An anonymous reader quotes a report from Ars Technica, written by John Timmer: [P]art of the software stack that companies are developing to control their quantum hardware includes software that converts abstract representations of quantum algorithms into the series of commands needed to execute them. IBM's version of this software is called Qiskit (although it was made open source and has since been adopted by other companies). Recently, IBM made a couple of announcements regarding Qiskit, both benchmarking it in comparison to other software stacks and opening it up to third-party modules. [...] Right now, the company is supporting six third-party Qiskit functions that break down into two categories.

The first can be used as stand-alone applications and are focused on providing solutions to problems for users who have no expertise programming quantum computers. One calculates the ground-state energy of molecules, and the second performs optimizations. But the remainder are focused on letting users get more out of existing quantum hardware, which tends to be error prone. But some errors occur more often than others. These errors can be due to specific quirks of individual hardware qubits or simply because some specific operations are more error prone than others. These can be handled in two different ways. One is to design the circuit being executed to avoid the situations that are most likely to produce an error. The second is to examine the final state of the algorithm to assess whether errors likely occurred and adjust to compensate for any. And third parties are providing software that can handle both of these.

One of those third parties is Q-CTRL, and we talked to its CEO, Michael Biercuk. "We build software that is really focused on everything from the lowest level of hardware manipulation, something that we call quantum firmware, up through compilation and strategies that help users map their problem onto what has to be executed on hardware," he told Ars. (Q-CTRL is also providing the optimization tool that's part of this Qiskit update.) "We're focused on suppressing errors everywhere that they can occur inside the processor," he continued. "That means the individual gate or logic operations, but it also means the execution of the circuit. There are some errors that only occur in the whole execution of a circuit as opposed to manipulating an individual quantum device." Biercuk said Q-CTRL's techniques are hardware agnostic and have been demonstrated on machines that use very different types of qubits, like trapped ions. While the sources of error on the different hardware may be distinct, the manifestations of those problems are often quite similar, making it easier for Q-CTRL's approach to work around the problems.

Those work-arounds include things like altering the properties of the microwave pulses that perform operations on IBM's hardware, and replacing the portion of Qiskit that converts an algorithm to a series of gate operations. The software will also perform operations that suppress errors that can occur when qubits are left idle during the circuit execution. As a result of all these differences, he claimed that using Q-CTRL's software allows the execution of more complex algorithms than are possible via Qiskit's default compilation and execution. "We've shown, for instance, optimization with all 156 qubits on [an IBM] system, and importantly -- I want to emphasize this word -- successful optimization," Biercuk told Ars. "What it means is you run it and you get the right answer, as opposed to I ran it and I kind of got close."

An anonymous reader quotes a report from PCWorld, written by Michael Crider: The latest perpetrator of questionable AI branding? HP. The company is introducing "Print AI," what it calls the "industry's first intelligent print experience for home, office, and large format printing." What does that mean? It's essentially a new beta software driver package for some HP printers. According to the press release, it can deliver "Perfect Output" -- capital P capital O -- a branded tool that reformats the contents of a page in order to more ideally fit it onto physical paper.

Despite my skeptical tone, this is actually a pretty cool idea. "Perfect Output can detect unwanted content like ads and web text, printing only the desired text and images, saving time, paper, and ink." That's neat! If the web page you're printing doesn't offer a built-in print format, the software will make one for you. It'll also serve to better organize printed spreadsheets and images, too. But I don't see anything in this software that's actually AI -- or even machine learning, for that matter. This is applying the same tech (functionally, if not necessarily the same code) as the "reader mode" formatting we've seen in browsers for about a decade now. Take the text and images of a page, strip out everything else that's unnecessary, and present it as efficiently as possible. [...]

The press release does mention that support and formatting tasks can be accomplished with "simple conversational prompts," which at least might be leveraging some of the large language models that have become synonymous with AI as consumers understand it. But based on the description, it's more about selling you something than helping you. "Customers can choose to print or explore a curated list of partners that offer unique photo printing capabilities, gift certificates to be printed on the card, and so much more." Whoopee.

"Dozens of Fortune 100 organizations" have unknowingly hired North Korean IT workers using fake identities, generating revenue for the North Korean government while potentially compromising tech firms, according to Google's Mandiant unit. "In a report published Monday [...], researchers describe a common scheme orchestrated by the group it tracks as UNC5267, which has been active since 2018," reports The Record. "In most cases, the IT workers 'consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia.'" From the report: The remote workers "often gain elevated access to modify code and administer network systems," Mandiant found, warning of the downstream effects of allowing malicious actors into a company's inner sanctum. [...] Using stolen identities or fictitious ones, the actors are generally hired as remote contractors. Mandiant has seen the workers hired in a variety of complex roles across several sectors. Some workers are employed at multiple companies, bringing in several salaries each month. The tactic is facilitated by someone based in the U.S. who runs a laptop farm where workers' laptops are sent. Remote technology is installed on the laptops, allowing the North Koreans to log in and conduct their work from China or Russia.

Workers typically asked for their work laptops to be sent to different addresses than those listed on their resumes, raising the suspicions of companies. Mandiant said it found evidence that the laptops at these farms are connected to a "keyboard video mouse" device or multiple remote management tools including LogMeIn, GoToMeeting, Chrome Remote Desktop, AnyDesk, TeamViewer and others. "Feedback from team members and managers who spoke with Mandiant during investigations consistently highlighted behavior patterns, such as reluctance to engage in video communication and below-average work quality exhibited by the DPRK IT worker remotely operating the laptops," Mandiant reported.

In several incident response engagements, Mandiant found the workers used the same resumes that had links to fabricated software engineer profiles hosted on Netlify, a platform often used for quickly creating and deploying websites. Many of the resumes and profiles included poor English and other clues indicating the actor was not based in the U.S. One characteristic repeatedly seen was the use of U.S-based addresses accompanied by education credentials from universities outside of North America, frequently in countries such as Singapore, Japan or Hong Kong. Companies, according to Mandiant, typically don't verify credentials from universities overseas. Further reading: How Not To Hire a North Korean IT Spy

Mozilla has been hit with a complaint by EU privacy group noyb, accusing it of violating GDPR by tracking Firefox users by default without their consent. TechCrunch reports: Mozilla calls the feature at issue "Privacy Preserving Attribution" (PPA). But noyb argues this is misdirection. And if EU privacy regulators agree with the complaint the Firefox-maker could be slapped with orders to change tack -- or even face a penalty (the GDPR allows for fines of up to 4% of global revenue). "Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites," noyb wrote in a press release. "In essence, the browser is now controlling the tracking, rather than individual websites. While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it on by default once people installed a recent software update. This is particularly worrying because Mozilla generally has a reputation for being a privacy-friendly alternative when most other browsers are based on Google's Chromium."

Another component of noyb's objection is that Mozilla's move "doesn't replace cookies either" -- Firefox simply wouldn't have the market share and power to shift industry practices -- so all it's done is produce another additional way for websites to target ads. [...] The noyb-backed complaint (PDF), which has been filed with the Austrian data protection authority, accuses Mozilla of failing to inform users about the processing of their personal data and of using an opt-out -- rather than an affirmative "opt-in" -- mechanism. The privacy rights group also wants the regulator to order the deletion of all data collected so far. In a statement attributed to Christopher Hilton, its director of policy and corporate communications, Mozilla said that it has only conducted a "limited test" of a PPA prototype on its own websites.While acknowledging poor communication around the effort, the company emphasized that no user data has been collected or shared and expressed its commitment to engaging with stakeholders as it develops the technology further.

Apple has pulled 60 VPNs from its App Store in Russia, according to research from anti-censorship org GreatFire. From a report: The iThing-maker's action comes amid a Kremlin crackdown on VPNs that has already seen a ban on privacy-related extensions to the open source Firefox browser. The software's developer, Mozilla, defied that ban and allowed the extensions back into its web store. In July, Apple removed at least one VPN from its Russian App Store. Cupertino removed at least 60 more between early July and September 18, according to research by GreatFire posted to its site that tracks Apple censorship. The org's research asserts that 98 VPNs are now unavailable in Russia -- but doesn't specify if the removals were made in the iOS or macOS app stores.

Cybersecurity firm Kaspersky has defended its decision to automatically replace its antivirus software on U.S. customers' computers with UltraAV, a product from American company Pango, without explicit user consent. The forced switch, affecting nearly one million users, occurred as a result of a U.S. government ban on Kaspersky software.

Kaspersky spokesperson Francesco Tius told TechCrunch that the company informed eligible U.S. customers via email about the migration, which began in early September. Windows users experienced an automatic transition to ensure continuous protection, while Mac and mobile users were instructed to manually install UltraAV. Some customers expressed alarm at the unannounced software swap. Kaspersky blamed missed notifications on unregistered email addresses, directing users to in-app messages and an online FAQ. The abrupt change raises concerns about user autonomy and privacy in software updates, particularly as UltraAV lacks an established security track record.

An anonymous reader shares a New Yorker story: Ultimately, the iPhone 16 does little to meaningfully improve on the experience I had with the 12, besides, perhaps, charging with a USB-C, as my laptop does, cutting down on the number of cords I have to keep track of. Instead, the greatest leaps in Apple's hardware are largely directed at those niche users who are already invested in using tools such as artificial intelligence and virtual reality. The company has announced that, within a month or so, the new phones will be able to operate its proprietary artificial-intelligence system, which means that users may soon be relying on A.I. to perform daily personal tasks, like navigating their calendars or responding to e-mails. The 15 and 16 Pros can take three-dimensional photos, designed for V.R., using the Apple Vision Pro. Thus far, I don't use A.I. tools or V.R. with any frequency and have no intention of doing so on my iPhone.

The fact that I do not need an iPhone 16 is a testament not so much to the iPhone's failure as to its resounding success. A lot of the digital software we rely on has grown worse for users in recent years; the iPhone, by contrast, has become so good that it's hard to imagine anything but incremental improvements. Apple's teleological phone-design strategy may have simply reached its end point, the same way evolution in nature has repeatedly resulted in an optimized species of crab. Other tech companies, meanwhile, are embracing radical departures in phone design. Samsung offers devices that fold in half, creating a smaller screen that's useful for minor tasks, such as texting, and a larger one for watching videos; Huawei is upping the ante with three folds. The BOOX Palma has become a surprise hit as a smartphone-ish device with an e-ink screen, similar to Amazon's Kindle, which uses physical pixels in its display. Dumbphones, too, are growing more popular by intentionally doing less. Apple devices, by contrast, remain effective enough that they can afford to be somewhat static.

WordPress has escalated its feud with WP Engine, a hosting provider, by blocking the latter's servers from accessing WordPress.org resources -- and therefore from potentially vital software updates. From a report: WordPress is an open source CMS which is extensible using plugins. Its home is WordPress.org, which also hosts resources such as themes and plugins for the CMS. A vast ecosystem of plugins exists from numerous suppliers, but WordPress.org is the main source. Many WordPress users rely on several plugins. Preventing WP Engine users from accessing plugin updates is therefore serious, as it could mean users can't update plugins that have security issues, or other fixes.

WordPress co-founder and CEO Matt Mullenweg recently called WP Engine a "cancer" and accused it of profiting from WordPress without contributing to development of the CMS. Mullenweg has sought to have WP Engine pay trademark license fees -- a move he feels would represent a financial contribution commensurate with the benefits it derives from the project. WP Engine doesn't want or intend to pay. Mullenweg argued that if WP Engine won't pay, it should not be able to benefit from resources at WordPress.org.

Winamp, the iconic media player from the late 1990s, has released its complete source code on GitHub, fulfilling a promise made in May. The move aims to modernize the player by inviting developers to collaborate on the project.

The source code release includes build tools and associated libraries for the Windows app, allowing developers to provide bug fixes and new features. However, the license prohibits distribution of modified software created from this code.

LG has started displaying ads on TV screensavers, intensifying the proliferation of ads in smart TV software. The South Korean company quietly announced the move to advertisers on September 5, forgoing a public statement to consumers.

An anonymous reader quotes a report from Ars Technica: Software fixes are now responsible for more than 1 in 5 automotive recalls. That's the key finding from a decade's worth of National Highway Traffic Safety Administration recall data, according to an analysis from the law firm DeMayo Law. While that's a sign of growing inconvenience for drivers, the silver lining is that a software patch is usually a much quicker fix than something requiring hardware replacement. "Our analysis suggests we're witnessing a shift in how automotive recalls are handled. The growing number of software-related recalls, coupled with the ability to address issues remotely, could revolutionize the recall process for both manufacturers and vehicle owners," said a spokesperson for DeMayo Law.

In 2014, 34 of 277 automotive recalls were software fixes. The percentage of software recalls floated around 12-13 percent (apart from a spike in 2015) before growing steadily from 2020. In 2021, 16 percent of automotive recalls (61 out of 380) were for software. In 2022, almost 22 percent of recalls were software fixes (76 out of 348), and last year topped 23 percent (82 out of 356). Leading the way was Chrysler, with 82 different software recalls since 2014. Ford (66 recalls) and Mercedes-Benz (60) are the two runner-ups. Meanwhile, Tesla ranks only eighth, with 26 software recalls since 2014, which puts it on par with Hyundai (25) and Kia (25).

Electrical systems were the most common problem area, which makes sense -- this is also the second-most common hardware fix recall and would probably be the top if it were not for the massive Takata airbag recall, which has affected more than 100 million cars worldwide. The other common systems affected by recalls requiring software remedies were related to backover prevention -- whether that be reversing cameras, collision warnings, or automatic emergency braking -- airbags, powertrains, and exterior lighting. "It should be noted that not all recalls involving a software fix are to solve a software problem," notes Ars' Jonathan M. Gitlin. "Take the recent Jaguar I-Pace recall, which was triggered by battery fires caused by battery cells damaged during assembly. Jaguar's fix? A software update that sets a new, lower limit to the storage capacity of the battery pack, preventing it from fully charging to 100 percent."

wiredmikey writes: CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the embarrassing July outage that caused widespread disruption on Windows systems around the world.

In testimony before the House Subcommittee on Cybersecurity, CrowdStrike vice president Adam Meyers outlined a new set of protocols that include carefully controlled rollouts of software updates, better validation of code inputs, and new testing procedures to cover a broader array of problematic scenarios.

An anonymous reader quotes a report from TechCrunch: With the perennial tensions between proprietary and open source software (OSS) unlikely to end anytime soon, a $3 billion startup is throwing its weight behind a new licensing paradigm -- one that's designed to bridge the open and proprietary worlds, replete with new definition, terminology, and governance model. Developer software company Sentry recently introduced a new license category dubbed "fair source." Sentry is an initial adopter, as are some half dozen others, including GitButler, a developer tooling company from one of GitHub's founders. The fair source concept is designed to help companies align themselves with the "open" software development sphere, without encroaching into existing licensing landscapes, be that open source, open core, or source-available, and while avoiding any negative associations that exist with "proprietary." However, fair source is also a response to the growing sense that open source isn't working out commercially.

"Open source isn't a business model -- open source is a distribution model, it's a software development model, primarily," Chad Whitacre, Sentry's head of open source, told TechCrunch. "And in fact, it places severe limits on what business models are available, because of the licensing terms." Sure, there are hugely successful open source projects, but they are generally components of larger proprietary products. Businesses that have flown the open source flag have mostly retreated to protect their hard work, moving either from fully permissive to a more restrictive "copyleft" license, as the likes of Element did last year and Grafana before it, or ditched open source altogether as HashiCorp did with Terraform. "Most of the world's software is still closed source," Whitacre added. "Kubernetes is open source, but Google Search is closed. React is open source, but Facebook Newsfeed is closed. With fair source, we're carving a space for companies to safely share not just these lower-level infrastructure components, but share access to their core product." Further reading: As Companies Try 'Open Source Rug Pull', Open Source Foundations Considered Helpful

Ars Technica's Dan Goodin reports: Five years ago, researchers made a grim discovery -- a legitimate Android app in the Google Play market that was surreptitiously made malicious by a library the developers used to earn advertising revenue. With that, the app was infected with code that caused 100 million infected devices to connect to attacker-controlled servers and download secret payloads. Now, history is repeating itself. Researchers from the same Moscow, Russia-based security firm reported Monday that they found two new apps, downloaded from Play 11 million times, that were infected with the same malware family. The researchers, from Kaspersky, believe a malicious software developer kit for integrating advertising capabilities is once again responsible. [...]

The researchers found Necro in two Google Play apps. One was Wuta Camera, an app with 10 million downloads to date. Wuta Camera versions 6.3.2.148 through 6.3.6.148 contained the malicious SDK that infects apps. The app has since been updated to remove the malicious component. A separate app with roughly 1 million downloads -- known as Max Browser -- was also infected. That app is no longer available in Google Play. The researchers also found Necro infecting a variety of Android apps available in alternative marketplaces. Those apps typically billed themselves as modified versions of legitimate apps such as Spotify, Minecraft, WhatsApp, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. People who are concerned they may be infected by Necro should check their devices for the presence of indicators of compromise listed at the end of this writeup.

Customers of Kaspersky antivirus in the United States found out in the last few days that their cybersecurity software was automatically replaced with a new one called UltraAV, according to several customers. And while Kaspersky said earlier this month that its U.S. customers would be transitioned to UltraAV, many of its customers said they had no idea this was going to happen and that it would automatically be forced upon them. From a report: "Woke up to Kasperky [sic] completely gone from my system with Ultra AV and Ultra VPN freshly installed (not by me, just automatically while I slept)," a user on Reddit wrote. Others reported having the same experience in the same Reddit thread, as well as in other threads. A reseller, who until recently sold Kaspersky products prior to the recent sales ban, told TechCrunch that he was left "annoyed" by the move to automatically remove Kaspersky software and replace it with an entirely different antivirus. A former senior U.S. government cybersecurity official said that this was an example of the "huge risk" posed by the access granted by Kaspersky software. It's worth noting that, on the other hand, other customers did report receiving an email from Kaspersky about the transition to UltraAV.

Marc Benioff said Microsoft's Copilot AI hasn't lived up to the hype. The Salesforce CEO said on the company's second-quarter earnings call that its own AI is nothing like Copilot, which he said was unimpressive. From a report: "So many customers are so disappointed in what they bought from Microsoft Copilot because they're not getting the accuracy and the response that they want," Benioff said. "Microsoft has disappointed so many customers with AI."

Microsoft Copilot integrates OpenAI's ChatGPT tech into the company's existing suite of business software like Word, Excel, and PowerPoint that comes with Microsoft 365. Launched last year, Copilot is meant to help companies boost productivity by responding to employee prompts and helping them with daily tasks like scheduling meetings, writing up product announcements, and creating presentations. In response to Benioff's comments, Jared Spataro, Microsoft's corporate vice president for AI at work, said in a statement to Fortune that the company was "hearing something quite different" from its customers.

Sonos launched a disastrous app update in May, prompting CEO Patrick Spence to commission an internal investigation led by chief counsel Eddie Lazarus. The software release, plagued with missing features and bugs, has sparked widespread customer outrage and led to a $200 million revenue shortfall. Sonos shares have plummeted 25% this year. Lazarus interviewed about two dozen employees and reviewed meeting recordings before presenting his findings to the board in late July. Bloomberg: What has happened to Sonos is at its heart a cautionary tale of company leadership ignoring the perils of "technical debt," the term used by software engineers to describe the compounding threat of outdated code and infrastructure on security, usability and stability.

For two decades, Sonos had allowed its tech debt to pile high. When it undertook in earnest its effort to revamp its app in mid-2022, the company knew it was sitting on infrastructure and code written in languages that were pretty much obsolete. The Sonos app had been adapted and spliced and tinkered with so often, the vast majority of work being performed for the new app was less about introducing new functionality than sorting out the existing mess.

The company could have tackled its tech debt sooner but appears to have lacked a crucial element: urgency. It finally came in the form of the Sonos Ace headphones, the first product in the Sonos range to be fully mobile rather than using home or office Wi-Fi. The app needed to be rebuilt, as did the cloud computing setup underpinning it.

Ace is a critical product for Sonos. Now that Sonos' pandemic sales boom has subsided, Wall Street has started to question where revenue growth will come from. Sonos Ace is a big part of the answer. Despite the company's lofty and well-earned reputation, Sonos' share of the $100 billion audio market is only around 2% because it has not gone toe-to-toe in the headphones category with Apple, Sennheiser, Bose and the rest.

The US Commerce Department on Monday will propose a ban on the sale or import of smart vehicles that use specific Chinese or Russian technology because of national security concerns, according to US officials. From a report: A US government investigation that began in February found a range of national security risks from embedded software and hardware from China and Russia in US vehicles, including the possibility of remote sabotage by hacking and the collection of personal data on drivers, Secretary of Commerce Gina Raimondo told reporters Sunday in a conference call.

"In extreme situations, a foreign adversary could shut down or take control of all their vehicles operating in the United States, all at the same time, causing crashes (or) blocking roads," she said. The rule would not apply to cars already on the road in the US that already have Chinese software installed, a senior administration official told CNN. The software ban would take effect for vehicles for "model year" 2027 and the hardware ban for "model year" 2030, according to the Commerce Department. The proposed regulatory action is part of a much broader struggle between the United States and China, the world's two biggest economies, to secure the supply chains of the key computing technology of the future, from semiconductors to AI software. China, in particular, has invested heavily in the connected car market, and inroads made by Chinese manufacturers in Europe have worried US officials.

In the antitrust trial alleging Google had an ad-selling monopoly, "government lawyers have said some of their strongest evidence is in Google's own internal communications," reports the Wall Street Journal: [In 2010] a new crop of ad-tech companies were threatening Google's bottom line. "One way to make sure we don't get further behind in the market is picking up the one with the most traction and parking it somewhere..." [wrote YouTube Chief Executive Neal Mohan, who previously ran Google's display-ads business]. Google ended up buying one such company, AdMeld, for $400 million in 2011. Google shut down AdMeld two years later, after incorporating some of the startup's technology into its ad exchange, known commonly as AdX.

The Justice Department argued that AdMeld was part of a larger trend: Google acquiring nascent rivals to corner the market and then locking customers into using its products by conditioning access to one software tool on them paying for another... In a 2016 email introduced by the government, Google executive Jonathan Bellack asked colleagues: "Is there a deeper issue with us owning the platform, the exchange, and a huge network? The analogy would be if Goldman or Citibank owned the NYSE [New York Stock Exchange]...." The Justice Department also cited a 2018 email from another then-executive, Chris LaSala, who raised concerns internally over the 20% cut that Google takes from many of its AdX customers, saying Google was extracting "irrationally high rent" from users. "I don't think there is 20% of value in comparing two bids," wrote LaSala. "AdX is not providing additional liquidity to the market. It is simply running the auction."

Another former Google executive, Eisar Lipkovitz, testified that Google's omnipresence in ad-tech gives rise to conflicts of interest. Lipkovitz was rebuffed when he tried to get Google to lower the cut it took from AdX, he testified in a prerecorded deposition. The Justice Department finished presenting its case on Friday. Other witnesses included Google customers. One was Stephanie Layser, a former News Corp executive, who said she felt she had no choice but to use Google technology because the search giant has such market power that switching to another ad server would have meant losing out on millions in advertising revenue.
Google's lawyer countered that "There will be no witness in this case who can say with clarity where this industry is going in the next five years."

Or, as the Wall Street Journal puts it, "It makes no sense to focus on display ads, Google argues, when the industry is shifting to apps, social media and streaming services. Far from monopolizing the space, Google is actually losing ground, Google lawyer Karen Dunn said in her opening trial statement..."

"In the era of the open source rug pull, the role of open source foundations is more important than ever," argues the co-founder of the developer-focused industry analyst firm RedMonk: The "rug pull" here refers to companies that have used open source as a distribution mechanism, building a community and user base, before changing the license to be restricted, rather than truly open source. "This is capitalism, yo. We've got shareholders to satisfy. It's time to relicense that software, move to a Business Source license." [...] Where open source used to be a sustainable commitment, today too often it feels like a short term tactic. Commercial open source isn't what it used to be.

Which means that open source foundations, which provide ongoing governance and intellectual property management for open source projects, are in an interesting position, in some cases becoming more adversarial than they historically have been with vendors.... [T]he Apache Software Foundation (ASF) has done a great job of fostering sustainable, commercial, open source for decades now, most notably in the data infrastructure space — think Hadoop, Spark, Kafka, Flink etc. ["[C]ommercial open source would almost certainly never have achieved critical mass and continued success without foundations in the mix," the article notes later. "The ASF was founded in 1999, and underpinned the adoption of open source middleware in the enterprise..."] One premise behind the Cloud Native Computing Foundation (CNCF) is that user organisations can within reason trust it to stand behind the projects it incubates and manages. While not an explicit commitment, adopters generally, and enterprises specifically, have seen the CNCF imprimatur as one that they can rely on. In the era of the open source rug pull this kind of promise becomes even more important....

Sid Sijbrandij, CEO of GitLab has argued that open source companies should commit to an Open Charter as a mechanism to protect users from open source rug pulls. "Open source software isn't useful if people can't rely on the project remaining open source. Adopting Open Charter offers open source users predictability amidst the growing licensing switch trend." With a CNCF project, though, the need for this kind of charter becomes less important, because the code is by design not single source, but has a diverse set of contributors. Which is to say that open source foundations can make rug pulls a lot less likely than adoption of open source technology built by a single company. Relying on benevolent dictators is generally pretty risky. And recently the benevolent dictators have seemed... less benevolent.
In conclusion, "Open Source Foundations Considered Helpful," according to the post's title. It does argue that "Any company is within its rights to relicense its software, but it can certainly be problematic from a community and project health perspective.

"Which is exactly why open source foundations are more important than ever."