GCC is the GNU project's free and open-source cross-platform compiler collection. Now an anonymous reader shared this announcement from the mailing list for GCC: The GCC Steering Committee has decided to adopt a Code of Conduct for interactions in GCC project spaces, including mailing lists, bugzilla, and IRC.

The vast majority of the time, the GCC community is a very civil, cooperative space. On the rare occasions that it isn't, it's helpful to have something to point to to remind people of our expectations. It's also good for newcomers to have something to refer to, for both how they are expected to conduct themselves and how they can expect to be treated...

At this time the CoC is preliminary: the code itself should be considered active, but the CoC committee (and so the reporting and response procedures) are not yet in place.
There's also an official FAQ, and GCC's Code of Conduct begins with this introduction. "Like the free software community as a whole, the GCC community is made up of a mixture of professionals and volunteers from all over the world, working on every aspect of the project — including mentorship, teaching, and connecting people."

Where this leads to issues and unhappiness, "we have a few ground rules that we ask people to adhere to... [T]ake it in the spirit in which it's intended — a guide to make it easier to enrich all of us, the project, and the broader communities in which we participate."

America's Federal Trade Commission is soliciting public comments on the business practices of cloud computing providers, trying to understand security risks and competitive dynamics. (Questions include "To what extent are particular segments of the economy reliant on a small handful of cloud service providers and what are the data security impacts of this reliance?") They've already received dozens of comments (including one from Red Hat).

But there's also three questions about open-source software:


"To what extent do cloud providers offer products based on open-source software?"

- "What is the impact of such offerings on competition?"

- "How have recent changes to the terms of open-source licenses affected cloud providers' ability to offer products based on open-source software?"


This has drawn a response from the Free Software Foundation — and they're urging others to join in. "Since it isn't every day that the FTC solicits public comments on subjects in which the free software community is so well-versed, let's take this opportunity to submit comments that support digital sovereignty." The hope is to persuade policy makers to make software freedom and privacy a central part of any future considerations made in the areas of storage, computation, and services. Such comments will be made part of the public record, so any participation promises to have a lasting impact...

[W]e have prepared the following points for consideration:


- When considering rules and regulations in technology that stand to protect people's fundamental civil liberties, it is important to start from the question, "does this decision improve digital sovereignty or diminish it?"

- In the case of computing, (e.g. word processing, spreadsheet, and graphic design programs), the typical options diminish digital sovereignty because the computations are being run on another computer under someone else's control, inaccessible to the end user, who therefore does not have the essential freedoms to share, modify, and study the computations (i.e. the program). The only real solution to this is to offer free "as in freedom" replacements of those programs, so that end users may maintain control over their computing.

- In the case of storage, today's typical options diminish digital sovereignty because many storage providers only provide unencrypted options for storage. It is imperative that individuals and businesses who choose third-party storage always have the choice to encrypt their storage, and the encryption keys must be entirely within the control of the end user, not the third-party provider.

- In the case of services (such as email, teleconferencing, and videoconferencing), while the source code that runs services need not necessarily be made public, end users deserve to be able to access such services via a free software client. In such cases, it is imperative that service providers implement a design of interoperability, so that end users may use the service with any choice of client.

- Free software allows end users to inspect the software for possible security flaws, while proprietary software does not. Therefore free software is the only realistic option for an end user to achieve verifiable security...


Unfortunately, the FTC's website requires nonfree JavaScript (reCAPTCHA, specifically) to comment on a document, and the FTC has declined repeated requests for instructions for how to submit comments by paper form.

If you're not in the habit of avoiding nonfree JavaScript for the sake of your freedom, which we recommend, you can also leave comments on the FTC's website. While you're there, let webmaster@ftc.gov know about the injustice of proprietary JavaScript and encourage them to respect the freedom of their users...

The deadline to submit is June 21, which is just enough time to publish something meaningful on the topic in support of free software.

Slashdot reader e065c8515d206cb0e190 shared the big announcement from Debian.org: After 1 year, 9 months, and 28 days of development, the Debian project is proud to present its new stable version 12 (code name bookworm).

bookworm will be supported for the next 5 years thanks to the combined work of the Debian Security team and the Debian Long Term Support team...

This release contains over 11,089 new packages for a total count of 64,419 packages, while over 6,296 packages have been removed as obsolete. 43,254 packages were updated in this release. The overall disk usage for bookworm is 365,016,420 kB (365 GB), and is made up of 1,341,564,204 lines of code.

bookworm has more translated man pages than ever thanks to our translators who have made man-pages available in multiple languages such as: Czech, Danish, Greek, Finnish, Indonesian, Macedonian, Norwegian (Bokmål), Russian, Serbian, Swedish, Ukrainian, and Vietnamese. All of the systemd man pages are now completely available in German.

The Debian Med Blend introduces a new package: shiny-server which simplifies scientific web applications using R. We have kept to our efforts of providing Continuous Integration support for Debian Med team packages. Install the metapackages at version 3.8.x for Debian bookworm.

The Debian Astro Blend continues to provide a one-stop solution for professional astronomers, enthusiasts, and hobbyists with updates to almost all versions of the software packages in the blend. astap and planetary-system-stacker help with image stacking and astrometry resolution. openvlbi, the open source correlator, is now included.

Support for Secure Boot on ARM64 has been reintroduced: users of UEFI-capable ARM64 hardware can boot with Secure Boot mode enabled to take full advantage of the security feature.
9to5Linux has screenshots, and highlights some new features: Debian 12 also brings read/write support for APFS (Apple File System) with the apfsprogs and apfs-dkms utilities, a new tool called ntfs2btrfs that lets you convert NTFS drives to Btrfs, a new malloc implementation called mimalloc, a new kernel SMB server called ksmbd-tools, and support for the merged-usr root file system layout...

This release also includes completely new artwork called Emerald, designed (once again) by Juliette Taka. New fonts are also present in this major Debian release, along with a new fnt command-line tool for accessing 1,500 DFSG-compliant fonts.
Debian 12 "bookworm" ships with several desktop environments, including:

• Gnome 43,
• KDE Plasma 5.27,
• LXDE 11,
• LXQt 1.2.0,
• MATE 1.26,
• Xfce 4.18

In a blog post today, the Free Software Foundation is calling on the Internal Revenue Service (IRS) to provide free/libre tax-filing software for Americans to file their taxes, citing upcoming legislation that allocates funds for the agency to explore a government-operated gratis tax return system. "Many feel they have no other option than to use nonfree software or a Service as a Software Substitute (SaaSS), giving up their freedom as well as their most private financial information to a third-party company, in order to file taxes," writes the FSF.

$15 million of the $80 billion that was approved for the IRS by the Inflation Reduction Act includes the promise to further explore an "electronic service to prepare and file tax returns directly with the IRS." To do so, the IRS intends to "study taxpayer preferences for products. The results of the study will inform if and how the IRS should design such a service." The FSF writes: Let's call on the IRS to make a website for filing your tax return which respects your freedom. This is your chance. Write to the new IRS commissioner Daniel Werfel with your message. [...] Look up the address of your state's tax filing institution and send your letter to this address. Post your letter on social media to inspire others to do the same.

9to5Linux reports: KDE-focused and Arch Linux-inspired independent distribution KaOS Linux celebrates today 10 years of existence with a new stable ISO release that brings some of the latest GNU/Linux technologies and a preview of the upcoming KDE Plasma 6 desktop environment.

Yes, you're reading it right, KaOS is one of the very first GNU/Linux distributions to offer you a live ISO image with a pre-release version of the KDE Plasma 6 desktop, which, of course, is compiled against the latest Qt 6 open-source application framework...

Since this is a special ISO release, the devs also added an option to play music during the installation process.
"KaOS uses the Systemd-provided Systemd-boot for UEFI installs," according to the release notes.

"The fact remains that Google Chrome is the arbiter of web standards," argues FSF campaigns manager Greg Farough (while adding that Firefox, "through ethical distributions like GNU IceCat and Abrowser, can weaken that stranglehold.")

"Google's deprecation of the JPEG-XL image format in February in favor of its own patented AVIF format might not end the web in the grand scheme of things, but it does highlight, once again, the disturbing amount of control it has over the platform generally." Part of Google's official rationale for the deprecation is the following line: "There is not enough interest from the entire ecosystem to continue experimenting with JPEG-XL." Putting aside the problematic aspects of the term "ecosystem," let us remark that it's easy to gauge the response of the "entire ecosystem" when you yourself are by far the largest and most dangerous predator in said "ecosystem." In relation to Google's overwhelming power, the average web user might as well be a microbe. In supposedly gauging what the "ecosystem" wants, all Google is really doing is asking itself what Google wants...

While we can't link to Google's issue tracker directly because of another freedom issue — its use of nonfree JavaScript — we're told that the issue regarding JPEG-XL's removal is the second-most "starred" issue in the history of the Chromium project, the nominally free basis for the Google Chrome browser. Chromium users came out of the woodwork to plead with Google not to make this decision. It made it anyway, not bothering to respond to users' concerns. We're not sure what metric it's using to gauge the interest of the "entire ecosystem," but it seems users have given JPEG-XL a strong show of support. In turn, what users will be given is yet another facet of the web that Google itself controls: the AVIF format.

As the response to JPEG-XL's deprecation has shown, our rallying together and telling Google we want something isn't liable to get it to change its mind. It will keep on wanting what it wants: control; we'll keep on wanting what we want: freedom.

Only, the situation isn't hopeless. At the present moment, not even Google can stop us from creating the web communities that we want to see: pages that don't run huge chunks of malicious, nonfree code on our computers. We have the power to choose what we run or do not run in our browsers. Browsers like GNU IceCat (and extensions like LibreJS and JShelter> ) help with that. Google also can't prevent us from exploring networks beyond the web like Gemini. What our community can do is rally support behind those free browsers that choose to support JPEG-XL and similar formats, letting the big G know that even if we're smaller than it, we won't be bossed around.

Slashdot reader unixbhaskar writes: A company in the U.K. calling itself Minifree has started to ship old Thinkpad (specifically the X series and T series models) with Libreboot firmware. Which is based on coreboot firmware.
More specifically, Libreboot is the free-as-in-speech replacement for proprietary BIOS/UEFI firmware, the site notes, "offering faster boots speeds, better security and many advanced features compared to most proprietary boot firmware." Those advanced features include the GNU project's multiple-OS-booting "grand unified bootloader" GNU GRUB directly in the boot flash, along with several other customization options. "The aim is simple: make it easy to have a computer that was made to run entirely on Free Software at every level, meaning no proprietary software of any kind. That includes the boot firmware, operating system, drivers and applications."

The Libreboot project's founder is also the founder of Minifree, and the profits from Minifree's sales directly fund the Libreboot project. (The whole Minifree web site runs on Libreboot-powered servers, on a network behind a Libreboot-powered router...) Their site points out that Minifree Ltd has also privately funded several new board ports to coreboot, including 90,000 USD to Raptor Engineering for ASUS KGPE-D16 and KCMA-D8 libreboot support, and 4000 AUD to Damien Zammit for Gigabyte GA-G41M-ES2L and Intel D510MO libreboot support.

The installed OS on the laptops is either encrypted Debian (KDE Plasma desktop environment), with full driver support, or "other Linux distro/BSD (e.g. OpenBSD, FreeBSD) at your request... Advanced features like encrypted /boot (GNU+Linux only), signed kernels and more are available." And the laptops are also shipped — worldwide — with "your choice of 480/960GB SSD or 2x480GB/2x960GB RAID1 SSDs, with good batteries and 16GB RAM. Free technical support via email/IRC plus 5-year warranty."

But judging by their FAQ, the support is even more extensive. "If you brick your Minifree laptop when updating Libreboot, Minifree will unbrick it for free if you send it back to us. Even if your warranty has expired! However, such bricking is rare."

The Free Software Foundation certifies products that meet their standards in regard to users' freedom, control over the product, and privacy. And they put out a new "Respects Your Freedom" certification on Thursday for ThinkPenguin's free software gigabit mini VPN router, the TPE-R1400.

From the FSF's announcement: This is ThinkPenguin's first device to receive RYF certification in 2023, adding to their vast catalogue of certified devices from previous years. As with previous routers from ThinkPenguin, the Free Software Gigabit Mini VPN Router ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, the maintainer of libreCMC and a former FSF intern.

The router enables users to run their network connection through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers.

"We're pleased to see ThinkPenguin continue with their commitment to bringing out devices that put software freedom as their first priority under the RYF program. The release of this router shows that ThinkPenguin is committed to the privacy and freedom of their users," said the FSF's executive director, Zoë Kooyman....

"The latest version of ThinkPenguin's VPN router lets its users take advantage of gigabit per second Internet connections while protecting their rights and privacy," said FSF's copyright and licensing associate, Craig Topham.

The Free Software Foundation held their annual LibrePlanet conference last week — and announced that Eli Zaretskii, co-maintainer of GNU Emacs, won their "Advancement of Free Software" award. "He has been a contributor to Emacs for more than thirty years," notes the FSF announcement, "and as co-maintainer, coordinates the work of more than two hundred active contributors. During Zaretskii's tenure as co-maintainer, the Emacs development community has implemented several important new features, including native compilation of the editor's Emacs Lisp backbone into machine code."

Zaretskii was honored with a recorded message from the original author/principal maintainer of GNU Emacs back in 1985, Richard Stallman: "For many years, I was the principal maintainer of GNU Emacs, but then others came along to do the work, and I haven't been heavily involved in Emacs development for many, many years. Nowadays, our principal maintainer of Emacs is extremely diligent and conscientious and has brought about a renaissance in new features and new packages added to Emacs, and the result is very impressive. So I'm happy to give the Free Software Award to Eli Zaretskii, principal maintainer of GNU Emacs. Thank you for your work."

In his recorded acceptance of the award, Zaretskii said, "The truth is my contribution to free software in general and to Emacs development in particular is quite modest, certainly compared to those who won this award before me.... And even my modest achievement as the Emacs developer and lately the co-maintainer would have been impossible without all the other contributors and the Emacs community as a whole. No significant free software project can be developed, maintained, and led forward without participation and support of its members. And Emacs is no exception."
Their award for Outstanding New Free Software Contributor went to Tad (SkewedZeppelin), the chief developer of DivestOS, a fork of Android which removes many proprietary binaries "and which puts freedom, security, and device longevity as its main concerns," according to the FSF's announcement. "Tad has also contributed to the Replicant distribution of Android, a project fiscally sponsored by the FSF."

And their award for Project of Social Benefit went to GNU Jami, a free software videoconferencing tool "that is fully decentralized and encrypted, allowing thousands around the world to communicate in both freedom and security. In contrast to proprietary conferencing programs like Zoom, which are nonfree software, Jami is an official GNU package licensed under the GNU GPLv3+."

Slashdot reader sleeping cat shares a recent FOSDEM talk by a compiler engineer on the team building Rust-GCC, "an alternative compiler implementation for the Rust programming language."

"If gccrs interprets a program differently from rustc, this is considered a bug," explains the project's FAQ on GitHub.

The FAQ also notes that LLVM's set of compiler technologies — which Rust uses — "is missing some backends that GCC supports, so a gccrs implementation can fill in the gaps for use in embedded development." But the FAQ also highlights another potential benefit: With the recent announcement of Rust being allowed into the Linux Kernel codebase, an interesting security implication has been highlighted by Open Source Security, inc. When code is compiled and uses Link Time Optimization (LTO), GCC emits GIMPLE [an intermediate representation] directly into a section of each object file, and LLVM does something similar with its own bytecode. If mixing rustc-compiled code and GCC-built code in the Linux kernel, the compilers will be unable to perform a full link-time optimization pass over all of the compiled code, leading to absent CFI (control flow integrity).

If Rust is available in the GNU toolchain, releases can be built on the Linux kernel (for example) with CFI using LLVM or GCC.
Started in 2014 (and revived in 2019), "The effort has been ongoing since 2020...and we've done a lot of effort and a lot of progress," compiler engineer Arthur Cohen says in the talk. "We have upstreamed the first version of gccrs within GCC. So next time when you install GCC 13 — you'll have gccrs in it. You can use it, you can start hacking on it, you can please report issues when it inevitably crashes and dies horribly."

"One big thing we're doing is some work towards running the rustc test suite. Because we want gccrs to be an actual Rust compiler and not a toy project or something that compiles a language that looks like Rust but isn't Rust, we're trying really hard to get that test suite working."

Read on for some notes from the talk...

In a keynote at FOSDEM 2023, NASA's science data officer Steve Crawford explored NASA's use of open-source software.

But LWN.net notes that the talk went far beyond just the calibration software for the James Webb Space Telescope and the Mars Ingenuity copter's flight-control framework. In his talk, Crawford presented NASA's Open-Source Science Initiative. Its goal is to support scientists to help them integrate open-science principles into the entire research workflow. Just a few weeks before Crawford's talk, NASA's Science Mission Directorate published its new policy on scientific information.

Crawford summarized this policy with "as open as possible, as restricted as necessary, always secure", and he made this more concrete: "Publications should be made openly available with no embargo period, including research data and software. Data should be released with a Creative Commons Zero license, and software with a commonly used permissive license, such as Apache, BSD, or MIT. The new policy also encourages using and contributing to open-source software." Crawford added that NASA's policies will be updated to make it clear that employees can contribute to open-source projects in their official capacity....

As part of its Open-Source Science Initiative, NASA has started its five-year Transform to Open Science (TOPS) mission. This is a $40-million mission to speed up adoption of open-science practices; it starts with the White House and all major US federal agencies, including NASA, declaring 2023 as the "Year of Open Science". One of NASA's strategic goals with TOPS is to enable five major scientific discoveries through open-science principles, Crawford said.
Interesting tidbit from the article: "In 2003 NASA created a license to enable the release of software by civil servants, the NASA Open Source Agreement. This license has been approved by the Open Source Initiative (OSI), but the Free Software Foundation doesn't consider it a free-software license because it does not allow changes to the code that come from third-party free-software projects."

Thanks to Slashdot reader guest reader for sharing the article!

A Rust-based re-implementation of GNU core utilities like cp and mv is "reaching closer to parity with the widely-used GNU upstream and becoming capable of taking on more real-world uses," reports Phoronix: Debian developer Sylvestre Ledru [also an engineering director at Mozilla] began working on uutils during the COVID-19 pandemic and presented last week at FOSDEM 2023 on his Coreutils replacement effort. With uutils growing into increasingly good shape, it's been packaged up by many Linux distributions and is also used now by "a famous social network via the Yocto project...."

The goals with uutils are to try to create a drop-in replacement for GNU Coreutils, strive for good cross-platform support, and easy testing. Ledru's initial goals were about being able to boot Debian, running the most popular packages, building key open-source software, and all-around it's been panning out to be a great success.... [M]ore performance optimizations are to come along with other work for compatibility against the GNU tools and implementing some still missing options in different programs

"From the maintainer of Ubuntu Unity and the Unity desktop environment, here comes blendOS," writes 9to5Linux, "a GNU/Linux distribution that aims to be the last distribution you'll ever use, especially if you distro hop." blendOS is here to offer you "a seamless blend of all Linux distributions," as its creator wants to call it. blendOS is based on Arch Linux and GNOME on Wayland, but it lets you use apps from other popular distributions, such as Fedora Linux or Ubuntu.

This is possible because you can use the native package managers from Arch Linux (pacman — included by default), Fedora Linux (dnf), and Ubuntu (apt), which are included as containers using Distrobox/Podman. However, the DNF and APT package managers aren't included in the live ISO image, nor blendOS's own blend package manager.... It also follows a rolling release model, since it's derived from Arch Linux.

Even if it comes with the GNOME desktop by default on the live ISO image, blendOS will let you deploy a new installation with another popular desktop environment, such as KDE Plasma, MATE, or Xfce, or even window managers like Sway or i3. Apart from the fact that you can install any app from any of the supported Linux distributions, blendOS also comes with out-of-the-box support for sandboxed Flatpak apps, which you can easily install directly from the Flathub Store app, which is a Web App that puts the Flathub website on your desktop.

For the last thirteen years the Free Software Foundation has published its Ethical Tech Giving Guide. But what's interesting is this year's guide also tags companies and products with negative recommendations to "stay away from." Stay away from: iPhones
It's not just Siri that's creepy: all Apple devices contain software that's hostile to users. Although they claim to be concerned about user privacy, they don't hesitate to put their users under surveillance.

Apple prevents you from installing third-party free software on your own phone, and they use this control to censor apps that compete with or subvert Apple's profits.

Apple has a history of exploiting their absolute control over their users to silence political activists and help governments spy on millions of users.


Stay away from: M1 MacBook and MacBook Pro
macOS is proprietary software that restricts its users' freedoms.

In November 2020, macOS was caught alerting Apple each time a user opens an app. Even though Apple is making changes to the service, it just goes to show how bad they try to be until there is an outcry.

Comes crawling with spyware that rats you out to advertisers.


Stay away from: Amazon
Amazon is one of the most notorious DRM offenders. They use this Orwellian control over their devices and services to spy on users and keep them trapped in their walled garden.

Be aware that Amazon isn't the peddler of ebook DRM. Disturbingly, it's enthusiastically supported by most of the big publishing houses.

Read more about the dangers of DRM through our Defective by Design campaign.


Stay away from: Spotify, Apple Music, and all other major streaming services
In addition to streaming music encumbered by DRM, people who want to use Spotify are required to install additional proprietary software. Even Spotify's client for GNU/Linux relies on proprietary software.

Apple Music is no better, and places heavy restrictions on the music streamed through the platform.


Stay away from: Netflix
Netflix is continuing its disturbing trend of making onerous DRM the norm for streaming media. That's why they were a target for last year's International Day Against DRM (IDAD).

They're also leveraging their place in the Motion Picture Association of America (MPAA) to advocate for tighter restrictions on users, and drove the effort to embed DRM into the fabric of the Web.

"In your gift giving this year, put freedom first," their guide begins.

And for a freedom-respecting last-minute gift idea, they suggest giving the gift of a FSF membership (which comes with a code and a printable page "so that you can present your gift as a physical object, if you like.") The membership is valid for one year, and includes the many benefits that come with an FSF associate membership, including a USB member card, email forwarding, access to our Jitsi Meet videoconferencing server and member forum, discounts in the FSF shop and on ThinkPenguin hardware, and more.

If you are in the United States, your gift would also be fully tax-deductible in the USA.

For the last thirteen years the Free Software Foundation has published its Ethical Tech Giving Guide, notes a recent FSF blog post. "The right to determine what a device you've purchased does or doesn't do is something too valuable to lose."

Or, as they put it in the guide: It's time to reclaim our freedom from the abuse of multinational corporations, who use proprietary software and malicious "antifeatures" to keep us powerless, dependent, and surveilled by the devices that we use. There's no time at which it's more important to turn these unfortunate facts into positive action than the holiday season.

The gifts that we recommend here might not be making headlines, but they're the rare exception to the apparent rule that devices should mistreat their users.
For technical users, the guide recommends pairing the FSF-sponsored Replicant, a fully-free distribution of Android, with the F-Droid app repository, which has hundreds of applications including Syncthing, Tor, Minetest, and Termux.

They also praise the X200 laptop, "one of the few home user devices that's able to run fully free software from top to bottom." With easy-to-repair hardware, it's the laptop most frequently used in the FSF's own office — just one of several freedom-respecting devices from Vikings. And there's shout-outs to MNT's Reform laptop, products from PINE64 and Purism, plus a freedom-respecting VPN, and a mini wifi adapter .

The guide even recommends places to buy DRM-free ebooks, including No Starch Press, Smashwords, Leanpub, Standard Ebooks, Nantucket E-Books, Libreture (which also offers a storage solution). Meanwhile for print books, there's the Gnu Press Shop

And it also recommends sources for DRM-free music (including Bandcamp, Emusic, the Smithsonian Institute's Folkways, the classic punk label Dischord, HDTracks, and Mutopia).

And it also tells you where to find free (as in freedom) films...

An anonymous reader quotes a report from ZDNet: Microsoft's Windows Subsystem for Linux (WSL) for running GNU/Linux environments on Windows 10 and Windows 11 has reached version 1.0.0 and is now generally available. Microsoft has been building WSL, including its own custom Linux kernel, for several years now. At first, WSL and WSL2 were an optional component within Windows, but last October Microsoft made the preview WSL available in the Microsoft Store as a separate app. The Store version could deliver users -- mostly developers and IT pros -- faster updates and features independently of updates to Windows.

As well as WSL shedding the "preview" label, Microsoft is making the WSL app from the Store the default for new users. As Microsoft noted last October at the release of Windows 11, the long term plan was to move WSL users to the Store version. However, Windows 11 still supported the "inbox version" of WSL while it continued developing the Store version. With this release, Microsoft is backporting WSL functionality to Windows 10 and 11 to make the Store version of WSL the default experience. The latest backport is available to "seekers" who click "Check for Updates" in Windows Settings, but in mid-December it will be pushed automatically to devices. The updates are available for Windows 10 version 21H1, 21H2, or 22H2, or on Windows 11 21H2 with all of the November updates applied.

Microsoft detailed a number of changes to commands now that the Store version of WSL is the default version, noting "wsl.exe --install will now automatically install the Store version of WSL, and will no longer enable the "Windows Subsystem for Linux" optional component, or install the WSL kernel or WSLg MSI packages as they are no longer needed." The virtual machine platform optional component will still be enabled, and by default Ubuntu will still be installed. One of the main new additions to WSL 1.0 is that users can opt in to support for systemd, the at-one-point maligned Linux system and service manager, which runs by default in several Linux distros, including Ubuntu and Debian. Also, Windows 10 users can use Linux GUI apps, a capability that was previously exclusive to Windows 11 users.

Thursday the Kudelski Group's cybersecurity division released "a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes."

"Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted." Even if the presence of the Shufflecake software itself cannot be hidden — and hence the presence of secret volumes is suspected — the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where "most hidden" secret volumes are buried under "less hidden" decoy volumes, whose passwords can be surrendered under pressure. In other words, a user can plausibly "lie" to a coercive adversary about the existence of hidden data, by providing a password that unlocks "decoy" data.

Every volume can be managed independently as a virtual block device, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disc. The whole system is very fast, with only a minor slowdown in I/O throughput compared to a bare LUKS-encrypted disk, and with negligible waste of memory and disc space.

You can consider Shufflecake a "spiritual successor" of tools such as Truecrypt and Veracrypt, but vastly improved. First of all, it works natively on Linux, it supports any filesystem of choice, and can manage up to 15 nested volumes per device, so to make deniability of the existence of these partitions really plausible.
"The reason why this is important versus "simple" disc encryption is best illustrated in the famous XKCD comic 538," quips Slashdot reader Gaglia (in the original submission. But the big announcement from Kudelski Security Research calls it "a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes.

"Shufflecake is FLOSS (Free/Libre, Open Source Software). Source code in C is available and released under the GNU General Public License v3.0 or superior.... The current release is still a non-production-ready prototype, so we advise against using it for really sensitive operations. However, we believe that future work will sensibly improve both security and performance, hopefully offering a really useful tool to people who live in constant danger of being interrogated with coercive methods to reveal sensitive information.

"Microsoft's GitHub Copilot is being sued in a class action lawsuit that claims the AI product is committing software piracy on an unprecedented scale," reports IT Pro.

Programmer/designer Matthew Butterick filed the case Thursday in San Francisco, saying it was on behalf of millions of GitHub users potentially affected by the $10-a-month Copilot service: The lawsuit seeks to challenge the legality of GitHub Copilot, as well as OpenAI Codex which powers the AI tool, and has been filed against GitHub, its owner Microsoft, and OpenAI.... "By training their AI systems on public GitHub repositories (though based on their public statements, possibly much more), we contend that the defendants have violated the legal rights of a vast number of creators who posted code or other work under certain open-source licences on GitHub," said Butterick.

These licences include a set of 11 popular open source licences that all require attribution of the author's name and copyright. This includes the MIT licence, the GNU General Public Licence, and the Apache licence. The case claimed that Copilot violates and removes these licences offered by thousands, possibly millions, of software developers, and is therefore committing software piracy on an unprecedented scale.

Copilot, which is entirely run on Microsoft Azure, often simply reproduces code that can be traced back to open-source repositories or licensees, according to the lawsuit. The code never contains attributions to the underlying authors, which is in violation of the licences. "It is not fair, permitted, or justified. On the contrary, Copilot's goal is to replace a huge swath of open source by taking it and keeping it inside a GitHub-controlled paywall...." Moreover, the case stated that the defendants have also violated GitHub's own terms of service and privacy policies, the DMCA code 1202 which forbids the removal of copyright-management information, and the California Consumer Privacy Act.
The lawsuit also accuses GitHub of monetizing code from open source programmers, "despite GitHub's pledge never to do so."

And Butterick argued to IT Pro that "AI systems are not exempt from the law... If companies like Microsoft, GitHub, and OpenAI choose to disregard the law, they should not expect that we the public will sit still." Butterick believes AI can only elevate humanity if it's "fair and ethical for everyone. If it's not... it will just become another way for the privileged few to profit from the work of the many."

Reached for comment, GitHub pointed IT Pro to their announcement Monday that next year, suggested code fragments will come with the ability to identify when it matches other publicly-available code — or code that it's similar to.

The article adds that this lawsuit "comes at a time when Microsoft is looking at developing Copilot technology for use in similar programmes for other job categories, like office work, cyber security, or video game design, according to a Bloomberg report."

joshuark shares a report from BleepingComputer, written by Ax Sharma: Searching for 'GIMP' on Google as recently as last week would show visitors an ad for 'GIMP.org,' the official website of the well known graphics editor, GNU Image Manipulation Program. This ad would appear to be legitimate as it'd state 'GIMP.org' as the destination domain. But clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which, in reality, was malware.

Reddit user ZachIngram04 earlier shared the development stating that the ad previously took users to a Dropbox URL to serve malware, but was soon "replaced with an even more malicious one" which employed a fake replica website 'gilimp.org' to serve malware. BleepingCompuer observed another domain 'gimp.monster' related to this campaign. To pass off the trojanized executable as GIMP in a believable manner to the user, the threat actor artificially inflated the malware, that is otherwise under 5 MB in size, to 700 MB by a simple technique known as binary padding. It still isn't clear if this instance was a slip up caused by a potential bug in Google Ad Manager that allowed malvertising.

After 104 commits from six different people, GNU grep was released Saturday, reports Phoronix.

The biggest change? "It's now made more clear that if you are still relying on the egrep and fgrep commands, it's past due for switching to just grep with the appropriate command-line arguments." The egrep and fgrep commands have been deprecated since 2007. Beginning with GNU Grep 3.8 today, calling these commands will now issue a warning to the user that instead they should use grep -E and grep -F, respectively.

Eventually, GNU Grep will drop the egrep / fgrep commands completely but there doesn't seem to be a firm deadline yet for when that removal will happen.
From grep's updated manual: 7th Edition Unix had commands egrep and fgrep that were the counterparts of the modern 'grep -E' and 'grep -F'. Although breaking up grep into three programs was perhaps useful on the small computers of the 1970s, egrep and fgrep were not standardized by POSIX and are no longer needed. In the current GNU implementation, egrep and fgrep issue a warning and then act like their modern counterparts; eventually, they are planned to be removed entirely.

If you prefer the old names, you can use use your own substitutes, such as a shell script...
Other notable changes from the release announcement:

• The confusing GREP_COLOR environment variable is now obsolescent. Instead of GREP_COLOR='xxx' use GREP_COLORS='mt=xxx'

• Regular expressions with stray backslashes now cause warnings