An anonymous reader quotes a report from ZDNet: Analysts from security firm Trend Micro said in a report today that they've spotted a malware botnet that collects and steals Docker and AWS credentials. Researchers have linked the botnet to a cybercrime operation known as TeamTNT; a group first spotted over the 2020 summer installing cryptocurrency-mining malware on misconfigured container platforms. Initial reports at the time said that TeamTNT was breaching container platforms by looking for Docker systems that were exposing their management API port online without a password.

Researchers said the TeamTNT group would access exposed Docker containers, install a crypto-mining malware, but also steal credentials for Amazon Web Services (AWS) servers in order to pivot to a company's other IT systems to infect even more servers and deploy more crypto-miners. At the time, researchers said that TeamTNT was the first crypto-mining botnet that implemented a feature dedicated to collecting and stealing AWS credentials. But in a report today, Trend Micro researchers said that the TeamTNT gang's malware code had received considerable updates since it was first spotted last summer. TeamTNT has now also added a feature to collect Docker API credentials, on top of the AWS creds-stealing code. This feature is most likely used on container platforms where the botnet infects hosts using other entry points than its original Docker API port scanning feature.

China's Chang'e 5 mission, tasked with bringing a sample of lunar dirt back to Earth, successfully landed on the Moon on Tuesday, marking the third time that China has placed a robotic spacecraft on the lunar surface. The lander will soon begin digging up samples of lunar soil, which will be returned to our planet later this month. From a report: Chang'e 5 launched from China's Wenchang Spacecraft Launch Site on November 23rd, flying to space on top of a Long March 5 rocket. It's a complex mission consisting of four main spacecraft that will all work together to bring between 2 to 4 kilograms of lunar dirt back to Earth. The quartet traveled to the Moon attached together and got into lunar orbit on November 28th.Two of those four spacecraft include a lander and an ascent vehicle, which are stacked on top of each other. On November 28th, the pair separated from the third spacecraft, Chang'e-5's service module, which remained in orbit around the Moon. The lander and ascent module touched down on the lunar surface today, according to CGTN, though a time was not provided. Now over the next few days, the lander will use a robotic arm to drill into the lunar dirt and scoop up rocks, storing them inside a sample container.

Mint's programmers, led by lead developer, Clement "Clem" Lefebvre, have built their own take on Google's open-source Chromium web browser. ZDNet reports: Some of you may be saying, "Wait, haven't they offered Chromium for years? Well, yes, and no. For years, Mint used Ubuntu's Chromium build. But then Canonical, Ubuntu's parent company, moved from releasing Chromium as an APT-compatible DEB package to a Snap. The Ubuntu Snap software packing system, along with its rivals Flatpak and AppImage, is a new, container-oriented way of installing Linux applications. The older way of installing Linux apps, such as DEB and RPM package management systems for the Debian and Red Hat Linux families, incorporate the source code and hard-coded paths for each program.

While tried and true, these traditional packages are troublesome for developers. They require programmers to hand-craft Linux programs to work with each specific distro and its various releases. They must ensure that each program has access to specific libraries' versions. That's a lot of work and painful programming, which led to the process being given the name: Dependency hell. Snap avoids this problem by incorporating the application and its libraries into a single package. It's then installed and mounted on a SquashFS virtual file system. When you run a Snap, you're running it inside a secured container of its own. For Chromium, in particular, Canonical felt using Snaps was the best way to handle this program. [...]

Lefebvre wrote, "The Chromium browser is now available in the official repositories for both Linux Mint and LMDE. If you've been waiting for this I'd like to thank you for your patience." Part of the reason was, well, Canonical was right. Building Chromium from source code is one really slow process. He explained, "To guarantee reactivity and timely updates we had to automate the process of detecting, packaging and compiling new versions of Chromium. This is an application which can require more than 6 hours per build on a fast computer. We allocated a new build server with high specifications (Ryzen 9 3900, 128GB RAM, NMVe) and reduced the time it took to build Chromium to a little more than an hour." That's a lot of power! Still, for those who love it, up-to-date builds of Chromium are now available for Mint users.

Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. From a report: The zero-day is expected to be patched on November 10, which is the date of Microsoft's next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google's elite vulnerability research team. On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week. The Chrome zero-day was used to allow attackers to run malicious code inside Chrome, while the Windows zero-day was the second part of this attack, allowing threat actors to escape Chrome's secure container and run code on the underlying operating system -- in what security experts call a sandbox escape.

Burger King is planning to test reusable containers starting next year as part of its efforts to reduce waste. From a report: The trial is part of a partnership with TerraCycle's zero-waste delivery platform, Loop. Customers can opt in for reusable packaging for menu items such as sandwiches, soft drinks and coffee. They can then return the reusable sandwich container or beverage cup to Burger King restaurants to be cleaned and reused. But for those who participate, the program comes with a cost: Customers will be charged a small deposit upon purchase, and once the packaging is returned, they'll receive a refund.

The reusable containers and cups will be introduced at select restaurants in New York, Portland and Tokyo. The fast food giant says it plans to add more cities following its first three locations afterward. The program is a part of the company's continuing sustainability efforts. In July, the fast food chain announced a version of its Whopper made from lemongrass-fed beef, which it said would cut methane emissions.

An anonymous reader quotes a report from ZDNet: The writing was on the wall two years ago. The OpenStack Foundation was going to cover more than just the OpenStack Infrastructure-as-a-Service (IaaS) cloud. Today, that metamorphosis is complete. The Foundation now covers a wide variety of open-source cloud and container technologies as the Open Infrastructure Foundation. Why so long? COO Mark Collier said, "They wanted to be sure they did this right." One reason for this was to make sure they could differentiate their group from The Linux Foundation's Cloud Native Computing Foundation (CNCF), which covers much of the same ground.

The Open Infrastructure Foundation executive director Jonathan Bryce said that, "OpenStack is still one of the top three most active open source projects in the world. It's just the landscape of infrastructure and there are many new exciting trends with open becoming more and more ubiquitous." To make use of all these different ways the cloud has evolved requires new software programs and that's where the Open Infrastructure Foundation comes in. The new Foundation's mission is to establish new open-source communities to help bring into production new emerging use cases. This includes AI/ML; CI/CD; container infrastructure; edge computing; 5G; and public, private and hybrid clouds.

An anonymous reader quotes a report from Bloomberg: It's about the size of Tesla Inc.'s Powerwall, but can store up to three times as much energy over a longer period. That's the promise of a new hydrogen-based energy-storage system for homes and businesses being developed by Australian startup Lavo Hydrogen Technology Ltd. The technology, developed with scientists at the University of New South Wales, uses power from rooftop solar panels to produce hydrogen from water by electrolysis. The gas is stored in a metal hydride container and converted back into electricity when needed using a fuel cell.

Australia's world-beating rooftop-solar take-up rates make it an ideal early market, said Lavo Chief Executive Officer Alan Yu. The unit will go on sale from November, with installations starting in June 2021, subject to final approvals. The company plans to sell 10,000 units a year by 2022. At about triple the price of a Powerwall, the Lavo unit's main selling point will be its ability to store more energy for longer. Each system will initially cost A$34,750 ($24,620) and will be able to hold 40 kilowatt-hours of power -- enough to supply an average household for more than two days, according to the company. Tesla's Powerwall holds about 13.5 kilowatt-hours. Lavo's Yu acknowledged that the higher cost of the system might initially limit interest to energy-technology enthusiasts initially, but he also sees it as a solution for small off-grid rural villages to replace diesel generators or a compact solution for communities and homes cut off from the main grid by natural disasters such as bushfires.

AmiMoJo quotes SlashGear: We're still many years away from casual consumer trips to the Moon, but it's easy to fantasize about such trips. NASA is getting in on the fun with a new campaign presenting the public with a simple question: what would you pack if you were taking your own lunar trip? NASA is encouraging anyone interested to share a picture of what's in their bag (for this imagined Moon trip) using its new #NASAMoonKit social campaign...

NASA is encouraging the public to get a container that meets this volume limitation, pack it with the precious few items they'd bring along on the trip, then take a picture and share it on social media — either Instagram, Facebook, or Twitter — using the #NASAMoonKit hashtag. NASA says that it may share your post on its own social accounts if it likes what it sees.
"What can't you leave the planet without?" asks the campaign's official web page. "Is it your camera? Your drawing pad? Or maybe your musical instrument?

"How would you organize everything you need for your next giant leap?"

An anonymous reader quotes a report from ZDNet: If you've been hiding under a rock -- and who could blame you these days? -- you may have missed how totally Kubernetes now dominates container orchestration. One way to quickly get up to speed on Kubernetes is with Canonical's MicroK8s. This is an easy-to-run and install mini-version of Kubernetes. And now Canonical has added autonomous high availability (HA) clustering to it. [...] Now, with HA, MicroK8s is ready to move from Internet of Things (IoT) implementations, testing out Kubernetes implementations on a workstation, or simply learning Kubernetes to bigger, better cloud jobs.

With the new MicroK8s release, HA is enabled automatically once three or more nodes are clustered, and the data store migrates automatically between nodes to maintain a quorum in the event of a failure. Designed as a minimal conformant Kubernetes, MicroK8s installs, and clusters easily on Linux, macOS, or Windows. To work, a HA Kubernetes cluster needs three elements. Here's how it works in MicroK8s:

-There must be more than one worker node. Since MicroK8s uses every node as a worker node, there is always another worker available so long as there's more than one node in the cluster.
-The Kubernetes API services must run on one or more nodes so that losing a single node would not render the cluster inoperable. Every node in the MicroK8s cluster is an API server, which simplifies load-balancing and means we can switch instantaneously to a different API endpoint if one fails.
-The cluster state must be in a reliable datastore. By default, MicroK8s uses Dqlite, a high-availability SQLite, as its datastore.

"Google LLC is reportedly planning to relinquish direct control over its open-source Knative project to a five-seat steering committee that will have rules to prevent any single organization from having more than two seats," reports SiliconANGLE.

"The plan is designed to stymie criticism that Google is secretly planning to retain control over key open-source projects it has developed, according to a report today on the tech news website The Protocol." Knative is an open-source project first developed by Google that provides components for deploying, running and managing serverless, cloud-native applications on top of Kubernetes, a container management platform that was also built by Google and open-sourced in 2015... Google is planning to make some major changes to Knative's governance structure, according to the report. Seats on the committee will now be held by individuals rather than specific companies, and elections will be held later this year to select two new members. In addition, the report said, Google is considering eventually expanding the committee to seven members as a way to include representatives from Knative's user community.

The plan comes just a few months after Google angered some members of the open-source software community when it reneged on a promise to hand over control of another project, Istio, to the Cloud Native Computing Foundation, a Linux Foundation project that was founded in 2015 to help advance container technology. In July Google said that it instead of transferring Istio to the CNCF, it would create a neutral organization called Open Usage Commons to manage its trademark policies, while control would be maintained by the project's steering committee.

That decision upset many of Google's partners, most notably IBM Corp., which has also contributed greatly to the development of Istio.

Google has removed this summer more than 240 Android apps from the official Play Store for showing out-of-context ads and breaking a newly introduced Google policy against this type of intrusive advertising. From a report: Out-of-context ads (also known as out-of-app ads) are mobile ads that are shown outside an app's normal container. They can appear as popups or as fullscreen ads. Out-of-context ads are banned on the Play Store since February this year, when Google banned more than 600 apps that were abusing this practice to spam their users with annoying ads. But despite the public crackdown and ban, other apps showing out-of-context ads have continued to be discovered -- such as in June this year. The latest of these discoveries come from ad fraud detection firm White Ops. In a blog post today, the company said it discovered a new cluster of more than 240+ Android apps bombarding their users with out-of-context ads -- but made to look like they originated from other, more legitimate applications.

Nvidia has debuted the Jetson Nano 2GB, a new developer kit for students and hobbyists with an interest in robotics. ZDNet reports: The Jetson Nano 2GB is geared towards robotics enthusiasts, students, and educators that want to enter the field of artificial intelligence (AI) and robotics. Nvidia says the entry-level Jetson Nano 2GB has been priced at $59 -- including online tutorials and certification -- to "make AI easily accessible for all." The Jetson Nano 2GB is a small package with a punch: not only supported by the Nvidia JetPack software development kit (SDK), the device also comes with Nvidia container runtime and a full Linux environment suitable for software development.

In addition, the Jetson Nano 2GB is powered by CUDA-X, a collection of libraries and tools designed to support AI-based features, data processing, machine learning (ML), and deployment. Nvidia says that this combination "allows developers to package their applications for Jetson with all its dependencies into a single container that is designed to work in any deployment." Free online training and certification are on offer, alongside open source projects, tutorials, and how-tos already contributed by thousands of Jetson developers. It's currently available for pre-order, but orders won't start shipping until the end of the month.

Sam Baron, associate professor at Australian Catholic University, focuses on the connection between key topics in the philosophy of mathematics and the philosophy of time concerning temporal ontology.

In a recent article in Gizmodo, he answers the ultimate question: Could our entire reality be part of a simulation created by some other beings? Let's assume these extraterrestrial beings have a computer on which our universe is being "simulated". Simulated worlds are pretend worlds — a bit like the worlds on Minecraft or Fortnite, which are both simulations created by us. If we think about it like this, it also helps to suppose these "beings" are similar to us. They'd have to at least understand us to be able to simulate us. By narrowing the question down, we're now asking: is it possible we're living in a computer simulation run by beings like us? University of Oxford professor Nick Bostrom has thought a lot about this exact question. And he argues the answer is "yes". Not only does Bostrom think it's possible, he thinks there's a decent probability it's true...

According to Bostrom, if these simulated people (who are so much like us) don't realise they're in a simulation, then it's possible you and I are too. Suppose I guess we're not in a simulation and you guess we are. Who guessed best? Let's say there is just one "real" past. But these futuristic beings are also running many simulations of the past — different versions they made up. They could be running any number of simulations (it doesn't change the point Bostrom is trying to make) — but let's go with 200,000. Our guessing-game then is a bit like rolling a die with 200,000 sides. When I guess we are not simulated, I'm betting the die will be a specific number (let's make it 2), because there can only be one possible reality in which we're not simulated.

This means in every other scenario we are simulated, which is what you guessed. That's like betting the die will roll anything other than 2. So your bet is a far better one.
Professor Baron notes there's also two factors that decrease the likelihood of this hypothesis:

• How likely is it there are beings so advanced they can run simulations with people who are "conscious" like us in the first place?

• How likely is it such beings would run simulations even if they could? Maybe they have no interest in doing this.

"Sadly, we don't have enough evidence to help us decide."

Gizmodo doesn't indicate that professor Baron's came from a 9-year-old (as part of a series called "Curious Kids".) The 9-year-old's original wording of the question:

"Is it possible the whole observable universe is just a thing kept in a container, in a room where there are some other extraterrestrial beings much bigger than us?"

An anonymous reader quotes a report from ZDNet: With today's news that French shipping giant CMA CGM has been hit by a ransomware attack, this now means that all of the four biggest maritime shipping companies in the world have been hit by cyber-attacks in the past four years, since 2017. Previous incidents included: 1.) APM-Maersk -- taken down for weeks by the NotPetya ransomware/wiper in 2017. 2.) Mediterranean Shipping Company -- hit in April 2020 by an unnamed malware strain that brought down its data center for days. 3.) COSCO -- brought down for weeks by ransomware in July 2018.

On top of these, we also have CMA CGM, which today took down its worldwide shipping container booking system after its Chinese branches in Shanghai, Shenzhen, and Guangzhou were hit by the Ragnar Locker ransomware. This marks for a unique case study, as there is no other industry sector where the Big Four have suffered major cyber-attacks one after the other like this. But while all these incidents are different, they show a preferential targeting of the maritime shipping industry.

The Xen Project has ported its hypervisor to the 64-bit Raspberry Pi 4. The Register reports: The idea to do an official port bubbled up from the Xen community and then reached the desk of George Dunlap, chairman of the Xen Project's Advisory Board. Dunlap mentioned the idea to an acquaintance who works at the Raspberry Pi Foundation, and was told that around 40 percent of Pis are sold to business users rather than hobbyists. With more than 30 million Arm-based Pis sold as of December 2019, and sales running at a brisk 600,000-plus a month in April 2020, according to Pi guy Eben Upton, Dunlap saw an opportunity to continue Xen's drive towards embedded and industrial applications.

Stefano Stabellini, who by day works at FPGA outfit Xilinx, and past Apache Foundation director Roman Shaposhnik took on the task of the port. The pair clocked that the RPi 4's system-on-chip used a regular GIC-400 interrupt controller, which Xen supports out of the box, and thought this was a sign this would, overall, be an easy enough job. That, the duo admitted, was dangerous optimism. Forget the IRQs, there was a whole world of physical and virtual memory addresses to navigate. The pair were "utterly oblivious that we were about to embark on an adventure deep in the belly of the Xen memory allocator and Linux address translation layers," we're told. [The article goes on to explain the hurdles that were ahead of them.]

"Once Linux 5.9 is out, we will have Xen working on RPi4 out of the box," the pair said. [...] Stefano Stabellini told The Register that an official Xen-on-RPi port will make a difference in the Internet-of-Things community, because other Arm development boards are more costly than the Pi, and programmers will gravitate towards a cheaper alternative for prototyping. He also outlined scenarios, such as a single edge device running both a real-time operating system alongside another OS, each dedicated to different tasks but inhabiting the same hardware and enjoying the splendid isolation of a virtual machine rather than sharing an OS as containers. George Dunlap also thinks that an official Xen-on-RPi port could also be of use to home lab builders, or perhaps just give developers a more suitable environment for their side projects than a virtual machine or container on their main machines. Stay tuned to Project EVE's Github page for more details about how to build your own Xen-for-RPi. Hacks to get it up and running should also appear on the Xen project blog.

Two years ago, Microsoft sank a data centre off the coast of Orkney in a wild experiment. That data centre has now been retrieved from the ocean floor, and Microsoft researchers are assessing how it has performed, and what they can learn from it about energy efficiency. From a report: Their first conclusion is that the cylinder packed with servers had a lower failure rate than a conventional data centre. When the container was hauled off the seabed around half a mile offshore after being placed there in May 2018, just eight out of the 855 servers on board had failed. That compares very well with a conventional data centre. "Our failure rate in the water is one-eighth of what we see on land," says Ben Cutler, who has led what Microsoft calls Project Natick. The team is speculating that the greater reliability may be connected to the fact that there were no humans on board, and that nitrogen rather than oxygen was pumped into the capsule.

An anonymous reader quotes a report from the BBC: The distinctive Pringles tube is being re-designed after criticism that it's almost impossible to recycle. The current container for the potato-based snack was condemned as a recycler's nightmare. It's a complex construction with a metal base, plastic cap, metal tear-off lid, and foil-lined cardboard sleeve. The Recycling Association dubbed it the number one recycling villain -- along with the Lucozade Sports bottle. Now Pringles' maker Kellogg's is trialling a simpler can -- although experts say it's not a full solution. The existing version is particularly troublesome because it combines so many different materials

Some 90% of the new can is paper. Around 10% is a polyal (plastic) barrier that seals the interior to protect the food against oxygen and moisture which would damage the taste. But how about the lid? Well, two options are on trial in some Tesco stores -- a recyclable plastic lid and a recyclable paper lid. Kellogg's says these lids will still produce the distinctive "pop" associated with the product. [Simon Ellin from the Recycling Association] said the polyal-coated card might be recyclable but the product would need to be tested in recycling mills. And what of the much-criticised Lucozade Sports bottle? Mr Ellin said its unchanged basic design was still a big problem, as machines found it hard to differentiate the plastic in the bottle and the plastic that makes up its outer sleeve. He called on the makers, Suntory, to reduce the size of the external sleeve, as it has with the new Ribena bottle.

An anonymous reader shares this enthusiastic report from ZDNet: Earlier this year, Linus Torvalds approved of adding drivers and other components in Rust to Linux.* Last week, at the virtual Linux Plumbers Conference, developers gave serious thought to using the Rust language for new Linux inline code. ["Nothing firm has been determined yet," reported Phoronix, "but it's a topic that is still being discussed."] And, now Amazon Web Services (AWS) has announced that its just-released Bottlerocket Linux for containers is largely written in Rust.

Mozilla may have cut back on Rust's funding, but with Linux embracing Rust, after almost 30-years of nothing but C, Rust's future is assured. Rust was chosen because it lends itself more easily to writing secure software. Samartha Chandrashekar, an AWS Product Manager, said it "helps ensure thread safety and prevent memory-related errors, such as buffer overflows that can lead to security vulnerabilities." Many other developers agree with Chandrashekar.

Bottlerocket also improved its security by using Device-mapper's verity target. This is a Linux kernel feature that provides integrity checking to help prevent attackers from overwriting core system software or other rootkit type attacks. It also includes the extended Berkeley Packet Filter (eBPF), In Linux, eBPF is used for safe and efficient kernel function monitoring.
* Linus's exact words were "people are actively looking at, especially doing drivers and things that are not very central to the kernel itself, and having interfaces to do those, for example, in Rust. People have been looking at that for years now. I'm convinced it's going to happen one day."

The article also reminds readers that AWS's Bottlerocket "is also designed to be quick and easy to maintain... by including the bare essentials needed to run containers..."

"Besides its standard open-source elements, such as the Linux kernel and containerd container runtime, Bottlerocket's own code is licensed under your choice of either the Apache 2.0 or the MIT license."

Until Wednesday, a single text message sent through Cisco's Jabber collaboration application was all it took to touch off a self-replicating attack that would spread malware from one Windows user to another, researchers who developed the exploit said. Ars Technica reports: The wormable attack was the result of several flaws, which Cisco patched on Wednesday, in the Chromium Embedded Framework that forms the foundation of the Jabber client. A filter that's designed to block potentially malicious content in incoming messages failed to scrutinize code that invoked a programming interface known as "onanimationstart." But even then, the filter still blocked content that contained , an HTML tag that had to be included in a malicious payload. To bypass that protection, the researchers used code that was tailored to a built-in animation component called spinner-grow. With that, the researchers were able to achieve a cross-site scripting exploit that injected a malicious payload directly into the internals of the browser built into Jabber.

A security sandbox built into the Chromium Embedded Framework, or CEF, would normally store the payload in a container that's isolated from sensitive parts of the app. To work around this constraint, the researchers abused the window.CallCppFunction, which is designed to open files sent by other Cisco Jabber users. By manipulating a function parameter that accepts files, the researchers were able to break out of the sandbox. "Since Cisco Jabber supports file transfers, an attacker can initiate a file transfer containing a malicious .exe file and force the victim to accept it using an XSS attack," researchers from security firm Watchcom Security wrote in a post. "The attacker can then trigger a call to window.CallCppFunction, causing the malicious file to be executed on the victim's machine." Accordingly, CVE-2020-3495, the designation assigned to the Cisco Jabber vulnerability, has a severity rating of 9.9 out of a maximum 10 based on the Common Vulnerability Scoring System. Cisco's advisory has more details here.

An anonymous reader shares an opinion piece from Wired, written by Kevin Xu and Jordan Schneider. Xu is the author of Interconnected, investor and advisor of open source startups at OSS Capital, and served in the Obama White House. Schneider is the author of the ChinaTalk newsletter and host of the ChinaTalk podcast, posted on Lawfare. From the report: Open source is a technology development and distribution methodology, where the codebase and all development -- from setting a roadmap to building new features, fixing bugs, and writing documentation -- is done in public. A governing body (a group of hobbyists, a company, or a foundation) publicly manages this work, which is most often done in a public repository on either GitHub or GitLab. Open source has two important, and somewhat counterintuitive, advantages: speed and security. These practices lead to faster technological developments, because a built-in global community of developers help them mature, especially if the technology is solving a real problem. Top engineers also prefer to work with and on open source projects. Wrongly cast as secretive automatons, they are more often like artists, who prefer to learn, work, collaborate, and showcase what they've built in public, even when they are barely compensated for that work.

But doesn't keeping a technology's codebase open make it more vulnerable to attack? In fact, exposing the codebase publicly for security experts and hackers to easily access and test is the best way to keep the technology secure and build trust with end users for the long haul. Sunlight is the best disinfectant, and open source is that sunlight in technology. Linux, the operating system, and Kubernetes, the cloud container orchestration system, are two of the most prominent examples. [...] Using open source technology is now the fastest way new products get built and legacy technologies get replaced. Yet as US policymakers develop their industrial policy to compete with China, open source is conspicuously absent.

By leaning on the advantages of open source, policymakers can pursue an industrial policy to help the US compete in the 21st century in line with our broader values. The alternative is to continue a top-down process that picks winners and losers based on not just technology but also political influence, which only helps individual firms secure market share, not sparking innovation more broadly. A few billion more dollars won't save Intel from its technical woes, but a healthier ecosystem leveraging open source technology and community would put the US in a better position for the future. Open source technology allows for vendor-neutrality. Whether you're a country or a company, if you use open source, you're not locked in to another company's technical stack, roadmap, or licensing agreements. After Linux was first created in 1991, it was widely adopted by large companies like Dell and IBM as a vendor neutral alternative to Microsoft's Windows operating system. In the future, chip designers won't be locked into Intel or ARM with RISC-V. With OpenRAN, 5G network builders won't be forced to buy from Huawei, Nokia, or Ericsson. [...] By doubling down on open source, America not only can address some of our most pressing technological challenges faster and more securely, but also revive relationships with our allies and deepen productive collaborations with the tech sector.