Long-time GNOME/OpenOffice.org/LibreOffice contributor Michael Meeks is now general manager of Collabora Productivity. And earlier this month he complained when LibreOffice decided to bring back its LibreOffice Online project, as reported by Neowin, which had been inactive since 2022. After the original project went dormant — to which Collabora was a major contributor — they forked the code and created their own product, Collabora Online. But this week Meeks blogged about even more changes, writing that the Document Foundation (the nonprofit behind LibreOffice) "has decided to eject from membership all Collabora staff and partners. That includes over thirty people who have contributed faithfully to LibreOffice for many years." Meeks argues the ejections were "based on unproven legal concerns and guilt by association." This includes seven of the top ten core committers of all time (excluding release engineers) currently working for Collabora Productivity. The move is the culmination of TDF losing a large number of founders from membership over the last few years with: Thorsten Behrens, Jan 'Kendy' Holesovsky, Rene Engelhard, Caolan McNamara, Michael Meeks, Cor Nouws and Italo Vignoli no longer members. Of the remaining active founders, three of the last four are paid TDF staff (of whom none are programming on the core code). The blog It's FOSS calls it "LibreOffice Drama." They've confirmed the removals happened, also noting recently adopted Community Bylaws requiring members to step down if they're affiliated with a company in an active legal dispute with the Foundation. But The Documentation Foundation "also makes clear that a membership revocation is not a ban from contributing, with the project remaining open to anyone, and expects Collabora to keep contributing 'when the time comes.'" Collabora's Meeks adds in his blog post that there's "bold and ongoing plans to create an entirely new, cut-down, differentiated Collabora Office for users that is smoother, more user friendly, and less feature dense than our Classic product (which will continue to be supported for years for our partners). This gives a chance to innovate faster in a separate place on a smaller, more focused code-base with fewer build configurations, much less legacy, no Java, no database, web-based toolkit and more. We are excited to get executing on that. To make this process easier, and to put to bed complaints about having our distro branches in TDF gerrit [for code review], and to move to self-hosted FOSS tooling we are launching our own gerrit to host our existing branch of core... We will continue to make contributions to LibreOffice where that makes sense (if we are welcome to), but it clearly no longer makes much sense to continue investing heavily in building what remains of TDF's community and product for them — while being excluded from its governance. In this regard, we seem to be back where we were fifteen years ago.

Read more of this story at Slashdot.

ZipNada writes: Two software researchers recently demonstrated how modern AI tools can reproduce entire open-source projects, creating proprietary versions that appear both functional and legally distinct. The partly-satirical demonstration shows how quickly artificial intelligence can blur long-standing boundaries between coding innovation, copyright law, and the open-source principles that underpin much of the modern internet. In their presentation, Dylan Ayrey, founder of Truffle Security, and Mike Nolan, a software architect with the UN Development Program, introduced a tool they call malus.sh. For a small fee, the service can "recreate any open-source project," generating what its website describes as "legally distinct code with corporate-friendly licensing. No attribution. No copyleft. No problems." It's a test case in how intellectual property law -- still rooted in 19th-century precedent -- collides with 21st-century automation. Since the US Supreme Court's Baker v. Selden ruling, copyright has been understood to guard expression, not ideas. That boundary gave rise to clean-room design, a method by which engineers reverse-engineer systems without accessing the original source code. Phoenix Technologies famously used the technique to build its version of the PC BIOS during the 1980s. Ayrey and Nolan's experiment shows how AI can perform a clean-room process in minutes rather than months. But faster doesn't necessarily mean fair. Traditional clean-room efforts required human teams to document and replicate functionality -- a process that demanded both legal oversight and significant labor. By contrast, an AI-mediated "clean room" can be invoked through a few prompts, raising questions about whether such replication still counts as fair use or independent creation.

Read more of this story at Slashdot.

darwinmac writes: OnlyOffice has suspended its partnership with Nextcloud after the latter forked its editors into a new project called Euro-Office, according to a report from Neowin. The move comes just days after Nextcloud and partners like IONOS announced the fork as part of a broader push for European digital sovereignty. In a statement, the company accused the project of violating its licensing terms and international intellectual property law, claiming that Euro-Office uses its technology without proper compliance. OnlyOffice also pointed to missing attribution requirements and branding obligations tied to its AGPL-based licensing model. As a result, its 8-year-old partnership, which allowed Nextcloud users to edit and collaborate on office documents right inside their own instance, has been suspended. OnlyOffice also accused Nextcloud of not behaving in a manner expected of a partner, alleging attempts to poach its employees and influence customers against the company. Nextcloud said it forked the OnlyOffice repository instead of collaborating with the company because the project is notoriously difficult to contribute to. It also pointed out that OnlyOffice is a Russian company with Russian employees who leave code comments in Russian. In addition to that, some users may feel uncomfortable using software that could be linked to the Russian government.

Read more of this story at Slashdot.

"It's time to charge for access," argues a new opinion piece at The Register. Begging billion-dollar companies to fund open source projects just isn't enough, writes long-time tech reporter Steven J. Vaughan-Nichols: Screw fair. Screw asking for dimes. You can't live off one-off charity donations... Depending on what people put in a tip jar is no way to fund anything of value... [A]ccording to a 2024 Tidelift maintainer report, 60 percent of open source maintainers are unpaid, and 60 percent have quit or considered quitting, largely due to burnout and lack of compensation. Oh, and of those getting paid, only 26 percent earn more than $1,000 a year for their work. They'd be better paid asking "Would you like fries with that?" at your local McDonald's... Some organizations do support maintainers, for example, there's HeroDevs and its $20 million Open Source Sustainability Fund. Its mission is to pay maintainers of critical, often end-of-life open source components so they can keep shipping patches without burning out. Sentry's Open Source Pledge/Fund has given hundreds of thousands of dollars per year directly to maintainers of the packages Sentry depends on. Sentry is one of the few vendors that systematically maps its dependency tree and then actually cuts checks to the people maintaining that stack, as opposed to just talking about "giving back." Sentry is on to something. We have the Linux Foundation to manage commercial open source projects, the Apache Foundation to oversee its various open source programs, the Open Source Initiative (OSI) to coordinate open source licenses, and many more for various specific projects. It's time we had an organization with the mission of ensuring that the top programmers and maintainers of valuable open source projects get a cut of the tech billionaire pie. We must realign how businesses work with open source so that payment is no longer an optional charitable gift but a cost of doing business. To do that, we need an organization to create a viable, supportable path from big business to individual programmer. It's time for someone to step up and make this happen. Businesses, open source software, and maintainers will all be better off for it. One possible future... Bruce Perens wrote the original Open Source definition in 1997, and now proposes a not-for-profit corporation developing "the Post Open Collection" of software, distributing its licensing fees to developers while providing services like user support, documentation, hardware-based authentication for developers, and even help with government compliance and lobbying.

Read more of this story at Slashdot.

It's FOSS interviewed a software engineer whose long-running open source contributions include Python code for the Arch Linux installer and maintaining packages for NixOS. But "a recent change he made to systemd has pushed him into the spotlight" after he'd added the optional birthDate field for systemd's user database: Critics saw it not merely as a technical addition, but as a symbolic capitulation to government overreach. A crack in the philosophical foundation of freedom that Linux is built on. What followed went far beyond civil disagreement. Dylan revealed that he faced harassment, doxxing, death threats, and a flood of hate mail. He was forced to disable issues and pull request tabs across his GitHub repositories... Q: Should FOSS projects adapt to laws they fundamentally disagree with? Because these kinds of laws are certainly in conflict with what a lot of Linux users believe in. A. Unfortunately, in a lot of cases, the answer is yes — at least for any distribution with corporate backing. The small independent distributions are much more flexible to refuse as a protest. If we ignore regulations entirely, we risk Linux being something that companies are not willing to contribute to, and Linux may be shipped on less hardware. I'm talking about things like Valve and System76 (despite them very vocally hating these laws). That does not help us; it just lowers the quality of software contributions due to less investment in the platform and makes Linux less accessible to the average person. We need Linux and other free operating systems to remain a viable alternative to closed systems. Q. Do you think regulations like these will reshape desktop Linux in the next 5-10 years where we might have "compliant Linux" and "Freedom-first Linux"? A. Unfortunately, yes, to some degree this is likely. I imagine the split will be mostly along the lines of independent distributions and those with corporate backing. We're already seeing it as far as which distributions plan on implementing some sort of age verification and which ones are not, and that sucks. I'd rather nobody have to deal with this mess at all, but this is the reality of things now. As I said in the previous response, the corporate-backed distributions really have no choice in the matter. Companies are notoriously risk-adverse, but something like Artix or Devuan? Those are small and independent enough where the individual maintainers may be willing to take on more risk. I was actually thinking about what this would look like if we added it to [Linux system installer] Calamares and chatting about that with the maintainers before that thread got brigaded by bad actors posting personal information and throwing around insults. I completely support the freedom for the distro maintainers to choose their risk tolerance. If the distribution is based out of Ireland or something (like Linux Mint) without these silly laws in the jurisdiction the developer operates in, I think that we should leave it up to them to make a choice here. They think the installer should have a date picker with a flag to disable it, and "We can even default it to off, and corporate distributions using Calamares or those not willing to take the risk could flip it on if they need to. That way if maintainers of the distributions do not wish to collect the birth date, they won't have to, and no forking is required to patch it out."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before-seen backdoor -- and curiously a data wiper that targets Iranian machines. The group, tracked under the name TeamPCP, first gained visibility in December, when researchers from security firm Flare observed it unleashing a worm that targeted cloud-hosted platforms that weren't properly secured. The objective was to build a distributed proxy and scanning infrastructure and then use it to compromise servers for exfiltrating data, deploying ransomware, conducting extortion, and mining cryptocurrency. The group is notable for its skill in large-scale automation and integration of well-known attack techniques. More recently, TeamPCP has waged a relentless campaign that uses continuously evolving malware to bring ever more systems under its control. Late last week, it compromised virtually all versions of the widely used Trivy vulnerability scanner in a supply-chain attack after gaining privileged access to the GitHub account of Aqua Security, the Trivy creator. Over the weekend, researchers said they observed TeamPCP spreading potent malware that was also worm-enabled, meaning it had the potential to spread to new machines automatically, with no interaction required of victims behind the keyboard. [...] As the weekend progressed, CanisterWorm [as Aikido has named the malware] was updated to add an additional payload: a wiper that targets machines exclusively in Iran. When the updated worm infects machines, it checks if the machine is in the Iranian timezone or is configured for use in that country. When either condition was met, the malware no longer activated the credential stealer and instead triggered a novel wiper that TeamPCP developers named Kamikaze. Eriksen said in an email that there's no indication yet that the worm caused actual damage to Iranian machines, but that there was "clear potential for large-scale impact if it achieves active spread." It's unclear what the motive is for TeamPCP. Aikido researcher Charlie Eriksen wrote: "While there may be an ideological component, it could just as easily be a deliberate attempt to draw attention to the group. Historically, TeamPCP has appeared to be financially motivated, but there are signs that visibility is becoming a goal in itself. By going after security tools and open-source projects, including Checkmarx as of today, they are sending a clear and deliberate signal."

Read more of this story at Slashdot.

Longtime Slashdot reader internet-redstar writes: Nearly a trillion dollars has been wiped from software stocks in 2026, with hedge funds making billions shorting Salesforce, HubSpot, and Atlassian. At FOSDEM 2026, cURL maintainer Daniel Stenberg shut down his bug bounty program after AI-generated slop overwhelmed his team. A new article on HackerNoon argues that most commercial SaaS could inevitably become OpenSource, not out of ideology but economics. The author points to Proxmox replacing VMware at enterprise scale and startups like Holosign replicating DocuSign at $19/month flat as evidence. The catch, the article claims, is that maintainers who refuse to embrace AI tools risk being forked, or simply replicated from scratch, by those who do.

Read more of this story at Slashdot.

During today's Nvidia GTC keynote, the company introduced NemoClaw, a security-focused stack designed to make the autonomous AI agent platform OpenClaw safer. ZDNet explains how it works: NemoClaw installs Nvidia's OpenShell, a new open-source runtime that keeps agents safer to use by enforcing an organization's policy-based guardrails. OpenShell keeps models sandboxed, adds data privacy protections and additional security for agents, and makes them more scalable. "This provides the missing infrastructure layer beneath claws to give them the access they need to be productive, while enforcing policy-based security, network, and privacy guardrails," Nvidia said in the announcement. The company built OpenShell with security companies like CrowdStrike, Cisco, and Microsoft Security to ensure it is compatible with other cybersecurity tools. Nvidia said NemoClaw can be installed in a single command, runs on any platform, and can use any coding agent, including Nvidia's own Nemotron open model family, on a local system. Through a privacy router, it allows agents to access frontier models in the cloud, which unites local and cloud models to help teach agents how to complete tasks within privacy guardrails, Nvidia explained. Nvidia seems to be hoping that the additional security can make OpenClaw agents more popular and accessible, with less risk than they currently carry. The bigger picture here is how NemoClaw could give companies the added peace of mind to let AI agents complete actions for their employees, where they wouldn't have previously. Nvidia did not specify when NemoClaw would be available.

Read more of this story at Slashdot.

"A few developers found a way, for now, to turn a few of these increasingly mediocre Amazon Show devices into friendly, useful, open computers," writes the co-founder of the gaming/tech news site Aftermath. For under $50 each, he bought some used versions of the devices and tested their instructions, partly to escape the full-screen ads Amazon began showing late last year, and also to overwrite Amazon's locked down Android fork "Fire OS" (and "a similarly neutered version of Linux called Vega OS") Customers who bought these devices and used them for several years were not used to them showing full screen ads, and now they do. People were justifiably pissed. So what do you do when an already evil device gets shittier...? I wiped Fire OS from the device and used ADB sideload to directly load two packages on the device: LineageOS and MindTheGapps. MindTheGapps lets you turn the device into something resembling a traditional Android device, for both good and bad.... It took a few times of wiping the device, but after a few tries it finally worked as intended... I immediately installed the Home Assistant app... Not only can the hacked Echo Show 8 control my entire smart home, it now plays back my entire local music library as well as any internet radio channels like The Lot Radio and NTS. It can also synchronize with any additional Echo Show running LineageOS in my house using the SendSpin protocol... I would gladly take it any day of the week over most of the devices these companies offer, especially Amazon. It may not be as intuitive as out-of-the-box smart home products, but I don't need my devices to be intuitive, I need them to behave. I had finally found a smart display that wasn't a cop... The hardware is old and creaky, and after the hack it can only use 1GB of the 2GB of ram. And yet it still manages to feel snappier than the stock hardware. "The amount of telemetry, ads, and general bloat Amazon shoves down our throats definitely doesn't help performance," [XDA Devs Forum user] Rortiz2 told me. "That's actually another reason why we did LineageOS, it kind of gives the device a second life. Even though it's still a bit buggy, it feels way better to use than the stock firmware...." If you want a smart speaker with a display that just runs a stripped-down version of Android that you have full control over, you're going to have a hard time finding it outside of these three specific models unless you cobble something together yourself. It is a deceptively simple thing to desire — the kiosk computer from science fiction that isn't a narc — yet few companies really offer it. "It should be against the law to not give an end user the ability to consensually load whatever OS or program they want on their device..." the article concludes, arguing that "If we budge on the inalienable right to modify our hardware then we forsake a key part about what makes computers special." And in the mean time, "There are so many devices that could be put to use rotting in e-waste facilities and thrift stores..."

Read more of this story at Slashdot.

The Norwegian Consumer Council, a government funded organization advocating for consumer's rights, released a report on the trend of "enshittification" in digital consumer goods and services, suggesting ways consumers for consumers to resist. But they've also dramatized the problem with a funny four-minute video about the man whose calls for him to make things shitty for people. "It's not just your imagination. Digital services are getting worse," the video concludes — before adding that "Luckily, it doesn't have to be this way." The Consumer Council's announcement recommends: Stronger rights for consumers to control, adapt, repair, and alter their products and services, Interoperability, data portability, and decentralisation as the norm, so the threshold for moving to different services becomes as low as possible, Deterrent and vigorous enforcement of competition law, so that Big Tech companies are not allowed to indiscriminately acquire start-ups, competitors or otherwise steer the market to their advantage, Better financing of initiatives to build, maintain or improve alternative digital services and infrastructure based on open source code and open protocols, Reduce public sector dependence on big tech, to regain control and to contribute to a functioning market for service providers that respect fundamental rights, Deterrent and consistent enforcement of other laws, including consumer and data protection law. The Norwegian Consumer Council is also joining 58 organisations and experts in a letter asking the Norwegian government to rebalance power with enforcement resources and by prioritizing the procurement of services based on open source code. And "Our sister organisations are sending similar letters to their own governments in 12 countries." They're also sending a second letter to the European Commission with 29 civil society organisations (including the EFF and Amnesty International) warning about the risks of deregulation and calling for reducing dependency on big tech. Thanks to Slashdot reader DeanonymizedCoward for sharing the news.

Read more of this story at Slashdot.

Slashdot reader darwinmac writes: The Document Foundation (TDF), the organization behind LibreOffice, has decided to bring back its LibreOffice Online project which been inactive since 2022. Collabora, a company that was a major contributor to the original LibreOffice Online, is not pleased with this development. After the original project went dormant, Collabora forked the code and created its own product, Collabora Online. Collaboras Michael Meeks, who also sits on the TDF board, reacted to the TDFs decision by saying that a fully supported, free online version already exists in the form of Collabora Online, and that resurrecting a dead repository makes little sense when an active, open community around the online suite already exists. For now, The Document Foundation plans to reopen the old repository for new contributions. The organization has issued a warning that the code is not ready for live deployment and users should wait until the development team confirms it is stable.

Read more of this story at Slashdot.