Thursday was Rust's 10-year anniversary for its first stable release. "To say I'm surprised by its trajectory would be a vast understatement," writes Rust's original creator Graydon Hoare. "I can only thank, congratulate, and celebrate everyone involved... In my view, Rust is a story about a large community of stakeholders coming together to design, build, maintain, and expand shared technical infrastructure." It's a story with many actors:

- The population of developers the language serves who express their needs and constraints through discussion, debate, testing, and bug reports arising from their experience writing libraries and applications.

- The language designers and implementers who work to satisfy those needs and constraints while wrestling with the unexpected consequences of each decision.

- The authors, educators, speakers, translators, illustrators, and others who work to expand the set of people able to use the infrastructure and work on the infrastructure.

- The institutions investing in the project who provide the long-term funding and support necessary to sustain all this work over decades.

All these actors have a common interest in infrastructure.
Rather than just "systems programming", Hoare sees Rust as a tool for building infrastructure itself, "the robust and reliable necessities that enable us to get our work done" — a wide range that includes everything from embedded and IoT systems to multi-core systems. So the story of "Rust's initial implementation, its sustained investment, and its remarkable resonance and uptake all happened because the world needs robust and reliable infrastructure, and the infrastructure we had was not up to the task." Put simply: it failed too often, in spectacular and expensive ways. Crashes and downtime in the best cases, and security vulnerabilities in the worst. Efficient "infrastructure-building" languages existed but they were very hard to use, and nearly impossible to use safely, especially when writing concurrent code. This produced an infrastructure deficit many people felt, if not everyone could name, and it was growing worse by the year as we placed ever-greater demands on computers to work in ever more challenging environments...

We were stuck with the tools we had because building better tools like Rust was going to require an extraordinary investment of time, effort, and money. The bootstrap Rust compiler I initially wrote was just a few tens of thousands of lines of code; that was nearing the limits of what an unfunded solo hobby project can typically accomplish. Mozilla's decision to invest in Rust in 2009 immediately quadrupled the size of the team — it created a team in the first place — and then doubled it again, and again in subsequent years. Mozilla sustained this very unusual, very improbable investment in Rust from 2009-2020, as well as funding an entire browser engine written in Rust — Servo — from 2012 onwards, which served as a crucial testbed for Rust language features.
Rust and Servo had multiple contributors at Samsung, Hoare acknowledges, and Amazon, Facebook, Google, Microsoft, Huawei, and others "hired key developers and contributed hardware and management resources to its ongoing development." Rust itself "sits atop LLVM" (developed by researchers at UIUC and later funded by Apple, Qualcomm, Google, ARM, Huawei, and many other organizations), while Rust's safe memory model "derives directly from decades of research in academia, as well as academic-industrial projects like Cyclone, built by AT&T Bell Labs and Cornell."

And there were contributions from "interns, researchers, and professors at top academic research programming-language departments, including CMU, NEU, IU, MPI-SWS, and many others." JetBrains and the Rust-Analyzer OpenCollective essentially paid for two additional interactive-incremental reimplementations of the Rust frontend to provide language services to IDEs — critical tools for productive, day-to-day programming. Hundreds of companies and other institutions contributed time and money to evaluate Rust for production, write Rust programs, test them, file bugs related to them, and pay their staff to fix or improve any shortcomings they found. Last but very much not least: Rust has had thousands and thousands of volunteers donating years of their labor to the project. While it might seem tempting to think this is all "free", it's being paid for! Just less visibly than if it were part of a corporate budget.

All this investment, despite the long time horizon, paid off. We're all better for it.
He looks ahead with hope for a future with new contributors, "steady and diversified streams of support," and continued reliability and compatability (including "investment in ever-greater reliability technology, including the many emerging formal methods projects built on Rust.")

And he closes by saying Rust's "sustained, controlled, and frankly astonishing throughput of work" has "set a new standard for what good tools, good processes, and reliable infrastructure software should be like.

"Everyone involved should be proud of what they've built."

The Open Source Initiative is joining "a global community of contributors" for GitHub's annual event "honoring the individuals who steward and sustain Open Source projects."

And the theme of the 5th Annual "Maintainer Month" will be: securing Open Source: Throughout the month, OSI and our affiliates will be highlighting maintainers who prioritize security in their projects, sharing their stories, and providing a platform for collaboration and learning... Maintainer Month is a time to gather, share knowledge, and express appreciation for the people who keep Open Source projects running. These maintainers not only review issues and merge pull requests — they also navigate community dynamics, mentor new contributors, and increasingly, adopt security best practices to protect their code and users....

- OSI will publish a series of articles on Opensource.net highlighting maintainers whose work centers around security...

- As part of our programming for May, OSI will host a virtual Town Hall [May 21st] with our affiliate organizations and invite the broader Open Source community to join....

- Maintainer Month is also a time to tell the stories of those who often work behind the scenes. OSI will be amplifying voices from across our affiliate network and encouraging communities to recognize the people whose efforts are often invisible, yet essential.
"These efforts are not just celebrations — they are opportunities to recognize the essential role maintainers play in safeguarding the Open Source infrastructure that underpins so much of our digital world," according to the OSI's announcement. And this year they're focusing on three key areas of open source security:

• Adopting security best practices in projects and communities

• Recognizing contributors who improve project security

• Collaborating to strengthen the ecosystem as a whole

The blog OMG Ubuntu reports: Ubuntu's key developers have agreed to switch to Matrix as the primary platform for real-time development communications involving the distro. From March, Matrix will replace IRC as the place where critical Ubuntu development conversations, requests, meetings, and other vital chatter must take place... Only the current #ubuntu-devel and #ubuntu-release Libera IRC channels are moving to Matrix, but other Ubuntu development-related channels can choose to move — officially, given some projects were using Matrix over IRC already.

As a result, any major requests to/of the key Ubuntu development teams with privileged access can only be actioned if requests are made on Matrix. Canonical-employed Ubuntu developers will be expected to be present on Matrix during working hours... The aim is to streamline organisation, speed up decision making, ensure key developers are reliably reachable, and avoid discussions and conversations from fragmenting across multiple platforms... It's hoped that in picking one platform as the 'chosen one' the split in where the distro's development discourse takes place can be reduced and greater transparency in how and when decisions are made restored.

IRC remains popular with many Ubuntu developers but its old-school, lo-fi nature is said to be off-putting to newer contributors. They're used to richer real-time chat platforms with more features (like discussion history, search, offline messaging, etc). It's felt this is why many newer developers employed by Canonical prefer to discuss and message through the company's internal Mattermost instance — which isn't publicly accessible. Many Ubuntu teams, flavours, and community chats already take place on Matrix...
"End-users aren't directly affected, of course," they point out. But an earlier post on the same blog notes that Matrix "is increasingly ubiquitous in open-source circles. GNOME uses it, KDE embraces it, Linux Mint migrated last year, Mozilla a few years before, and it's already widely used by Ubuntu community members and developers." IRC remains unmatched in many areas but is, rightly or wrongly, viewed as an antiquated communication platform. IRC clients aren't pretty or plentiful, the syntax is obtuse, and support for 'modern' comforts like media sending, read receipts, etc., is lacking.To newer, younger contributors IRC could feel ancient or cumbersome to learn.

Though many of IRC's real and perceived shortcomings are surmountable with workarounds, clients, bots, scripts, and so on, support for those varies between channels, clients, servers, and user configurations. Unlike IRC, which is a centralised protocol relying on individual servers, Matrix is federated. It lets users on different servers to communicate without friction. Plus, Matrix features encryption, message history, media support, and so, meeting modern expectations.

Bruce Perens, original co-founder of the Open Source Initiative, has responded to questions from Slashdot readers about a new alternative he's developing that hopefully helps "Post Open" developers get paid.

But first, "One of the things that's clear from the Slashdot patter is that people are not aware of what I've been doing, in general," Perens says. "So, let's start by filling that in..."

Read on for the rest of his wide-ranging answers....

The GitHub Secure Open Source Fund launched this week with an initial commitment of $1.25 million, reports TechCrunch, using "capital from contributors including American Express, 1Password, Shopify, Stripe, and GitHub's own parent company Microsoft." GitHub briefly teased the new initiative at its annual GitHub Universe developer conference last month, but Tuesday it announced full details and formally opened the program for applicants, which will be reviewed "on a rolling basis" through the closing date of January 7, 2025, with programming and funding starting shortly after...

Tuesday's news builds on a number of previous GitHub initiatives designed to support project maintainers that work on key components of critical software, including GitHub Sponsors which landed in 2019 (and which is powering the new fund), but more directly the GitHub Accelerator program that launched its first cohort last year — the GitHub Secure Open Source Fund is essentially an extension of that.

"We're trying to acknowledge the fact that we're the home of open source, ultimately, and we have an obligation to help ensure that open source can continue to thrive and have the support that it needs," GitHub Chief Operating Officer Kyle Daigle told TechCrunch in an interview. Qualifying projects can be pretty much any project that has an open source license, but of course GitHub will be looking at those that need the funds most — so Kubernetes can hold fire with its application. "We're looking for the outsized impact, which tends to be big projects with few maintainers that we all rely on," Daigle said.

The sum of $1.25 million might sound like a reasonable amount, but it will be split across 125 projects, which means just $10,000 each — better than nothing, for sure, but a drop in the ocean on the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here — as with the initial accelerator program, maintainers embark on a three-week program, which includes mentorship, certification, education workshops, and ongoing access to GitHub tools.
From GitHub's announcement: Since introducing support for organizations through GitHub Sponsors, more than 5,800 organizations, including Microsoft and Stripe, have invested in maintainers and projects on GitHub, up nearly 40% YoY. Cumulatively, the platform has unlocked over $60 million in funding for maintainers to help them spend more time working on their projects.

But we know we're just scratching the surface when it comes to organizations and corporate support of open source. This summer, we partnered with the Linux Foundation and researchers from Laboratory for Innovation Science at Harvard (LISH) to learn more about the state of open source funding today. Diving in, we assessed organizations funding behaviors, potential misalignments, and opportunities to improve. In the report launched today, we found:


- Responding organizations annually invest $1.7 billion in open source, which can be extrapolated to estimate that approximately $7.7 billion is invested across the entire open source ecosystem annually.

- 86% of investment is in the form of contribution labor by employees and contractors working for the funding organization, with the remaining 14% being direct financial contributions.

- Organizations generally know how and where they contribute (65%) but lack specific clarity of their contributions (38%).

- Security efforts focus on bugs and maintenance; only a few (6%) said comprehensive security audits are a priority.


We all stand to benefit from unlocking more funding for open source. By tackling problems like open source security as an ecosystem, we believe we can help create more available funding and resources that are vital to the sustainability of open source. Not every open source project or maintainer has access to funding and training for security. That's why we created a fund that everyone potentially eligible can apply for...

This is the beginning of a journey into helping find ways to secure open source. On its own, it's not the answer, but we are confident it will help. We will be monitoring the impact of these investments and share what we learn as we go.

OW2, the non-profit international consortium dedicated to developing open-source middleware, published an open letter to the European Commission today. They're urging the European Union to continue funding free software after noticing that the Next Generation Internet (NGI) programs were no longer mentioned in Cluster 4 of the 2025 Horizon Europe funding plans.

OW2 argues that discontinuing NGI funding would weaken Europe's technological ecosystem, leaving many projects under-resourced and jeopardizing Europe's position in the global digital landscape. The letter reads, in part: NGI programs have shown their strength and importance to support the European software infrastructure, as a generic funding instrument to fund digital commons and ensure their long-term sustainability. We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure. Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organizations.

Previous Cluster 4 allocated 27 millions euros to:
- "Human centric Internet aligned with values and principles commonly shared in Europe";
- "A flourishing internet, based on common building blocks created within NGI, that enables better control of our digital life";
- "A structured eco-system of talented contributors driving the creation of new internet commons and the evolution of existing internet commons."

In the name of these challenges, more than 500 projects received NGI funding in the first 5 years, backed by 18 organizations managing these European funding consortia.

"The latest version of the Linux kernel adds an array of improvements," writes the blog OMG Ubuntu, " including a new memory sealing system call, a speed boost for AES-XTS encryption on Intel and AMD CPUs, and expanding Rust language support within the kernel to RISC-V." Plus, like in all kernel releases, there's a glut of groundwork to offer "initial support" for upcoming CPUs, GPUs, NPUs, Wi-Fi, and other hardware (that most of us don't use yet, but require Linux support to be in place for when devices that use them filter out)...

Linux 6.10 adds (after much gnashing) the mseal() system call to prevent changes being made to portions of the virtual address space. For now, this will mainly benefit Google Chrome, which plans to use it to harden its sandboxing. Work is underway by kernel contributors to allow other apps to benefit, though. A similarly initially-controversial change merged is a new memory-allocation profiling subsystem. This helps developers fine-tune memory usage and more readily identify memory leaks. An explainer from LWN summarizes it well.

Elsewhere, Linux 6.10 offers encrypted interactions with trusted platform modules (TPM) in order to "make the kernel's use of the TPM reasonably robust in the face of external snooping and packet alteration attacks". The documentation for this feature explains: "for every in-kernel operation we use null primary salted HMAC to protect the integrity [and] we use parameter encryption to protect key sealing and parameter decryption to protect key unsealing and random number generation." Sticking with security, the Linux kernel's Landlock security module can now apply policies to ioctl() calls (Input/Output Control), restricting potential misuse and improving overall system security.

On the networking side there's significant performance improvements to zero-copy send operations using io_uring, and the newly-added ability to "bundle" multiple buffers for send and receive operations also offers an uptick in performance...

A couple of months ago Canonical announced Ubuntu support for the RISC-V Milk-V Mars single-board computer. Linux 6.10 mainlines support for the Milk-V Mars, which will make that effort a lot more viable (especially with the Ubuntu 24.10 kernel likely to be v6.10 or newer). Others RISC-V improvements abound in Linux 6.10, including support for the Rust language, boot image compression in BZ2, LZ4, LZMA, LZO, and Zstandard (instead of only Gzip); and newer AMD GPUs thanks to kernel-mode FPU support in RISC-V.
Phoronix has their own rundown of Linux 6.10, plus a list of some of the highlights, which includes:

• The initial DRM Panic infrastructure
• The new Panthor DRM driver for newer Arm Mali graphics
• Better AMD ROCm/AMDKFD support for "small" Ryzen APUs and new additions for AMD Zen 5.
• AMD GPU display support on RISC-V hardware thanks to RISC-V kernel mode FPU
• More Intel Xe2 graphics preparations
• Better IO_uring zero-copy performance
• Faster AES-XTS disk/file encryption with modern Intel and AMD CPUs
• Continued online repair work for XFS
• Steam Deck IMU support
• TPM bus encryption and integrity protection

In 2022, Red Hat announced plans to extend RHEL to the automotive industry through Red Hat In-Vehicle Operating System (providing automakers with an open and functionally-safe platform). And this week Red Hat announced it achieved ISO 26262 ASIL-B certification from exida for the Linux math library (libm.so glibc) — a fundamental component of that Red Hat In-Vehicle Operating System.

From Red Hat's announcement: This milestone underscores Red Hat's pioneering role in obtaining continuous and comprehensive Safety Element out of Context certification for Linux in automotive... This certification demonstrates that the engineering of the math library components individually and as a whole meet or exceed stringent functional safety standards, ensuring substantial reliability and performance for the automotive industry. The certification of the math library is a significant milestone that strengthens the confidence in Linux as a viable platform of choice for safety related automotive applications of the future...

By working with the broader open source community, Red Hat can make use of the rigorous testing and analysis performed by Linux maintainers, collaborating across upstream communities to deliver open standards-based solutions. This approach enhances long-term maintainability and limits vendor lock-in, providing greater transparency and performance. Red Hat In-Vehicle Operating System is poised to offer a safety certified Linux-based operating system capable of concurrently supporting multiple safety and non-safety related applications in a single instance. These applications include advanced driver-assistance systems (ADAS), digital cockpit, infotainment, body control, telematics, artificial intelligence (AI) models and more. Red Hat is also working with key industry leaders to deliver pre-tested, pre-integrated software solutions, accelerating the route to market for SDV concepts.
"Red Hat is fully committed to attaining continuous and comprehensive safety certification of Linux natively for automotive applications," according to the announcement, "and has the industry's largest pool of Linux maintainers and contributors committed to this initiative..."

Or, as Network World puts it, "The phrase 'open source for the open road' is now being used to describe the inevitable fit between the character of Linux and the need for highly customizable code in all sorts of automotive equipment."

Melinda French Gates announced today she is stepping down from the Bill and Melinda Gates Foundation, three years after announcing her separation from Microsoft co-founder Bill Gates. With her departure as co-chair, the foundation will change its name to Gates Foundation and Bill Gates will be its sole chairperson, said CEO Mark Suzman. NBC News reports: In a statement posted on her Instagram account, she said that as part of her agreement to step down from the foundation, she will retain $12.5 billion that she plans to put toward her ongoing work supporting women and families. "This is not a decision I came to lightly," French Gates wrote. "I am immensely proud of the foundation that Bill and I built together and of the extraordinary work it is doing to address inequities around the world." In a separate statement, Bill Gates said, "I am sorry to see Melinda leave, but I am sure she will have a huge impact in her future philanthropic work."

Now worth $75.2 billion, the Gates Foundation has over the course of its three-decade lifespan made $77.6 billion worth of grant payments, making it one of the largest donor organizations in the world, with a focus on health and developmental goals. It is one of the largest contributors to the World Health Organization, and played a key role in efforts to address the Covid pandemic. "After a difficult few years watching women's rights rolled back in the U.S. and around the world, she wants to use this next chapter to focus specifically on altering that trajectory," Suzman said of French Gates.

"I want to reassure you that the millions of people our work serves and the thousands of partners we work alongside can continue to count on the foundation. The foundation today is stronger than it has ever been."

"I know we all wish Melinda the best in her next chapter," he added, noting that French Gates "will not be bringing any of the foundation's work with her when she leaves."

Slashdot reader sonlas shared this report from the BBC: Australia has announced it will ramp up its extraction and use of gas until "2050 and beyond", despite global calls to phase out fossil fuels. Prime Minister Anthony Albanese's government says the move is needed to shore up domestic energy supply while supporting a transition to net zero... Australia — one of the world's largest exporters of liquefied natural gas — has also said the policy is based on "its commitment to being a reliable trading partner". Released on Thursday, the strategy outlines the government's plans to work with industry and state leaders to increase both the production and exploration of the fossil fuel. The government will also continue to support the expansion of the country's existing gas projects, the largest of which are run by Chevron and Woodside Energy Group in Western Australia...

The policy has sparked fierce backlash from environmental groups and critics — who say it puts the interest of powerful fossil fuel companies before people. "Fossil gas is not a transition fuel. It's one of the main contributors to global warming and has been the largest source of increases of CO2 [emissions] over the last decade," Prof Bill Hare, chief executive of Climate Analytics and author of numerous UN climate change reports told the BBC... Successive Australian governments have touted gas as a key "bridging fuel", arguing that turning it off too soon could have "significant adverse impacts" on Australia's economy and energy needs. But Prof Hare and other scientists have warned that building a net zero policy around gas will "contribute to locking in 2.7-3C global warming, which will have catastrophic consequences".

Contributors from Apple, Google, Microsoft, and Mozilla, writing for BrowserBench: Since the initial version of the Speedometer benchmark was released in 2014 by the WebKit team, it has become a key tool for browser engines to drive performance optimizations as users and developers continue to demand richer and smoother experiences online.

We're proud to release Speedometer 3.0 today as a collaborative effort between the three major browser engines: Blink, Gecko, and WebKit. Like previous releases (Speedometer 2 in 2018 and Speedometer 1 in 2014), it's designed to measure web application responsiveness by simulating user interactions on real web pages. Today's release of Speedometer 3.0 marks a major step forward in web browser performance testing: it introduces a better way of measuring performance and a more representative set of tests that reflect the modern Web.

This is the first time the Speedometer benchmark, or any major browser benchmark, has been developed through a cross-industry collaboration supported by each major browser engine: Blink/V8, Gecko/SpiderMonkey, and WebKit/JavaScriptCore. It's been developed under a new governance model, driven by consensus, and is hosted in a shared repository that's open to contribution. This new structure involves a lot of collective effort: discussions, research, debates, decisions, and hundreds of PRs since we announced the project in December 2022.

Speedometer 3 adds many new tests. We started designing this new benchmark by identifying some key scenarios and user interactions that we felt were important for browsers to optimize. In particular, we added new tests that simulate rendering canvas and SVG charts (React Stockcharts, Chart.js, Perf Dashboard, and Observable Plot), code editing (CodeMirror), WYSIWYG editing (TipTap), and reading news sites (Next.js and Nuxt.js).

Tuesday the New York Times reported that while hosting the global climate summit, the United Arab Emirates also hoped to lobby for oil and gas deals around the world.

But Friday the United Arab Emirates announced that they'd also started a $30 billion climate fund, reports Reuters, and that fund "aims to attract $250 billion of investment by the end of the decade."

The New York Times notes the fund started just months ago, and "at least 20 percent of the funds, would be earmarked for projects in the developing world, where it is especially difficult to finance clean energy projects because interest rates are high and lenders shy away from what they perceive as risky investments."

The Washington Post notes that "It immediately becomes one of the world's largest climate-focused investment funds." "This is a big deal," said Mona Dajani, global head of renewables, energy and infrastructure at the law firm Shearman and Sterling. "We have seen other programs previously, but not at this level. They were too scattered, too small, not aligned to the broader financial sector."

The lack of cash feeds into other challenges that can make it impossible to scale up clean energy in some countries. Without a steady pipeline of projects, there are no established supply chains, and nations find themselves locked out of markets for key components that are in high demand elsewhere, such as solar cells and critical minerals used to make giant batteries that store renewable power. The Global South will need an immense amount of such battery storage by the end of the decade, according to the Rockefeller Foundation, enough to store about as much power as is produced by 90 large nuclear plants. The storage is used to bottle wind and solar power and distribute it back into grids after dark and when the wind dies down.
The Post also reports that "the money to fund the projects will come largely from oil revenue." While the UAE framed its initiative as a call to global action, it is at least partly geared toward generating returns. It is one of several forays the UAE is making into clean-energy finance as it seeks to diversify its economy amid predictions the demand for oil will slump in coming years... The new initiative puts a spotlight on the UAE's evolving role in the fight against climate change. The country is at once one of the world's biggest contributors to warming, pumping massive amounts of oil into the global economy, while also using its fossil fuel wealth to put itself on the vanguard of energy innovation.

Long-time open source advocate Matt Asay writes in InfoWorld: OpenSearch shouldn't exist. The open source alternative to Elasticsearch started off as Amazon Web Services' (AWS) answer to getting outflanked by Elastic's change in Elasticsearch's license, which was in turn sparked by AWS building a successful Elasticsearch service but contributing little back. In 2019 when AWS launched its then Open Distro for Elasticsearch, I thought its reasons rang hollow and, frankly, sounded sanctimonious. This was, after all, a company that used more open source than it contributed. Two years later, AWS opted to fork Elasticsearch to create OpenSearch, committing to a "long-term investment" in OpenSearch.

I worked at AWS at the time. Privately, I didn't think it would work.

Rather, I didn't feel that AWS really understood just how much work was involved in running a successful open source project, and the company would fail to invest the time and resources necessary to make OpenSearch a viable competitor to Elasticsearch. I was wrong. Although OpenSearch has a long way to go before it can credibly claim to have replaced Elasticsearch in the minds and workloads of developers, it has rocketed up the search engine popularity charts, with an increasingly diverse contributor population. In turn, the OpenSearch experience is adding a new tool to AWS' arsenal of open source strengths....

As part of the AWS OpenSearch team, David Tippett and Eli Fisher laid out a few key indicators of OpenSearch's success as they gave their 2022 year in review. They topped more than 100 million downloads and gathered 8,760 pull requests from 496 contributors, a number of whom don't work for AWS. Not stated were other success factors, such as Adobe's earlier decision to replace Elasticsearch with OpenSearch in its Adobe Commerce suite, or its increasingly open governance with third-party maintainers for the project. Nor did they tout its lightning-fast ascent up the DB-Engines database popularity rankings, hitting the Top 50 databases for the first time.

OpenSearch, in short, is a bonafide open source success story. More surprisingly, it's an AWS open source success story. For many who have been committed to the "AWS strip mines open source" narrative, such success stories aren't supposed to exist. Reality bites.
The article notes that OpenSearch's success "doesn't seem to be blunting Elastic's income statement." But it also points out that Amazon now has many employees actively contributing to open source projects, including PostgreSQL and MariaDB. (Although "If AWS were to turn forking projects into standard operating procedure, that might get uncomfortable.")

"Fortunately, not only has AWS learned how to build more open source, it has also learned how to partner with open source companies."

An anonymous reader quotes a report from MIT Technology Review: Many software projects emerge because -- somewhere out there -- a programmer had a personal problem to solve. That's more or less what happened to Graydon Hoare. In 2006, Hoare was a 29-year-old computer programmer working for Mozilla, the open-source browser company. Returning home to his apartment in Vancouver, he found that the elevator was out of order; its software had crashed. This wasn't the first time it had happened, either. Hoare lived on the 21st floor, and as he climbed the stairs, he got annoyed. "It's ridiculous," he thought, "that we computer people couldn't even make an elevator that works without crashing!" Many such crashes, Hoare knew, are due to problems with how a program uses memory. The software inside devices like elevators is often written in languages like C++ or C, which are famous for allowing programmers to write code that runs very quickly and is quite compact. The problem is those languages also make it easy to accidentally introduce memory bugs -- errors that will cause a crash. Microsoft estimates that 70% of the vulnerabilities in its code are due to memory errors from code written in these languages.

Most of us, if we found ourselves trudging up 21 flights of stairs, would just get pissed off and leave it there. But Hoare decided to do something about it. He opened his laptop and began designing a new computer language, one that he hoped would make it possible to write small, fast code without memory bugs. He named it Rust, after a group of remarkably hardy fungi that are, he says, "over-engineered for survival." Seventeen years later, Rust has become one of the hottest new languages on the planet -- maybe the hottest. There are 2.8 million coders writing in Rust, and companies from Microsoft to Amazon regard it as key to their future. The chat platform Discord used Rust to speed up its system, Dropbox uses it to sync files to your computer, and Cloudflare uses it to process more than 20% of all internet traffic.

When the coder discussion board Stack Overflow conducts its annual poll of developers around the world, Rust has been rated the most "loved" programming language for seven years running. Even the US government is avidly promoting software in Rust as a way to make its processes more secure. The language has become, like many successful open-source projects, a barn-raising: there are now hundreds of die-hard contributors, many of them volunteers. Hoare himself stepped aside from the project in 2013, happy to turn it over to those other engineers, including a core team at Mozilla. It isn't unusual for someone to make a new computer language. Plenty of coders create little ones as side projects all the time. But it's meteor-strike rare for one to take hold and become part of the pantheon of well-known languages alongside, say, JavaScript or Python or Java. How did Rust do it?

The Linux Foundation's new Open Metaverse Foundation wants to unite industries "to work on developing open source software and standards for an inclusive, global, vendor-neutral and scalable Metaverse."

In a blog post this week the group's executive director explained the advantages of an open Metaverse: It can create new jobs and industries in the digital space. It can bridge the gap between the physical and digital worlds while providing an amazing world where anyone can create their own opportunities. An open Metaverse broadens commerce for digital ownership and consumables, and it offers shared experiences and learning opportunities for anyone with access. The future market value for all of this may exceed any single media market.

The potential for the Metaverse is boundless, but only if we pursue it as an open, collaborative endeavor. The mission of the Open Metaverse Foundation (OMF) is to foster a strong community of developers, engineers, academics and thought leaders who will solve the difficult challenges of building the open Metaverse through open source software and standards that enable portability and interoperability for an inclusive, global, scalable world, supporting interactive and immersive experiences for the benefit of any individual or industry.

Through the Foundation, we'll work together to discuss, pinpoint and create the building blocks to transform the emerging concept of the Metaverse into a reality — spanning digital assets, simulations, transactions, artificial intelligence, networking, security, privacy, and legal considerations.... Backend services, standards, and relationships are critical to success, including elements like digital ID representation for users and objects. Transactions must provide receipts for proof and commerce.... Worlds need a standard to communicate with other worlds so that users can move in and out without breaking the immersive experience. Providing an open standard to move objects across worlds is a huge part of what the OMF can deliver. Other technical challenges that demand open collaboration include the reshaping of our networks and internet to accommodate greater needs presented by the open Metaverse.

All of this can seem overwhelming. And it is, unless you have the proven expertise in community building, governance and other elements offered by the Linux Foundation, which provides the focus needed to create manageable, tangible tasks to complete. We've already set up several Foundational Interest Groups (FIGs), which provide a great starting place to engage with the OMF. These FIGs enable a focused, distributed decision structure for key topics, and provide targeted resources and forums for the identification of new ideas, getting work done, and onboarding new contributors....

Contributions to OMF projects are licensed under both Apache 2.0 and MIT, enabling anyone to use, modify, extend and distribute the source code without any fees or commercial obligations....

We look forward to working with a broad, global community to advance the promise of the Metaverse.

"If I want AWS to ignore me completely all I have to do is open a pull request against one of their repositories," quipped cloud economist Corey Quinn in April, while also complaining that the real problem is "how they consistently and in my opinion incorrectly try to shape a narrative where they're contributing to the open source ecosystem at a level that's on par with their big tech company peers."

But on Friday tech columnist Matt Asay argued that AWS is quietly getting better at open source. "Agreed," tweeted tech journalist Steven J. Vaughan-Nichols in response, commending "Good open source people, good open-source work." (And Vaughan-Nichols later retweeted an AWS principle software engineer's announcement that "Over at Amazon Linux we are hiring, and also trying to lead and better serve customers by being more involved in upstream communities.") Mark Atwood, principle engineer for open source at Amazon, also joined Asay's thread, tweeting "I'm glad that people are noticing. Me and my team have been doing heavy work for years to get to this point. Generally we don't want to sit at the head of the table, but we are seeing the value of sitting at the table."

Asay himself was AWS's head of developer marketing/Open Source strategy for two years, leaving in August of 2021. But Friday Asay's article noted a recent tweet where AWS engineer Divij Vaidya announced he'd suddenly become one of the top 10 contributors to Apache Kafka after three months as the founding engineer for AWS's Apache Kafka open source team. (Vaida added "We are hiring for a globally distributed fully remote team to work on open source Apache Kafka! Join us.")

Asay writes: Apache Kafka is just the latest example of this.... This is exactly what critics have been saying AWS doesn't do. And, for years, they were mostly correct.

AWS was, and is, far more concerned with taking care of customers than being popular with open-source audiences. So, the company has focused on being "the best place for customers to build and run open-source software in the cloud." Historically, that tended to not involve or require contributing to the open-source projects it kept building managed services around. Many felt that was a mistake — that a company so dependent on open source for its business was putting its supply chain at risk by not sustaining the projects upon which it depended...

PostgreSQL contributor (and sometime AWS open-source critic) Paul Ramsey has noticed. As he told me recently, it "[f]eels like a switch flipped at AWS a year or two ago. The strategic value of being a real stakeholder in the software they spin is now recognized as being worth the dollars spent to make it happen...." What seems to be happening at AWS, if quietly and usually behind the scenes, is a shift toward AWS service teams taking greater ownership in the open-source projects they operationalize for customers. This allows them to more effectively deliver results because they can help shape the roadmap for customers, and it ensures AWS customers get the full open-source experience, rather than a forked repo with patches that pile up as technical debt.

Vaidya and the Managed Service for Kafka team is an example along with Madelyn Olson, an engineer with AWS's ElastiCache team and one of five core maintainers for Redis. And then there are the AWS employees contributing to Kubernetes, etcd and more. No, AWS is still not the primary contributor to most of these. Not yet. Google, Microsoft and Red Hat tend to top many of the charts, to Quinn's point above. This also isn't somehow morally wrong, as Quinn also argued: "Amazon (and any company) is there to make money, not be your friend."

But slowly and surely, AWS product teams are discovering that a key element of obsessing over customers is taking care of the open-source projects upon which those customers depend. In other words, part of the "undifferentiated heavy lifting" that AWS takes on for customers needs to be stewardship for the open-source projects those same customers demand.
UPDATE: Reached for a comment today, Asay clarified his position on Quinn's original complaints about AWS's low level of open source contributions. "What I was trying to say was that while Corey's point had been more-or-less true, it wasn't really true anymore."

How many members of your team are so irreplaceable that if they were hit by a bus, your project would grind to a halt?

For PHP, that number is: two. (According to a post by PHP contributor Joe Watkins earlier this year that's now being cited in Mike Melanson's "This Week in Programming" column.) "Maybe as few as two people would have to wake up this morning and decide they want to do something different with their lives in order for the PHP project to lack the expertise and resources to move it forward in its current form, and at current pace," Watkins wrote at the time, naming Dmitry Stogov and Nikita Popov as those two. Well, last week, Nikita Popov was thankfully not hit by a bus, but he did decide to move on from his role with PHP to instead focus his activities on LLVM.

Also thankfully, Watkins' article earlier this year opened some eyes to the situation at hand and, as he writes in a follow-up article this week, JetBrains (Popov's employer) reached out to him at the time regarding starting a PHP Foundation. This week, with Popov's departure, the PHP Foundation was officially launched with the goal of funding part/full-time developers to work on the PHP core in 2022. At launch, the PHP Foundation will count 10 companies — Automattic, Laravel, Acquia, Zend, Private Packagist, Symfony, Craft CMS, Tideways, PrestaShop, and JetBrains — among its backers, with an expectation to raise $300,000 per year, and with JetBrains contributing $100,000 annually. Alongside that, the foundation is being launched using foundation-as-a-service provider Open Collective, and just under 700 contributors have already raised more than $40,000 for the foundation.

One of the key benefits to creating a foundation, rather than sticking with the status quo, goes beyond increasing the bus factor — it diversifies the influences on PHP. Watkins points out that, for much of the history of PHP, Zend, the employer of Dmitry Stogov, has been a primary financial backer, and as such has had some amount of influence on the language's direction. Similarly, JetBrains had increased influence during its time employing Popov on PHP."To say they have not influenced the direction of the language as a whole would just not be true...." While Watkins says that everything has been above board and gone through standard processes to ensure so, influence is nonetheless indisputable, and that "The Foundation represents a new way to push the language forward..."

The current RFC process, JetBrains writes, "will not change, and language decisions will always be left to the PHP Internals community."
And in addition, Watkins adds, "It provides us the mechanism by which to raise the bus factor, so that we never face the problems we face today, and have faced in the past."

Bluesky, Twitter's decentralized social networking effort, has announced its first major update since 2019. The Verge reports: The Bluesky team released a review of the decentralized web ecosystem and said it's hoping to find a team lead in the coming months. The review follows Twitter CEO Jack Dorsey discussing Bluesky earlier this month, when he called it a "standard for the public conversation layer of the internet." The review outlines a variety of known decentralized systems. It includes ActivityPub, known for powering the social network Mastodon; the messaging standard XMPP, which powers WhatsApp and the now-defunct Google Talk; and Solid, a decentralization project led by World Wide Web creator Sir Tim Berners-Lee. The report covers how these systems handle key social network elements like discoverability, moderation, and privacy, as well as how services based on them can scale up, interoperate, and make money.

This doesn't tell us how Bluesky itself might operate. If it results in a protocol, that system might be created from scratch, or it might build on an existing standard like ActivityPub â" a possibility Dorsey mentioned in 2019 upon unveiling the initiative. [...] However, the report offers a snapshot of who's been working on Bluesky. It was authored by Jay Graber, creator of event-organizing platform Happening. Other contributors include Mastodon developer Eugen Rochko, peer-to-peer Beaker Browser co-creator Paul Frazee, ActivityPub standard co-editor Christopher Lemmer Webber, and InterPlanetary File System project lead Molly Mackinlay.

It also hints at the fact that decentralization often isn't profitable. The report focuses on monetization options like membership fees and cryptocurrency microtransactions, but it also notes that "many decentralized projects run on volunteer work and donations" -- something that isn't ideal for a platform supporting commercial networks like Twitter.

A new article examines a study which suggested fresh asphalt is "a significant, yet overlooked, source of air pollution," (as reported by Science). "In fact, the material's contribution to one kind of particulate air pollution could rival or even exceed that of cars and trucks."

UPI reports: And its emissions double as its temperature increases from 104 to 140 degrees Fahrenheit, researchers found. Sunlight plays a key role in these asphalt emissions, with even moderate levels of sunshine tripling the release of air pollutants, according to the study published Sept. 2 in the journal Science Advances... In-use pavement usually gets as hot as between 117 and 153 degrees Fahrenheit in the summer, while roofs can reach 167 degrees, the study authors said.

As the major contributors to air pollution get cut back — for example, through cleaner vehicle emissions — passive pollution sources like these will have a growing influence on the air we breathe, said Peter DeCarlo, an associate professor and air pollution expert with Johns Hopkins University, in Baltimore. "In doing that reduction, we are discovering these new sources that are now playing a more prominent role in our air pollution issues," DeCarlo said.... Asphalt probably contributes most to air pollution when it's freshly laid, DeCarlo added. During the paving process, asphalt is heated to as much as 248 to 320 degrees Fahrenheit, the researchers said. "If you've ever been around people laying asphalt, you smell it. It's clear something is getting into the air when that happens," DeCarlo said. But asphalt likely continues to emit air pollutants even after it's aged, when sunlight bakes the material, he noted.

Switching to concrete for paving would help reduce emissions, he said, but concrete is not an ideal paving material in all locales. Another possible solution might be the application of "cool pavement" technology, where colored sealants are applied to paved surfaces so they reflect more solar energy and become less likely to heat up, Gentner said. Emissions might also vary with different asphalt application methods and different formulations of the paving product, Gentner suggested.

In the past decade, Google's suite of collaborative tools has steadily gained prominence in social movements and other forms of widespread collaboration. From a report: It was used to organize Occupy Wall Street movements in 2011, disseminate resources for protesting after the U.S. election in 2016, and assemble response to the California wildfires in 2017. During 2020, these tools have earned a reputation as "the social media of the resistance;" they have played a key role in the formation of pandemic mutual aid groups, the organization of the Black Lives Matter movement, and the aggregation of allegations in the gaming industry's #MeToo reckoning. But when these resources go viral, they often encounter limitations of G Suite. "Whenever you loaded the page, it would just fail half the time," says Edward Saperia, who initially used Google Docs to build Coronavirus Tech Handbook, a crowdsourced directory of tools, services, and resources for Covid-19 response.

The proliferation of viral Google Sheets and Google Docs that break is a sign that collaboration has outgrown the collaboration tools at our immediate disposal. As the demographic of organizers and contributors has broadened and the scale of these projects has exploded, tools everyday citizens can use to spearhead these efforts have yet to catch up. Google Docs and Google Sheets were first built more than a decade ago to allow individuals to "get feedback and contributions from others [â¦] without having to email around copies of files." They were designed to facilitate the kind of collaboration we might reasonably attempt via email -- not widespread resources and movements. A Google support page states that "up to 100 people with view, edit, or comment permissions can work on a Google Docs, Sheets, or Slides file at the same time" and has a section devoted to troubleshooting files that become unresponsive after being shared with many people, recognizing the common pitfall.