older code under the Mozilla Public License (MPL) 2.0. "HashiCorp seems to have copied the same code itself when they implemented their version of this feature. All of this is easily visible in our detailed SCO analysis, as well as their own comments."

In a detailed source code origination (SCO) examination of the problematic source code, OpenTofu stated that HashiCorp was mistaken. "We believe that this is just a case of a misunderstanding where the code came from." OpenTofu maintains the code was originally licensed under the MPL, not the BSL. If so, then OpenTofu was perfectly within its right to use the code in its codebase...

[OpenTofu's lawyer] concluded, "In the future, if you should have any concerns or questions about how source code in OpenTofu is developed, we would ask that you contact us first. Immediately issuing DMCA takedown notices and igniting salacious negative press articles is not the most helpful path to resolving concerns like this."

The foundations behind Rust, Python, Apache, Eclipse, PHP, OpenSSL, and Blender announced plans to create "common specifications for secure software development," based on "existing open source best practices."

From the Eclipse Foundation: This collaborative effort will be hosted at the Brussels-based Eclipse Foundation [an international non-profit association] under the auspices of the Eclipse Foundation Specification Process and a new working group... Other code-hosting open source foundations, SMEs, industry players, and researchers are invited to join in as well.

The starting point for this highly technical standardisation effort will be today's existing security policies and procedures of the respective open source foundations, and similar documents describing best practices.

The governance of the working group will follow the Eclipse Foundation's usual member-led model but will be augmented by explicit representation from the open source community to ensure diversity and balance in decision-making. The deliverables will consist of one or more process specifications made available under a liberal specification copyright licence and a royalty-free patent licence... While open source communities and foundations generally adhere to and have historically established industry best practices around security, their approaches often lack alignment and comprehensive documentation.

The open source community and the broader software industry now share a common challenge: legislation has introduced an urgent need for cybersecurity process standards.
The Apache Foundation notes the working group is forming partly "to demonstrate our commitment to cooperation with and implementation of" the EU's Cyber Resilience Act. But the Eclipse Foundation adds that even before it goes into effect in 2027, they're recognizing open source software's "increasingly vital role in modern society" and an increasing need for reliability, safety, and security, so new regulations like the CRA "underscore the urgency for secure by design and robust supply chain security standards."

Their announcement adds that "It is also important to note that it is similarly necessary that these standards be developed in a manner that also includes the requirements of proprietary software development, large enterprises, vertical industries, and small and medium enterprises." But at the same time, "Today's global software infrastructure is over 80% open source... [W]hen we discuss the 'software supply chain,' we are primarily, but not exclusively, referring to open source."

"We invite you to join our collaborative effort to create specifications for secure open source development," their announcement concludes," promising initiative updates on a new mailing list. "Contribute your ideas and participate in the magic that unfolds when open source foundations, SMEs, industry leaders, and researchers combine forces to tackle big challenges."

The Python Foundation's announcement calls it a "community-driven initiative" that will have "a lasting impact on the future of cybersecurity and our shared open source communities."

Slashdot reader Mononymous writes: The latest release of OpenBSD, the FOSS Unix-like operating system focused on correctness and security over features and performance, has been released. This version includes newer driver support, performance improvements, stability fixes, and lots of package updates. One highlight is a complete port of KDE Plasma 5.

You can view the announcement and get the bits at OpenBSD.org.
Phoronix reports that with OpenBSD 7.5 "there is a number of improvements for ARM (AArch64) hardware, never-ending kernel optimizations and other tuning work, countless package updates, and other adjustments to this popular BSD platform."

Google has introduced a new JPEG library called Jpegli, which reduces noise and improves image quality over traditional JPEGs. Proponents of the technology said it has the potential to make the Internet faster and more beautiful. InfoWorld reports: Announced April 3 and accessible from GitHub, Jpegli maintains high backward compatibility while offering enhanced capabilities and a 35% compression ratio at high-quality compression settings, Google said. Jpegli works by using new techniques to reduce noise and improve image quality. New or improved features include adaptive quantization heuristics from the JPEG XL reference implementation, improved quantization matrix selection, calculation of intermediate results, and the possibility to use more advanced colorspace.

The library provides an interoperable encoder and decoder complying with the original JPEG standard and its most convenient 8-bit formalism and API/ABI compatibility with libjeg-turbo and MozJPEG. When images are compressed or decompressed through Jpegli, more precise and psycho-visually effective computations are also performed; images will look clearer and have fewer observable artifacts. While improving on the density ratio of image quality and compression, Jpegli's coding speed is comparable to traditional approaches such as MozJPEG, according to Google. Web developers can thus integrate Jpegli into existing workflows without sacrificing coding speed, performance, or memory use.

Jpegli can be encoded with 10-plus bits per component. The 10-bit encoding happens in the original 8-bit formalism and the resulting images are interoperable with 8-bit viewers. The 10-bit dynamics are available as an API extension and application code changes are necessary to apply it. Also, Jpegli compresses images more efficiently than traditional JPEG codecs; this can save bandwidth and storage space and make web pages faster, Google said.

Lindsay Clark reports via The Register: Analytics platform Databricks has launched an open source foundational large language model, hoping enterprises will opt to use its tools to jump on the LLM bandwagon. The biz, founded around Apache Spark, published a slew of benchmarks claiming its general-purpose LLM -- dubbed DBRX -- beat open source rivals on language understanding, programming, and math. The developer also claimed it beat OpenAI's proprietary GPT-3.5 across the same measures.

DBRX was developed by Mosaic AI, which Databricks acquired for $1.3 billion, and trained on Nvidia DGX Cloud. Databricks claims it optimized DBRX for efficiency with what it calls a mixture-of-experts (MoE) architecture â" where multiple expert networks or learners divide up a problem. Databricks explained that the model possesses 132 billion parameters, but only 36 billion are active on any one input. Joel Minnick, Databricks marketing vice president, told The Register: "That is a big reason why the model is able to run as efficiently as it does, but also runs blazingly fast. In practical terms, if you use any kind of major chatbots that are out there today, you're probably used to waiting and watching the answer get generated. With DBRX it is near instantaneous."

But the performance of the model itself is not the point for Databricks. The biz is, after all, making DBRX available for free on GitHub and Hugging Face. Databricks is hoping customers use the model as the basis for their own LLMs. If that happens it might improve customer chatbots or internal question answering, while also showing how DBRX was built using Databricks's proprietary tools. Databricks put together the dataset from which DBRX was developed using Apache Spark and Databricks notebooks for data processing, Unity Catalog for data management and governance, and MLflow for experiment tracking.