174983609
submission
Jeremy Allison - Sam writes:
The Samba project has secured significant funding (€688,800.00) from the German
Sovereign Tech Fund (STF) to advance the project. The investment was
successfully applied for by SerNet. Over the next 18 months, Samba developers
from SerNet will tackle 17 key development subprojects aimed at enhancing
Samba’s security, scalability, and functionality.
The Sovereign Tech Fund is a German federal government funding program that
supports the development, improvement, and maintenance of open digital
infrastructure. Their goal is to sustainably strengthen the open source
ecosystem.
The project's focus is on areas like SMB3 Transparent Failover, SMB3 UNIX
extensions, SMB-Direct, Performance and modern security protocols such as SMB
over QUIC. These improvements are designed to ensure that Samba remains a
robust and secure solution for organizations that rely on a sovereign IT
infrastructure. Development work began as early as September the 1st and is
expected to be completed by the end of February 2026 for all sub-projects.
All development will be done in the open following the existing Samba
development process. First gitlab CI pipelines have already been running [4]
and gitlab MRs will appear soon!
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fsamba.plus%2Fblog%2Fdetail...
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.sovereigntechfund....
173891517
submission
Jeremy Allison - Sam writes:
Cracks in the Ice: Why a 'frozen' distribution Linux kernel isn't the safest choice for security
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fciq.com%2Fblog%2Fwhy-a-fro...
This is an executive summary of research that my colleagues Ronnie Sahlberg and Jonathan Maple did, published as a whitepaper with all the numeric details here:
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fciq.com%2Fwhitepaper%2Fven...
Steven Vaughan-Nichols is covering the release of this
data here:
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2F...
171425566
submission
153900709
submission
Jeremy Allison - Sam writes:
Software Freedom Conservancy announced today it has filed a lawsuit against Vizio Inc. for what it calls repeated failures to fulfill even the basic requirements of the General Public License (GPL).
The lawsuit alleges that Vizio’s TV products, built on its SmartCast system, contain software that Vizio unfairly appropriated from a community of developers who intended consumers to have very specific rights to modify, improve, share, and reinstall modified versions of the software.
136652050
submission
Jeremy Allison - Sam writes:
Software Freedom Conservancy, the only organization actively engaged in General Public License (GPL) enforcement and compliance work for Linux, announces today a new strategy toward improving compliance and the freedom of users of devices that contain Linux-based systems. The new work has received an initial grant from Amateur Radio Digital Communications (ARDC).
Our new initiative features:
1) Litigation to enforce against license violators that do not voluntarily comply in a timely manner.
2) Coordinating the development of alternative firmware for devices where none currently exists.
3) Collaborating with other organizations to promote copyleft compliance as a feature for consumers to protect their privacy and get more out of their devices.
We take this holistic approach because compliance is not an end in itself, but rather a lever to help people advance technology for themselves and the world. Bradley Kuhn, Conservancy’s Policy Fellow and Hacker-in-Residence remarked: “GPL enforcement began as merely an education process more than twenty years ago. We all had hoped that industry-wide awareness of copyleft’s essential role in spreading software freedom would yield widespread, spontaneous compliance. We were simply wrong about that. Today, we observe almost universal failure in compliance throughout the (so-called) Internet of Things (IoT) market. Only unrelenting enforcement that holds companies accountable can change this abysmal reality. ARDC, a visionary grant-maker, recognizes the value of systemic enforcement that utilizes the legal system to regain software freedom. That process also catalyzes community-led projects to build liberated firmware for many devices.”
ARDC has long served the amateur radio community who were early adopters of Internet communication. These roots have grown from the deeper soils of wireless and digital communication and open access to technical information. Amateur radio operators have long practiced the tradition of individual technical experimentation that benefited the general public. These traditions also form the basis of software freedom. Hobbyists and volunteers built, modified and improved Free and Open Source Software (FOSS) first. Conservancy defends the rights of software developers to examine the code in their devices and assists their work to improve the platforms they rely on and to understand our communication technologies. Copyleft compliance enables this work to continue and expand to new kinds of devices.
Rosy Wolfe, ARDC’s Executive Director commented: “GPL enforcement is notoriously difficult, and yet it is necessary to deter self-serving actors who want the benefits of community software but won’t follow the rules. Thus Conservancy’s efforts in this arena are critical, and we are honored to support them in this work.”
When companies prevent us from actually modifying the software on our devices, software freedom remains only theoretical. In this new chapter of compliance work, Conservancy will leverage its technical and legal resources to help the public take control of the software on which they rely. This generous grant from ARDC is a first step. Please help in the next step through support of Conservancy’s work with a donation. You can also email compliance@sfconservancy.org to let us know about GPL violations or to discuss volunteering on these projects.
130067890
submission
Jeremy Allison - Sam writes:
The Samba project has traditionally been one of the strongest proponents of Copyleft licensing and Free Software. However, in the Corporate Cloud-first world we find ourselves, traditional enforcement mechanisms have not been effective. How do we achieve the goals of the Free Software movement in this new world and how do we need to change what we're doing to be successful ?
Traditional license enforcement doesn't seem to work well in the Cloud and for the modern software environment we find ourselves. In order to achieve the world of Free Software available for all I think we need to change our approach. Both GPLv3 and the AGPL have been rejected soundly by most developers. I would argue that we need a new way to inspire developers to adopt Free Software goals and principles, as depending on licensing has failed as licensing itself has fractured.
Communication and collaboration are key to this. Stand-alone software is essentially useless. Software interoperability and published protocol and communication definitions are essential to build a freedom valuing software industry for the future.
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Farchive.org%2Fdetails%2Fco...
112087734
submission
Jeremy Allison - Sam writes:
For Samba version 4.11.0 we'll be disabling SMB1 on the server by default. Code is still there and can be turned by on in the config file though.
From the WHATSNEW.txt change git commit:
+SMB1 is disabled by default
+---------------------------
+
+The defaults of 'client min protocol' and 'server min protocol'
+have been changed to SMB2_02.
+
+This means clients without support for SMB2 or SMB3 are no longer
+able to connect to smbd (by default).
+
+It also means client tools like smbclient and other,
+as well as applications making use of libsmbclient are no longer
+able to connect to servers without SMB2 or SMB3 support (by default).
+
+It's still possible to allow SMB1 dialects, e.g. NT1, LANMAN2
+and LANMAN1 for client and server, as well as CORE and COREPLUS on
+the client.
+
+Note that most commandline tools e.g. smbclient, smbcacls and others
+also support the --option argument to overwrite smb.conf options,
+e.g. --option='client min protocol=NT1' might be useful.
+
+As Microsoft no longer installs SMB1 support in recent releases
+or uninstalls it after 30 days without usage, the Samba Team
+tries to get remove the SMB1 usage as much as possible.
+
+SMB1 is officially deprecated and might be removed step by step
+in the following years. If you have a strong requirement for SMB1
+(except for supporting old Linux Kernels), please file a bug
+at https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fbugzilla.samba.org%2F and let us know about the details.
100448686
submission
Jeremy Allison - Sam writes:
Congratulations to Tesla on Their First Public Step Toward GPL Compliance
Conservancy rarely talks publicly about specifics in its ongoing GNU General Public License (GPL) enforcement and compliance activity, in accordance with our Principles of Community Oriented GPL Enforcement. We usually keep our compliance matters confidential — not for our own sake — but for the sake of violators who request discretion to fix their mistakes without fear of public reprisal.
We're thus glad that, this week, Tesla has acted publicly regarding its current GPL violations and has announced that they've taken their first steps toward compliance. While Tesla acknowledges that they still have more work to do, their recent actions show progress toward compliance and a commitment to getting all the way there.
99073209
submission
Jeremy Allison - Sam writes:
Richard Stallman, President of the FSF, presented Sandler with the award during a ceremony. Stallman highlighted Sandler's dedication to software freedom. Stallman told the crowd that Sandler's “vivid warning about backdoored nonfree software in implanted medical devices has brought the issue home to people who never wrote a line of code. Her efforts, usually not in the public eye, to provide pro bono legal advice to free software organizations and [with Software Freedom Conservancy] to organize infrastructure for free software projects and copyleft defense, have been equally helpful.”.
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fsfconservancy.org%2Fnews...
70741203
submission
Jeremy Allison - Sam writes:
From the article:
Software Freedom Conservancy announces today Christoph Hellwig's lawsuit against VMware in the district court of Hamburg in Hamburg, Germany. This is the regretful but necessary next step in both Hellwig and Conservancy's ongoing effort to convince VMware to comply properly with the terms of the GPLv2, the license of Linux and many other Open Source and Free Software included in VMware's ESXi products.
