In a blog post today, Google announced that WebGPU is "now enabled by default in Chrome 121 on devices running Android 12 and greater powered by Qualcomm and ARM GPUs," with support for more Android devices rolling out gradually. Previously, the API was only available on Windows PCs that support Direct3D 12, macOS, and ChromeOS devices that support Vulkan.

Google says WebGPU "offers significant benefits such as greatly reduced JavaScript workload for the same graphics and more than three times improvements in machine learning model inferences." With lower-level access to a device's GPU, developers are able to enable richer and more complex visual content in web applications. This will be especially apparent with games, as you can see in this demo.

Next up: WebGPU for Chrome on Linux.

"The ambient light sensors present in most mobile devices can be accessed by software without any special permissions, unlike permissions required for accessing the microphone or the cameras," writes longtime Slashdot reader BishopBerkeley. "When properly interrogated, the data from the light sensor can reveal much about the user." IEEE Spectrum reports: While that may not seem to provide much detailed information, researchers have already shown these sensors can detect light intensity changes that can be used to infer what kind of TV programs someone is watching, what websites they are browsing or even keypad entries on a touchscreen. Now, [Yang Liu, a PhD student at MIT] and colleagues have shown in a paper in Science Advances that by cross-referencing data from the ambient light sensor on a tablet with specially tailored videos displayed on the tablet's screen, it's possible to generate images of a user's hands as they interact with the tablet. While the images are low-resolution and currently take impractically long to capture, he says this kind of approach could allow a determined attacker to infer how someone is using the touchscreen on their device. [...]

"The acquisition time in minutes is too cumbersome to launch simple and general privacy attacks on a mass scale," says Lukasz Olejnik, an independent security researcher and consultant who has previously highlighted the security risks posed by ambient light sensors. "However, I would not rule out the significance of targeted collections for tailored operations against chosen targets." But he also points out that, following his earlier research, the World Wide Web Consortium issued a new standard that limited access to the light sensor API, which has already been adopted by browser vendors.

Liu notes, however, that there are still no blanket restrictions for Android apps. In addition, the researchers discovered that some devices directly log data from the light sensor in a system file that is easily accessible, bypassing the need to go through an API. The team also found that lowering the resolution of the images could bring the acquisition times within practical limits while still maintaining enough detail for basic recognition tasks. Nonetheless, Liu agrees that the approach is too complicated for widespread attacks. And one saving grace is that it is unlikely to ever work on a smartphone as the displays are simply too small. But Liu says their results demonstrate how seemingly harmless combinations of components in mobile devices can lead to surprising security risks.

It's hard to think of a more self-explanatory feature than Circle to Search: it does exactly what it sounds like it does. You circle something on your phone screen, tap a button, and voila! A page full of Google search results telling you about the thing you circled. The Verge: The new feature is launching on five phones to start -- the three members of Samsung's brand-new Galaxy S24 series, as well as Google's Pixel 8 and 8 Pro -- before it comes to other "select, premium" Android phones. Well, maybe it does need a little explaining. If the feature sounds familiar, you might be thinking of Google Lens, which is similar. But instead of opening up the Google app, you can use Circle to Search anywhere on your device. Just long-press the home button if you're using three-button navigation -- or the navigation handle if you're using gesture nav -- and it will appear on top of whatever app or screen you're currently using. You can circle, highlight, or tap a subject, including text as well as images.

An anonymous reader quotes a report from TechCrunch: The Apple-versus-Beeper saga is not over yet it seems, even though the iMessage-on-Android Beeper Mini was removed from the Play Store last week. Now, Apple customers who used Beeper's apps are reporting that they've been banned from using iMessage on their Macs -- a move Apple may have taken to disable Beeper's apps from working properly, but ultimately penalizes its own customers for daring to try a non-Apple solution for accessing iMessage. The latest follows a contentious game of cat-and-mouse between Apple and Beeper, which Apple ultimately won. [...]

According to users' recounting of their tech support experiences with Apple, the support reps are telling them their computer has been flagged for spam, or for sending too many messages — even though that's not the case, some argued. This has led many Beeper users to believe this is how Apple is flagging them for removal from the iMessage network. One Beeper customer advised others facing this problem to ask Apple if their Mac was in a "throttled status" or if their Apple ID was blocked for spam to get to the root of the issue. Admitting up front that third-party software was to blame would sometimes result in the support rep being able to lift the ban, some noted.

The news of the Mac bans was earlier reported by Apple news site AppleInsider and Times of India, and is being debated on Y Combinator forum site Hacker News. On the latter, some express their belief that the retaliation against Apple's own users is justified as they had violated Apple's terms, while others said that iMessage interoperability should be managed through regulation, not rogue apps. Far fewer argued that Apple is exerting its power in an anticompetitive fashion here.

Google Maps is about to get better at showing directions inside tunnels. A new feature spotted by SmartDroid allows the Android version of the app to use Bluetooth beacons to track your location in areas where GPS signals typically can't reach. The Verge: These beacons transmit Bluetooth signals that give location data to your phone, according to the Google-owned Waze, which already supports the feature. The app then uses this information along with the device's mobile connectivity to "provide real-time traffic data as it would with a typical GPS connection."

For the first time ever, Apple beat out Samsung to ship the most smartphones in a year according to IDC's Worldwide Quarterly Mobile Phone Tracker. From a report: Although IDC cautions that its data is preliminary and subject to change, a second research agency, Canalys, also has Apple taking its top spot for all of 2023. IDC has Apple's total mobile shipments at 234.6 million, versus 226.6 million for Samsung. Xiaomi, Oppo, and Transsion round out the top five with 145.9, 103.1 and 94.9 million smartphones shipped, respectively.

IDC notes that the last time Samsung wasn't on top of the annual board was 13 years ago in 2010. Back then Apple didn't even feature in the top five. Instead it was Nokia in first place, Samsung in second, LG Electronics in third, ZTE in fourth, and Research in Motion (manufacturers of BlackBerry devices) in fifth.

Android Authority combed through the code of Edge browser (for Android) to find what may be hints for things to come to Copilot: Microsoft has offered its Copilot AI service (formerly Bing Chat) on mobile devices for a while. The service has long been free to use, allowing you to speak to a chatbot, generate AI images, and more. Now, recent Edge browser updates for Android hint at a so-called Copilot Pro option. [...] But what should you expect from this Pro tier? Fortunately, a string also mentions Copilot Pro perks. This includes access to the latest AI models, priority access for quicker answers, and "high-quality" image generation. Update: Microsoft has officially launched Copilot Pro. The subscription provides access to AI-powered features inside Office apps like Word, Excel, and PowerPoint alongside priority access to the latest OpenAI models, and the ability to build your own Copilot GPT.

After removing the feature with Android 5.0 in 2015, Google appears to be bringing back lock screen widgets in the next version of Android. "There haven't been any indications since then that Google would ever bring this feature back," notes Android Authority. "But after Apple introduced widgets to the iPhone lock screen in iOS 16, many speculated that it was only a matter of time." From the report: As for how they might do that, there seem to be two different approaches that are being developed. The first one involves the creation of a new "communal" space -- an area on the lock screen that might be accessed by swiping inward from the right. Although the communal space is still unfinished, I was able to activate it in the new Android 14 QPR2 Beta 3 update. Once I activated the communal space, a large gray bar appeared on the right side of the lock screen on my Pixel device. After swiping inward, a pencil icon appeared on the top left of the screen. Tapping this icon opened a widget selector that allowed me to add widgets from Google Calendar, Google Clock, and the Google App, but I wasn't able to add widgets from most of my other apps. This is because the widget category needs to be set to KEYGUARD in order for it to appear in this selector. KEYGUARD is a category Google introduced in Android 4.2 Jelly Bean that very few apps utilize today since the lock screen hasn't supported showing widgets in nearly a decade. After adding the widgets for Google Clock and Google Finance, I returned to the communal space by swiping inward from the right on the lock screen. The widgets were indeed shown in this space without me needing to unlock the device. However, the lock screen UI was shown on top of the widgets, making things difficult to see. Clearly, this feature is still a work in progress in the current beta. [...]

While it's possible this communal space won't be coming to all devices, there's another way that Google could bring widgets back to the lock screen for Android phones: leveraging At a Glance. If you aren't familiar, Pixel phones have a widget on the home screen and lock screen called At a Glance. The interesting thing about At a Glance is that it isn't actually a widget but rather a "custom element behaving like a widget," according to developer Kieron Quinn. Under the hood, At a Glance is built on top of Smartspace, the API that is responsible for creating the various cards you can swipe through. Although Smartspace supports creating a variety of card types, it currently can't handle RemoteViews, the API on which Android app widgets are built. That could change soon, though, as Google is working on including RemoteViews into the Smartspace API.

It's unclear whether this will allow raw widgets from all apps to be included in At a Glance, since it's also possible that Google is only implementing this so it has more freedom in building new cards. Either way, this new addition to the Smartspace API would supercharge the At a Glance widget in Android 15, and we're excited to see what Google has in store for us.

An anonymous reader quotes a report from TechCrunch: Polestar CEO Thomas Ingenlath couldn't be happier with the integration of Google built-in, the branded product that embeds Google apps and services directly into the company's EVs. But don't expect the EV maker to drop Android Auto or Apple CarPlay as a result. On the sidelines of CES 2024, Ingenlath committed to sticking with Android Auto and Apple CarPlay, the middleware that allows drivers to project their smartphone onto the car's infotainment display. He went a step further and questioned automakers that have. GM, for instance, decided not to make the new 2024 Chevy Blazer EV compatible with Android Auto or Apple CarPlay.

"It's still too important for our customers to have the choice," Ingenlath said during an interview at CES 2024. He later added that, in his view, removing the option isn't the right way of treating customers. "Our priority is very clear; We have a really fantastic system together with Google," he said. While Ingenlath admitted that adding that Google Built-in provides the best experience, he asked "why would we try to dogmatically educate our customers?" Polestar has been a champion of Google built-in. However, it's willingness to keep Android Auto and Apple CarPlay is notable because it illustrates the complexity of appeasing customers even if it might overshadow the native technology in the vehicle. "Ingenlath seems convinced that as Google built-in improves and continues to add apps and services, consumers will give up Android Auto or Apple CarPlay on there own," adds TechCrunch. "And the updates do keep coming."

"At CES 2024, for instance, Polestar announced that the Chrome browser would start rolling out to Polestar 2 in beta, allowing drivers to surf the internet via the central vehicle display while parked. Ingenlath hinted of more improvements in the future, including more precise navigation in Google Maps that drills down to the specific lane as well as customized features designed for Polestar customers."

Amazon introduced a new feature that mimics Apple's AirPlay while working across different platforms, setting the stage for iPhone and Android users to wirelessly stream video to its TV hardware. From a report: The feature, called Matter Casting, is part of a push by Amazon to create interoperable services -- an alternative to the propriety technology developed by Apple and Google. It will make it easier for iOS and Android phones to send video to Amazon devices, such as its Fire TV boxes and sticks, as well as the Echo Show 15 smart display. [...] The feature will work with a range of other video services, including Plex, Pluto TV, Sling TV, Starz and ZDF, Amazon said.

The Wi-Fi Alliance is now starting to certify devices that use the latest generation of wireless connectivity, and the goal is to make sure these devices work with each other seamlessly. Android Central: Basically, the certification allows router brands and device manufacturers to guarantee that their products will work with other Wi-Fi 7 devices. Qualcomm, for its part, is announcing that it has several designs that leverage Wi-Fi 7, and that it achieved the Wi-Fi Alliance certification -- dubbed Wi-Fi Certified 7 -- for the FastConnect 7800 module that's baked into the Snapdragon 8 Gen 3 and 8 Gen 2, and the Networking Pro portfolio.

Wi-Fi Certified 7 is designed to enable interoperability, and ensure that devices from various brands work without any issues. In addition to Qualcomm, the likes of MediaTek, Intel, Broadcom, CommScope, and MaxLinear are also picking up certifications for their latest networking products. I chatted with Andy Davidson, Sr. Director of Technology Planning at Qualcomm, ahead of the announcement to understand a little more about how Wi-Fi 7 is different. Wi-Fi 7 uses the 6GHz band -- similar to Wi-Fi 6E -- but introduces 320Mhz channels that have the potential to deliver significantly greater bandwidth. Wi-Fi 7 also uses a clever new feature called Multi-Link Operation (MLO) that lets devices connect to two bands at the same time, leading to better signal strength and bandwidth. Further reading: Wi-Fi 7 Signals the Industry's New Priority: Stability.

"If you have been affected, you will will receive a notification when you open Chrome on either desktop or Android devices," reports Search Engine Land. But they add that "discussions among digital marketers on X indicate that advertisers are still not ready..."

An anonymous reader writes: Google started its campaign to phase out of third-party cookies as announced earlier. At the beginning cookies are turned off for 1% of users, and those lucky ones unlock a "tracking protection" in Chrome settings. In agreement with the UK Competitions and Markets Authority, third-party cookies will be completely removed at the end of this year, a move under tight anti-competition scrutiny also in Brussels. Meanwhile, a technology researcher released their privacy audit of Google's third-party cookie replacement, Privacy Sandbox's Protected Audience API, validating its standing against EU data protection, which may even close the ever-present cookie consent popups disliked universally in Europe.

Code within the latest version of the ChatGPT Android app suggests that you'll soon be able to set it as the default assistant app, replacing the Google Assistant. Android Authority's Mishaal Rahman reports: ChatGPT version 1.2023.352, released last month, added a new activity named com.openai.voice.assistant.AssistantActivity. The activity is disabled by default, but after manually enabling and launching it, an overlay appears on the screen with the same swirling animation as the one shown when using the in-app voice chat mode. This overlay appears over other apps and doesn't take up the entire screen like the in-app voice chat mode. So, presumably, you could talk to ChatGPT from any screen by invoking this assistant. However, in my testing, the animation never finished and the activity promptly closed itself before I could speak with the chatbot. This could either be because the feature isn't finished yet or is being controlled by some internal flag. [...]

However, the fact that the aforementioned XML file even exists hints that this is what OpenAI intends to do with the app. Making the ChatGPT app Android's default digital assistant app would enable users to launch it by long-pressing the home button (if using three-button navigation) or swiping up from a bottom corner (if using gesture navigation). Unfortunately, the ChatGPT app still wouldn't be able to create custom hotwords or respond to existing ones, since that functionality requires access to privileged APIs only available to trusted, preinstalled apps. Still, given that Google will launch Assistant with Bard any day now, it makes sense that OpenAI wants to make it easier for Android users to access ChatGPT so that users don't flock to Bard just because it's easier to use.

Qualcomm today unveiled a new Snapdragon XR2+ Gen 2 chipset, a single-chip architecture that will likely power Apple Vision Pro competitors from Meta, Samsung, Google and HTC, among others. ZDNet reports: Succeeding last year's XR2 Gen 2, the plus variant brings improved GPU and CPU frequency -- up 15% and 20% respectively, support for 4.3K per eye resolution at 90fps, and the ability for headsets to field 12 or more cameras with on-device AI capabilities. The latter allows equipped models to better track user movements and surrounding objects for more immersive (and harmonious) VR and MR experiences. As for efficiency gains, you'll still be getting the 50% improvement as the previous XR2 Gen 2 when stacked against the XR2 Gen 1 platform. Basically, there's no change on that front.

"(Snapdragon XR2+ Gen 2) will take XR productivity and entertainment to the next level by bringing spectacularly clear visuals to use cases such as room-scale screens, life-size overlays and virtual desktops," said Hugo Swart, vice president and general manager of XR, Qualcomm Technologies, Inc, in a Thursday press release. Clearly, the new silicon is aimed at headsets that can do it all -- with feature parity to the $3,500 gorilla in the room, Apple's upcoming Vision Pro headset -- though Qualcomm says it'll be priced accessibly for manufacturers to build hardware around.

How affordable will these competing wearables be? Your guess is as good as mine. But considering we've already gotten products like the $500 Meta Quest 3 fielding the slightly less capable XR2 Gen 2 chip, the future of XR may not be as expensive as it seems. The new Snapdragon XR2+ Gen 2 chipset is made in collaboration with Google and Samsung, both of which bring expertise in the Android ecosystem and developing mobile VR devices. The trio had announced plans to develop an XR platform back in February of 2023, likely in reaction to the then-rumored headset by Apple.

As spotted by X user bedros_p, Google appears to be preparing to introduce a paid upgrade for Bard Advanced, a "new, cutting-edge AI experience" announced in December that gives users access to Google's best models and capabilities. Android Police reports: According to the strings, you will be able to "Try Bard Advanced for 3 months, on us." After that test period, you will likely have to pay up for the service. A defunct link within the code suggests that it may be part of Google One, but it's not clear if Bard Advanced will be added to all tiers or only more expensive ones with more Google Drive storage. It's also possible that it will be an extra new tier in Google One.

As a refresher, Google launched its most capable AI model yet in December 2023, called Gemini. The LLM is available in three tiers, including a Nano version capable of running on devices like phones and a Pro version currently powering Bard in the US. There is also a Gemini Ultra which isn't public just yet, but supposedly outperforms other LLMs in almost all metrics. Google says that this is the one that will power Bard Advanced.

Long-time tech entrepreneur Anil Dash predicts a big shift in the digital landscape in 2024. And "regular internet users — not just the world's tech tycoons — may be the ones who decide how it goes." The first thing to understand about this new era of the internet is that power is, undoubtedly, shifting. For example, regulators are now part of the story — an ironic shift for anyone who was around in the dot com days. In the E.U., tech giants like Apple are being forced to hold their noses and embrace mandated changes like opening up their devices to allow alternate app stores to provide apps to consumers. This could be good news, increasing consumer choice and possibly enabling different business models — how about mobile games that aren't constantly pestering gamers for in-app purchases? Back in the U.S., a shocking judgment in Epic Games' (that's the Fortnite folks') lawsuit against Google leaves us with the promise that Android phones might open up in a similar way.

That's not just good news for the billions of people who own smartphones. It's part of a sea change for the coders and designers who build the apps, sites, and games we all use. For an entire generation, the imagination of people making the web has been hemmed in by the control of a handful of giant companies that have had enormous control over things like search results, or app stores, or ad platforms, or payment systems. Going back to the more free-for-all nature of the Nineties internet could mean we see a proliferation of unexpected, strange new products and services. Back then, a lot of technology was created by local communities or people with a shared interest, and it was as likely that cool things would be invented by universities and non-profits and eccentric lone creators as they were to be made by giant corporations....

In that era, people could even make their own little social networks, so the conversations and content you found on an online forum or discussion were as likely to have been hosted by the efforts of one lone creator than to have come from some giant corporate conglomerate. It was a more democratized internet, and while the world can't return to that level of simplicity, we're seeing signs of a modern revisiting of some of those ideas.
Dash's article (published in Rolling Stone) ends with examples of "people who had been quietly keeping the spirit of the human, personal, creative internet alive...seeing a resurgence now that the web is up for grabs again. "

• Digital artist Everest Pipkin

• The School for Poetic Computation (which Dash describes as "an eccentric, deeply charming, self-organized school for people who want to combine art and technology and a social conscience.")

• Mask On Zone, "a collaboration with the artist and coder Ritu Ghiya, which gives demonstrators and protesters in-context guidance on how to avoid surveillance."

• There's projects and tools from makers like Stefan Bohacek, Darius Kazemi, and Elan Kiderman Ullendorff (including Youtune ("a stream of relatively unviewed original songs posted to YouTube.")

Dash concludes that "We're seeing the biggest return to that human-run, personal-scale web that we've witnessed since the turn of the millennium, with enough momentum that it's likely that 2024 is the first year since then that many people have the experience of making a new connection or seeing something go viral on a platform that's being run by a regular person instead of a commercial entity.

"It's going to make a lot of new things possible..."

A big thank-you for submitting the article to long-time Slashdot reader, DrunkenTerror.

TechCrunch reports: Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi's government. Officials publicly doubted Apple's findings and announced a probe into device security.

India has never confirmed nor denied using the Pegasus tool, but nonprofit advocacy group Amnesty International reported Thursday that it found NSO Group's invasive spyware on the iPhones of prominent journalists in India, lending more credibility to Apple's early warnings. "Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation," said Donncha Ã" Cearbhaill, head of Amnesty International's Security Lab, in the blog post.
Cloud security company Lookout has also published "an in-depth technical look" at Pegasus, calling its use "a targeted espionage attack being actively leveraged against an undetermined number of mobile users around the world." It uses sophisticated function hooking to subvert OS- and application-layer security in voice/audio calls and apps including Gmail, Facebook, WhatsApp, Facetime, Viber, WeChat, Telegram, Apple's built-in messaging and email apps, and others. It steals the victim's contact list and GPS location, as well as personal, Wi-Fi, and router passwords stored on the device...

According to news reports, NSO Group sells weaponized software that targets mobile phones to governments and has been operating since 2010, according to its LinkedIn page. The Pegasus spyware has existed for a significant amount of time, and is advertised and sold for use on high-value targets for multiple purposes, including high-level espionage on iOS, Android, and Blackberry.
Thanks to Slashdodt reader Mirnotoriety for sharing the news.

An anonymous reader quotes a report from Ars Technica: Apple's AirTags are meant to help you effortlessly find your keys or track your luggage. But the same features that make them easy to deploy and inconspicuous in your daily life have also allowed them to be abused as a sinister tracking tool that domestic abusers and criminals can use to stalk their targets. Over the past year, Apple has taken protective steps to notify iPhone and Android users if an AirTag is in their vicinity for a significant amount of time without the presence of its owner's iPhone, which could indicate that an AirTag has been planted to secretly track their location. Apple hasn't said exactly how long this time interval is, but to create the much-needed alert system, Apple made some crucial changes to the location privacy design the company originally developed a few years ago for its "Find My" device tracking feature. Researchers from Johns Hopkins University and the University of California, San Diego, say, though, that they've developed (PDF) a cryptographic scheme to bridge the gap -- prioritizing detection of potentially malicious AirTags while also preserving maximum privacy for AirTag users. [...]

The solution [Johns Hopkins cryptographer Matt Green] and his fellow researchers came up with leans on two established areas of cryptography that the group worked to implement in a streamlined and efficient way so the system could reasonably run in the background on mobile devices without being disruptive. The first element is "secret sharing," which allows the creation of systems that can't reveal anything about a "secret" unless enough separate puzzle pieces present themselves and come together. Then, if the conditions are right, the system can reconstruct the secret. In the case of AirTags, the "secret" is the true, static identity of the device underlying the public identifier that is frequently changing for privacy purposes. Secret sharing was conceptually useful for the researchers to employ because they could develop a mechanism where a device like a smartphone would only be able to determine that it was being followed around by an AirTag with a constantly rotating public identifier if the system received enough of a certain type of ping over time. Then, suddenly, the suspicious AirTag's anonymity would fall away and the system would be able to determine that it had been in close proximity for a concerning amount of time.

Green notes, though, that a limitation of secret sharing algorithms is that they aren't very good at sorting and parsing inputs if they're being deluged by a lot of different puzzle pieces from all different puzzles -- the exact scenario that would occur in the real world where AirTags and Find My devices are constantly encountering each other. With this in mind, the researchers employed a second concept known as "error correction coding," which is specifically designed to sort signal from noise and preserve the durability of signals even if they acquire some errors or corruptions. "Secret sharing and error correction coding have a lot of overlap," Green says. "The trick was to find a way to implement it all that would be fast, and where a phone would be able to reassemble all the puzzle pieces when needed while all of this is running quietly in the background." The researchers published (PDF) their first paper in September and submitted it to Apple. More recently, they notified the industry consortium about the proposal.

Microsoft quietly launched a dedicated Copilot app on Android, giving users a way to access Copilot's AI features without the Bing mobile app. "Spotted by @technosarusrex on X, it is now available for download from the Google Play Store, and the app's listing suggests it arrived in the marketplace about a week ago," reports Neowin. From the report: The new Copilot app for Android is not entirely a new thing. At first sight, it looks similar to the Bing Chat app, which still lets you access the same chat features. In addition, you can use Copilot within the Microsoft Edge browser for Android, SwiftKey, Skype, and more. Copilot for Android supports plenty of features (you can also toggle between light and dark themes) that are already available on desktop. You can ask complex questions, generate images using DALL-E 3, draft documents or emails, or just have a casual conversation about anything. In addition, the app lets you turn off or on the recently added GPT-4.

An anonymous reader quotes a report from The Register: Bruce Perens, one of the founders of the Open Source movement, is ready for what comes next: the Post-Open Source movement. "I've written papers about it, and I've tried to put together a prototype license," Perens explains in an interview with The Register. "Obviously, I need help from a lawyer. And then the next step is to go for grant money." Perens says there are several pressing problems that the open source community needs to address. "First of all, our licenses aren't working anymore," he said. "We've had enough time that businesses have found all of the loopholes and thus we need to do something new. The GPL is not acting the way the GPL should have done when one-third of all paid-for Linux systems are sold with a GPL circumvention. That's RHEL." RHEL stands for Red Hat Enterprise Linux, which in June, under IBM's ownership, stopped making its source code available as required under the GPL. Perens recently returned from a trip to China, where he was the keynote speaker at the Bench 2023 conference. In anticipation of his conversation with El Reg, he wrote up some thoughts on his visit and on the state of the open source software community. One of the matters that came to mind was Red Hat.

"They aren't really Red Hat any longer, they're IBM," Perens writes in the note he shared with The Register. "And of course they stopped distributing CentOS, and for a long time they've done something that I feel violates the GPL, and my defamation case was about another company doing the exact same thing: They tell you that if you are a RHEL customer, you can't disclose the GPL source for security patches that RHEL makes, because they won't allow you to be a customer any longer. IBM employees assert that they are still feeding patches to the upstream open source project, but of course they aren't required to do so. This has gone on for a long time, and only the fact that Red Hat made a public distribution of CentOS (essentially an unbranded version of RHEL) made it tolerable. Now IBM isn't doing that any longer. So I feel that IBM has gotten everything it wants from the open source developer community now, and we've received something of a middle finger from them. Obviously CentOS was important to companies as well, and they are running for the wings in adopting Rocky Linux. I could wish they went to a Debian derivative, but OK. But we have a number of straws on the Open Source camel's back. Will one break it?"

Another straw burdening the Open Source camel, Perens writes, "is that Open Source has completely failed to serve the common person. For the most part, if they use us at all they do so through a proprietary software company's systems, like Apple iOS or Google Android, both of which use Open Source for infrastructure but the apps are mostly proprietary. The common person doesn't know about Open Source, they don't know about the freedoms we promote which are increasingly in their interest. Indeed, Open Source is used today to surveil and even oppress them." Free Software, Perens explains, is now 50 years old and the first announcement of Open Source occurred 30 years ago. "Isn't it time for us to take a look at what we've been doing, and see if we can do better? Well, yes, but we need to preserve Open Source at the same time. Open Source will continue to exist and provide the same rules and paradigm, and the thing that comes after Open Source should be called something else and should never try to pass itself off as Open Source. So far, I call it Post-Open." Post-Open, as he describes it, is a bit more involved than Open Source. It would define the corporate relationship with developers to ensure companies paid a fair amount for the benefits they receive. It would remain free for individuals and non-profit, and would entail just one license. He imagines a simple yearly compliance process that gets companies all the rights they need to use Post-Open software. And they'd fund developers who would be encouraged to write software that's usable by the common person, as opposed to technical experts.

Pointing to popular applications from Apple, Google, and Microsoft, Perens says: "A lot of the software is oriented toward the customer being the product -- they're certainly surveilled a great deal, and in some cases are actually abused. So it's a good time for open source to actually do stuff for normal people." The reason that doesn't often happen today, says Perens, is that open source developers tend to write code for themselves and those who are similarly adept with technology. The way to avoid that, he argues, is to pay developers, so they have support to take the time to make user-friendly applications. Companies, he suggests, would foot the bill, which could be apportioned to contributing developers using the sort of software that instruments GitHub and shows who contributes what to which products. Merico, he says, is a company that provides such software. Perens acknowledges that a lot of stumbling blocks need to be overcome, like finding an acceptable entity to handle the measurements and distribution of funds. What's more, the financial arrangements have to appeal to enough developers. "And all of this has to be transparent and adjustable enough that it doesn't fork 100 different ways," he muses. "So, you know, that's one of my big questions. Can this really happen?" Perens believes that the General Public License (GPL) is insufficient for today's needs and advocates for enforceable contract terms. He also criticizes non-Open Source licenses, particularly the Commons Clause, for misrepresenting and abusing the open-source brand.

As for AI, Perens views it as inherently plagiaristic and raises ethical concerns about compensating original content creators. He also weighs in on U.S.-China relations, calling for a more civil and cooperative approach to sharing technology.

You can read the full, wide-ranging interview here.