WSL is a feature that allows users and developers to run a Linux environment within Windows, giving them access to Linux apps and utilities. WSL is a popular option for Windows users that want to run Linux apps, since it doesn’t require a virtual machine.

According to Product and Program Manager Craig Loewen, WSL has received improvements in the following areas:

• Memory, storage, and networking
• An upcoming WSL Settings GUI app
• WSL Zero Trust
• Upcoming ability to manage WSL in Dev Home
• Several miscellaneous features, including Sudo for Windows and “AI powered dev container playground”

The features should make working with WSL much easier, and improve performance for the subsystem. For example, Loewen says the new memory features will “automatically release stored memory in WSL back to Windows.”

The upcoming WSL Settings app will greatly improve WSL administration:

In the past, you would need to edit the contents of WSL’s .wslconfig file to control WSL settings. The Linux-style .wslconfig file, text-based approach works well for specific targeted changes. However, it can be difficult to know exactly what settings and input values are available to use in this text-based approach. The WSL Settings app addresses this by breaking out WSL settings into labeled categories, and indicating which ones are available on your machine.

Similarly, WSL Zero Trust brings important security features to WSL:

First, Microsoft Defender for Endpoint’s WSL 2 support is now out of public preview and is generally available! You can view the plugin for WSL docs page here to learn more about using Microsoft Defender for Endpoint to monitor your WSL environment.

Secondly, further Intune features are coming to WSL with Linux Intune agent integration. As of today you can manage WSL settings via Intune, and we’re expanding this by also allowing you to enforce conditional access scenarios based on the state of the Linux distro itself. This is available today as a public preview, which first ships with the ability to determine compliance on WSL distro names and versions using custom scripting. In the future we aim to improve this by allowing you to build your own custom Linux scripts for compliance. To learn more and start using the public preview please see this doc page

Lastly , Microsoft Entra Id will also provide integration with WSL, starting with a public preview in the July and August timeframe. As a user this means that Microsoft’s Authentication Library (MSAL) will be able to communicate with WSL in a secure way, letting you automatically log in using your Entra Id credentials on Windows from experiences in WSL like git, or using Microsoft Edge. For enterprise admins this improves security by providing a secure channel to acquire and utilize tokens bound to the host device. We’ll be sure to post any news on the public preview, so stay tuned!

The changes to WSL will be welcome improvements for countless developers who rely on the Linux subsystem.

PGO allows the Go compiler to optimize code based on system’s real-world behavior, essentially providing customized performance profiles. The feature is described as providing anywhere from a 2% to 14% performance improvement.

Cloudflare says an improvement of just a few points would result in significant benefit to the company and its customers.

In the Observability Team at Cloudflare, we maintain a few Go-based services that use thousands of cores worldwide, so even the 2-7% savings advertised would drastically reduce our CPU footprint, effectively for free. his would reduce the CPU usage for our internal services, freeing up those resources to serve customer requests, providing measurable improvements to our customer experience.

After experimenting with PGO on its Go-based servers, the company saw the results it was hoping for.

Following the release, we’re using ~97 cores fewer than before the release, a ~3.5% reduction. This seems to be inline with the upstream documentation that gives numbers between 2% and 14%.

The second number we can look at is the usage at the same time of day on different days of the week. The average usage for the 7 days prior to the release was 3067.83 cores, whereas the 7 days after the release were 2996.78, a savings of 71 CPUs. Not quite as good as our 97 CPU savings, but still pretty substantial!

This seems to prove the benefits of PGO – without changing the code at all, we managed to save ourselves several servers worth of CPU time.

Cloudflare’s results are a major endorsement of the value of PGO support in Go.

Fortran was developed at IBM and first released in 1957. While many other languages have come and gone, Fortran has shown remarkable staying power and has been growing in popularity in recent years. In fact, the language is now enjoying the most popularity it has seen since 2002, breaking into the top 10 programming languages.

The language has been a staple in scientific computing and engineering, something that has helped contribute to its recent rise, according Paul Jansen, CEO TIOBE Software.

“The main reason for Fortran’s resurrection is the growing importance of numerical/mathematical computing. Despite lots of competitors in this field, Fortran has its reason for existence,” said Jansen. “Let’s briefly check the competition out. Python: choice number one, but slow, MATLAB: very easy to use for mathematical computation but it comes with expensive licenses, C/C++: mainstream and fast, but they have no native mathematical computation support, R: very similar to Python, but less popular and slow, Julia: the rising new kid on the block, but not mature yet. And in this jungle of languages, Fortran appears to be fast, having native mathematical computation support, mature, and free of charge. Silently, slowly but surely, Fortran gains ground. It is surprising but undeniable.”

Interestingly, Fortran is outpacing much new, trendier languages.

There are for instance more than 1,000 hits for “Fortran programming” on Amazon, which is the leading company in books. New cool languages such as Kotlin and Rust, barely hit 300 books for the same search query. So, what is going on? First of all, the Fortran language is still evolving since its inception in 1957. Less than half a year ago, the new ISO Fortran 2023 definition was published.

Fortran’s staying power is a good example of how programmers can make a good living by understanding the market and focusing on a particular field or niche.

Rust has been skyrocketing in popularity, thanks to its performance and memory-safe features. Many developers are choosing Rust for applications, System76 is writing their COSMIC desktop environment for Linux in Rust, and the language has gained support in the Linux kernel.

The Rust Foundation says Microsoft’s $1 million donation is an unrestricted donation the company made at the end of 2023. The foundation says the donation will be used over the next two years and applied to several high-priority tasks, including:

• Hiring an additional Rust Foundation infrastructure engineer
• Funding the Rust Foundation’s capstone “Fellowship” program
• Developing new systems and programs to support the work of Rust Project maintainers and reduce workload strain.

In January 2024, the Rust Foundation’s Board of Directors approved a motion to put $350K of this funding towards employing a new Infrastructure Engineer for two years, and to ringfence $650K for the Rust Project to directly fund priorities of their choosing over a period of two years.

“By making this unrestricted $1M contribution to the Rust Foundation, Microsoft has demonstrated its ongoing commitment to the Rust programming language, the Rust Foundation’s stewardship, and the Leadership Council’s status as an advocate for the wider Rust Project,” said Rust Foundation’s Executive Director & CEO, Dr. Rebecca Rumbul. “The Rust Foundation looks forward to supporting emerging priorities within the Project, in addition to hiring a second Infrastructure Engineer and continuing our direct support of Rust maintainers through the Fellowship program.”

“This contribution demonstrates Microsoft’s commitment to the Rust programming language, and its continued success through the Rust Foundation,” said Nell Shamrell-Harrington, Rust Foundation Member Director for Microsoft and Board Vice-Chair. “Microsoft is pleased to see its $1M investment being used to hire Rust Foundation infrastructure engineers, support the Rust Foundation Community Grants Program, and directly support critical areas of need identified by leaders within the Rust Project.”

Canonical has been pushing its own Snap packaging format in recent Ubuntu releases. Like its competitor Flatpak, Snap is an effort to give users the ability to install the latest and greatest software, regardless of whether they are running a rolling release Linux distro or an older long-term support (LTS) one. Unlike Flatpaks, however, Snaps are relatively unpopular and not used much outside of Ubuntu.

As It’s FOSS points out, Canonical has made it harder to install .deb files—the native app package format for Debian and Ubuntu-based systems—by removing the built-in Software Center’s ability to install them. In previous versions, double-clicking on a .deb package would open the file in the Software Center and prompt the user to install it.

The blog accurately points out that .deb files can still be installed via the Terminal, or by using a third-party app like Eddy or Gdebi, but most new users won’t know about those options.

The move appears to be a deliberate attempt by Canonical to push people toward its Snap format, especially since the issue was raised when Ubuntu 23.10 was still in beta last year. Unfortunately, according to recent posts on GitHub, it seems unlikely that Ubuntu will address the issue.

Canonical developer Steve Langasek said the following:

This bug report is getting some new attention by way of trade press. As an Ubuntu developer and member of the Ubuntu Technical Board, I want to weigh in on the bug.

In the short term, we should fix desktop-file-utils to not declare the snap store as a handler for .debs. It doesn’t handle them, so this is clearly incorrect.

In the long term, I believe this bug asking for automatic desktop handling of .debs through the snap store should be won’t fix.

According Langasek, third-party .deb files represent a possible attack vector:

Every third-party apt repository you enable on your system is an attack vector.

Every third-party deb you install directly on your system is an attack vector.

Every third-party app store you enable on your system is also an attack vector.

Unfortunately, Ubuntu’s Snap store has had multiple incidents involving malware, raising questions about how much better of an option Ubuntu’s Snaps are. While what Langasek said is true, that third-party .debs represent a possible attack vector, Canonical should still provide a way for users who understand and accept the risk to easily install them.

Neofetch is one of the most popular Linux tools for displaying system information, with barely a Linux review or video not displaying it somewhere. Unfortunately for fans of the command-line app, Neofetch has not received any updates for several years and the project’s GitHub page has been archived.

On creator Dylan Araps’ GitHub page, it says he has ‘taken up farming.’ All of his other projects have been similarly archived.

In the short-term, Neofetch should continue to work for most users. Where it will start to break is with the introduction of new Linux distros that it may not recognize.

Users looking for an alternative may want to take a look at Fastfetch or Screenfetch.

Kevin Moore, Google PM on Flutter and Dart, took to Reddit to describe the layoffs:

Hey folks! Kevin, product manager on Flutter and Dart here.

The layoffs were decided AT LEAST a couple of layers above our team and affected a LOT of teams. (I think I can say that). Lots of good folks got bad news and lots of great projects lost people. Flutter and Dart were not affected any more or less that others. It was a tough day…tough week.

It was crazy to be seeing demos and new things working and discussions about new customers the same day we lost colleagues and friends.

We’re sad, but still cranking hard on I/O and beyond.

We know ya’ll care SO MUCH about the project and the team and the awesome ecosystem we’ve built together.

You’re nervous. I get it. We get it.

You’re betting on Flutter and Dart.

So am I. So is Google.

According to Thomas Wouters, a Googler and member of the Python Steering Council, virtually the entire Python team was laid off:

It’s a tough day when everyone you work with directly, including your manager, is laid off — excuse me, “had their roles reduced”, and you’re asked to onboard their replacements, people told to take those very same roles just in a different country who are not any happier about it. (It’s almost like capitalism isn’t actually good and you shouldn’t want to live in the US.)

I suspect I’ll be taking Akio on extra long walks for the time being.

Another individual confirmed the extent of the Python layoffs in a post on Hacker News:

Support team is one thing. Google’s Python team was a small team, most of which were also on the Python steering council or Core Python developers. These people had decades of experience in Python. Their knowledge and community connections is irreplaceable.

Hindustan Times reports that Google is setting up a new Python team in Germany to take advantage of “cheaper” labor.

Google said in a statement to InfoWorld that the layoffs were not widespread, but an effort to simplify the company’s structure.

Based on reports, however, simplifying the company’s structure seems to be another term for outsourcing jobs to a cheaper market.

According to the Microsoft Open Source Blog, the company already open-sourced MS-DOS 1.25 and 2.0 a couple of years ago. The company has now done the same with MS-DOS 4.0 in cooperation with IBM, since both companies had a hand in its development.

Today, in partnership with IBM and in the spirit of open innovation, we’re releasing the source code to MS-DOS 4.00 under the MIT license. There’s a somewhat complex and fascinating history behind the 4.0 versions of DOS, as Microsoft partnered with IBM for portions of the code but also created a branch of DOS called Multitasking DOS that did not see a wide release.

The goes on to highlight how the release was open-sourced.

A young English researcher named Connor “Starfrost” Hyde recently corresponded with former Microsoft Chief Technical Officer Ray Ozzie about some of the software in his collection. Amongst the floppies, Ray found unreleased beta binaries of DOS 4.0 that he was sent while he was at Lotus. Starfrost reached out to the Microsoft Open Source Programs Office (OSPO) to explore releasing DOS 4 source, as he is working on documenting the relationship between DOS 4, MT-DOS, and what would eventually become OS/2. Some later versions of these Multitasking DOS binaries can be found around the internet, but these new Ozzie beta binaries appear to be much earlier, unreleased, and also include the ibmbio.com source.

Scott Hanselman, with the help of internet archivist and enthusiast Jeff Sponaugle, has imaged these original disks and carefully scanned the original printed documents from this “Ozzie Drop”. Microsoft, along with our friends at IBM, think this is a fascinating piece of operating system history worth sharing.

Those interested in trying out the operating system can download it from its GitHub repo.

The Alexa Developer Rewards Program has been an important part of Alexa’s success, helping to support the build-out of an ecosystem of third-party apps for the digital assistant. According to Bloomberg, Amazon has been reducing the amount it pays out for the program, but has now informed developers that it will cease payments at the end of June.

“Developers like you have and will play a critical role in the success of Alexa and we appreciate your continued engagement,” read the notice, which was viewed by Bloomberg.

As the outlet points out, developers can still monetize their apps through in-app purchases. Only time will tell if the loss of Alexa Developer Rewards Program will impact development of Alexa apps.

The Linux world was rocked in late March when Microsoft engineer Andres Freund discovered a malicious backdoor in the popular XZ Utils package, a set of compression libraries and tools used by nearly every major Linux distro. Unlike some attacks, what sets apart the XZ backdoor is the amount of work that went into achieving it.

The primary maintainer, Lasse Collin, was burnt out and dealing with mental health issues—an all too common situation among open-source maintainers. In fact, according to a survey by Tidelift, nearly 60% of maintainers have quit, or at least thought about quitting. Interestingly, some of the top reasons for maintainers quitting were other priorities, losing interest, burnout, not making enough money, the project taking too much time, not enjoying the work anymore, and too many demands from workers.

When lumping those various reasons together, they all form varying degrees of the same problem: being an open-source maintainer is often a thankless job that puts incredible demands on people’s time and patience and rarely pays enough to make it worthwhile.

Collin knows that all too well. Already burnt out, he was an easy target for a bad actor named Jia Tan. Tan, and possibly others working with them, alternately built Collin’s trust and bullied him into giving Tan full maintainer rights to the project. Tan then carefully added the malicious code to the XZ Utils project over a period of time, taking measures to make sure the code would not be discovered. Unfortunately, Collin’s situation is likely one that will repeat over and over again.

What Is Causing the Problem?

Why are open-source maintainers burning out? What is contributing to the problem?

Much of it comes from unrealistic demands on maintainers’ time and energy. Many maintainers start out developing an app, library, or tool for their own purpose. As others begin using the software and it becomes more popular, it may eventually find its way into the repos of various Linux distros. Once that happens, other packages may start depending on the software, relying on it as a dependency.

Once that happens, maintaining the package can quickly become a nightmare as individual users and corporations depend on it, request new features, and make increasing demands on the maintainers’ time.

To make matters worse, increased cybersecurity legislation adds additional burdens on maintainers, stretching their resources even more.

What Is the Solution?

There are actually several solutions that could help alleviate the problem.

Corporation Need to Step Up

The single biggest solution to the problem is for companies and organizations that rely on packages to step up and help support the maintainers of those packages. If a multi-million or multi-billion dollar corporation relies on open source packages, it’s not unreasonable to contribute to the maintainer of said package in a meaningful way.

While this seems like a no-brainer, it’s shocking how many times a multi-billion corporation puts demands on volunteer maintainers. Microsoft recently did this with the FFmpeg developers.

After politely requesting a support contract from Microsoft for long term maintenance, they offered a one-time payment of a few thousand dollars instead.

This is unacceptable.

We didn’t make it up, , this is what @microsoft @microsoftteams actually did:

https://t.co/AnmJ4VRyCh

— FFmpeg (@FFmpeg) | April 2, 2025

Here is the comment from the Microsoft on the FFmpeg tracker:

Hi, This is a high priority ticket and the FFmpeg version is currently used in a highly visible product in Microsoft. We have customers experience issues with Caption during Teams Live Event. Please help,

To emphasize the point, Microsoft is a $3 trillion company asking for a high-priority fix on an open-source library on which their commercial product relies. When pressed, the best the company would offer is a one-time payment rather than offering to help support a project that is critical to one of its commercial products.

Even more to the point, this is unacceptable and needs to change.

Individuals Should Help Out

Individuals can and should contribute to their favorite open-source projects. Even if it’s only a few dollars a month, if hundreds or thousands of users chip in and support a project, it can result in a substantial benefit to the maintainer.

Reduce Dependencies

Another thing that could help reduce the strain on developers is for Linux distro to reduce the number of dependencies. There are instances where a project is genuinely a required dependency of another project. Many times, however, projects experience dependency creep, adding additional dependencies that aren’t really required.

Reducing the number of dependencies to only what is truly required would help reduce the workload on maintainers of smaller projects.

Open Source Is Too Important to Fail

Open-source software is far too important for the status quo to remain. In fact, 99% of new software projects rely on at least some open-source components, according to Gitnux.

If companies, and individuals, want to continue to benefit from the open source community, it’s time to step up and help support projects they value.

Mistake #1: Tunnel Vision on Specific Services

When Daniel embarked on his journey into AWS and Cloud Concepts, he dove headfirst into specific services like Dynamo DB and S3, crucial components of his team’s workflow. While he gained proficiency in these areas, he realized too late that his narrow focus hindered his ability to grasp the broader AWS ecosystem. In hindsight, Daniel advocates for a holistic approach, starting with a bird’s-eye view of AWS and its foundational services before delving into specifics. By understanding AWS’s historical context and problem-solving capabilities, professionals can engage in more informed discussions and make better architectural decisions.

Mistake #2: Chasing Shiny New Technologies

In a fast-paced environment where innovation is the norm, it’s easy to get swept up in the allure of new technologies and services. Daniel confesses to succumbing to this temptation early in his career, eagerly embracing every new release without pausing to assess its relevance to his work. However, he soon realized that simplicity and practicality should precede novelty. Rather than chasing the latest trends, Daniel advises fellow engineers to focus on mastering foundational services and selecting the right tools for the job. Professionals can build resilient architectures that stand the test of time by honing their understanding of core concepts.

Mistake #3: Brute-Forcing Problem Solving

As Daniel grappled with complex tasks and tight deadlines, he often resorted to a brute-force approach, a trial-and-error method, to arrive at solutions. While this approach yielded results in the short term, it left him lacking a deeper understanding of why specific solutions worked and others didn’t. In retrospect, Daniel recognizes the importance of understanding the underlying principles behind each decision and articulating the rationale to others effectively. By taking the time to comprehend the “why” behind their actions, professionals can cultivate a more nuanced understanding of their craft and foster meaningful discussions within their teams.

Mistake #4: Overemphasis on Certifications

Daniel admits to placing undue emphasis on certifications as a measure of his expertise in his quest for career advancement. While certifications can certainly add value, he cautions against prioritizing them over practical experience and project-based learning. Instead of fixating on credentials, Daniel encourages professionals to focus on building hands-on skills through real-world projects that integrate multiple AWS services. By immersing themselves in practical scenarios and mastering the art of architecting solutions, individuals can develop a deeper understanding of AWS fundamentals and position themselves as invaluable assets to their teams.

As Daniel reflects on his journey and the lessons learned, he encourages fellow Cloud enthusiasts to embrace the challenges, learn from their mistakes, and never stop growing. In an industry defined by constant change and innovation, adaptability and continuous learning are the keys to success. As professionals navigate the ever-evolving landscape of cloud computing, Daniel’s insights serve as a guiding light, illuminating a path toward mastery and excellence in the Cloud career journey.

JPEG is one of the most widely used image formats, especially on the internet, but it doesn’t provide the same lossless quality as other formats. In fact, when a JPEG is overcompressed, the quality can be absolutely terrible.

Google is working to address the issue with Jpegli. The new coding library “high backward compatibility while offering enhanced capabilities and a 35% compression ratio improvement at high quality compression settings.” Google attributes the advancements to a number of techniques working together:

Jpegli works by using a number of new techniques to reduce noise and improve image quality; mainly adaptive quantization heuristics from the JPEG XL reference implementation, improved quantization matrix selection, calculating intermediate results precisely, and having the possibility to use a more advanced colorspace. All the new methods have been carefully crafted to use the traditional 8-bit JPEG formalism, so newly compressed images are compatible with existing JPEG viewers such as browsers, image processing software, and others.

Adaptive quantization heuristics

Jpegli uses adaptive quantization to reduce noise and improve image quality. This is done by spatially modulating the dead zone in quantization based on psychovisual modeling. Using adaptive quantization heuristics that we originally developed for JPEG XL, the result is improved image quality and reduced file size. These heuristics are much faster than a similar approach originally used in guetzli.

Improved quantization matrix selection

Jpegli also uses a set of quantization matrices that were selected by optimizing for a mix of psychovisual quality metrics. Precise intermediate results in Jpegli improve image quality, and both encoding and decoding produce higher quality results. Jpegli can use JPEG XL’s XYB colorspace for further quality and density improvements.

Jpegli is an impressive option that will hopefully see widespread adoption, improving the quality of images while simultaneously reducing their size.

Former head of Windows development, Panos Panay, left Microsoft in September 2023 to take a position with Amazon, in a move that was a surprise to many. In the wake of his departure, Microsoft split the Windows and Surface group. Davuluri was put in charge of the Surface division, with Parakhin in charge of Windows and Web.

After Parakhin decided to move on, Microsoft has apparently re-combined the two divisions under Davuluri’s leadership, according to a memo seen by The Verge:

“This will enable us to take a holistic approach to building silicon, systems, experiences, and devices that span Windows client and cloud for this AI era,” explains Rajesh Jha, Executive VP, Experiences + Devices.

Microsoft is clearly working to fill the hole Panay’s departure left. Only time will tell if the latest shuffle is what the company needs.

For years, the tech industry has grappled with whether human coders would become obsolete in an era dominated by AI and machine learning. Despite soaring revenues in BigTech firms like Meta, which paradoxically witnessed significant layoffs, the role of traditional coders seemed uncertain. How could tech companies continue to thrive without the need for human programmers?

NVIDIA’s presentation provided a resounding answer to this question. According to CEO Jensen Huang, Blackwell represents a “completely new way of writing software,” transcending the need for human intervention. In a mesmerizing display of technological prowess, Huang demonstrated how AI algorithms, rather than human coders, could generate complex software and applications from simple inputs.

The crux of Huang’s pitch lies in the transformative power of generative AI models, such as neural networks, which have evolved to become the new programming language of the future. By harnessing these AI systems’ capabilities, users can effortlessly produce intricate software, images, articles, and games with minimal human input.

No longer bound by the constraints of traditional coding languages like Python or Go, developers can now rely on AI generative models, known as NIMs (Neural Intelligence Models), to create software autonomously. This paradigm shift marks the dawn of a new era in software development, one in which human coders are relegated to the annals of history and replaced by intelligent machines.

The End of Human Coding?

The ramifications of NVIDIA’s breakthrough extend far beyond technology, with profound implications for the global workforce. As AI-driven software development becomes increasingly prevalent, the need for traditional coders has diminished, leading to widespread job losses across the industry.

In the wake of NVIDIA’s announcement, reports have emerged of numerous layoffs at tech companies. Firms grapple with the prospect of restructuring their workforce in light of the AI revolution. Thousands of coders, once considered the lifeblood of the tech industry, now find themselves displaced by the relentless march of progress.

While some analysts argue that the rise of AI will ultimately create new employment opportunities, others warn of the widening gap between technological innovation and human expertise. As AI systems become increasingly sophisticated, the skills and capabilities of human coders may struggle to keep pace, leading to further displacement in the job market.

Amidst this uncertainty, one thing remains clear: the age of human coding is drawing to a close, supplanted by a new era of AI-driven software development. Whether this heralds a utopian future of limitless possibilities or a dystopian landscape of economic upheaval remains to be seen. As society grapples with the implications of this seismic shift, one thing is certain: the world of technology will never be the same again.

KDE Plasma is easily the most powerful and customizable desktop environment on any platform, giving the user extensive theming options. Plasma even includes the ability to download user-created themes from within the desktop. Despite warnings that there is no guarantee regarding the safety of said themes, the fact they are available from the Plasma desktop can create a false sense of security.

One user learned this the hard way when a theme completely erased their home directory and files. The user, going by the name ‘JeansenVaars,’ posted about it on the openSUSE and KDE Reddit communities:

Dear Community and KDE,

I just installed this Global Theme, innocently (Global Themes -> Add New…):

It DELETES all your USER mounted drives data. It executes ‘rm -rf’ on your behalf, deletes all personal data immediately. No questions asked.

I’d appreciate it if anyone could escalate this, I find it totally mind blowing that installing skins allow script execution so easily. I canceled this when it asked for my root password, but it was too late for my personal data. All drives mounted under my user were gone, down to 0 bytes, games, configurations, browser data, home folder, all gone.

KDE developers were quick to respond, removing the offending theme from the KDE Store. It seems there was nothing intentionally malicious about the theme, but an errant command that was responsible for the deletions.

Nonetheless, KDE’s devs authored a number of posts warning of the dangers of downloading third-party themes, explaining just how much a theme can change.

KDE contributor Bro666 wrote one such post:

A user has had a bad experience installing a global theme on Plasma and lost personal data.

Global themes do not only change the look of Plasma, but also the behavior. To do this they run code, and this code can be faulty, as in the case mentioned above. The same goes for widgets and plasmoids.

We are calling on the community to help us locate and quarantine defective software by using the “Report” buttons available on each item in the KDE Store.

Please see this image to locate them.

Meanwhile, KDE is taking steps to properly warn users before each download and we are also putting in place ways of auditing and curating what is uploaded to the KDE store.

Nevertheless, this will take time and resources. We recommend all users to be careful when installing and running software not provided directly by KDE or your distros.

And remember to report any faulty products you find!

Well-known KDE developer David Edmundson discussed the issue as well, noting that KDE’s core functionality hasn’t changed, but user expectations have:

A problem is there’s an expectation that because it’s programs that it’s inherently unsafe and a user needs to trust the source. Our issue is phrases like “global themes” or “Plasma applets” don’t always carry this message.

The tech world has changed a lot over the past decade and whilst our code hasn’t changed, users expectations have. More and more places provide well kept walled gardens where most actions accessible via the UI are safe-by-default – or at least claim to be!

I’ve also seen confusion that because a lot of our UI is written in a higher-level language (QML) that’s enriched with javascript all browser sandboxing automatically applies. Even though that’s not what we claim.

Edmundson goes on to say that KDE devs need to more clearly communicate the risks involved with downloading third-party themes, applets, exentions, etc, with the goal of balancing easy access to third-party content with “enough speed-bumps and checks that everyone knows what risks are involved.”

Edmundson also outlines long-term goals:

Longer term we need to progress on two avenues. We need to make sure we separate the “safe” content, where it is just metadata and content, from the “unsafe” content with scriptable content.

Then we can look at providing curation and auditing as part of the store process in combination with slowly improving sandbox support.

The KDE devs have earned a lot of respect from users for their quick handling of the situation and their willingness to make changes moving forward. In the meantime, users should do exactly as they say and be very careful when downloading and installing third-party themes and other desktop modifications.

Mozilla Location Service is a popular alternative to Google’s location services, especially for those concerned with privacy. Unfortunately, a patent issue in 2019 has made it difficult for Mozilla to make improvements to the service, including in the realm of accuracy, as explained in a GitHub post:

The accuracy of Mozilla Location Service (MLS) has steadily declined. With no plans to restart the stumbler program or increase investments to MLS we have made the decision to retire the service.

In 2013, Mozilla launched MLS as an open service to provide geolocation lookups based on publicly observable radio signals. The service received community submissions of GPS data from the open source MozStumbler Android app. In 2019, Skyhook Holdings, Inc contacted Mozilla and alleged that MLS infringed a number of its patents. We reached an agreement with Skyhook that avoided litigation. This required us to make changes to our MLS policies and made it difficult for us to invest in and expand MLS. In early 2021, we retired the MozStumbler program.

We are grateful for the contributions of the community to MLS to both the code and the dataset. To minimize disruptions and allow people time to make alternative arrangements, we have created a schedule that implements the retirement in stages. The retirement plan can be tracked in this issue.

The retirement will be completed in phases. Beginning today, there will be no new API access keys granted. Mozilla will stop accepting POST data submissions to the API on March 27, and April 10 will begin the deletion process for cell data downloads. June 12 will mark the removal of third party API keys, with the service only being used as needed internally by Mozilla. The GitHub repo will close July 31.

Docker Build Cloud: One of the standout features of the latest Docker Desktop release is Docker Build Cloud. This service leverages cloud infrastructure to expedite the container image-building process locally and in CI pipelines. By offloading builds to the cloud, developers can enjoy faster build times and improved collaboration across teams. With a remote build cache ensuring speedy builds for all team members, Docker Build Cloud is a game-changer for organizations looking to optimize their development processes.

Docker init: Docker init is another noteworthy addition to Docker Desktop, simplifying the Dockerization process for developers. This CLI tool automates the creation of Docker assets such as Dockerfiles and Compose files, and Docker ignores files based on the project’s characteristics. By providing a standardized starting point for containerization, Docker init empowers developers to kickstart their Docker journey with ease and efficiency.

Docker Scout: Security is paramount in the world of containerization, and Docker Scout is here to help developers stay one step ahead of potential vulnerabilities. This tool analyzes container images against a regularly updated vulnerability database, alerting developers to any weaknesses that may compromise the security of their applications. With Docker Scout, developers can take proactive measures to address vulnerabilities and ensure that their containerized applications remain secure and resilient.

Overall, the latest features introduced in Docker Desktop represent a significant step forward for containerization and developer tooling. By harnessing the power of cloud infrastructure, streamlining the Dockerization process, and prioritizing security, Docker Desktop continues to be the go-to solution for container-based development.

Whether you’re a seasoned Docker enthusiast or just getting started with containerization, these new features are sure to enhance your development workflow and accelerate your journey toward building robust, scalable applications.

Robinson’s delved into the strategies and insights crucial for success in freelance web development. With a wealth of experience, Robinson offered invaluable advice gleaned from years of navigating the dynamic world of freelancing.

At the heart of Robinson’s message lies the importance of project-based learning—a cornerstone of success for any aspiring freelance web developer. “Your projects are your ticket to success,” Robinson emphasized, highlighting the pivotal role of tangible, real-world applications in attracting clients and securing lucrative opportunities.

Drawing from his own journey, Robinson stressed the need for developers to showcase their skills through projects that solve real-world problems. “Clients aren’t interested in hypotheticals; they want solutions,” he explained. By demonstrating their ability to deliver tangible results, freelance developers can differentiate themselves in a crowded market and command premium rates for their services.

Robinson’s insights extend beyond technical proficiency to encompass a holistic understanding of the freelance landscape. He urged developers to identify and prioritize clients who are serious about investing in technology, thereby maximizing their chances of success. “Time is our most valuable asset,” Robinson remarked, emphasizing the importance of focusing efforts on clients who value and respect freelance developers’ expertise.

Furthermore, Robinson underscored the significance of continuous learning and adaptation in an ever-evolving industry. “Getting started is the hardest part,” he acknowledged, “but it’s only the beginning of a journey filled with growth and opportunity.” By embracing new technologies, honing their skills, and staying abreast of industry trends, freelance developers can position themselves as indispensable partners to their clients.

Robinson issued a call to action, urging fellow developers to embark on their freelance journey with confidence and determination. “Success is within reach for those who are willing to put in the work,” he asserted. Armed with knowledge, ambition, and a passion for innovation, freelance web developers have the power to shape their destiny and thrive in an ever-changing landscape.

In the digital age, where autonomy and creativity intersect, freelance web developers like Rod Robinson are leading the charge, blazing trails of innovation and prosperity. Through education, perseverance, and a commitment to excellence, they are transforming the freelance web into a realm of limitless possibilities and boundless opportunities.

Late on March 11, developers began experiencing intermittent errors when issuing pull requests. Error rates ranged from 1% for API to as high as 100% for Secret Scanning and 2FA using GitHub Mobile. The company says the issue has been addressed, and it is working on measures to prevent it from happening again.

The issue was caused by a deployment of network related configuration that was inadvertently applied to the incorrect environment. This error was detected within 4 minutes and a rollback was initiated. While error rates began dropping quickly at 22:55 UTC, the rollback failed in one of our data centers, leading to a longer recovery time. At this point, many failed requests succeeded upon retrying. This failure was due to an unrelated issue that had occurred earlier in the day where the datastore for our configuration service was polluted in a way that required manual intervention. The bad data in the configuration service caused the rollback in this one datacenter to fail. A manual removal of the incorrect data allowed the full rollback to complete at 00:48 UTC thereby restoring full access to services. We understand how the corrupt data was deployed and continue to investigate why the specific data caused the subsequent deployments to fail.

We are working on various measures to ensure safety of this kind of configuration change, faster detection of the problem via better monitoring of the related subsystems, and improvements to the robustness of our underlying configuration system including prevention and automatic cleanup of polluted records such that we can automatically recover from this kind of data issue in the future.

Linux distros and desktop environments have been moving toward Wayland, X11’s more modern and secure replacement for years, with the last year seeing a marked acceleration. Fedora has long had a reputation of pushing new technologies forward, and already defaults to Wayland, so it’s no surprise that it would be among the first to stop installing X11 by default.

The change was proposed on the Fedora working group mailing list by Jens Petersen:

I was wondering if we should not stop installing gnome-session-xsession by default in F40 Workstation. I guess if we want to do that it should really happen before the Beta release.
Alternatively it could be done more formally as a Fedora Change for F41, and first in Rawhide.

After quite a bit of discussion, it was decided that Fedora 40’s release was too close to make such a big change, so it was pushed to Fedora 41, as Peterson confirmed two days ago:

Fedora Workstation WG discussed this today and we agreed we should do this for Fedora 41,
since it is really too late already for F40 and it should really be handled as a System Wide Change anyway.

Those whose workflows still depend on X11 will be able to install it from the repos.