Slashdot

In a podcast interview with The Verge's Nilay Patel, Hinge CEO Justin McLeod described integrating AI into dating apps as promising but warned against relying on AI companionship, likening it to "playing with fire" and consuming "junk food," potentially exacerbating the loneliness epidemic. He emphasized Hinge's mission to foster genuine human connections and highlighted upcoming AI-powered features designed to improve matchmaking and provide coaching to encourage real-world interactions. Here's an excerpt from the interview: Again, there's a fine line between prompting someone and coaching them inside Hinge, and we're coaching them in a different way within a more self-contained ecosystem. How do you think about that? Would you launch a full-on virtual girlfriend inside Hinge? Certainly not. I have lots of thoughts about this. I think there's actually quite a clear line between providing a tool that helps people do something or get better at something, and the line where it becomes this thing that is trying to become your friend, trying to mimic emotions, and trying to create an emotional connection with you. That I think is really playing with fire. I think we are already in a crisis of loneliness, and a loneliness epidemic. It's a complex issue, and it's baked into our culture, and it goes back to before the internet. But just since 2000, over the past 20 years, the amount of time that people spend together in real life with their friends has dropped by 70 percent for young people. And it's been almost completely displaced by the time spent staring at screens. As a result, we've seen massive increases in mental health issues, and people's loneliness, anxiety, and depression. I think Mark Zuckerberg was just quoted about this, that most people don't have enough friends. But he said we're going to give them AI chatbots. That he believes that AI chatbots can become your friends. I think that's honestly an extraordinarily reductive view of what a friendship is, that it's someone there to say all the right things to you at the right moment The most rewarding parts of being in a friendship are being able to be there for someone else, to risk and be vulnerable, to share experiences with other conscious entities. So I think that while it will feel good in the moment, like junk food basically, to have an experience with someone who says all the right things and is available at the right time, it will ultimately, just like junk food, make people feel less healthy and mo re drained over time. It will displace the human relationships that people should be cultivating out in the real world. How do you compete with that? That is the other thing that is happening. It is happening. Whether it's good or bad. Hinge is offering a harder path. So you say, "We've got to get people out on dates." I honestly wonder about that, based on the younger folks I know who sometimes say, âoeI just don't want to leave the house. I would rather just talk to this computer. I have too much social pressure just leaving the house in this way.â That's what Hinge is promising to do. How do you compete with that? Do you take it head on? Are you marketing that directly? I'm starting to think very much about taking it head on. We want to continue at Hinge to champion human relationships, real human-to-human-in-real-life relationships, because I think they are an essential part of the human experience, and they're essential to our mental health. It's not just because I run a dating app and, obviously, it's important that people continue to meet. It really is a deep, personal mission of mine, and I think it's absolutely critical that someone is out there championing this. Because it's always easier to race to the bottom of the brain stem and offer people junk products that maybe sell in the moment but leave them worse off. That's the entire model that we've seen from what happened with social media. I think AI chatbots could frankly be much more dangerous in that respect. So what we can do is to become more and more effective and support people more and more, and make it as easy as possible to do the harder and riskier thing, which is to go out and form real relationships with real people. They can let you down and might not always be there for you, but it is ultimately a much more nourishing and enriching experience for people. We can also champion and raise awareness as much as we can. That's another reason why I'm here today talking with you, because I think it's important to put out the counter perspective, that we don't just reflexively believe that AI chatbots can be your friend, without thinking too deeply about what that really implies and what that really means. We keep going back to junk food, but people had to start waking up to the fact that this was harmful. We had to do a lot of campaigns to educate people that drinking Coca-Cola and eating fast food was detrimental to their health over the long term. And then as people became more aware of that, a whole personal wellness industry started to grow, and now that's a huge industry, and people spend a lot of time focusing on their diet and nutrition and mental health, and all these other things. I think similarly, social wellness needs to become a category like that. It's thinking about not just how do I get this junk social experience of social media where I get fed outraged news and celebrity gossip and all that stuff, but how do I start building a sense of social wellness, where I can create an enriching, intimate connection with important people in my life. You can listen to the podcast here.

Read more of this story at Slashdot.

Magic Lantern, the popular open-source suite of software enhancements for Canon DSLR cameras, has returned under new leadership. The revived project aims to offer regular updates and support for additional models, including compatibility for Canon's newer mirrorless cameras equipped with DIGIC X processors. PetaPixel reports: The new lead developer, names_are_hard, announced Magic Lantern's return yesterday on Magic Lantern's forums, seen by Reddit r/cinematography users and confirmed on the official Magic Lantern website. "It's been a long journey, but official Magic Lantern builds return, for all cameras," names_are_hard writes. They add that this means that there will be new, regular releases for all supported cameras and new cameras will be supported. As of now, the supported cameras are almost entirely DSLR models, save for tools for the original EOS M mirrorless camera. However, one of the members of the core Magic Lantern team, which comprises developers g3ggo, kitor, and WalterSchulz, says the team is looking at supporting cameras with DIGIC X processors, which includes mirrorless EOS R models. "It would be awesome if they start supporting new cameras. Imaging unlocking Open Gate on the R5/R6 lines, or RAW on cameras that don't have it (like R6, R7, etc.)," writes Redditor user machado34. "I believe it will be possible. They say they're exploring up to DIGIC X," adds 3dforlife. "In fact we are," developer kitor replies. "Just DIGIC 8 is stubborn and X adds some new (undocumented) hardware on top of that." Kitor is listed as the chief DIGIC 8 and DIGIC X hacker on Magic Lantern's forums, plus kitor is chiefly in charge of the revived website and Magic Lantern's social media presence. If the team can crack mirrorless cameras, it would be a boon. [...] The new Magic Lantern core team of devs, plus many other key players who are involved to various degrees in bringing Magic Lantern back to life, have built a new repo, formalized the code base, and developed a new, efficient build system. "Around 2020, our old lead dev, a1ex, after years of hard work, left the project. The documentation was fragmentary. Nobody understood the build system. A very small number of volunteers kept things alive, but nothing worked well. Nobody had deep knowledge of Magic Lantern code," names_are_hard writes. "Those that remained had to learn how everything worked, then fix it. Then add support for new cams without breaking the old ones." "We have an updated website. We have a new repo. We have new supported models. We have a new build system. We have cleaner, faster, smaller code." The team is now using Git, building on modern operating systems with contemporary tools, and compiling clean. "This was a lot of work, and invisible to users, but very useful for devs. It's easier than ever to join as a dev." Alongside the exciting return, Magic Lantern has added support for numerous new Canon DSLR cameras, including the 200D, 6D Mark II, 750D, and 7D Mark II.

Read more of this story at Slashdot.

jalvarez13 writes: My venerable HP Officejet Pro 8600 Plus is showing its age and it has become expensive to operate due to the cost of the original cartridges. I tried some alternative cartridges but the printer rejects them. Now that schools still require kids to print stuff at home (mine are in 2nd and 4th grade), and my wife also needs to use the printer, I think it may be wise to invest in a good-quality printer that has a lower cost per page (maybe laser?). In that context, I'd love to have unbiased information about brand quality, printing technology, cost efficiency, and other factors that I might have missed. Any thoughts?

Read more of this story at Slashdot.

Disabling Intel graphics security mitigations in GPU compute stacks for OpenCL and Level Zero can yield a performance boost of up to 20%, prompting Ubuntu's Canonical and Intel to disable these mitigations in future Ubuntu packages. Phoronix's Michael Larabel reports: Intel does allow building their GPU compute stack without these mitigations by using the "NEO_DISABLE_MITIGATIONS" build option and that is what Canonical is looking to set now for Ubuntu packages to avoid the significant performance impact. This work will likely all be addressed in time for Ubuntu 25.10. This NEO_DISABLE_MITIGATIONS option is just for compiling the Intel Compute Runtime stack and doesn't impact the Linux kernel security mitigations or else outside of Intel's "NEO" GPU compute stack. Both Intel and Canonical are in agreement with this move and it turns out that even Intel's GitHub binary packages for their Compute Runtime for OpenCL and Level Zero ship with the mitigations disabled due to the performance impact. This Ubuntu Launchpad bug report for the Intel Compute Runtime notes some of the key takeaways. There is also this PPA where Ubuntu developers are currently testing their Compute Runtime builds with NEO_DISABLE_MITIGATIONS enabled for disabling the mitigations.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: After a court ordered OpenAI to "indefinitely" retain all ChatGPT logs, including deleted chats, of millions of users, two panicked users tried and failed to intervene. The order sought to preserve potential evidence in a copyright infringement lawsuit raised by news organizations. In May, Judge Ona Wang, who drafted the order, rejected the first user's request (PDF) on behalf of his company simply because the company should have hired a lawyer to draft the filing. But more recently, Wang rejected (PDF) a second claim from another ChatGPT user, and that order went into greater detail, revealing how the judge is considering opposition to the order ahead of oral arguments this week, which were urgently requested by OpenAI. The second request (PDF) to intervene came from a ChatGPT user named Aidan Hunt, who said that he uses ChatGPT "from time to time," occasionally sending OpenAI "highly sensitive personal and commercial information in the course of using the service." In his filing, Hunt alleged that Wang's preservation order created a "nationwide mass surveillance program" affecting and potentially harming "all ChatGPT users," who received no warning that their deleted and anonymous chats were suddenly being retained. He warned that the order limiting retention to just ChatGPT outputs carried the same risks as including user inputs, since outputs "inherently reveal, and often explicitly restate, the input questions or topics input." Hunt claimed that he only learned that ChatGPT was retaining this information -- despite policies specifying they would not -- by stumbling upon the news in an online forum. Feeling that his Fourth Amendment and due process rights were being infringed, Hunt sought to influence the court's decision and proposed a motion to vacate the order that said Wang's "order effectively requires Defendants to implement a mass surveillance program affecting all ChatGPT users." [...] OpenAI will have a chance to defend panicked users on June 26, when Wang hears oral arguments over the ChatGPT maker's concerns about the preservation order. In his filing, Hunt explained that among his worst fears is that the order will not be blocked and that chat data will be disclosed to news plaintiffs who may be motivated to publicly disseminate the deleted chats. That could happen if news organizations find evidence of deleted chats they say are likely to contain user attempts to generate full news articles. Wang suggested that there is no risk at this time since no chat data has yet been disclosed to the news organizations. That could mean that ChatGPT users may have better luck intervening after chat data is shared, should OpenAI's fight to block the order this week fail. But that's likely no comfort to users like Hunt, who worry that OpenAI merely retaining the data -- even if it's never shared with news organizations -- could cause severe and irreparable harms. Some users appear to be questioning how hard OpenAI will fight. In particular, Hunt is worried that OpenAI may not prioritize defending users' privacy if other concerns -- like "financial costs of the case, desire for a quick resolution, and avoiding reputational damage" -- are deemed more important, his filing said.

Read more of this story at Slashdot.

Apple's iOS 26 introduces Recovery Assistant, a feature that allows users to restore malfunctioning iPhones without requiring a Mac or PC. The system automatically boots devices into Recovery mode when startup issues occur, displaying the message "This iPhone encountered an issue while starting." Users can then initiate recovery through another Apple device like an iPad, which downloads and installs a newer iOS version onto the malfunctioning iPhone. Apple described Recovery Assistant as "a new way to recover your device if it doesn't start up normally" in release notes for the second iOS 26 beta.

Read more of this story at Slashdot.

The number of doctoral graduates globally has grown steadily over recent decades, creating a massive imbalance between PhD holders and available academic positions. Among the 38 OECD countries, new doctorate holders almost doubled between 1998 and 2017. China's doctoral enrollment has exploded from around 300,000 students in 2013 to more than 600,000 in 2023. This growth has forced PhD graduates into non-academic careers at unprecedented rates. A 2023 study of more than 4,500 PhD graduates in the United Kingdom found over two-thirds were employed outside academia. In South Africa, 18% of more than 6,000 PhD graduates reported difficulty finding jobs related to their expertise. Some countries have begun adapting their doctoral programs. Japan, Germany and the United Kingdom now offer training and paid internships during doctoral studies, including "industrial PhD" programs where students conduct research in collaboration with companies.

Read more of this story at Slashdot.

Hackers suspected of working on behalf of the Chinese government exploited a maximum-severity vulnerability, which had received a patch 16 months earlier, to compromise a telecommunications provider in Canada, officials from that country and the US said Monday. ArsTechnica: "The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies," officials for the center, the Canadian government's primary cyber security agency, said in a statement. "The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon." The FBI issued its own nearly identical statement. Salt Typhoon is the name researchers and government officials use to track one of several discreet groups known to hack nations all over the world on behalf of the People's Republic of China. In October 2023, researchers disclosed that hackers had backdoored more than 10,000 Cisco devices by exploiting CVE-2023-20198, a vulnerability with a maximum severity rating of 10. Any switch, router, or wireless LAN controller running Cisco's iOS XE that had the HTTP or HTTPS server feature enabled and exposed to the Internet was vulnerable. Cisco released a security patch about a week after security firm VulnCheck published its report.

Read more of this story at Slashdot.

Bacteria can be used to turn plastic waste into painkillers, researchers have found, opening up the possibility of a more sustainable process for producing the drugs. From a report: Chemists have discovered E coli can be used to create paracetamol, also known as acetaminophen, from a material produced in the laboratory from plastic bottles. "People don't realise that paracetamol comes from oil currently," said Prof Stephen Wallace, the lead author of the research from the University of Edinburgh. "What this technology shows is that by merging chemistry and biology in this way for the first time, we can make paracetamol more sustainably and clean up plastic waste from the environment at the same time." Writing in the journal Nature Chemistry, Wallace and colleagues report how they discovered that a type of chemical reaction called a Lossen rearrangement, a process that has never been seen in nature, was biocompatible. In other words, it could be carried out in the presence of living cells without harming them. The team made their discovery when they took polyethylene terephthalate (PET) -- a type of plastic often found in food packaging and bottles -- and, using sustainable chemical methods, converted it into a new material.

Read more of this story at Slashdot.

Microplastics are present in all beverages, but those packaged in glass bottles contain more microplastic particles than those in plastic bottles, cartons or cans. This was the surprising finding of a study conducted by the Boulogne-sur-Mer unit of the ANSES Laboratory for Food Safety. The scientists hypothesised that these plastic particles could come from the paint used on bottle caps. Water and wine are less affected than other beverages. These findings have highlighted a source of microplastics in drinks that manufacturers can easily take measures to address.

Read more of this story at Slashdot.

FICO credit scores will begin incorporating buy-now-pay-later data for the first time. From a report: With over 90 million Americans expected to use BNPL for purchases this year, critics argue that existing credit scores paint an incomplete picture of an individual's ability to pay back loans. Fair Isaac Corp., which runs FICO, said Monday that it will launch two separate credit scores including BNPL data. FICO Score 10 BNPL and FICO Score 10 T BNPL will "represent a significant advancement in credit scoring, accounting for the growing importance of BNPL loans in the U.S. credit ecosystem," the company said in a statement. "These scores provide lenders with greater visibility into consumers' repayment behaviors, enabling a more comprehensive view of their credit readiness which ultimately improves the lending experience," FICO added.

Read more of this story at Slashdot.

An anonymous reader shares a report: AI firm DeepSeek is aiding China's military and intelligence operations, a senior U.S. official told Reuters, adding that the Chinese tech startup sought to use Southeast Asian shell companies to access high-end semiconductors that cannot be shipped to China under U.S. rules. The U.S. conclusions reflect a growing conviction in Washington that the capabilities behind the rapid rise of one of China's flagship AI enterprises may have been exaggerated and relied heavily on U.S. technology. [...] "We understand that DeepSeek has willingly provided and will likely continue to provide support to China's military and intelligence operations," a senior State Department official told Reuters in an interview. "This effort goes above and beyond open-source access to DeepSeek's AI models," the official said, speaking on condition of anonymity in order to speak about U.S. government information. Chinese law requires companies operating in China to provide data to the government when requested. But the suggestion that DeepSeek is already doing so is likely to raise privacy and other concerns for the firm's tens of millions of daily global users.

Read more of this story at Slashdot.

IYO filed a trademark infringement lawsuit [PDF] against OpenAI and Jony Ive's company earlier this month, alleging the defendants deliberately adopted a confusingly similar name for competing products. The lawsuit surfaced after the Microsoft-backed startup quietly pulled promotional materials about its $6.5 acquisition billion deal with Ive's firm. The Northern District of California complaint targets OpenAI's $6.5 billion acquisition of "IO Products, Inc.," announced May 21, 2025. IYO, which spun out from Google X in 2021, produces the "IYO ONE," an ear-worn device that allows users to interact with computers and AI through voice commands without screens or keyboards. IYO has invested over $62 million developing its audio computing technology, it says in the filing. According to the complaint, OpenAI CEO Sam Altman and Ive's design studio LoveFrom met with IYO representatives multiple times between 2022 and 2025, learning details about IYO's technology and business plans. In March 2025, Altman allegedly told IYO he was "working on something competitive" called "io." IO Products, formed in September 2023, develops hardware for screenless computer interaction similar to IYO's products. The lawsuit seeks injunctive relief and damages for trademark infringement and unfair competition.

Read more of this story at Slashdot.

New York will construct the first major new U.S. nuclear power plant in more than 15 years, with Governor Kathy Hochul directing the state's public electric utility to add at least one gigawatt of nuclear generation capacity. The New York Power Authority will identify an upstate location and determine reactor design, either independently or through private partnerships. The project tests President Trump's May executive orders aimed at accelerating nuclear development through regulatory overhaul, expedited licensing, and expanded use of federal lands for reactors. Only five new commercial reactors have come online since 1991, while nuclear capacity has declined more than 4% from its 2012 peak. Potential sites include grounds of New York's three existing plants owned by Constellation Energy. The state is already collaborating with Constellation on federal grant applications for reactor additions at the Nine Mile Point facility in Oswego and studying Ontario's small modular reactor initiatives.

Read more of this story at Slashdot.

Apple has quietly removed its day-old "The Parent Presentation" video from YouTube. From a report: The Parent Presentation is a customizable slideshow that explains why a Mac is a useful tool in college. [...] Students can customize the presentation slides, and then show it to their parents to convince them to buy them a Mac. In an accompanying YouTube video shared by Apple, comedian Martin Herlihy showed a group of high school students how to effectively use The Parent Presentation. Some users described the ad as "cringe" and "gross."

Read more of this story at Slashdot.

The U.S. House chief administrative officer has banned WhatsApp from congressional staffers' government devices citing data vulnerability concerns. The cybersecurity office deemed the messaging app "high-risk" due to lack of transparency in data protection, absence of stored data encryption, and potential security risks, according to an email obtained by Axios. Staff cannot download or keep WhatsApp on any House device, including mobile, desktop, or web browser versions.

Read more of this story at Slashdot.

Bruce66423 writes (slightly edited to add more context): A former potash mine at Wittelsheim in Alsace now entombs about 42,000 tonnes of toxic industrial waste, and scientists warn that, over time, contaminants could seep upward into the Alsace aquifer, which in turn feeds the transboundary Upper Rhine groundwater system supplying drinking water to millions in France, Germany and Switzerland. Campaigners argue that leaving the waste underground instead of removing it creates a long-term 'time-bomb' for people and wildlife.

Read more of this story at Slashdot.

Perched in Chile's Andes mountains, "A revolutionary new space telescope has just taken its first pictures of the cosmos," reports National Geographic — "and they're spectacular." Formerly known as the Large Synoptic Survey Telescope, it's expected to bring "unprecedented detail" to space photography: The observatory has a few key components: A giant telescope, called the Simonyi Survey Telescope, is connected to the world's largest and highest resolution digital camera. Rubin's 27-foot primary mirror, paired with a mind-boggling 3,200-megapixel camera, will repeatedly take 30-second exposure images of vast swaths of the sky with unrivaled speed and detail. Each image will cover an area of sky as big as 40 full moons. Every three nights for the next 10 years, Rubin will produce a new, ultra-high-definition map of the entire visible southern sky. With this much coverage, scientists hope to create an updated and detailed "movie" they can use to view how the cosmos changes over time.... For the next decade, Rubin will capture millions of astronomical objects each day — or more than 100 every second. Ultimately, it's expected to discover about 17 billion stars and 20 billion galaxies that we've never seen before... When the observatory begins science operations in earnest later in 2025, its instruments will yield a deluge of astronomical data that will be too overwhelming to process manually. (Each night, the observatory will generate around 20 terabytes of data.) Astronomers expect high-quality observations taken with the telescope will help map out the structure of the universe, find comets and potentially hazardous asteroids in our solar system, and detect exploding stars and black holes in distant galaxies. The observatory will also examine the optical counterparts of gravitational wave events — ripples in the fabric of space caused by some of the most energetic processes in the cosmos. By studying these events, astronomers hope to uncover the secrets of the invisible forces that shape the universe like dark matter and dark energy. "Already, in just over 10 hours of test observations, the observatory has discovered 2,104 never-before-seen-asteroids," reports NPR, "including seven near-Earth asteroids, none of which pose any danger..." The basic idea is that the data "should let astronomers catch transient phenomena that they otherwise wouldn't know to look for, such as exploding stars, asteroids, interstellar objects whizzing in from other solar systems, and maybe even the movement of a giant planet that some believe is lurking out in our own solar system, beyond Pluto." The telescope is a joint project between the U.S. Energy Department and its National Science Foundation — and it will stream a special live broadcast of its first images today at 11 a.m. EDT (1500 GMT) on their official YouTube channel (also simulacast at Space.com).

Read more of this story at Slashdot.

The classic VW bus got an all-electric update — but that was just the beginning. Now there's an autonomous driving version (that's intended for commercial fleets, reports Jalopnik, "a level 4 vehicle that drives set routes" that's "going into full production" as the ID Buzz AD. (The AD stands for "autonomous driving") The AD version sports a longer wheelbase and a higher roofline than its mere human-driven sibling, which helps it to fit in the 13 cameras, nine LiDARs, and five radars that will (hopefully) allow the car to drive without crashing into anybody. These are intended for large-fleet customers providing taxi services, either ones run by local governments or private companies. [Volkswagen Group software subsidiary MOIA] has already lined up its first customer, the German city of Hamburg, which will provide the automated Buzz as a public transit option alongside traditional bus and subway services. If all goes well, after Hamburg MOIA "will bring sustainable, autonomous mobility to large-scale deployment in Europe and the U.S.," according to VW Group CEO Oliver Blume. Down the road, VW has also signed an agreement for rideshare juggernaut Uber to use the ID Buzz AD across America, starting with Los Angeles in 2026. The ID Buzz AD is the first vehicle in Germany to reach SAE International's threshold for Level 4 autonomous driving, meaning that the car can drive itself, with no need for a driver behind the wheel, within designated areas. It comes with "a full suite of tools for public and private transit providers," notes the EV news site Electrek. "That includes everything from the self-driving tech to fleet management software, passenger support, and operator training. That will allow cities and companies to launch driverless fleets quickly, safely, and at scale." And Christian Senger, a member of the board of management of VW Commercial Vehicles, tells DW the vans will be manufactured in very large numbers. The Hannover VW factory is set to produce more than 10,000 commercial vehicles. "We believe we can be the leading supplier in Europe," Senger says.... [Senger] does not expect the top dog of Germany's beleaguered auto industry to make any money, at least at first. In the long term, though, he explains that autonomous driving is the lucrative field of the future, one that promises to be much more profitable than the traditional automotive industry... The exact price has not yet been announced but the ID. Buzz AD is unlikely to come cheap. According to Senger, buyers will have to pay a low six-figure sum (in euros) per vehicle. That means it's going to be expensive for transport companies. The Association of German Transport Companies or VDV, is calling for a nationally coordinated strategy of long-term financing, and a market launch supported by public funding, to establish the country's supremacy in this market.

Read more of this story at Slashdot.

The Python Software Foundation ("made up of, governed, and led by the community") does more than just host Python and its documnation, the Python Package Repository, and the development workflows of core CPython developers. This week the PSF released its 28-page Annual Impact Report this week, noting that 2024 was their first year with three CPython developers-in-residence — and "Between Lukasz, Petr, and Serhiy, over 750 pull requests were authored, and another 1,500 pull requests by other authors were reviewed and merged." Lukasz Langa co-implemented the new colorful shell included in Python 3.13, along with Pablo Galindo Salgado, Emily Morehouse-Valcarcel, and Lysandros Nikolaou.... Code-wise, some of the most interesting contributions by Petr Viktorin were around the ctypes module that allows interaction between Python and C.... These are just a few of Serhiy Storchaka's many contributions in 2024: improving error messages for strings, bytes, and bytearrays; reworking support for var-arguments in the C argument handling generator called "Argument Clinic"; fixing memory leaks in regular expressions; raising the limits for Python integers on 64-bit platforms; adding support for arbitrary code page encodings on Windows; improving complex and fraction number support... Thanks to the investment of [the OpenSSF's security project] Alpha-Omega in 2024, our Security Developer-in-Residence, Seth Larson, continued his work improving the security posture of CPython and the ecosystem of Python packages. Python continues to be an open source security leader, evident by the Linux kernel becoming a CVE Numbering Authority using our guide as well as our publication of a new implementers guide for Trusted Publishers used by Ruby, Crates.io, and Nuget. Python was also recommended as a memory-safe programming language in early 2024 by the White House and CISA following our response to the Office of the National Cyber Directory Request for Information on open source security in 2023... Due to the increasing demand for SBOMs, Seth has taken the initiative to generate SBOM documents for the CPython runtime and all its dependencies, which are now available on python.org/downloads. Seth has also started work on standardizing SBOM documents for Python packages with PEP 770, aiming to solve the "Phantom Dependency" problem and accurately represent non-Python software included in Python packages. With the continued investment in 2024 by Amazon Web Services Open Source and Georgetown CSET for this critical role, our PyPI Safety & Security Engineer, Mike Fiedler, completed his first full calendar year at the PSF... In March 2024, Mike added a "Report project as malware" button on the website, creating more structure to inbound reports and decreasing remediation time. This new button has been used over 2,000 times! The large spike in June led to prohibiting Outlook email domains, and the spike in November was driven by a persistent attack. Mike developed the ability to place projects in quarantine pending further investigation. Thanks to a grant from Alpha-Omega, Mike will continue his work for a second year. We plan to do more work on minimizing time-on-PyPI for malware in 2025... In 2024, PyPI saw an 84% growth in download counts and 48% growth in bandwidth, serving 526,072,569,160 downloads for the 610,131 projects hosted there, requiring 1.11 Exabytes of data transfer, or 281.6 Gbps of bandwidth 24x7x365. In 2024, 97k new projects, 1.2 million new releases, and 3.1 million new files were uploaded to the index.

Read more of this story at Slashdot.