An anonymous reader shares a report: Last month, the open source community was abuzz with excitement following a shocking announcement from System76 that HP was planning to release a laptop running the Pop!_OS operating system. This was significant for several reasons, but most importantly, it was a huge win for Linux users as yet another hardware option was becoming available. Best of all, HP employees have been trained by System76 to offer high-quality customer support. If you aren't aware, System76 support is legendary.

At the time of the announcement, details about the hardware were a bit scarce, but I am happy to report we now have full system specifications for the 14-inch HP Dev One laptop. Most interestingly, there is only one configuration to be had. The developer-focused computer is powered by an octa-core AMD Ryzen 7 PRO 5850U APU which features integrated Radeon graphics. The notebook comes with 16GB RAM and 1TB of NVMe storage, both of which can be user-upgraded later if you choose. The laptop is priced at $1,099.

Lotus-1-2-3, an ancient spreadsheet program from Lotus Software (and later IBM), has been ported to a new operating system. drewsup writes: As reported by The Register, a Lotus 1-2-3 enthusiast called Tavis Ormandy (who is also a bug-hunter for Google Project Zero), managed to successfully port the program onto Linux, which seems to be quite the feat of reverse engineering. It's important to stress that this isn't an emulated program, but rather the original 1990 Lotus 1-2 -- for x86 Unix running natively on modern x86 Linux.

"Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers," reports CSO Online. (They describe the ESXi servers as "a bare-metal hypervisor for creating and running several virtual machines that share the same hard drive storage.") Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs — such as LockBit, Hive and RansomEXX — that have found ESXi an efficient way to infect many computers at once with malicious payloads.

Roger Grimes, a defense evangelist with security awareness training provider KnowBe4, explains that most of the world's organizations operate using VMware virtual machines. "It makes the job of ransomware attackers far easier because they can encrypt one server — the VMware server — and then encrypt every guest VM it contains. One compromise and encryption command can easily encrypt dozens to hundreds of other virtually run computers all at once."

"Most VM shops use some sort of VM backup product to back up all guest servers, so finding and deleting or corrupting one backup repository kills the backup image for all the hosted guest servers all at once," Grimes adds....

The gang behind Cheerscrypt uses a "double extortion" technique to extract money from its targets, the researchers explain. "Security Alert!!!" the attackers' ransom message declares. "We hacked your company successfully. All files have been stolen and encrypted by us. If you want to restore your files or avoid file leaks, please contact us."

ZDNet writes that in late 2020 Red Hat decided "they'd no longer release CentOS Linux as a standalone distribution. Instead, CentOS Stream would work as a beta for RHEL."

So where are we now? The competition immediately sprang up to replace CentOS. The two most important of these are the AlmaLinux OS Foundation's AlmaLinux and Rocky Enterprise Software Foundation's Rocky Linux. [May 16th saw the release of Rocky Linux 8.6.] Now, mere weeks after the release of RHEL 9, AlmaLinux 9 has arrived.

Like RHEL itself, AlmaLinux 9 starts from CentOS Stream via RHEL. Indeed, AlmaLinux developers are CentOS Stream contributors. The bottom line is that CentOS 9 is an identical twin to RHEL 9 — except for the names and trademarks. It has all the same features, all the same advances, and, for better or worse, all the same bugs.
Besides the big server architectures, AlmaLinux is also ready to run on everything from cloud and Docker images to Microsoft's Windows Subsystem for Linux and Raspberry Pi, the article points out.

And Jack Aboutboul, AlmaLinux's Community Manager, tells ZDNet "We are building AlmaLinux with the specific goal of creating an independent CentOS successor that is truly community-centric and designed for everyone... We offer everyone a uniform platform that is safe, secure, easy to use, and dependable to build your tomorrow on."

"Let's popularize image-based OSes," writes Lennart Poettering, "with modernized security properties built around immutability, SecureBoot, TPM2, adaptability, auto-updating, factory reset, uniformity — built from traditional distribution packages, but deployed via images."

Or, as the Register puts it, the Systemd Linux init system "continues to grow and develop, as does Linux itself." They delve into the rationale for the new systemd-sysupdate and kernel-install features, noting "The former is still described as an experimental feature, so relax — for now." No, this does not mean that systemd is becoming a package manager. Like it or not, though, the nature of operating systems is changing. Modern ones are large, complex, and need regular updates, and as The Register has examined in depth recently, this means that the design of Linux distributions is changing radically....

ChromeOS doesn't have a package manager; neither do Fedora's Silverblue and Kinoite versions. You get a tested, known-good image of the OS. Updates are distributed as a complete image, like they are today with Android or iOS. ChromeOS has two root partitions: one live and one spare. The currently running OS updates the spare partition, then you reboot into that one. If everything works, it updates the now-idle second root partition. If it doesn't all work perfectly, then you still have the previous version available to use, and you can just reboot into that again. When a fixed image becomes available, the OS automatically tries again on the spare instance.

The idea is that you always have a known-good OS partition available, which sounds like a benefit to us. Presumably the users are happy too: Chromebook sales may be down, and they only have a fixed lifespan, but there are still well over a hundred million of them out there.

So, no, systemd is not going to become a package manager, because ordinary distros won't have a package manager at all, except maybe Flatpak, or Snap or something similar. The new functionality, including managing installed kernels, is to facilitate A/B type dual-live-system partitions.

For some insight into this vision, Lennart Poettering, lead architect of systemd, has described this in a blog post titled "Bringing Everything Together."
Other updates include "changes to systemd-networkd, such as systemd-resolved starting earlier in the boot sequence, and more cautious allocation of default routes," the article points out, adding that new releases of systemd "ppear roughly twice a year, so the chances are that this will appear in the fall releases of Ubuntu and Fedora...

"If you still prefer to avoid systemd, don't despair. There are still a selection of distros that eschew it altogether, including Devuan GNU+Linux, Alpine Linux, and Void Linux.

With the latest preview patch, Windows Server 2022 now supports WSL2 Linux distros, the Register reports: The move ends an odyssey that began with the arrival of the Windows Subsystem for Linux (WSL) 2 on Windows 10 several years ago and with users' calls for Windows Server to get the same treatment. The change is also somewhat of an about-face from Microsoft. In 2021, in response to pleas from users to backport the tech to Windows Server 2019, [Principal program manager for Windows Server Jeff] Woolsey described WSL in early 2021 as "fantastic for dev" and "perfect for Windows client" but warned: "If we put it in Windows Server, people will use it in production scenarios for which it isn't intended." The approved path was to spin up a full Linux VM. Quite a bit heftier than the lighter-weight WSL2.

Signs of Microsoft listening to feedback showed up earlier this year, as Microsoft Program Manager Craig Loewen "clarified" that WSL2 distros would work on Windows Server version 2004 and 20H2, although the LTSC versions found in many data centers remained free of WSL2. Until this week, that is.
TechRadar provides some context: WSL 2, which was originally released in May 2019 (opens in new tab), uses virtualization technology to run an open source Linux kernel inside of a lightweight utility virtual machine (VM). This empowers Windows users to run popular Linux apps such as Docker. Microsoft claims that unlike a traditional VM experience — which it says can be slow to boot up, is isolated, consumes a lot of resources, and requires your time to manage it — WSL 2 does not have these attributes....

The KB5014021 update is currently optional, but will be automatically rolled out to users next month....

Windows Server updates have not been without issues in recent months, however, with Microsoft having to address various problems caused by the January 2021 Patch Tuesday updates. The company issued an emergency out-of-band update to address bugs that forced domain controllers to reboot endlessly, broke Hyper-V, and rendered ReFS volumes inaccessible while showing them as RAW file systems.

Mike Bouma writes: Despite being expensive and having been sold out for quite some time at the main Amiga Dealers, two days after Linus Torvalds' release of Linux 5.18, Christian "xeno74" Zigotzky made the latest PPC kernel available for the AmigaOne X1000/X5000. Here and here are some screenshots. Linux PPC performs well on AmigaOne computers. For example, here is a 5-year-old YouTube AmigaOne X5000 demonstration video.

UnknowingFool writes: The current Linux kernel in development, 5.19, added 495,793 new lines of code for graphic driver updates. David Airlie sent in the new lines as part of Direct Rendering Manager (DRM) subsystem of Linux. The majority of additions were for AMD's RDNA and CDNA platforms but Intel also submitted changes for their DG2 graphics as well. Updates also came from Qualcomm and MediaTek for their GPU offerings.

UnknowingFool writes: This weekend, Miguel Ojeda, added support for a set of additional Rust patches in the kernel and separately a new version of Uutils which is the Rust version of GNU CoreUtils. These changes will go towards more inclusion of Rust into Linux. The v7 patches adds in abstractions used by Rust and the Uutils update contained fixes and addresses compatibility issues.

"In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos," writes the Microsoft 365 Defender Research Team. It's a trojan combining denial-of-service functionality with XOR-based encryption for communication.

Microsoft calls it part of "the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things devices." And ZDNet describes the trojan "one of the most active Linux-based malware families of 2021, according to Crowdstrike." XorDdos conducts automated password-guessing attacks across thousands of Linux servers to find matching admin credentials used on Secure Shell (SSH) servers... Once credentials are gained, the botnet uses root privileges to install itself on a Linux device and uses XOR-based encryption to communicate with the attacker's command and control infrastructure.

While DDoS attacks are a serious threat to system availability and are growing in size each year, Microsoft is worried about other capabilities of these botnets. "We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner," Microsoft notes... Microsoft didn't see XorDdos directly installing and distributing the Tsunami backdoor, but its researchers think XorDdos is used as a vector for follow-on malicious activities...

XorDdoS can perform multiple DDoS attack techniques, including SYN flood attacks, DNS attacks, and ACK flood attacks.
Microsoft's team warns that the trojan's evasion capabilities "include obfuscating the malware's activities, evading rule-based detection mechanisms and hash-based malicious file lookup, as well as using anti-forensic techniques to break process tree-based analysis.

"We observed in recent campaigns that XorDdos hides malicious activities from analysis by overwriting sensitive files with a null byte. It also includes various persistence mechanisms to support different Linux distributions."

ZDNet reports there's more than just the one Microsoft-created Linux distribution for internal use only called CBL (Common Base Linux) Mariner.

"It turns out there's another Microsoft-developed Linux distribution that's also for internal use that's known as CBL-Delridge or CBL-D." I discovered the existence of CBL-D for the first time this week in a rather round-about way. I stumbled onto a February 2 blog post from Hayden Barnes. a Senior Engineering Manager at SuSE who led the Windows on Rancher engineering team, which traced his steps in discovering and building his own image of CBL-D. Barnes noted that Microsoft published CBL-Delridge in 2020, the same year that it also published CBL-Mariner. The main difference between the two: Delridge is a custom Debian derivative, while Mariner is a custom Linux From Scratch-style distribution.

CBL-D powers Azure's Cloud Shell. The Azure Cloud Shell provides a set of cloud-management tools packaged in a container. In a note on the GitHub repo for the Cloud Shell, officials noted that "the primary difference between Debian and CBL-D is that Microsoft compiles all the packages included in the CBL-D repository internally. This helps guard against supply chain attacks...."

CBL-Mariner and CBL-Delridge are just two of the Microsoft-developed Linux-related deliverables from the Linux Systems Group. Others include the Windows Subsystem for Linux version 2 (WSL2), which is part of Windows 10; an Azure-tuned Linux kernel which is designed for optimal performance as Hyper-V guests; and Integrity Policy Enforcement (IPE), a proposed Linux Security Module (LSM) from the Enterprise and Security team.

Red Hat's CEO/president Paul Cormier assessed the last two years in a speech at this week's Red Hat Summit. "Globally we saw nearly every industry go to 100% remote working overnight." Regardless of industry and size, organizations learned to operate virtually and on-demand. Companies needed to deliver goods and services to customers without a set brick-and-mortar footprint. We saw new tech hubs emerge in unlikely places because workers we no longer bound by needing to be based in specific cities. Newly-remote workers realized that they didn't have to be tied to a physical office, and organizations focused on hiring new talent based on skill and not location.

These are not insignificant achievements, and while this way of working was unfamiliar to those who were forced to adapt during the pandemic, to the open source world, it was just another day.

Every open source project is worked on remotely and has been since their inception. Just look at the Linux Foundation, which supports more than 2,300 projects. There were more than 28,000 active contributors to these projects in 2021, adding more than 29 million lines of code each week and with community participants coming from nearly every country around the globe. Most of these contributors will never meet face to face, but they are still able to drive the next generation of open technologies.

Whether we realized it or not, our accomplishments during the pandemic brought us closer to the open source model, and this is why open source innovation is now driving much of the software world. Through this new way of working, we saw new revenue streams, found new ways to become more efficient, and discovered new ways to engage with our customers. As we approach what, hopefully, is the tail end of an incredibly difficult few years, it's time to accelerate. It's time to take the lessons that we learned and applied as we transformed to digital-first and use them to improve our businesses, cultures and global communities.

The term "new normal" is now used like it's pre-determined and static. It isn't. You get to define your new normal. What do you want your business to look like? How do you want to embrace the next generation of IT?

"CIQ has landed $26 million in funding to support its plans to expand the use of Rocky Linux in the enterprise space," reports ZDNet. Last year, Red Hat decided to stop supporting CentOS 8 and shifted focus to CentOS Stream. CentOS had some huge enterprise users, among them Disney, GoDaddy, RackSpace, Toyota, and Verizon. In response, Greg Kurtzer, one of CentOS's founders, kicked off Rocky Linux in December 2020.... Kurtzer says Rocky Linux adoption has been "massive", with monthly downloads of OS images typically 250,000, reaching 750,000 in a bumper month. "Within two months we had 10,000 developer and contributors trying to be part of this project...."

The project has gained the support of Greg Kroah-Hartman, the maintainer of the main-line stable Linux kernel, to meet community demands for Rocky Linux to run on a more modern, optimized kernel, Kurtzer said. Kroah-Hartman is leading Rocky Linux special interest group (SIG) for the kernel to create an optional enhanced kernel for Rocky Linux. "He's working closely with us to make sure the kernel we use is blessed by him. He's in the loop as bugs come up and help us manage that kernel in Rocky Linux," says Kurtzer.
"Moreover, today's news follows shortly after CIQ inked a major deal with Google to help support companies looking to deploy Rocky Linux on Google's cloud infrastructure," reports VentureBeat.

Kurtzer tells the site that Rocky Linux "has been a rocket ship in terms of uptake across the enterprise and cloud."

Nvidia is publishing their Linux GPU kernel modules as open-source and will be maintaining it moving forward. Phoronix's Michael Larabel reports: To much excitement and a sign of the times, the embargo has just expired on this super-exciting milestone that many of us have been hoping to see for many years. Over the past two decades NVIDIA has offered great Linux driver support with their proprietary driver stack, but with the success of AMD's open-source driver effort going on for more than a decade, many have been calling for NVIDIA to open up their drivers. Their user-space software is remaining closed-source but as of today they have formally opened up their Linux GPU kernel modules and will be maintaining it moving forward. [...] This isn't limited to just Tegra or so but spans not only their desktop graphics but is already production-ready for data center GPU usage.

"Developers of the Deno JavaScript and TypeScript runtime are exploring the possibility of JavaScript containers — and the JavaScript sandbox itself — as a higher-level alternative to Linux containers," reports InfoWorld, citing a blog post by Node.js and Deno creator Ryan Dahl: Dahl also noted that Docker popularized the use of Linux containers, with operating system-level virtualization for distributing server software. Each container image is a dependency-free, ready-to-run software package. But browser JavaScript offers a similar hermetic environment at a higher level of abstraction, he said.

Dahl said he expects JavaScript container technology to unfold over the next couple of years.
In the blog post Dahl says scripting languages are "all pretty much the same" — but that JavaScript is "by far more widely used and future proof." [A JavaScript sandbox container] isn't meant to address the same breadth of problems that Linux containers target. Its emergence is a result of its simplicity. It minimizes the boilerplate for web service business logic. It shares concepts with the browser and reduces the concepts that the programmer needs to know. (Example: when writing a web service, very likely any systemd configuration is just unnecessary boilerplate.)

Every web engineer already knows JavaScript browser APIs. Because the JavaScript container abstraction is built on the same browser APIs, the total amount of experience the engineer needs is reduced. The universality of Javascript reduces complexity.... In this emerging server abstraction layer, JavaScript takes the place of Shell. It is quite a bit better suited to scripting than Bash or Zsh. Instead of invoking Linux executables, like shell does, the JavaScript sandbox can invoke Wasm.... Maybe the majority of "web services" can be simplified by thinking in terms of JavaScript containers, rather than Linux containers.

At Deno we are exploring these ideas; we're trying to radically simplify the server abstraction. We're hiring if this sounds interesting to you.

The Register noted this week that two "unofficial" Ubuntu remixes "came out on the same day as the official flavors."

- Ubuntu Cinnamon (Linux Mint's flagship desktop environment)

- Ubuntu Unity, a revival of what used to be the official Ubuntu desktop by Ubuntu team member Rudra B. Saraswat (described the Register as "a 12-year-old wunderkind") Ubuntu Cinnamon is the older of the two and first appeared in 2019, while Ubuntu Unity came out in May 2020, soon after the release of Ubuntu 20.04.

Ubuntu Unity....has the macOS-like desktop that was Ubuntu's standard offering from 2011 until the company pensioned it off in 2017.... Ubuntu Unity is as free as Ubuntu itself, and the new remix continues to evolve. In 22.04, most of the GNOME-based accessory apps have been replaced with the MATE equivalents, such as the Pluma text editor and Atril document viewer. (A handful remain, such as the GNOME system monitor rather than the MATE one, but the differences are trivial.) The System Settings app is the original Unity one, and the Unity Tweaks app comes pre-installed.... The new "Jammy Jellyfish" version of Ubuntu Unity also adds support for Flatpak packages alongside Ubuntu's native Snap packages. To do this, it replaces Ubuntu's Software Store with version 41.5 of GNOME Software. Interestingly, this also supports Snap packages, so sometimes, when you search for a package, you might get multiple results: one for the OS-native DEB package, possibly one for a Flatpak, and maybe a Snap version too....

[I]f you dislike both the Unity and GNOME desktops and want something more Windows-like, but you don't mind GNOME's CSD windows, then Joshua Peisach's Ubuntu Cinnamon remix may appeal. Cinnamon is the default desktop of both Ubuntu-based Linux Mint and its Debian variant. Ubuntu Cinnamon combines the latest upstream version of Mint's Cinnamon desktop, 5.2.7, with the standard app selection of upstream Ubuntu. This means most of its apps lack menu bars, except for the Nemo file manager and LibreOffice. For these classic-style apps, the Ubuntu Cinnamon distro has tweaked the GNOME title-bar layout to be more Windows-like: minimize/maximize/close buttons at top right, and a window-management menu at top left....

Cinnamon's roots as a fork of GNOME 3 do offer a significant potential feature that MATE, Xfce and indeed Unity cannot do: fractional scaling. This is clearly labelled as an experimental feature, and in testing, we couldn't get it to work, so for now, this remains a theoretical advantage.... These caveats aside, though, Ubuntu Cinnamon is maturing nicely in the new version. While Ubuntu and Ubuntu Unity are now purple-toned, Ubuntu Cinnamon has switched to a restrained theme in shades of dark orange and brown, which reminded us of the tasteful earth-toned Ubuntu of the old GNOME 2 days...

Both these desktops are X.11-based, so there's not a trace of Wayland in either distro. Both also benefit from having working 3D acceleration.
Both remixes "are aiming for inclusion as official Ubuntu flavors," the article points out.

But then again, "There are dozens of Ubuntu remixes and flavors out there. The official Ubuntu Derivatives page links to 30, and DistroWatch has more than five times as many, including many which are no longer maintained."

Fedora project leader Matthew Miller spoke to TechRepublic's Jack Wallen this week, sharing some thoughts on the future of Linux — and on open source in general: Matthew Miller: I think it's a lost cause to try to "sell" our quirky technology interest to people who don't see it already. We need to take a different approach.... I think our message, at its root, has to be around open source.... [W]ith Linux, when you install an open-source distro, you're not just part of a fan community. You're part of a colossal, global effort that makes software more available to everyone, makes that software better and better, and makes the whole world better through sharing... Just by using it you're sharing in this amazing undertaking, part of a move away from scarcity to an economy based on abundance....

Jack Wallen: What's the biggest difference in Linux today vs. Linux of 10 years ago?

Matthew Miller: I think first we have to start with just the amazing ubiquity of it. Ten years ago, it was cute to find a TV that ran Linux. Now, not only is it definitely powering your TV, you've probably got Linux running on your lightbulbs! It's everywhere. And while Linux had pushed proprietary Unix from the server room, ten years ago Windows-based servers were pushing back. The cloud changed that — now, the cloud is Linux, almost completely. (Anything that isn't is a legacy app that it was too much trouble to port!) From tiny devices to the most powerful mainframes and supercomputers: Linux, Linux, Linux....

Jack Wallen: If Linux has an Achilles' heel, what is it?

Matthew Miller: Linux and the whole free and open-source software movement grew up with the rise of the internet as an open communication platform. We absolutely need that to continue in order to realize our vision, and I don't think we can take it for granted.

That's more general than an Achilles' heel, though, so right now let me highlight one thing that I think is troubling: Chrome becoming the dominant browser to the point where it's often the only way to make sites work. Chromium (the associated upstream project) is open source, but isn't really run as a community project, and, pointedly, very very few people run Chromium itself. I'd love to see that change, but I'd also like to see Firefox regain a meaningful presence.
Miller also said Fedora's next release is focused on simplicity. ("When the OS gets in the way, it drops from the conversation I want to have about big ideas to ... well, the boring technical details that people never want to deal with")

And he also shared his thoughts on what Linux needs most. "What I'd really like to see more of are more non-technical contributors. I mean, yes, we can always benefit from more packagers and coders and engineers, but I think what we really need desperately are writers, designers, artists, videographers, communicators, organizers and planners. I don't think big companies are likely to provide those things, at least, not for the parts of the Linux world which aren't their products."

"We need people who think the whole grand project I've been talking about is important, and who have the skills and interests to help make it real."

An anonymous reader quotes a report from Ars Technica: Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights -- the latest elevation of privileges flaw to come to light in the open source OS. [...] Nimbuspwn, as Microsoft has named the EoP threat, is two vulnerabilities that reside in the networkd-dispatcher, a component in many Linux distributions that dispatch network status changes and can run various scripts to respond to a new status. When a machine boots, networkd-dispatcher runs as root. [...] A hacker with minimal access to a vulnerable desktop can chain together exploits for these vulnerabilities that give full root access. [The step-by-step exploit flow can be found in the article. The researcher also was able to gain persistent root access using the exploit flow to create a backdoor.]

The proof-of-concept exploit works only when it can use the "org.freedesktop.network1" bus name. The researcher found several environments where this happens, including Linux Mint, in which the systemd-networkd by default doesn't own the org.freedodesktop.network1 bus name at boot. The researcher also found several processes that run as the systemd-network user, which is permitted to use the bus name required to run arbitrary code from world-writable locations. The vulnerable processes include several gpgv plugins, which are launched when apt-get installs or upgrades, and the Erlang Port Mapper Daemon, which allows running arbitrary code under some scenarios. The vulnerability has been patched, although it's unclear which version of Linux the patch is in.

UnknowingFool writes: In 2020, Paragon Software announced they wanted to upstream their previously proprietary NTFS driver into Linux. After a year of review, the NTFS3 driver was added to the Linux 5.15 kernel. While Paragon pledged to maintain their driver, there have been no major updates to the driver despite a growing list of patches that have submitted. Developer Kari Argillander has raised his concerns on the mailing list that the driver is orphaned, and that the Paragon maintainer has not responded to any messages about fixes. An offer to co-maintain the driver has also been met with "radio silence".

"We have worked on Overgrowth for 14 years," begins their new announcement. Development first began in 2008, and the game runs on Windows, macOS and Linux platforms. Overgrowth's page on Wikipedia describes the realistic 3D third-person action game as "set in a pre-industrial world of anthropomorphic fighter rabbits, wolves, dogs, cats and rats."

And now, "Just like they did with some earlier games, Wolfire Games have now open sourced the game code for Overgrowth," reports GamingOnLinux. "[J]ump, kick, throw, and slash your way to victory.... The source code is available on GitHub. You can buy it on Humble Store and Steam."

The Overwatch site adds as a bonus that "we're also permanently reducing the game's price by a third worldwide" (so U.S. prices drop from $29.99 to $19.99).

"Only the code is getting open sourced," the announcement notes, "not the art assets or levels, the reason is that we don't want someone to build and sell Overgrowth as their own." Wolfire CEO Max Danielsson explains in a video that "you'll still have to own the game to play and mod it." "What it does mean, however, is that everyone will have full and free access to all our source code, including the engine, project files, scripts, and shaders.

"We'll be releasing it under the Apache 2.0 license, which allows you to do whatever you want with the code, including relicensing and selling it, with very few obligations. We tried to keep this easy...

"This isn't the next big engine. We don't intend to compete with any other great open source game engines like Godot, which is a great option if you're looking for a general-purpose game engine. But if you're interested in looking at what shipped game code can look like, want to look at specific code, like the procedural animation system, or if you're an Overgrowth modder who wants to make an involved total conversion mod, then this is for you.
"We have wanted to open source Overgrowth for a long time," says the announcement on Wolfire's site, "and we are incredibly grateful to our team and community for making this happen.

"We are excited to see what people do with this code and we look forward to the spirit of Overgrowth living on for another 14 years."