The Open Source Security Foundation
(OpenSSF) has put together a joint statement from many of the public
package repositories for various languages about the need for assistance in
maintaining these commons. Services such as PyPI for Python, crates.io for Rust, and many others are
working together to try to find ways to sustain these services in the face
of challenges from “automated CI systems, large-scale dependency
scanners, and ephemeral container builds” all downloading enormous
amounts of package data, coupled with the rise of generative and agentic AI
“driving a further explosion of machine-driven, often wasteful automated
usage, compounding the existing challenges“. It is not a crisis, yet,
they say, but it is headed in that direction.

Despite serving billions (perhaps even trillions) of downloads each month (largely driven by commercial-scale consumption), many of these services are funded by a small group of benefactors. Sometimes they are supported by commercial vendors, such as Sonatype (Maven Central), GitHub (npm) or Microsoft (NuGet). At other times, they are supported by nonprofit foundations that rely on grants, donations, and sponsorships to cover their maintenance, operation, and staffing.

Regardless of the operating model, the pattern remains the same: a small number of organizations absorb the majority of infrastructure costs, while the overwhelming majority of large-scale users, including commercial entities that generate demand and extract economic value, consume these services without contributing to their sustainability.

A bug in a recent release of systemd’s network manager caused
headaches for people managing systems that have a virtual LAN (VLAN)
interface on a bridge; something one might want to do, for example,
when configuring network interfaces for virtual machines. The bug
affected several Debian users when upgrading the systemd package
from v257.7-1 to v257.8-1. The updated package is part of the Debian 13.1
release, and the bug has snared enough users to cause a minor
stir—due in no small part to the maintainer’s response as much
as the bug itself.

Ubuntu-based elementary OS 8.0.2 arrives with Linux kernel 6.14, improved accessibility, Music app upgrades, and better hardware support.

With DKMS packages now being available for Ubuntu and Debian Linux distributions for running the latest out-of-tree Bcachefs file-system driver support with ease and reproducibility, I decided to try out the updated Bcachefs driver on Ubuntu Linux to see how the performance is relative to the upstream Linux 6.17 kernel with its now-frozen Bcachefs support.

Two pull requests were submitted this weekend of new Apple Silicon material ready for upstreaming with the soon-to-start Linux 6.18 kernel cycle…

Certifications from Red Hat, Oracle and SUSE are tailored to environments where those Linux distributions are prevalent. Vendor-neutral certifications emphasize core Linux principles applicable across distributions, making them versatile for beginners or those in multi-vendor settings.

A set of 13 patches were posted today to the Linux kernel mailing list for optimizing the online defragmentation handling by the EXT4 kernel driver. The online defragmentation improvements for EXT4 can net a nice performance win with a very significant improvement in a variety of scenarios…

Merged to Mesa 25.3-devel on Monday is SPIR-V shader replacement support as a new feature for helping Mesa’s Vulkan drivers in testing and debugging issues…

Beyond the continued flow of new performance optimizations via hand-written Assembly, with the FFmpeg project it’s also interesting to monitor their ever-expanding scope of supported audio/video formats. The newest to land in FFmpeg Git is support for AHX audio files…

Out today is the Qt 6.10 release candidate for this forthcoming toolkit release…

Olimex has announced the RP2350-PICO2-BB48, an enhanced Raspberry Pi Pico 2 with open hardware design. It exposes all 48x GPIOs in a 0.6-inch dual-inline layout for breadboard use and integrates improvements that expand flexibility for prototyping and development. The hardware configuration is based on the RP2350B processor, which integrates dual Cortex-M33 or dual RISC-V cores […]

Most scientists agree: many published results are hard to reproduce. Can open source practices help fix the problem?

The post Science’s Reproducibility Crisis: How FOSS Hackers Can Help appeared first on FOSS Force.

Spooky season is nearly here. Want to be scared? There are fresh betas to tryTwo of the biggest names in fixed-release distros are nearly finished and ready to drop. You can taste them now, but they’re not fully baked yet.…

This is a KDE Plasma 6 theme customization with clean, minimalist monochrome vibes: Global Theme Graphite, Icons Gruvbox Plus, Kvantum Theme Graphite, Wallpaper of your choice, with optional widgets.

Tired of typing long commands in a terminal? Here are some GUI alternatives you can swap in for classic Linux terminal tools.

OBS Studio 32.0 stable is now available for this popular cross-platform desktop recording and screencasting software popular with game streamers and for a variety of other recording/casting purposes…

RPM 6.0 package manager debuts with the new v6 package format, modern crypto, OpenPGP v6, and drops legacy v3 installs.

Bcachefs team released a dedicated APT repository to deliver necessary DKMS packages for users. Here is how to install Bcachefs on Debian and Ubuntu Linux.

While the Rust Coreutils project has been generating a lot of interest recently from the uutils initiative, the upstream GNU Coreutils project isn’t slowing down and today is out with GNU Coreutils 9.8 for shipping the newest features…

The first maintenance update of Kdenlive 25.08 video editor improves usability and stability with key fixes for rendering, effects, and project handling.