"Some joyless ne'er-do-well has loosed a botnet on the community-driven Arch Linux distro," reports the Register, with a distributed denial of service (DDoS) attack that apparently started a week ago. Arch maintainer Cristian Heusel announced Thursday on the project's web site that the attack "primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums." We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards... As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues. A status update Friday acknowledged "we are suffering from partial outages." The Register reports: The attack comes as the project has been enjoying a boost in mainstream success. The distro was picked by Valve to underpin the SteamOS software running on its Steam Deck handheld gaming gadget, with the company providing the project with funding for further development. Late last year, a new version of the archinstall tool was released, with a view to making the system more friendly to newcomers... For now, the Arch team is working to mitigate the attack's impact, which highlights a bootstrapping issue. Tools designed to shift traffic to mirrors in the event the main infrastructure is unavailable rely on a mirror list obtained from that same main infrastructure, with Heusel advising that users should "default to the mirrors listed in the pacman-mirrorlist package" if tools like reflector fail. Installation media can be downloaded from a range of mirrors, too, but should be checked against the project's official signing key before being trusted.

Read more of this story at Slashdot.

Matt Asay answered questions from Slashdot readers in 2010 as the then-COO of Canonical. Today he runs developer marketing at Oracle (after holding similar positions at AWS, Adobe, and MongoDB). And this week Asay contributed an opinion piece to InfoWorld reminding us of open source contributions from companies where "enlightened self-interest underwrites the boring but vital work — CI hardware, security audits, long-term maintenance — that grassroots volunteers struggle to fund." [I]f you look at the Linux 6.15 kernel contributor list (as just one example), the top contributor, as measured by change sets, is Intel... Another example: Take the last year of contributions to Kubernetes. Google (of course), Red Hat, Microsoft, VMware, and AWS all headline the list. Not because it's sexy, but because they make billions of dollars selling Kubernetes services... Some companies (including mine) sell proprietary software, and so it's easy to mentally bucket these vendors with license fees or closed cloud services. That bias makes it easy to ignore empirical contribution data, which indicates open source contributions on a grand scale. Asay notes Oracle's many contributions to Linux: In the [Linux kernel] 6.1 release cycle, Oracle emerged as the top contributor by lines of code changed across the entire kernel... [I]t's Oracle that patches memory-management structures and shepherds block-device drivers for the Linux we all use. Oracle's kernel work isn't a one-off either. A few releases earlier, the company topped the "core of the kernel" leaderboard in 5.18, and it hasn't slowed down since, helping land the Maple Tree data structure and other performance boosters. Those patches power Oracle Cloud Infrastructure (OCI), of course, but they also speed up Ubuntu on your old ThinkPad. Self-interested contributions? Absolutely. Public benefit? Equally absolute. This isn't just an Oracle thing. When we widen the lens beyond Oracle, the pattern holds. In 2023, I wrote about Amazon's "quiet open source revolution," showing how AWS was suddenly everywhere in GitHub commit logs despite the company's earlier reticence. (Disclosure: I used to run AWS' open source strategy and marketing team.) Back in 2017, I argued that cloud vendors were open sourcing code as on-ramps to proprietary services rather than end-products. Both observations remain true, but they miss a larger point: Motives aside, the code flows and the community benefits. If you care about outcomes, the motives don't really matter. Or maybe they do: It's far more sustainable to have companies contributing because it helps them deliver revenue than to contribute out of charity. The former is durable; the latter is not. There's another practical consideration: scale. "Large vendors wield resources that community projects can't match." Asay closes by urging readers to "Follow the commits" and "embrace mixed motives... the point isn't sainthood; it's sustainable, shared innovation. Every company (and really every developer) contributes out of some form of self-interest. That's the rule, not the exception. Embrace it." Going forward, we should expect to see even more counterintuitive contributor lists. Generative AI is turbocharging code generation, but someone still has to integrate those patches, write tests, and shepherd them upstream. The companies with the most to lose from brittle infrastructure — cloud providers, database vendors, silicon makers — will foot the bill. If history is a guide, they'll do so quietly.

Read more of this story at Slashdot.

China has established a lead in the field of open-source AI, a development that is reportedly sending jolts through both Washington and Silicon Valley. The nation's progress has become a significant event for American policymakers in the U.S. capital. The advancement has registered as a shock within Silicon Valley, the hub of the American technology industry. From the report: The overall performance of China's best open-weight model has surpassed the American open-source champion since November, according to research firm Artificial Analysis. The firm, which rates the ability of models in math, coding and other areas, found a version of Alibaba's Qwen3 beat OpenAI's gpt-oss. However, the Chinese model is almost twice as big as OpenAI's, suggesting that for simpler tasks, Qwen might consume more computing power to do the same job. OpenAI said its open-source model outperformed rivals of similar size on reasoning tasks and delivered strong performance at low cost.

Read more of this story at Slashdot.

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts. It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey... OSS Rebuild helps detect several classes of supply chain compromise: - Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact. - Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether. - Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review. For enterprises and security professionals, OSS Rebuild can... — Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem. — Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture... - Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions... The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface. "With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

Read more of this story at Slashdot.

NVIDIA has released additional open-source header files for its Blackwell and Hopper GPU architectures, continuing its effort to support open-source drivers like Nouveau/NVK and the NOVA Rust driver. Phoronix reports: Last week NVIDIA open-sourced 12k lines of C header files for Blackwell GPUs to help in the open-source driver efforts, namely for Nouveau / NVK and the in-development NOVA Rust driver. On Friday they made public some additional header files for helping in the Blackwell and Hopper open-source driver enablement. Following the previously-covered open-source header activity, on Friday this commit was pushed to their open-source documentation repository that provides Hopper and Blackwell DMA-copy class header files. [...] In turn the code has already been imported into Mesa Git.

Read more of this story at Slashdot.

Twitter co-founder/Block CEO Jack Dorsey isn't just vibe coding new apps like Bitchat and Sun Day. He's also "invested $10 million in an effort to fund experimental open source projects and other tools that could ultimately transform the social media landscape," reports TechCrunch," funding the projects through an online collective formed in May called "andOtherStuff: [T]he team at "andOtherStuff" is determined not to build a company but is instead operating like a "community of hackers," explains Evan Henshaw-Plath [who handles UX/onboarding and was also Twitter's first employee]. Together, they're working to create technologies that could include new consumer social apps as well as various experiments, like developer tools or libraries, that would allow others to build apps for themselves. For instance, the team is behind an app called Shakespeare, which is like the app-building platform Lovable, but specifically for building Nostr-based social apps with AI assistance. The group is also behind heynow, a voice note app built on Nostr; Cashu wallet; private messenger White Noise; and the Nostr-based social community +chorus, in addition to the apps Dorsey has already released. Developments in AI-based coding have made this type of experimentation possible, Henshaw-Plath points out, in the same way that technologies like Ruby on Rails, Django, and JSON helped to fuel an earlier version of the web, dubbed Web 2.0. Related to these efforts, Henshaw-Plath sat down with Dorsey for the debut episode of his new podcast, revolution.social with @rabble... Dorsey believes Bluesky faces the same challenges as traditional social media because of its structure — it's funded by VCs, like other startups. Already, it has had to bow to government requests and faced moderation challenges, he points out. "I think [Bluesky CEO] Jay [Graber] is great. I think the team is great," Dorsey told Henshaw-Plath, "but the structure is what I disagree with ... I want to push the energy in a different direction, which is more like Bitcoin, which is completely open and not owned by anyone from a protocol layer...." Dorsey's initial investment has gotten the new nonprofit up and running, and he worked on some of its initial iOS apps. Meanwhile, others are contributing their time to build Android versions, developer tools, and different social media experiments. More is still in the works, says Henshaw-Plath. "There are things that we're not ready to talk about yet that'll be very exciting," he teases.

Read more of this story at Slashdot.

BrianFagioli shares a report from NERDS.xyz: Intel has quietly pulled the plug on Clear Linux OS, officially ending support for the once-promising Linux distribution that it had backed for nearly a decade. Effective immediately, the company says it will no longer provide any updates, security patches, or maintenance for the operating system. In a final blow, the Clear Linux OS GitHub repository is now archived in read-only mode. The move was announced with little fanfare, and for users still relying on Clear Linux OS, there's no sugarcoating it... you need to move on. Intel is urging everyone to migrate to an actively maintained Linux distribution as soon as possible to avoid running unpatched software. "Rest assured that Intel remains deeply invested in the Linux ecosystem, actively supporting and contributing to various open-source projects and Linux distributions to enable and optimize for Intel hardware," the company said in a statement. "A heartfelt thank you to every developer, user, and contributor who helped shape Clear Linux OS over the last 10 years. Your feedback and contributions have been invaluable."

Read more of this story at Slashdot.

Longtime Slashdot reader bobdevine shares a report from OSTechNix: For the first time, Linux has officially broken the 5% desktop market share barrier in the United States of America! It's a huge milestone for open-source and our fantastic Linux community. While many might think of Linux as a niche choice, this new data shows a significant shift is happening. According to the latest StatCounter Global Stats for June 2025, Linux now holds 5.03% of the desktop operating system market share in the United United States of America. This is fantastic news! [...] One truly satisfying detail for me? Linux has finally surpassed the "Unknown" category in the USA! It shows that our growth is clear and recognized. "It took eight years to go from 1% to 2% (by April 2021), then just 2.2 years to reach 3% (June 2023), and a mere 0.7 years to hit 4% (February 2024)," notes the report. "Now, here we are, at over 5% in the USA! This exponential growth suggests that we're on a promising upward trend."

Read more of this story at Slashdot.

Reachy Mini, c’est le petit nom de ce robot tout mignon développé par la société Hugging Face, spécialisée dans les développements d’IA. L’objet ne sait pas faire grand-chose si ce n’est bouger la tête, faire gigoter des petites antennes et tourner son corps. Soit pas vraiment plus qu’un bon vieux Nabaztag.

Pourtant ce modèle est vendu entre 299 et 449$ suivant les options. Le Reachy Mini « Lite » est un accessoire USB, il nécessitera un ordinateur à ses côtés pour fonctionner. Il proposera des microphones pour écouter son environnement mais tout le traitement des données sera assuré par une machine sous Linux ou MacOS. Une version Windows 11 est également en cours de développement. Le « robot » embarquera une caméra grand angle, une paire d’enceintes stéréo 5 watts et mesurera 28 cm de haut pour une base de 16 cm de circonférence. Avec ses 1.5 kg, il proposera de dodeliner de la tête sur six degrés.

La version « complète » cache une carte de développement Raspberry Pi 5 qui prendra en charge son fonctionnement, il pourra donc être connecté à une prise électrique sans nécessiter un autre ordinateur à ses côtés. Il proposera en plus une connexion Wi-Fi, un accéléromètre et deux microphones supplémentaires.

Les fameux « comportements » de Reachy Mini…

Pour quoi faire ? Excellente question, le Reachy Mini n’est pas un engin grand public mais plutôt un support de développement assez couteux. La marque le distribue comme un moyen d’interagir avec de futurs développements. Le petit appareil est pour le moment capable de petites interactions comme « suivre » un geste de la main effectué devant lui. Il peut également réagir à de la musique et « danser ». Si on considère les mouvements effectués comme de la danse. Le Reachy Mini possèdera également 15 comportements de base et tout l’enjeu pour la marque est d’inciter des développeurs à développer d’autres comportements.

Vous pouvez partager vos développements

Hugging Face est plutôt honnête sur le sort qu’elle réserve à son petit robot. La marque détaille clairement le Reachy Mini comme un gadget et qu’elle n’assurera ni développement, ni support ni garanties. Il faut dire que remplacer ce qu’offre le petit robot peut se faire avec un investissement de quelques dizaines d’euros dans des pièces détachées variées : webcam, moteurs, enceintes et autres peuvent se grappiller à droite et à gauche pour proposer les mêmes interactions.

La règle du « On n’achète pas un mignon petit robot en cours de développement en ligne » est donc encore une fois respectée.

Caractéristiques	Reachy Mini Lite	Reachy Mini
Unité centrale	Aucune	Raspberry Pi 5
Wi-Fi
Alimentation	Filaire	Filaire & Batterie
Microphones	2	4
Haut-parleur 5W
Caméra (grand angle)
Accéléromètre
Mouvements de tête (6 degrés de liberté)
Rotation complète du corps
2 antennes animées
Dimensions	28 x 16 cm	28 x 16 cm
Poids	1,5 kg	1,5 kg
Livraison	Été 2025	À partir de cet Automne 2025
Prix	299 $ HT + FDP	449 $ HT + FDP

Reachy Mini : un robot Open Source pour les développeurs © MiniMachines.net. 2025

An anonymous reader quotes a report from 404 Media: For someone who says she is fighting AI bot scrapers just in her free time, Xe Iaso seems to be putting up an impressive fight. Since she launched it in January, Anubis, a "program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies," has been downloaded nearly 200,000 times, and is being used by notable organizations including GNOME, the popular open-source desktop environment for Linux, FFmpeg, the open-source software project for handling video and other media, and UNESCO, the United Nations organization for educations, science, and culture. [...] "Anubis is an uncaptcha," Iaso explains on her site. "It uses features of your browser to automate a lot of the work that a CAPTCHA would, and right now the main implementation is by having it run a bunch of cryptographic math with JavaScript to prove that you can run JavaScript in a way that can be validated on the server." Essentially, Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot. One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do. This check is invisible to the user, and most browsers since 2022 are able to complete this test. In theory, bot scrapers could pretend to be users with browsers as well, but the additional computational cost of doing so on the scale of scraping the entire internet would be huge. This way, Anubis creates a computational cost that is prohibitively expensive for AI scrapers that are hitting millions and millions of sites, but marginal for an individual user who is just using the internet like a human. Anubis is free, open source, lightweight, can be self-hosted, and can be implemented almost anywhere. It also appears to be a pretty good solution for what we've repeatedly reported is a widespread problem across the internet, which helps explain its popularity. But Iaso is still putting a lot of work into improving it and adding features. She told me she's working on a non cryptographic challenge so it taxes users' CPUs less, and also thinking about a version that doesn't require JavaScript, which some privacy-minded disable in their browsers. The biggest challenge in developing Anubis, Iaso said, is finding the balance. "The balance between figuring out how to block things without people being blocked, without affecting too many people with false positives," she said. "And also making sure that the people running the bots can't figure out what pattern they're hitting, while also letting people that are caught in the web be able to figure out what pattern they're hitting, so that they can contact the organization and get help. So that's like, you know, the standard, impossible scenario."

Read more of this story at Slashdot.

Magic Lantern, the popular open-source suite of software enhancements for Canon DSLR cameras, has returned under new leadership. The revived project aims to offer regular updates and support for additional models, including compatibility for Canon's newer mirrorless cameras equipped with DIGIC X processors. PetaPixel reports: The new lead developer, names_are_hard, announced Magic Lantern's return yesterday on Magic Lantern's forums, seen by Reddit r/cinematography users and confirmed on the official Magic Lantern website. "It's been a long journey, but official Magic Lantern builds return, for all cameras," names_are_hard writes. They add that this means that there will be new, regular releases for all supported cameras and new cameras will be supported. As of now, the supported cameras are almost entirely DSLR models, save for tools for the original EOS M mirrorless camera. However, one of the members of the core Magic Lantern team, which comprises developers g3ggo, kitor, and WalterSchulz, says the team is looking at supporting cameras with DIGIC X processors, which includes mirrorless EOS R models. "It would be awesome if they start supporting new cameras. Imaging unlocking Open Gate on the R5/R6 lines, or RAW on cameras that don't have it (like R6, R7, etc.)," writes Redditor user machado34. "I believe it will be possible. They say they're exploring up to DIGIC X," adds 3dforlife. "In fact we are," developer kitor replies. "Just DIGIC 8 is stubborn and X adds some new (undocumented) hardware on top of that." Kitor is listed as the chief DIGIC 8 and DIGIC X hacker on Magic Lantern's forums, plus kitor is chiefly in charge of the revived website and Magic Lantern's social media presence. If the team can crack mirrorless cameras, it would be a boon. [...] The new Magic Lantern core team of devs, plus many other key players who are involved to various degrees in bringing Magic Lantern back to life, have built a new repo, formalized the code base, and developed a new, efficient build system. "Around 2020, our old lead dev, a1ex, after years of hard work, left the project. The documentation was fragmentary. Nobody understood the build system. A very small number of volunteers kept things alive, but nothing worked well. Nobody had deep knowledge of Magic Lantern code," names_are_hard writes. "Those that remained had to learn how everything worked, then fix it. Then add support for new cams without breaking the old ones." "We have an updated website. We have a new repo. We have new supported models. We have a new build system. We have cleaner, faster, smaller code." The team is now using Git, building on modern operating systems with contemporary tools, and compiling clean. "This was a lot of work, and invisible to users, but very useful for devs. It's easier than ever to join as a dev." Alongside the exciting return, Magic Lantern has added support for numerous new Canon DSLR cameras, including the 200D, 6D Mark II, 750D, and 7D Mark II.

Read more of this story at Slashdot.