"It's time to charge for access," argues a new opinion piece at The Register. Begging billion-dollar companies to fund open source projects just isn't enough, writes long-time tech reporter Steven J. Vaughan-Nichols: Screw fair. Screw asking for dimes. You can't live off one-off charity donations... Depending on what people put in a tip jar is no way to fund anything of value... [A]ccording to a 2024 Tidelift maintainer report, 60 percent of open source maintainers are unpaid, and 60 percent have quit or considered quitting, largely due to burnout and lack of compensation. Oh, and of those getting paid, only 26 percent earn more than $1,000 a year for their work. They'd be better paid asking "Would you like fries with that?" at your local McDonald's...

Some organizations do support maintainers, for example, there's HeroDevs and its $20 million Open Source Sustainability Fund. Its mission is to pay maintainers of critical, often end-of-life open source components so they can keep shipping patches without burning out. Sentry's Open Source Pledge/Fund has given hundreds of thousands of dollars per year directly to maintainers of the packages Sentry depends on. Sentry is one of the few vendors that systematically maps its dependency tree and then actually cuts checks to the people maintaining that stack, as opposed to just talking about "giving back."

Sentry is on to something. We have the Linux Foundation to manage commercial open source projects, the Apache Foundation to oversee its various open source programs, the Open Source Initiative (OSI) to coordinate open source licenses, and many more for various specific projects. It's time we had an organization with the mission of ensuring that the top programmers and maintainers of valuable open source projects get a cut of the tech billionaire pie.

We must realign how businesses work with open source so that payment is no longer an optional charitable gift but a cost of doing business. To do that, we need an organization to create a viable, supportable path from big business to individual programmer. It's time for someone to step up and make this happen. Businesses, open source software, and maintainers will all be better off for it.
One possible future... Bruce Perens wrote the original Open Source definition in 1997, and now proposes a not-for-profit corporation developing "the Post Open Collection" of software, distributing its licensing fees to developers while providing services like user support, documentation, hardware-based authentication for developers, and even help with government compliance and lobbying.

Long-time Slashdot reader theodp writes: Last July, as Microsoft pledged $4 billion to advance AI education in K-12 schools, Microsoft President Brad Smith told nonprofit Code.org CEO/Founder Hadi Partovi it was time to "switch hats" from coding to AI. He added that "the last 12 years have been about the Hour of Code, but the future involves the Hour of AI." On Friday, Code.org announced leadership changes to make it so.

"I am thrilled to announce that Karim Meghji will be stepping into the role of President & CEO," Partovi wrote on LinkedIn. "Having worked closely with Karim over the last 3.5 years as our CPO, I have complete confidence that he possesses the perfect balance of historical context and 'founder-level' energy to lead us into an AI-centric future."

In a separate LinkedIn post, Code.org co-founder Cameron Wilson explained why he was transitioning to an executive advisor role. "Our community is entering a new chapter as AI changes and upends computer science as a discipline and society at large. Code.org's mission is still the same, however, we are starting a new chapter focused on ensuring students can thrive in the Age of AI. This new chapter will bring new opportunities, new problems to solve, and new communities to engage."

The Code.org leadership changes come just weeks after Code.org confirmed laid off about 14% of its staff, explaining it had "made the difficult decision to part ways with 18 colleagues as part of efforts to ensure our long-term sustainability." January also saw Code.org Chief Academic Officer Pat Yongpradit jump to Microsoft where he now helps "lead Microsoft's global strategy to put people first in an age of AI by shaping education and workforce policy" as a member of Microsoft's Global Education and Workforce Policy team.

theodp writes: West Virginia lawmakers on Tuesday introduced House Bill 5387 (PDF), which would repeal the state's recently enacted mandatory stand-alone computer science graduation requirement and replace it with a new computer literacy proficiency requirement. Not too surprisingly, the Bill is being opposed by tech-backed nonprofit Code.org, which lobbied for the WV CS graduation requirement (PDF) just last year. Code.org recently pivoted its mission to emphasize the importance of teaching AI education alongside traditional CS, teaming up with tech CEOs and leaders last year to launch a national campaign to mandate CS and AI courses as graduation requirements.

"It would basically turn the standalone computer science course requirement into a computer literacy proficiency requirement that's more focused on digital literacy," lamented Code.org as it discussed the Bill in a Wednesday conference call with members of the Code.org Advocacy Coalition, including reps from Microsoft's Education and Workforce Policy team. "It's mostly motivated by a variety of different issues coming from local superintendents concerned about, you know, teachers thinking that students don't need to learn how to code and other things. So, we are addressing all of those. We are talking with the chair and vice chair of the committee a week from today to try to see if we can nip this in the bud." Concerns were also raised on the call about how widespread the desire for more computing literacy proficiency (over CS) might be, as well as about legislators who are associating AI literacy more with digital literacy than CS.

The proposed move from a narrower CS focus to a broader goal of computer literacy proficiency in WV schools comes just months after the UK's Department for Education announced a similar curriculum pivot to broader digital literacy, abandoning the narrower 'rigorous CS' focus that was adopted more than a decade ago in response to a push by a 'grassroots' coalition that included Google, Microsoft, UK charities, and other organizations.

Ars Technica reports: Security firm Mandiant [part of Google Cloud] has released a database that allows any administrative password protected by Microsoft's NTLM.v1 hash algorithm to be hacked in an attempt to nudge users who continue using the deprecated function despite known weaknesses.... a precomputed table of hash values linked to their corresponding plaintext. These generic tables, which work against multiple hashing schemes, allow hackers to take over accounts by quickly mapping a stolen hash to its password counterpart... Mandiant said it had released an NTLMv1 rainbow table that will allow defenders and researchers (and, of course, malicious hackers, too) to recover passwords in under 12 hours using consumer hardware costing less than $600 USD. The table is hosted in Google Cloud. The database works against Net-NTLMv1 passwords, which are used in network authentication for accessing resources such as SMB network sharing.

Despite its long- and well-known susceptibility to easy cracking, NTLMv1 remains in use in some of the world's more sensitive networks. One reason for the lack of action is that utilities and organizations in industries, including health care and industrial control, often rely on legacy apps that are incompatible with more recently released hashing algorithms. Another reason is that organizations relying on mission-critical systems can't afford the downtime required to migrate. Of course, inertia and penny-pinching are also causes.

"By releasing these tables, Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1," Mandiant said. "While tools to exploit this protocol have existed for years, they often required uploading sensitive data to third-party services or expensive hardware to brute-force keys."
"Organizations that rely on Windows networking aren't the only laggards," the article points out. "Microsoft only announced plans to deprecate NTLMv1 last August."

Thanks to Slashdot reader joshuark for sharing the news.

After the Python Software Foundation rejected a $1.5 million grant because it restricted DEI activity, "a flood of new donations followed," according to a new report. By Friday they'd raised over $157,000, including 295 new Supporting Members paying an annual $99 membership fee, says PSF executive director Deb Nicholson.

"It doesn't quite bridge the gap of $1.5 million, but it's incredibly impactful for us, both financially and in terms of feeling this strong groundswell of support from the community." Could that same security project still happen if new funding materializes? The PSF hasn't entirely given up. "The PSF is always looking for new opportunities to fund work benefiting the Python community," Nicholson told me in an email last week, adding pointedly that "we have received some helpful suggestions in response to our announcement that we will be pursuing." And even as things stand, the PSF sees itself as "always developing or implementing the latest technologies for protecting PyPI project maintainers and users from current threats," and it plans to continue with that commitment.
The Python Software Foundation was "astounded and deeply appreciative at the outpouring of solidarity in both words and actions," their executive director wrote in a new blog post this week, saying the show of support "reminds us of the community's strength."

But that post also acknowledges the reality that the Python Software Foundation's yearly revenue and assets (including contributions from major donors) "have declined, and costs have increased,..." Historically, PyCon US has been a source of revenue for the PSF, enabling us to fund programs like our currently paused Grants Program... Unfortunately, PyCon US has run at a loss for three years — and not from a lack of effort from our staff and volunteers! Everyone has been working very hard to find areas where we can trim costs, but even with those efforts, inflation continues to surge, and changing U.S. and economic conditions have reduced our attendance... Because we have so few expense categories (the vast majority of our spending goes to running PyCon US, the Grants Program, and our small 13-member staff), we have limited "levers to pull" when it comes to budgeting and long-term sustainability...
While Python usage continues to surge, "corporate investment back into the language and the community has declined overall. The PSF has longstanding sponsors and partners that we are ever grateful for, but signing on new corporate sponsors has slowed." (They're asking employees at Python-using companies to encourage sponsorships.) We have been seeking out alternate revenue channels to diversify our income, with some success and some challenges. PyPI Organizations offers paid features to companies (PyPI features are always free to community groups) and has begun bringing in monthly income. We've also been seeking out grant opportunities where we find good fits with our mission.... We currently have more than six months of runway (as opposed to our preferred 12 months+ of runway), so the PSF is not at immediate risk of having to make more dramatic changes, but we are on track to face difficult decisions if the situation doesn't shift in the next year.

Based on all of this, the PSF has been making changes and working on multiple fronts to combat losses and work to ensure financial sustainability, in order to continue protecting and serving the community in the long term. Some of these changes and efforts include:

— Pursuing new sponsors, specifically in the AI industry and the security sector
— Increasing sponsorship package pricing to match inflation
— Making adjustments to reduce PyCon US expenses
— Pursuing funding opportunities in the US and Europe
— Working with other organizations to raise awareness
— Strategic planning, to ensure we are maximizing our impact for the community while cultivating mission-aligned revenue channels

The PSF's end-of-year fundraiser effort is usually run by staff based on their capacity, but this year we have assembled a fundraising team that includes Board members to put some more "oomph" behind the campaign. We'll be doing our regular fundraising activities; we'll also be creating a unique webpage, piloting temporary and VERY visible pop-ups to python.org and PyPI.org, and telling more stories from our Grants Program recipients...

Keep your eyes on the PSF Blog, the PSF category on Discuss, and our social media accounts for updates and information as we kick off the fundraiser this month. Your boosts of our posts and your personal shares of "why I support the PSF" stories will make all the difference in our end-of-year fundraiser. If this post has you all fired up to personally support the future of Python and the PSF right now, we always welcome new PSF Supporting Members and donations.

San Francisco's local newscast ABC7 runs a consumer advocacy segment called "7 on Your Side". They received a disturbing call for help from Dave Dornlas, treasurer of a nonprofit supporting a local library: GoFundMe has taken upon itself to create "nonprofit pages" for 1.4 million 501C-3 organizations using public IRS data along with information from trusted partners like the PayPal Giving Fund. "The fact that they would just on their own build pages for nonprofits that they've never spoken to is a problem," [Dornlas] said. "I'm a believer in opt-in, not opt-out...." Dornlas says he struggled to find anyone to contact from GoFundMe about this... Dave's other frustration is tied to the company's optional tipping feature on the platform. "GoFundMe also solicits a tip of 14.5%. In other words, 'We're doing this and we're great people. Give us 14.5% to do this' — which doesn't have to happen," Dornlas said. "That's what bothers me." When 7 On Your Side checked, the optional tip was actually set for 16.5%. The consumer is required to move the bar to adjust accordingly... The tip would be in addition to the 2.2% transaction fee GoFundMe charges nonprofits, plus $0.30 per donation. That fee goes up to 2.9% for individual fundraisers.

Now both GoFundMe pages of Dornlas's nonprofits have been removed from the site. Any organization can do so, by clicking "unpublish" on the platform.
But GoFundMe's move drew strong criticism from the Center for Nonprofit Excellence (a Kentucky-based membership organization with over 500 members). GoFundMe's move, they say, creates "confusion for donors and supporters who are unsure of the legitimacy of the fundraising pages. In some cases, GoFundMe included incorrect information, outdated logos, and other inaccuracies that compromise and misrepresent nonprofits' brand, mission, strategy, and message."

And GoFundMe's processing fees and tips "ultimately result in fewer resources for nonprofits than if donors contributed directly through the organization." But there's more... GoFundMe has initiated SEO optimization as the default for the donation pages to improve their visibility when individuals search forinformation about nonprofits online. This could result in GoFundMe'spages ranking higher than the nonprofit's own website, pulling away potential donors and supporters...

Without adequate safeguards in place, nonprofits report serious issues, ranging from unauthorized individuals claiming donations and the inability to remove pages without first agreeing to GoFundMe's terms and conditions or sharing sensitive banking information.
The Center for Nonprofit Excellence has now joined with the National Council of Nonprofits — America's largest network of nonprofits, with over 25,000 members — to officially urge GoFundMe to immediately rectify the situation.

Thanks to long-time Slashdot reader Arrogant-Bastard for sharing the article.

Critics question why basic flaws like buffer overflows, command injections, and SQL injections are "being exploited remain prevalent in mission-critical codebases maintained by companies whose core business is cybersecurity," writes CSO Online. Benjamin Harris, CEO of cybersecurity/penetration testing firm watchTowr tells them that "these are vulnerability classes from the 1990s, and security controls to prevent or identify them have existed for a long time. There is really no excuse." Enterprises have long relied on firewalls, routers, VPN servers, and email gateways to protect their networks from attacks. Increasingly, however, these network edge devices are becoming security liabilities themselves... Google's Threat Intelligence Group tracked 75 exploited zero-day vulnerabilities in 2024. Nearly one in three targeted network and security appliances, a strikingly high rate given the range of IT systems attackers could choose to exploit. That trend has continued this year, with similar numbers in the first 10 months of 2025, targeting vendors such as Citrix NetScaler, Ivanti, Fortinet, Palo Alto Networks, Cisco, SonicWall, and Juniper. Network edge devices are attractive targets because they are remotely accessible, fall outside endpoint protection monitoring, contain privileged credentials for lateral movement, and are not integrated into centralized logging solutions...

[R]esearchers have reported vulnerabilities in these systems for over a decade with little attacker interest beyond isolated incidents. That shifted over the past few years with a rapid surge in attacks, making compromised network edge devices one of the top initial access vectors into enterprise networks for state-affiliated cyberespionage groups and ransomware gangs. The COVID-19 pandemic contributed to this shift, as organizations rapidly expanded remote access capabilities by deploying more VPN gateways, firewalls, and secure web and email gateways to accommodate work-from-home mandates. The declining success rate of phishing is another factor... "It is now easier to find a 1990s-tier vulnerability in a border device where Endpoint Detection and Response typically isn't deployed, exploit that, and then pivot from there" [says watchTowr CEL Harris]...

Harris of watchTowr doesn't want to minimize the engineering effort it takes to build a secure system. But he feels many of the vulnerabilities discovered in the past two years should have been caught with automatic code analysis tools or code reviews, given how basic they have been. Some VPN flaws were "trivial to the point of embarrassing for the vendor," he says, while even the complex ones should have been caught by any organization seriously investing in product security... Another problem? These appliances have a lot of legacy code, some that is 10 years or older.
Attackers may need to chain together multiple hard-to-find vulnerabilities across multiple components, the article acknowleges. And "It's also possible that attack campaigns against network-edge devices are becoming more visible to security teams because they are looking into what's happening on these appliances more than they did in the past... "

The article ends with reactions from several vendors of network edge security devices.

Thanks to Slashdot reader snydeq for sharing the article.

theodp writes: From Thursday's Code.org press release announcing the replacement of the annual Hour of Code for K-12 schoolkids with the new Hour of AI: "A decade ago, the Hour of Code ignited a global movement that introduced millions of students to computer science, inspiring a generation of creators. Today, Code.org announced the next chapter: the Hour of AI, a global initiative developed in collaboration with CSforALL and supported by dozens of leading organizations. [...] As artificial intelligence rapidly transforms how we live, work, and learn, the Hour of AI reflects an evolution in Code.org's mission: expanding from computer science education into AI literacy. This shift signals how the education and technology fields are adapting to the times, ensuring that students are prepared for the future unfolding now."

"Just as the Hour of Code showed students they could be creators of technology, the Hour of AI will help them imagine their place in an AI-powered world," said Hadi Partovi, CEO and co-founder of Code.org. "Every student deserves to feel confident in their understanding of the technology shaping their future. And every parent deserves the confidence that their child is prepared for it."

"Backed by top organizations such as Microsoft, Amazon, Anthropic, Zoom, LEGO Education, Minecraft, Pearson, ISTE, Common Sense Media, American Federation of Teachers (AFT), National Education Association (NEA), and Scratch Foundation, the Hour of AI is designed to bring AI education into the mainstream. New this year, the National Parents Union joins Code.org and CSforALL as a partner to emphasize that AI literacy is not only a student priority but a parent imperative."

The announcement of the tech-backed K-12 CS education nonprofit's mission shift into AI literacy comes just days after Code.org's co-founders took umbrage with a NY Times podcast that discussed "how some of the same tech companies that pushed for computer science are now pivoting from coding to pushing for AI education and AI tools in schools" and advancing the narrative that "the country needs more skilled AI workers to stay competitive, and kids who learn to use AI will get better job opportunities."

An anonymous reader shared this report from the tech news site The Register: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) this week published guidance urging software developers to adopt memory-safe programming languages. "The importance of memory safety cannot be overstated," the inter-agency report says...

The CISA/NSA report revisits the rationale for greater memory safety and the government's calls to adopt memory-safe languages (MSLs) while also acknowledging the reality that not every agency can change horses mid-stream. "A balanced approach acknowledges that MSLs are not a panacea and that transitioning involves significant challenges, particularly for organizations with large existing codebases or mission-critical systems," the report says. "However, several benefits, such as increased reliability, reduced attack surface, and decreased long-term costs, make a strong case for MSL adoption."

The report cites how Google by 2024 managed to reduce memory safety vulnerabilities in Android to 24 percent of the total. It goes on to provide an overview of the various benefits of adopting MSLs and discusses adoption challenges. And it urges the tech industry to promote memory safety by, for example, advertising jobs that require MSL expertise.

It also cites various government projects to accelerate the transition to MSLs, such as the Defense Advanced Research Projects Agency (DARPA) Translating All C to Rust (TRACTOR) program, which aspires to develop an automated method to translate C code to Rust. A recent effort along these lines, dubbed Omniglot, has been proposed by researchers at Princeton, UC Berkeley, and UC San Diego. It provides a safe way for unsafe libraries to communicate with Rust code through a Foreign Function Interface....

"Memory vulnerabilities pose serious risks to national security and critical infrastructure," the report concludes. "MSLs offer the most comprehensive mitigation against this pervasive and dangerous class of vulnerability."
"Adopting memory-safe languages can accelerate modern software development and enhance security by eliminating these vulnerabilities at their root," the report concludes, calling the idea "an investment in a secure software future."

"By defining memory safety roadmaps and leading the adoption of best practices, organizations can significantly improve software resilience and help ensure a safer digital landscape."

An anonymous reader quotes a report from Ars Technica, written by Nate Anderson: Don't worry about the "mission-driven not-for-profit" College Board -- it's drowning in cash. The US group, which administers the SAT and AP tests to college-bound students, paid its CEO $2.38 million in total compensation in 2023 (the most recent year data is available). The senior VP in charge of AP programs made $694,662 in total compensation, while the senior VP for Technology Strategy made $765,267 in total compensation. Given such eye-popping numbers, one would have expected the College Board's transition to digital exams to go smoothly, but it continues to have issues.

Just last week, the group's AP Psychology exam was disrupted nationally when the required "Bluebook" testing app couldn't be accessed by many students. Because the College Board shifted to digital-only exams for 28 of its 36 AP courses beginning this year, no paper-based backup options were available. The only "solution" was to wait quietly in a freezing gymnasium, surrounded by a hundred other stressed-out students, to see if College Board could get its digital act together. [...] College Board issued a statement on the day of the AP Psych exam, copping to "an issue that prevented [students] from logging into the College Board's Bluebook testing application and beginning their exams at the assigned local start time." Stressing that "most students have had a successful testing experience, with more than 5 million exams being successfully submitted thus far," College Board nonetheless did "regret that their testing period was disrupted." It's not the first such disruption, though. [...]

College Board also continues to have problems delivering digital testing at scale in a high-pressure environment. During the SAT exam sessions on March 8-9, 2025, more than 250,000 students sat for the test -- and some found that their tests were automatically submitted before the testing time ended. College Board blamed the problem on "an incorrectly configured security setting on Bluebook." The problem affected nearly 10,000 students, and several thousand more "may have lost some testing time if they were asked by their room monitor to reboot their devices during the test to fix and prevent the auto-submit error." College Board did "deeply and sincerely apologize to the students who were not able to complete their tests, or had their test time interrupted, for the difficulty and frustration this has caused them and their families." It offered refunds, plus a free future SAT testing voucher.

US government agencies and Fortune 500 companies are turning to AI to modernize mission-critical systems built on COBOL, a programming language dating back to the late 1950s. The US Social Security Administration plans a three-year, $1 billion AI-assisted upgrade of its legacy COBOL codebase [alternative source], according to Bloomberg.

Treasury Secretary Scott Bessent has repeatedly stressed the need to overhaul government systems running on COBOL. As experienced programmers retire, organizations face growing challenges maintaining these systems that power everything from banking applications to pension disbursements. Engineers now use tools like ChatGPT and IBM's watsonX to interpret COBOL code, create documentation, and translate it to modern languages.

A volunteer group called WikiPortraits is working to address Wikipedia's issue of featuring outdated and unflattering portraits by providing high-quality, openly licensed images. Since 2024, they have covered global festivals, taken thousands of images, and improved representation of underrepresented individuals, though challenges with funding and media credentials remain. 404 Media reports: This portrait problem stems from Wikipedia's mission to provide free reliable information. All media on the site must be openly licensed, so that anyone can use it free of charge. That, in turn, means that most photos of notable people on the site are of notably poor quality. "No professional photographers ever have their photos on Wikipedia, because they want to make money from the photos," said Jay Dixit, a writing professor and amateur Wikipedia photographer. "It's actually the norm that most celebrities have poor photos on Wikipedia, if they have photos at all. It's just some civilian at an airport being like, 'Oh my god, it's Pete Davidson,' click with an iPhone."

Dixit is part of a team of volunteer photographers, called WikiPortraits, that's trying to fix that problem. "It's been in the back of our minds for quite a while now," said Kevin Payravi, one of WikiPortraits' cofounders. "Last year, finally, we decided to make this a reality, and we got a couple of credentials for Sundance 2024 [a major film festival]. We sent a couple photographers there, we set up a portrait studio, and that was our first organized effort here in the U.S. to take good quality photos of people for Wikipedia."

Since last January, WikiPortraits photographers have covered around 10 global festivals and award ceremonies, and taken nearly 5,000 freely-licensed photos of celebrity attendees. And the celebrity attendees are often quite excited about it. [...] WikiPortraits photos are currently used on Wikipedia articles in over 120 languages, and they're viewed up to 80 million times per month from those pages alone. In January, for example, Payravi said that over 1,500 WikiPortraits photos were used on articles that collectively received 140 million views. Many WikiPortraits photos have also been used by a variety of news outlets around the world, including CNN Brasil, Times of Israel, and multiple non-English-language smaller news organizations. "[N]ot being an official news or photo agency means WikiPortraits sometimes faces problems getting media credentials to cover events," notes 404 Media. "Funding poses another main challenge."

"Photographers must already own a professional-quality camera, and usually have to cover the cost of getting to events and at least part of their lodging. Although WikiPortraits sometimes receives rapid grants from the Wikimedia Foundation and private donors to cover costs, Payravi said he still likes to run a 'tight ship.'"

GOG.com, a European digital distribution platform known for offering DRM-free video games, announced they've joined the European Federation of Game Archives, Museums and Preservation Projects (EFGAMP). From the release: "GOG was created with video game preservation in mind," said Maciej Golebiewski, Managing Director at GOG. "Classic games and the mission to safeguard them for future generations have always been at the core of our work. Over the past decade, we've honed our expertise in this area. The GOG Preservation Program, which ensures compatibility for over 100 games and delivers hundreds of enhancements, is just one example of this commitment. We were thrilled to see the Program warmly received not only by our players but also by our partners and the gaming industry as a whole."

Golebiewski further explained that GOG's role in preservation extends beyond its platform. He highlighted, "As a European company, we feel a responsibility to lead in preserving gaming heritage. Joining EFGAMP reinforces this commitment. Our next step is to expand institutional collaboration with museums and governmental and non-governmental organizations worldwide. We hope our experience will contribute meaningfully to their efforts. We are also discussing exciting new game preservation projects, which we look forward to sharing soon."

Richard Stallman founded the Free Software Foundation as a nonprofit in 1985 with four other directors (including MIT computer science professor Gerald Jay Sussman). Sussman remains on the Board of directors, along with EFF co-founder John Gilmore and five others.

Friday the eight directors published a new article explaining how their goal and principles are protected by the nonprofit's governance structure: An obvious option, used by many organizations, was to let supporters sign up as members and have the members' votes control everything about the organization. We rejected that approach because it would have made the organization vulnerable to being taken over by people who disagreed with its mission... [A]ctivist organizations should be steady in their mission. Already in 1985, we could see that many of the people who appreciated the GNU Project's work (developing useful GNU software packages) did not support our goal and values. To look at software issues in terms of freedom was radical and many were reluctant to consider it... So we chose a structure whereby the FSF's governing body would appoint new people to itself... [T]he FSF voting members consist of all the present board members and some past board members. We have found that having some former board members remain as voting members helps stabilize the base of FSF governance.

The divergence between our values and those of most users was expressed differently after 1998, when the term "open source" was coined. It referred to a class of programs which were free/libre or pretty close, but it stood for the same old values of convenience and success, not the goal of freedom for the users of those programs. For them, "scratching your own itch" replaced liberating the community around us. People could become supporters of "open source" without any change in their ideas of right and wrong... It would have been almost inevitable for supporters of "open source" to join the FSF, then vote to convert it into an "open source" organization, if its structure allowed such a course. Fortunately, we had made sure it did not. So we were able to continue spreading the idea that software freedom is a freedom that everyone needs and everyone is entitled to, just like freedom of speech.

In recent years, several influential "open source" organizations have come to be dominated by large companies. Large companies are accustomed to seeking indirect political power, and astroturf campaigns are one of their usual methods. It would be easy for companies to pay thousands of people to join the FSF if by doing so they could alter its goals and values. Once again, our defensive structure has protected us...

A recent source of disagreement with the free software movement's philosophy comes from those who would like to make software licenses forbid the use of programs for various practices they consider harmful. Such license restrictions would not achieve the goal of ending those practices and each restriction would split the free software community. Use restrictions are inimical to the free software community; whatever we think of the practices they try to forbid, we must oppose making software licenses restrict them. Software developers should not have the power to control what jobs people do with their computers by attaching license restrictions. And when some acts that can be done by using computing call for systematic prohibition, we must not allow companies that offer software or online services to decide which ones. Such restrictions, when they are necessary, must be laws, adopted democratically by legislatures...

What new political disagreements will exist in the free software community ten, twenty or thirty years from now? People may try to disconnect the FSF from its values for reasons we have not anticipated, but we can be confident that our structure will give us a base for standing firm. We recently asked our associate members to help us evaluate the current members of the FSF board of directors through a process that will help us preserve the basic structure that protects the FSF from pressure to change its values. A year ago we used this process to select new board members, and it worked very well.

Sincerely,

The Free Software Foundation Board of Directors

"The Rust Foundation is dedicated to ensuring a healthy Rust ecosystem," according to a new announcement today, " which depends on a growing pool of well-trained developers to thrive." The latest SlashData Developer Nation survey found Rust to be the fastest-growing programming language, doubling its users over the past two years. As Rust's adoption continues to accelerate, the demand for a multifaceted ecosystem of quality training will too.
Their blog post highlights three examples of the Rust community "creating new pathways for learning Rust" and "addressing the critical need for Rust training in academic settings..." Rust-Edu operates as a non-profit through Portland State University, with funding from Futurewei. Their mission is to "spread Rust use and development through academic curricula and communities throughout the world, making Rust the language of choice for 'systems programming' in its broadest sense through shared efforts of faculty, students and the Rust community." They focus on three main areas: curriculum development, educational tools, and language improvements...

teach-rs, pronounced "teachers," is a modular and reusable university course designed for in-person teaching in Rust. Its mission is to introduce Rust in higher education and ensure that more students enter the job market with considerable Rust experience. The teach-rs project provides ready-to-use Rust teaching materials, including slide decks and exercises that can be adapted to various teaching contexts... As an open source permissively licensed project, teach-rs enables educators to share and improve resources, making introducing Rust instruction into their programs more accessible. Many institutions now use teach-rs in their courses, including the Slovak University of Technology, RustIEC (a collaboration between Vrije Universiteit Brussel and KU Leuven), and the University Politehnica of Bucharest. At the time of this writing, teach-rs has nearly 3000 stars on GitHub...

Under the guidance of The Rust Foundation's Global Rust Coordinator and Rust Nation UK's organizer Ernest Kissiedu, Mordecai Etukudo (Mart) has developed a guide to help educational institutions adopt Rust in their systems. This resource walks organizations through the entire implementation process, from initial assessment to community engagement.

An anonymous reader quotes a report from TechCrunch: The Mozilla Foundation, the non-profit arm of the Firefox browser maker Mozilla, has laid off 30% of its employees as the organization says it faces a "relentless onslaught of change." When reached by TechCrunch, Mozilla Foundation's communications chief Brandon Borrman confirmed the layoffs in an email. "The Mozilla Foundation is reorganizing teams to increase agility and impact as we accelerate our work to ensure a more open and equitable technical future for us all. That unfortunately means ending some of the work we have historically pursued and eliminating associated roles to bring more focus going forward," read the statement shared with TechCrunch.

According to its annual tax filings, the Mozilla Foundation reported having 60 employees during the 2022 tax year. The number of employees at the time of the layoffs was closer to 120 people, according to a person with knowledge. When asked by TechCrunch, Mozilla's spokesperson did not dispute the figure. This is the second layoff at Mozilla this year, the first affecting dozens of employees who work on the side of the organization that builds the popular Firefox browser. [...] Announcing the layoffs in an email to all employees on October 30, the Mozilla Foundation's executive director Nabiha Syed confirmed that two of the foundation's major divisions -- advocacy and global programs -- are "no longer a part of our structure." The move, according to Syed, is in part to produce a "unified, powerful narrative from the Foundation," including revamping the foundation's strategic communications. "Our mission at Mozilla is more high-stakes than ever," said Syed. "We find ourselves in a relentless onslaught of change in the technology (and broader) world, and the idea of putting people before profit feels increasingly radical."

"Navigating this topsy-turvy, distracting time requires laser focus -- and sometimes saying goodbye to the excellent work that has gotten us this far because it won't get us to the next peak. Lofty goals demand hard choices."

After fifteen years of fighting to make the web safer and more accessible, the World Wide Web Foundation is shutting down. From a report: In a letter shared via the organization's website, co-founders Sir Tim Berners-Lee -- inventor of the World Wide Web -- and Rosemary Leith explain that the organization's mission has been somewhat accomplished and a new battle needs to be waged. When the foundation was founded in 2009, just over 20 percent of the world had access to the web and relatively few organizations were trying to change that, say Sir Tim and Leith. A decade and a half later, with nearly 70 percent of the world online, there are many similar non-governmental organizations trying to make the web more accessible and affordable.

The two founders thank their supporters over the years who "have enabled us to move the needle in a big way" with regard to access and affordability. But the issues facing the web have changed, they insist, and the foundation believes other advocacy groups can take it from here. Chief among the more pressing problems, claim Sir Tim and Leith, is the social media business model that commoditized user data and concentrates power with platforms, contrary to Sir Tim's original vision for the web. To address that threat, Sir Tim intends to dismantle his foundation so he can focus on decentralized technology. "We, along with the Web Foundation board, have been asking ourselves where we can have the most impact in the future," the authors say. "The conclusion we have reached is that Tim's passion on restoring power over and control of data to individuals and actively building powerful collaborative systems needs to be the highest priority going forward. In order to best achieve this, Tim will focus his efforts to support his vision for the Solid Protocol and other decentralized systems."

The Tor Project: Today the Tor Project, a global non-profit developing tools for online privacy and anonymity, and Tails, a portable operating system that uses Tor to protect users from digital surveillance, have joined forces and merged operations. Incorporating Tails into the Tor Project's structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats. In short, coming together will strengthen both organizations' ability to protect people worldwide from surveillance and censorship.

Countering the threat of global mass surveillance and censorship to a free Internet, Tor and Tails provide essential tools to help people around the world stay safe online. By joining forces, these two privacy advocates will pool their resources to focus on what matters most: ensuring that activists, journalists, other at-risk and everyday users will have access to improved digital security tools.

In late 2023, Tails approached the Tor Project with the idea of merging operations. Tails had outgrown its existing structure. Rather than expanding Tails's operational capacity on their own and putting more stress on Tails workers, merging with the Tor Project, with its larger and established operational framework, offered a solution. By joining forces, the Tails team can now focus on their core mission of maintaining and improving Tails OS, exploring more and complementary use cases while benefiting from the larger organizational structure of The Tor Project.

This solution is a natural outcome of the Tor Project and Tails' shared history of collaboration and solidarity. 15 years ago, Tails' first release was announced on a Tor mailing list, Tor and Tails developers have been collaborating closely since 2015, and more recently Tails has been a sub-grantee of Tor. For Tails, it felt obvious that if they were to approach a bigger organization with the possibility of merging, it would be the Tor Project.

Evan Prodromou, co-author of the ActivityPub protocol, has launched The Social Web Foundation to address the challenges of the ActivityPub ecosystem and foster the growth of the Fediverse. The foundation aims to support developers, organizations, and governments through advocacy, educational materials, and infrastructure, while maintaining a decentralized approach to improving the social web. We Distribute reports: "I wish I would've started it five years ago," Evan explains in a call, "We're seeing growth of ActivityPub in the commercial sector, we want to help guide that work, especially for devs that don't know how to engage with the Fediverse, or the work that happens in private spaces. As we're seeing a lot of growth, it's important to help push that growth forward, we're really filling in the crack no other organization is doing." The foundation launches with a dedicated team of three: Evan Prodromou is the Research Director, Mallory Knodel serves as the Executive Director, and Tom Coates acts as Product Director. The trio brings a wealth of knowledge regarding protocol development, open source development, technology policy, and product development for the Web.

In terms of fulfilling its goals, the organization has a few specific areas of focus: People, Policy, Protocol, and Plumbing. The SWF has deemed these areas as critical to their mission statement, and will start with these core focuses. [...] At launch, The Social Web Foundation has announced 12 partner organizations, who serve as a pool of knowledge, resources, and stakeholders. The majority of these entities are either building for the Fediverse directly, or providing infrastructure and services indirectly. Aside from Meta being an early supporter, one surprise is the inclusion of The Ford Foundation, a social justice organization dedicated to supporting next-generation solutions for the social good. At time of launch, the SWF will have access to more than 20 dedicated advisors, who will guide the organization on current problem areas their own efforts are facing, and provide insights on how to move forward and make progress. "The Fediverse is too big and too diverse for anyone to claim to speak for the Fediverse. That's not what we want to do or who we want to be," Evan says, "We may do things that people on the network disagree with, like encouraging media organizations to join the network, but what we want to do is help the mission of growing and improving the Fediverse over time."

Nearly 200 Google DeepMind workers signed a letter urging Google to cease its military contracts, expressing concerns that the AI technology they develop is being used in warfare, which they believe violates Google's own AI ethics principles. "The letter is a sign of a growing dispute within Google between at least some workers in its AI division -- which has pledged to never work on military technology -- and its Cloud business, which has contracts to sell Google services, including AI developed inside DeepMind, to several governments and militaries including those of Israel and the United States," reports TIME Magazine. "The signatures represent some 5% of DeepMind's overall headcount -- a small portion to be sure, but a significant level of worker unease for an industry where top machine learning talent is in high demand." From the report: The DeepMind letter, dated May 16 of this year, begins by stating that workers are "concerned by recent reports of Google's contracts with military organizations." It does not refer to any specific militaries by name -- saying "we emphasize that this letter is not about the geopolitics of any particular conflict." But it links out to an April report in TIME which revealed that Google has a direct contract to supply cloud computing and AI services to the Israeli Military Defense, under a wider contract with Israel called Project Nimbus. The letter also links to other stories alleging that the Israeli military uses AI to carry out mass surveillance and target selection for its bombing campaign in Gaza, and that Israeli weapons firms are required by the government to buy cloud services from Google and Amazon.

"Any involvement with military and weapon manufacturing impacts our position as leaders in ethical and responsible AI, and goes against our mission statement and stated AI Principles," the letter that circulated inside Google DeepMind says. (Those principles state the company will not pursue applications of AI that are likely to cause "overall harm," contribute to weapons or other technologies whose "principal purpose or implementation" is to cause injury, or build technologies "whose purpose contravenes widely accepted principles of international law and human rights.") The letter says its signatories are concerned with "ensuring that Google's AI Principles are upheld," and adds: "We believe [DeepMind's] leadership shares our concerns." [...]

The letter calls on DeepMind's leaders to investigate allegations that militaries and weapons manufacturers are Google Cloud users; terminate access to DeepMind technology for military users; and set up a new governance body responsible for preventing DeepMind technology from being used by military clients in the future. Three months on from the letter's circulation, Google has done none of those things, according to four people with knowledge of the matter. "We have received no meaningful response from leadership," one said, "and we are growing increasingly frustrated."