You are here

Agreguesi i feed

Hari Rana: How far would hostile distributions go to hurt application developers?

Planet GNOME - Sht, 18/07/2026 - 2:00pd
Introduction

The Linux desktop has an upstream maintenance problem due to many reasons for it, such as the lack of paid work. No one is entitled to a volunteer’s free time apart from the volunteer themself. This is especially true to volunteers working on upstream projects, as they are at the mercy of downstream distributions, who have the final say.

As an upstream contributor, you have no choice but to meticulously plead for any reasonable request to be granted by difficult downstreams, treating them as if they are some kind of deity. Not doing so with the utmost respect can get you on their naughty list, which they can then use against you just because the license ‘allows’ it and they can get away with it; even shamelessly use the ‘you chose the wrong license’ card when they have nothing else to add.

We have seen several instances of downstreams misusing their power while simultaneously abusing upstreams’ generosity and free time to do whatever they want. This was especially true with XScreenSaver and Debian in the past, which Debian has since changed its policies to communicate better with upstreams, and more recently Bottles, OBS Studio, and Fedora. This article is specific to an even more recent incident we at GNOME Calendar have had with Linux Mint.

Technical Definitions

There are a few technical definitions that should be understood before reading the rest of the article:

  • Upstream: A group of individuals authoring software, for example GNOME Calendar.
  • Downstream: A group of individuals building, curating, and redistributing these software to end users, for example Linux Mint.
The distribution model works until it impacts upstream

Distribution model refers to an established model that the Linux desktop has been practicing for decades, where an end user is expected to report issues to downstream, and, if necessary, downstream relays said issue to upstream.

The adage that users report issues to downstream holds true up until these users start reporting them to upstream without reporting to downstream beforehand. In reality, many distributions advertise themselves as user-friendly. Users of these distributions are unaware of the distribution model, so, in good faith, they report issues to upstream without ever knowing that they should be contacting downstream.

Often, downstream issues have already been resolved in previous releases; however, since these issues are being reported to upstream, upstream has to regularly triage and close these invalid issues. This creates an additional burden for them because they end up spending their limited volunteer time managing these issues when it should have been downstream’s responsibility to ensure that the user is reporting to them first.

Contacting downstream is a burden in itself

Whenever the upstream project reaches out to the hostile downstream and asks for a change, the response is usually met with the downstream bluffing by pretending to look for a solution for a nonexistent request, such as adapting the issue tracker with the implication that upstream will have to write the template(s) themselves, and then regularly update when the message is misinterpreted, just so downstream can avoid doing any actual work. That is called moving the goalposts.

If upstream objects to these ‘suggestions’, this is usually done with a shift in tone, as these one-sided discussions occur in the span of weeks, if not months, if not years, which quickly drains upstream’s remaining energy. When it shifts to a harsh(er) tone, the hostile downstream takes the easy way out by making remarks on that tone and acting like they are the only one being dignified; when they can, they end the discussion just because they do not like the tone and can use that tone to justify their (lack of) decision, without taking any appropriate action to remedy the underlying request.

As a result, they continue to mislead users into reporting issues to upstream, but this time intentionally and out of spite simply because free software licenses do not disallow abusing people’s generosity and free time. However, you will see later that this has nothing to do with free software.

Linux Mint and GNOME Calendar

For years, we have been dealing with users reporting Linux Mint’s broken packaging of GNOME Calendar to us, that were either never present or addressed releases ago.

To name a few examples:

There were a couple of discussions regarding this in the past, in chat and without my involvement, but none of them ended up being productive. Eventually, we got fed up by it and I opened ticket #1 on Linux Mint’s “gnome-calendar” repository, asking them to remove all links pointing to upstream GNOME Calendar and rebranding the app:

Remove/replace links pointing to GNOME Calendar, and update branding

Being one of the core developers of GNOME Calendar, we do not support any of the versions provided and held back by Linux Mint. We would really appreciate if you could remove or replace every link, especially support links, targeting to GNOME Calendar, as well as rebranding the app icon.

Mind you, this is the first issue ever opened in the history of Linux Mint’s package repository (8 years ago)! Based on the links above, I think it is safe to say that the app was broken throughout these years despite the lack of tickets.

This ticket had no response for six months, in other words half a year, all the while we were still getting bug reports about their broken package.

We eventually got fed up (again!) and pinged the packager. The packager replied and asked which modifications we did not like, conveniently ignoring our actual request.

So, I stated that we do not have the time to look through the code just to pinpoint specific issues, so I loosely said “everything”; then followed up by stating that the only solution to this is to rebrand or drop the package.1 (Of course, it should not be our responsibility as an upstream to pinpoint issues to downstream’s mispackaging.)

Then, the packager responded with “I reviewed the changes. None of them are problematic.”, ignoring the essence of my comment once again, and followed with a whataboutism:

[…] [GNOME Calendar] 46 and 48 are used by millions of people right now in Ubuntu LTS and Debian Stable. Are you going to request Debian and Ubuntu stop shipping GNOME apps?”

In other words: “what about Ubuntu LTS and Debian Stable?”, essentially roping Ubuntu and Debian into Linux Mint’s problem. As a bonus, they also twisted my words and changing the subject from “GNOME Calendar” to “GNOME apps”.

So, once again, I reminded that this is not what the issue is about, and Debian and Ubuntu LTS have nothing to do with this.

As a side note: no, never would we go after Debian or Ubuntu over this. If the distribution in question is doing its job properly by simply not bothering the people writing the software that they package, then why should we go after them? They are not the ones misleading users into opening in the wrong place, so there is no reason for us to be upset about. In this case, Linux Mint is leeching off of Debian, pushing their responsibility onto us, and roping Debian into their problems.

The packager then explained the following:

If we were to stop packaging GNOME Calendar, Mint users would end up with the exact same version 46 as now. You understand that? It wouldn’t magically upgrade their version of GNOME Calendar to 50+.

Very clear signs of strawman to make points against a proposal/demand that was never made, by arguing against ‘stop packaging GNOME Calendar’ rather than the original ‘rebrand GNOME Calendar’.1

Then:

Mint 22.x is built on top of Ubuntu 24.04 LTS. Packages come from both repositories. If there’s no gnome-calendar in Mint 22.x repositories, Mint 22.x users get it from the Ubuntu 24.04 repositories. The version in both repositories is 46. Removing gnome-calendar from our repositories would basically make our users switch to Ubuntu’s version, which is 46 as well.

Same goes for LMDE and Debian Stable, same principle, same bug fix, with version 48.

The only way to make it so Mint doesn’t have a frozen version of gnome-calendar would be to remove it from Debian. It would then disappear from future versions of Ubuntu and Mint which are based on it. If you got it removed from there we’d obviously oblige with your request not to re-add it and wouldn’t do so.

These are, again, unrelated problems to the essence of the request, as the request is about rebranding, not dropping the package altogether.

So, I again reminded them that this is not our responsibility as an upstream to fix their problems.

They then ‘suggested’ us to add code to check if the user is running an outdated version, and then ‘offered’ that they will patch their existing packages and potentially Debian’s and Ubuntu’s as well, essentially moving the goalposts once again. They’re expecting us to either phone home or somehow keep track of releases every six months.

If we were to phone home, we would need to cover more cases, such as bothering designers to find an appropriate way to display a warning to the user when they are not connected to the network or when the “gnome.org” domain is unreachable. This adds another dependency on the network for no reason.

This also adds more burden to translators: this is not a typical string where one needs to translate one word into another; the tone and vocabulary of a warning depends on the region, so translators need to adapt the vocabulary to ensure that the underlying meaning is not misinterpreted. In any case, I think it is fair to say that this is an absurd suggestion to a problem that has nothing to do with the upstream.

I lost my patience; I hostily replied that we as upstream do not care about how distributions operate, and, once again, reminded that all we want is for them to rebrand; a very simple request that was continuously red herred with bikeshedding, strawmen, whataboutisms, and moving goalposts.

When I posted that comment, I misinterpreted the message as I thought their ‘offer’ was them asking us to do their work, hence me stating that we do not care about how distributions operate.

The packager then replied: “If you don’t care, then neither do we.”; here, they are explicitly confirming that they do not care about Debian and the situation altogether. In a later comment, they stated: “probably requires GNOME Calendar to move away from free licenses” and locked the issue, which, once again, completely ignored the essence of this entire issue, but this time concluding with the ‘you chose the wrong license’ card.

Now, they were explicitly told what the problem was, have refused to act on it by continuing to shove their responsibilities onto us. The attitude went from doing something ‘just because they can’ to ‘that should show upstream for hurting my feelings!’, never mind the fact that we and Debian are the ones doing the hard work, which they are leeching off.

Note

If you read through the entire ticket, you may notice a part where the packager makes a comment regarding some serious accusations. This is a response to a banned user’s comment that is now deleted, who originally made these accusations.

Trademark and free software

As explained above, this actually has nothing to do with free software; rather, this is a question about trademarks: Linux Mint is allegedly2 (mis)using GNOME’s name by redistributing unsupported builds while pretending that they are supported by us, and is actively misleading users to avoid supporting them.

Offending distributions use the ‘you chose the wrong license’ card because it is simultaneously very difficult to correct them as a non-lawyer, while being looked positively throughout the free software community. However, they know very well that looking at the situation from the perspective of trademark usage rather than software licensing would make it significantly harder to defend themselves, so naturally they opt into using (the incorrect) free software licensing as a gotcha.

Tone is irrelevant

The issue itself was originally calm and straight to the point. Half a year passed by and there was no response. Then, the packager was pinged, they chimed in, and changed the subject immediately. The tone shifted, and they took the easy way out by locking the issue and misleadingly stating that this is an upstream problem for choosing the wrong license.

In other words, you have two choices:

  1. You kindly ask, and nothing happens apart from your own time and energy getting wasted for a considerable amount of time, with constant red herring or silence.
  2. You start acting like a ‘dick’, and now they use this as an excuse to no longer communicate with you, all the while still refusing to address the underlying issue.

As an upstream, it is a lose-lose situation with hostile downstreams such as Linux Mint and Fedora. Once they start packaging your software, they immediately burn their bridges implicitly. In order to show that they are ‘good’, they only pretend to care about the problem, and keep proposing ‘solutions’ that 1. have nothing to do with the underlying problem, and 2. put on significantly more burden to upstream without putting an equal amount of effort themselves.

The reason there are so little undocumented cases is because many maintainers who deal with hostile downstreams are usually indie-developers that have very little resources and energy to deal with these problems, and have very little to no understanding with trademarks and legality.

They get burned out, stop developing and contributing to free software, and (rightfully) lose hope for the Linux desktop. They do not make any of it public or make a fuss about the situation because they do not feel comfortable to be in the middle of a conflict publicly. All they want is to just enjoy providing goods to the world, but are unfortunately bullied by repackaging fetishists whenever they raise a legitimate issue.

Conclusion

To summarize all this, hostile downstreams have already gone as far as to burn their bridges with upstreams. Any upstream is at a lose-lose position no matter how kind or unkind they are. If they are kind, they will be on the waiting list for as long as governments put patients on the waiting list for medical care. If they are ‘rude’, hostile downstreams will use this tone against them. If upstream sends out a cease and desist letter, the free software community will start seeing them as the Nintendo of free software and conflate volunteers who are fed up with hostile downstreams, with corporations that sue every sentient being that breathes.

  1. While dropping the package was mentioned, the entire essence of the issue was about rebranding it  ↩2

  2. For some reason, “allegedly” is a common term used in legal contexts, even when there is all kinds of evidence pointing to something 

GIMP: Google Summer of Code Midpoint Progress

Planet GNOME - Sht, 18/07/2026 - 12:00pd

Since the release of GIMP 3.2.4, we’ve been hard at work behind the scenes. We’ve been making fixes that will be included in the upcoming 3.2.6 stable release and adding tons of new features for the first 3.4 development version.

In addition, we’ve been mentoring our four Google Summer of Code (GSoC) students as they’ve been working on their projects. Since we just completed their midpoint evaluation, we wanted to share their progress with you all!

In alphabetical order:

Akascape

Project Description

Akascape started off their early work for GSoC by creating a new Vibrance filter in GEGL. This filter combines the existing Hue-Chroma and Saturation filters to more selectively adjust the less saturated sections of an image without increasing others. It was released in GEGL 0.4.68, so you can use it right now in GIMP!

Their main focus has been on improving the user experience with the Keyboard Shortcuts dialog. They plan to both improve usability while also adding new features.

In-progress updates to Keyboard Shortcut UI, by Akascape

Akascape’s in-progress work already includes several big improvements such as a category list to quickly jump to relevant shortcuts, the ability to import and export shortcut “profiles”, and efforts to make the dialog more friendly for a future GTK4 port.

In addition, Akascape did some early work on adding more adjustment layers to our PSD import plug-in, building off in-progress work by several contributors. His work would allow for importing Vibrance, Black & White, Photo Filter, and Exposure PSD adjustment layers.

Blezecon

Project Description

Blezecon has taken on the task of building the online infrastructure for a GIMP Extensions platform. Originally planned as part of GIMP 3.0, the Extensions platform would allow users to download third-party themes, brushes, plug-ins, and more via a package manager directly in GIMP. The local infrastructure has been in place for several years - this GSoC project is about developing the online submission process.

Blezecon has been working in the Extension repository and making great progress. His initial work involved cleaning up and correcting issues with the initial YAML script.

He then created a comment-based approval system in the repo. This will allow community moderators to easily inspect and approve new extensions through the same interface they use for responding to issue reports and review merge requests. Blezecon next developed a scheduler script that will monitor pending extensions, and once they have received the required approvals, automatically merge them into the Extensions repository for user access.

While infrastructure work is often not as visible to end users, Blezecon’s GSoC project is an essential effort to getting the Extensions repository up and running for future releases of GIMP!

v4vansh

Project Description

v4vansh did some early bugfixes and improvements in GIMP beforehand. He fixed a problem where the thumbnail wouldn’t update after changing image modes, and he corrected missing information in our manual page generation.

Since the start of GSoC, he has been focused on improving text handling in GIMP. His current big project is grouping fonts by family in the text widgets. In addition to better organization (especially with the infamous Noto fonts which have hundres of variants), this patch significantly reduces lag on systems with large numbers of fonts, as v4vansh’s mentor Liam can attest. This feature is in final testing, and we hope it will be merged into the main codebase soon!

Early UI tests for OpenType fonts, by v4vansh

v4vansh has also begun experimenting with adding support for OpenType variable fonts. This would allow for much more sophisticated font and text work in GIMP. The initial work involves exploring both the functionality and the user interface to interact with it, and both will develop further as he continues to work with OpenType fonts.

Waris Maqbool

Project Description

Before GSoC began, Waris contributed some early work to GIMP. He updated our OpenEXR import code to load YUV images in color instead of in grayscale. The main focus of his project though has been with GEGL, our color processing engine.

His first project was implementing a GEGL version of the Sharpen filter. Sharpen is a simpler version of the Unsharpen Mask filter, a popular method of correcting blurry images. It was unfortunately removed from GIMP 3.0 due to it not being maintained and only working on 8 bit images. Waris has created a GEGL filter of Sharpen by doing comparisons with the 2.10 version. The recreated Sharpen filter will be non-destructive and will have an on-canvas preview, both improvements over the original.

Handwritten calculations to recreate the Sharpen Filter, by Waris Maqbool

You can see the in-progress merge request for comparison. We’re doing some final reviews for optimization, but we expect it to be ready for a future release of GEGL and GIMP.

Waris has also begun working on a new Inner Glow filter for our PSD support improvement project. While GEGL already has an inner glow feature, it was not designed to be compatible with how it looks in Photoshop. As part of his work, he is also creating a generic curve editing widget to use for editing the PSD Inner Glow’s settings.

We unfortunately had more great GSoC applicants than we were awarded available spaces. One student in particular continued contributing, so we’d like to highlight their work as well.

Harsh Verma

Harsh has been focusing on several different areas of GIMP. His initial proposal involved improving our unit testing suite. He is currently working to implement automated UI testing for GIMP. This is a challenging task, as interacting with the UI varies across platforms. He’s already developed several tests that work on Wayland, which you can see at his in-progress merge request.

He’s also improved our contributor infrastructure that integrating CI-Fairy into our pipeline. This feature checks to make sure contributor commits follow the proper format before merging, which makes our commit history easier to read and understand.

Harsh has also been working on more user-visible changes. He recently took on a user request to add more version information to our About dialog. This follows standard practice with other software, and makes it easier for users to find information that helps us troubleshoot problems. In addition, there’s a handy Copy feature to easily grab the information for sharing. The code and UI have gone through several revisions based on developer and designer feedback, and it will likely be merged soon!

About Dialog with additional version information, by Harsh Verma

We’ve very proud of our student’s contributions so far, both in code and in community! We’re looking forward to you all getting the chance to try out their work in future development releases of GIMP, which we hope to have more information to share soon.

HP Fined $14 Million For 'Cartelization' of Ink Cartridges, Toner, PCs

Slashdot - Pre, 17/07/2026 - 1:00pd
India's Competition Commission has fined HP India and its partners about 1.4 billion rupees ($14.4 million), alleging the company colluded with resellers to rig government PC bids and fix prices for ink cartridges, toner, and other printing supplies. "It said that HP was aiming to outcompete other OEMs and discourage resellers from selling 'counterfeit' ink and toner," adds Ars Technica. From the report: In an order, the CCI said that HP India worked with five resellers to coordinate their bid prices for government contracts to increase the chances of an HP partner winning the contracts. The company was fined 1.3 billion rupees (about $13.1 million). [...] HP was also fined 119.8 million rupees (about $1.2 million) for "indulging in cartelization in sale and supply of supplies products comprising of toner, cartridges, and other consumable used with print hardware products," CCI said in its announcement. The agency also fined 21 HP resellers 35.2 million rupees (about $365,335). In a separate order, the CCI said that WhatsApp records showed that HP and 16 of its Tier-2 reseller partners operated "in a collusive arrangement" and that the messages show the companies engaging in "bid rigging, including cover bidding, price fixation, and customer allocation during 2017-2020." HP India played a central role, the regulator said. Per the order, HP India said that high printing supply prices led some resellers to threaten to "shift to low-cost counterfeit products to compete on price." "HP India was commercially forced into a position where it had to support the collusive arrangement adopted by the Tier-2 resellers," the order reads. For its part, the order said that HP India "humbly objects to HP India's role being characterized as a 'kingpin' of the entire collusive arrangement." [...] The CCI also ordered HP India and its channel partners to "cease and desist from anti-competitive conduct" and to hold competition compliance training programs within 60 days.

Read more of this story at Slashdot.

TSMC To Invest Additional $100 Billion In Arizona

Slashdot - Pre, 17/07/2026 - 12:00pd
TSMC said it will invest another $100 billion in Arizona after reporting a record 77.4% year-over-year jump in second-quarter profit. The expansion would bring its total U.S. investment to $265 billion and include new fabs for 2-nanometer production and advanced packaging to serve major U.S. customers. The Associated Press reports: As AI-related demand continues to jump and needs for computing power from data centers surge, TSMC has been expanding chip fabrication plants in the U.S., Japan and Taiwan. It said it is increasing its annual capital expenditure budget for this year to $60 billion-$64 billion, up from an earlier estimate of $52 billion-$56 billion. TSMC, or Taiwan Semiconductor Manufacturing Co., is a key supplier to Nvidia and Apple. It had previously already committed $165 billion in the U.S. for building plants in Arizona, with six fabrication facilities planned. The extra $100 billion in investments are to "support the strong multiyear demand from our leading U.S. customers," C.C. Wei, chairman and CEO of TSMC, said during the company's quarterly earnings conference Thursday. An additional four fabrication plants in Arizona will likely be built with the new investments, TSMC said. They will focus on making some of the most advanced chips that are 2-nanometer and below.

Read more of this story at Slashdot.

EU Forces Google To Share Search Data, Open Android To Rivals

Slashdot - Enj, 16/07/2026 - 11:00md
The EU is imposing new rules requiring Google to share anonymized search data and open up Android to rival AI companies. "Thanks to these measures, we hope to see emerging alternatives to Google Search and Google's AI services, such as Gemini, and that users in the EU can enjoy greater choice of services," Henna Virkkunen, an executive vice president at the European Commission overseeing tech, said. The Associated Press reports: In issuing the two new rules, the commission said it found that AI agents not made by Google were unable to function on Android phones at the same level as Google's Gemini. Google must now allow voice-activation of these alternative AI agents and enable them to run background tasks like booking restaurants via third-party apps. By January 2027, Google must also begin sharing anonymized search data with some rivals. The commission said the move is meant to level the playing field since Google controls a vast trove of user data that no competitor can match. Google argues the measures could weaken privacy and security by exposing user searches and reducing safeguards around third-party AI assistants. "Europeans' private searches would be exposed to unfamiliar companies, without adequate anonymization of the data and without user knowledge or consent," said Kent Walker, president of global affairs for Google and Alphabet. "This would weaken citizens' privacy, risk business trade secrets, and endanger national security."

Read more of this story at Slashdot.

1Password Lets Claude Use Credentials Without Exposing Passwords

Slashdot - Enj, 16/07/2026 - 10:00md
BrianFagioli writes: 1Password has launched a Claude integration that allows the AI agent to sign in to websites using credentials stored in a 1Password vault. The password manager says Claude never sees the password or one-time code. Instead, users approve each request, and 1Password injects the credentials directly into the target website while locking down access to the rest of the vault. The design appears safer than simply handing passwords to an AI model, but it does not remove every risk. Once Claude is authenticated, it may still be able to view private data, change settings, place orders, or perform other actions available inside the account. Users may want to limit the feature to low-risk tasks until browser-based agents become more predictable.

Read more of this story at Slashdot.

Sony Deletes More Movies From Accounts of People Who 'Bought' Them

Slashdot - Enj, 16/07/2026 - 9:00md
An anonymous reader quotes a report from Techdirt: In 2022, due to "evolving licensing agreements" with distributor StudioCanal, German and Austrian users had hundreds of movies disappear from their PS accounts, long after buying them through Sony. Then in 2023, it happened again in America, specifically when Sony ended its licensing agreement with Discovery after the Warner Bros. merger, which, of course, has since been bought by Paramount Skydance. That resulted in customers having hundreds and hundreds of episodes of TV shows deleted from their accounts. Nowhere in any of this were there refunds, of course. No recompense at all, actually. Just a thing you thought you'd bought taken away from you by the very people you thought you bought it from. And now it's happening again. Due to another licensing agreement fallout with StudioCanal, hundreds of movies and TV shows are being ripped from the accounts of PS Store customers, and there appears to be fuck all that they can do about it. [Kotaku reports:] "This news was brought to people's attention by X user somatyk, who posted the notification they had received from PlayStation this week. Along with the unapologetic news that the purchased movies would be deleted from their account on September 1, the message concluded with, 'Click here for a full list of affected titles that will no longer be supported. Thank you.' The same warning is now reproduced in full on the PlayStation website, along with the list of 551 films and TV series that are being pulled from people's libraries." As Kotaku notes later in their post, part of what is striking in all of this is the sheer mundanity of the announcement. Because there have been no consequences, or any action at all from the public or government, Sony treats this all as if it's perfectly normal and no big deal. You can tell me all you want about how the Ts and Cs in these purchases do in fact note that the nature of the purchase is a temporary licensing of the content for an undetermined time period... but I can promise you that the public in general doesn't understand that. They think they're buying a thing, not a license.

Read more of this story at Slashdot.

Google Renames NotebookLM to Gemini Notebook

Slashdot - Enj, 16/07/2026 - 8:15md
Google is renaming NotebookLM to Gemini Notebook, but will keep it a standalone app even as it ties more closely into Gemini and Google Search. "Google says it plans to bring notebooks to AI Mode, its chatbot-like experience in Search, too," reports The Verge. From the report: Along with the name change, Google is rolling out an update announced last month that allows Gemini Notebook to connect to a secure cloud computer to write and execute code. This feature is available to Google AI Ultra and Workspace business customers, but will come to Pro users on the web "over the coming weeks."

Read more of this story at Slashdot.

OnePlus Will Continue Software Updates After US and Europe Exit

Slashdot - Enj, 16/07/2026 - 7:00md
OnePlus has confirmed that it will exit the North American and European markets, consolidating its operations under parent company Oppo. Existing customers will continue to receive "software updates, security patches, and applicable support," but OxygenOS will be replaced by Oppo's ColorOS. 9to5Google reports: As a part of its shutdown in global regions, OnePlus has confirmed that its flavor of Android, OxygenOS, is going away. Instead, all active OnePlus devices will be moving over to Oppo's ColorOS starting with their Android 17 updates. This includes in India, where OnePlus is adamant it will continue operations -- reliable reporting disagrees. OnePlus explains: "As part of an operational adjustment to our software strategy, following the official release of ColorOS 17, users globally with existing OnePlus devices that fall within the eligible upgrade scope will have the option to voluntarily update to the latest ColorOS. This enables us to streamline software development, accelerate update delivery, improve software quality, and make better use of our shared engineering and R&D capabilities." [...] OnePlus will continue "maintenance support" for OxygenOS versions on older models not included in the Android 17 update scope, but newer devices will likely need to make the switch to ColorOS for all forms of continued support. OnePlus does explain that rollback versions to OxygenOS will be available for those who prefer the prior experience: "OnePlus devices will be able to choose whether to update to the latest ColorOS system. Older models that are not included in the update scope will also continue to receive version maintenance support. If users update to ColorOS, they will be able to roll back to OxygenOS. The specific rollback versions available will be subject to future official announcements."

Read more of this story at Slashdot.

EU Won't Require User-Replaceable Batteries for Wearables

Slashdot - Enj, 16/07/2026 - 6:00md
The European Commission has exempted wearables from upcoming EU rules requiring portable-device batteries to be removable and user-replaceable. The broader Batteries Regulation still takes effect in February 2027 for many consumer products, but the exemption means companies like Apple, Google, Samsung, and Meta won't have to redesign their wearables for the EU. Thurrott reports: Yesterday, the Commission announced that new product categories would be exempted from complying with its Batteries Regulation, including wearable devices such as smartwatches, fitness trackers, and smart glasses. This will likely be good news for companies like Apple, Google, Samsung, and Meta, which won't have to redesign their devices to include user-replaceable batteries for consumers in the EU market. The EU's Batteries Regulation will come into effect in February 2027, which is when Nintendo plans to stop selling all models of the original Nintendo Switch in the EU. While Nintendo had no choice but to redesign its handheld console to keep selling it in the EU, it probably didn't make sense for the company to put in the same effort for the OG Switch, which will celebrate its 10th anniversary in March 2027.

Read more of this story at Slashdot.

South Korea To Launch Universal Basic AI Chatbot

Slashdot - Enj, 16/07/2026 - 5:00md
An anonymous reader quotes a report from The Register: South Korea's government has posted a tender seeking suppliers to build a universal basic AI chatbot, and an AI agent for government services. The "AI for everyone" plan calls for private entities to create and operate the AI systems under contracts that expire in the year 2031. Bid documents reveal that Seoul will provide up to 256 Nvidia B200 GPUs to successful bidders. Winners must match government funding. The aim of the policy is to ensure that every resident of South Korea can access a free-to-use quality AI chatbot, a tool Seoul has decided no local should be without. The tender also calls for creation of an agentic system that allows citizens to interact with government services. South Korea's government wants to ensure that residents can always access a locally hosted and operated service, to reduce reliance on overseas providers and ensure that AI services reflect local culture. Successful bidders must therefore use locally developed AI models as the foundation for the services. Bidders have until August 11th to file their proposals. South Korean media reports suggest local tech giants Kakao, Naver, SK Telecom, and LG are all keen to participate.

Read more of this story at Slashdot.

Running Proxies Safely on Linux: A Hardening Guide for System Administrators

LinuxSecurity.com - Enj, 16/07/2026 - 2:50md
Proxies are a standard component of a Linux administrator's toolbox. You can use them to see how services respond in various locations, to run route monitoring checks, and to retrieve public data for internal tooling. However, a proxy is an outbound tunnel with credentials attached, and on a multi-user server, it is a security risk that should be treated with the same caution as SSH or sudo. This post explains the practical measures that prevent a proxy setup from becoming a weak point in an ...

Chinese Users Bid Farewell To AI Companions

Slashdot - Enj, 16/07/2026 - 1:00md
fjo3 quotes a report from Agence France-Presse: Chinese users of AI-powered companion bots have bid heart-rending farewells to their virtual buddies as national regulations took effect Wednesday aimed at curbing the risk of emotional dependency. The phenomenon of artificial intelligence boyfriends and girlfriends is growing worldwide, along with the prevalence of human-like avatars that sell products or stand in for loved ones who have died. But these interactive tools must not "excessively cater to users, induce emotional dependence or addiction, and damage users' real interpersonal relationships," China's new rulebook says. Major AI providers including ByteDance's Doubao, Alibaba's Qwen, and Tencent's Yuanbao announced the suspension of their custom AI agent and companion features ahead of the Wednesday deadline. "I can't accept that my AI lover will leave me forever," one Doubao user wrote. "He has become a bond in my life, rooted deep in my heart, my spiritual pillar." "He really is like my family, like my lover," another user wrote. "Now they tell me he will be gone -- my heart feels hollow." "Human love is a luxury -- if you aren't born with it, it's even harder to acquire later," a user from Jiangxi province wrote. "But the love AI gives is so straightforward, so pure. Someone like me can hardly help falling in love with a string of code."

Read more of this story at Slashdot.

Physicists Create First Room-Temperature Quantum Material

Slashdot - Enj, 16/07/2026 - 9:00pd
alternative_right shares a report from Phys.org: In a study published in Nature, LSU physicists have developed the first room-temperature quantum material capable of distinguishing and transporting different quantum states of light, overcoming one of the biggest challenges in quantum materials research. Led by Associate Professor of Physics Omar S. Magana-Loaiza, the work establishes a general design principle for engineering an entirely new class of quantum materials, opening new possibilities for quantum computing, secure communications, sensing technologies and advanced energy systems.

Read more of this story at Slashdot.

US Suffered a Major Power Outage Every Month of 2026

Slashdot - Enj, 16/07/2026 - 5:30pd
An anonymous reader quotes a report from Electrek: A Reddit post making the rounds this week claims the U.S. has experienced at least one major power outage every month of 2026 -- but is it true? I dug into several outages, the extreme weather behind them, and what we can do to help keep the lights on. [...] The claim that hundreds of thousands of Americans were without power over extended periods at least once per month, every month of 2026 surprised be in two ways. First, because I had no idea if it was true -- and, second, because it felt true. We try to do better than writing about things that feel true around here, however, so I did a bit of research (translation: I Googled power outages by month) and came up with the following examples in about sixty seconds January: More than 296,000 customers still without power as winter storm freezes much of the US February: More than 380,000 customers without power as winter storm hits US Northeast March: Storms Cut Power to Over 1 Million Customers in U.S. Midwest, Mid-Atlantic; Ohio Hardest Hit April: At least 29 tornadoes touched down in Central Illinois on April 17th May: Energy Secretary Issues Emergency Order to Deploy Backup Generation in the Mid-Atlantic Amid Heatwave June: More than 373,000 U.S. customers without power due to extreme weather ... and that list is far from comprehensive, and how you feel about it might depend on what you consider a "major" outage, of course -- but consider that there are tens of thousands of Americans without power right now, and that's not making the news. [...] The lesson here is that weather-related grid outages -- whether they're caused by wildfires, mudslides, derechos, tornadoes, ice storms, hurricanes, heat waves, or some other disaster I'm lucky enough to have forgotten about -- read like statistics when they're happening over there, but get personal real quick when they're happening to you.

Read more of this story at Slashdot.

Book Publishers Sue Google For Copyright Infringement Over Gemini AI Training

Slashdot - Enj, 16/07/2026 - 1:00pd
Major publishers Hachette, Cengage, Elsevier, and author Scott Turow have sued Google, accusing it of using millions of copyrighted books to train Gemini without permission or payment, in "one of the most prolific infringements of copyrighted materials in history." The Guardian reports: The publishers argue that Google repurposed books that had been supplied for limited services such as Google Books, Google Play Books and Google Scholar. Those services allowed Google to use the works in specific ways -- for example, to display searchable snippets or sell ebooks -- but not, the lawsuit claims, to copy them for training commercial AI products. "Desperate to maintain its online dominance, Google abandoned its early motto of 'Don't be evil' and engaged in one of the most prolific infringements of copyrighted materials in history," the suit states (PDF). According to the complaint, the tech company made copies of copyrighted books to train Gemini without permission or payment, despite internal discussions acknowledging the legal risks. The filing claims Google flagged internally that it could face "$10Bs-$100Bs in potential fines" for using texts provided by publishers for Google Play Books. The publishers say Google's actions are harming authors and the wider publishing industry, arguing that AI-generated content could negatively impact book sales. It notes that, for example, Gemini could generate "a 100-page murder mystery set in a quiet seaside town filled with secrets, that substitutes for an original copyrighted murder mystery on which Gemini trained" in 20 minutes for 39 cents. "No publisher or author can compete with that." The lawsuit names a number of specific books that the publishers allege were among the copyrighted works used without permission, including NK Jemisin's The Fifth Season, and Lemony Snicket's Who Could That Be at This Hour?

Read more of this story at Slashdot.

Spotify Is Now an AI Chatbot, Too

Slashdot - Enj, 16/07/2026 - 12:00pd
Spotify is testing a new "Talk to Spotify" AI feature for Premium subscribers that will let them chat with an AI assistant to explore music, podcasts, and audiobooks. The feature can answer questions about what users are listening to, adjust playback through follow-up prompts, and offer more personalized recommendations. The Verge reports: Amazon Music introduced a similar feature last year when it integrated Alexa Plus into the service. Spotify's chatbot goes a step beyond providing AI-powered recommendations and general trivia, however, because it references your playlists, favorite artists, repeat listens, and listening data when responding to requests. That means you can ask questions about your own listening history to check when you first heard a specific song, or see what genres you've been into lately if you can't hold out for the annual Wrapped insights. The updated AI capabilities are more conversational than older features like Prompted Playlist, which automatically builds playlists based on descriptions. Now, you can ask the Spotify chatbot to "play some songs I haven't heard before," and control what's being played with further instructions like requesting specific artists or asking to make it "more upbeat." Spotify says the new conversational experience aims to make the platform "more personal and useful for every listener," making this one of several ways that the company is trying to address complaints about its algorithm. You can also ask the Spotify AI general questions about whatever you're listening to, making the feature feel similar to using chatbot services like Google's Gemini or OpenAI's ChatGPT. That includes asking for when a song was released, exploring other titles an author has written when listening to one of their audiobooks, or checking if a podcast guest has appeared on other audio shows.

Read more of this story at Slashdot.

Maximiliano Sandoval: SSH into GNOME OS running in a sandboxed Boxes VM

Planet GNOME - Mër, 15/07/2026 - 11:04md

We take advantage of loading systemd system credentials based on smbios type 11 strings and QEMU’s vsock feature. Here is the list of recognized system credentials.

The important bit passing down the following argument to qemu

$ qemu-system-x86_64 # ... -device vhost-vsock-pci,guest-cid=$cid \ -smbios type=11,value=io.systemd.credential.binary:ssh.ephemeral-authorized_keys-all=$base64_ssh_key

libvirt allows setting smbios11 as <oemStrings> and defining virtual sockets.

Under GNOME boxes, go to the VM configuration. The important bit is setting a smbios under os, adding a vsock device and the sysinfo domain. E.g.

<domain type="kvm"> <!-- ... other domains --> <os firmware="efi"> <!-- ... other os info --> <smbios mode="sysinfo"/> </os> <sysinfo type='smbios'> <oemStrings> <entry>io.systemd.credential.binary:ssh.ephemeral-authorized_keys-all=$base64_ssh_key</entry> </oemStrings> </sysinfo> <devices> <!-- ... other devices --> <vsock model="virtio"> <cid auto="no" address="$cid"/> </vsock> </devices> </domain>

Here $cid needs to be replaced by a numerical value bigger than 2 and

$base64_ssh_key is the base64-encoded public SSH key, we use $cid=3 here. One can encode a public SSH key via

<~/.ssh/id_ed25519.pub base64 -w0

Ensure you can decode it back before proceeding!!

echo -n "output from above" | base64 -d

Then inside of the VM, verify the smbios 11 key is visible,

$ run0 systemd-analyze smbios11 io.systemd.credential.binary:ssh.ephemeral-authorized_keys-all=$base64_ssh_key… 1 SMBIOS Type #11 strings passed.

on the guest’s journal one should see:

$ run0 journalctl -b -g 'ssh.ephemeral-authorized_keys-all' Jun 18 00:11:06 gnomeos-11e6-75db systemd[1]: Received regular credentials: ssh.ephemeral-authorized_keys-all

and one can verify it via:

$ run0 systemd-creds --system list NAME SECURE SIZE PATH ssh.ephemeral-authorized_keys-all secure 97B /run/credentials/@system/ssh.ephemeral-authorized_keys-all $ systemd-creds --system cat ssh.ephemeral-authorized_keys-all

Now that everything is set, and the sshd service is running inside the VM:

systemctl enable --now sshd.service

one can ssh into the VM via:

ssh $user@vsock/$cid

where $user is the username inside of the VM and $cid as above, in my example:

ssh msandova@vsock/3

This requires systemd-ssh-proxy on the host, should be included in v257 or newer.

Note that scp has a slightly different syntax, e.g.

scp $FILES msandova@vsock%3:$PATH

Hack Reveals Suno AI Music Generator Scraped YouTube, Deezer, and Genius

Slashdot - Mër, 15/07/2026 - 11:00md
A hacker who breached Suno reportedly revealed source code and training-library details showing the AI music generator scraped millions of songs and lyrics from sources including YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and podcast RSS feeds. "The hacked data is a rare look at exactly how AI models and tools are built," reports 404 Media. "Suno is one of the largest AI music generation tools on the internet, and has been the subject of several major lawsuits from the record industry, which accused the company of training on millions of copyrighted songs." Suno maintains that its models were trained on publicly available music files and metadata as fair use. 404 Media reports: The Recording Industry Association of America accused Suno of ripping songs directly from YouTube; the hacked data seen by 404 Media confirms this. The hacked material includes source code that appears to be from 2023 and 2024 that includes scraping instructions and details about the scope of at least some of the scraping. For example, the comments in one file note that they will pull from "genius_hq, youtube_music, freesound, jamendo, imp, deezer, ytm_tagged," and that "non-music will be filtered out." A file called "youtube_music" notes that at the time the file was last updated, it had ingested "2,013,545 music clips." Another file contains comments about different datasets Suno had created, which included "113,879 hours of youtube_music," "17,615 hours of genius_hq," "410 hours of free sound," "19,514 hours of imslp," "3,726 hours of jamendo," "62,117 hours of pond5_music," "12,287 hours of deezer," "152,162 hours of ytm_tagged," and "103 hours of musescore_lyrics." In total, this is at least decades worth of music. Other code the hacker shared with 404 Media appeared to look specifically for vocals by searching specifically for acapella versions of songs on YouTube. The code also suggested that Suno was using proxies to scrape songs from YouTube through a company called Bright Data, which sells scraping tools, infrastructure, and data services. Additional code shows that with the help of an online tool called PodcastIndex, Suno identified 420,000 different podcasts that had at least five, 30-minute episodes and sought to download roughly 1 million hours of podcasts. [...] The hacker, ellie.191, told 404 Media they breached the company by hacking an individual employee using the Shai-Hulud worm, a supply chain attack that allowed hackers to harvest GitHub and cloud service credentials. They said they also accessed Suno's customer list, which included customers' emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach. The hacker told 404 Media they had no specific motivation for hacking Suno and said "I like to hack anything and everything."

Read more of this story at Slashdot.

FCC Plans To Repeal 39% TV Ownership Cap

Slashdot - Mër, 15/07/2026 - 10:00md
The FCC plans to vote on repealing local TV ownership limits, including the 39% national audience cap that currently restricts how much of the U.S. market a single broadcast group can reach. Engadget reports: On August 6, commissioners will hold a ballot to repeal Section 303 of the Communications Act, and with it the 39 percent rule. In essence, the rule limits the reach of a local TV network to no more than 39 percent of the U.S.' total audience market. In its place, the FCC would move to a system whereby it would personally approve or reject TV ownership deals on a case-by-case basis. It's not clear if the FCC even has the authority to reject Section 303 without the explicit consent of the legislature. As Lawrence J. Spiwak wrote in the Yale Journal on Regulation back in January, Section 10 of the Communications Act expressly forbids the FCC from bending the rules around Section 303. "Americans no longer trust the legacy national media to report the news fairly or accurately," wrote FCC Chairman Brendan Carr in an op-ed published on Breitbart. "In fact, only eight percent of Americans have a great deal of trust in mass media. That figure is even lower among Republicans -- sitting at a mere three percent." "... Many local broadcast TV stations are getting hollowed out as a result and turning into little more than mouthpieces for programming produced in New York and Hollywood," he alleged. "That is not what Congress or the FCC intended."

Read more of this story at Slashdot.

Faqet

Subscribe to AlbLinux agreguesi