RSS 생중계

Norway's $2 trillion sovereign wealth fund, equivalent to $340,000 per citizen, may be undermining the country's economic health, according to a contentious new book. Martin Bech Holte's "The Country That Became Too Rich" argues that oil revenue has made Norway bloated and unproductive, with data supporting several concerns. Norway has recorded the slowest productivity growth among wealthy nations over the past two decades while Norwegians take 27.5 sick days annually, the highest rate in the OECD. Student test scores have declined since 2015 and now rank below the OECD average despite Norway spending $20,000 per student compared to the $14,000 OECD average. Fund withdrawals now cover 20% of the annual budget, up from less than 10% two decades ago.

Read more of this story at Slashdot.

Security updates have been issued by Debian (audiofile, libcaca, libetpan, libxml2, php7.4, snapcast, and thunderbird), Fedora (glibc, iputils, mingw-binutils, and thunderbird), Red Hat (kernel, kernel-rt, mod_auth_openidc, and mod_auth_openidc:2.3), SUSE (afterburn, apache2, atop, chromedriver, chromium, cloud-init, deepin-feature-enable, firefox, firefox-esr, grafana, grype-db, gstreamer-plugins-bad, javamail, jupyter-jupyterlab-templates, jupyter-nbdime, konsole, libetebase, libxmp, minio-client-20250721T052808Z, MozillaFirefox, MozillaFirefox-branding-SLE, opera, pdns-recursor, perl-Authen-SASL, polkit, python-Django, python3-pycares, python311-starlette, rpi-imager, ruby3.4-rubygem-thor, spdlog, thunderbird, varnish, viewvc, and xtrabackup), and Ubuntu (openjdk-21-crac).

A new analysis of protein changes across human tissues has identified an aging acceleration point around age 50, with blood vessels showing the most dramatic deterioration. Researchers examined tissue samples from eight body systems in 76 people of Chinese ancestry aged 14 to 68 who died from accidental brain injury, finding age-related increases in 48 disease-associated proteins. Between ages 45 and 55, the most significant shift occurred in the aorta, the body's main artery carrying oxygenated blood from the heart. The team identified one aortic protein that triggers accelerated aging signs when administered to mice. Early aging changes appeared around age 30 in the adrenal gland, which produces various hormones. The study, published in Cell, adds to mounting evidence that aging occurs in waves rather than following a steady progression.

Read more of this story at Slashdot.

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts. It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey... OSS Rebuild helps detect several classes of supply chain compromise: - Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact. - Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether. - Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review. For enterprises and security professionals, OSS Rebuild can... — Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem. — Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture... - Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions... The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface. "With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

Read more of this story at Slashdot.

The good folks at Linode still have not managed to fix whatever broke in their data center, so we are running on an emergency backup server. Things seem to be working, but the occasional glitch is to be expected. Please accept our apologies for the extended downtime!

Measuring earth's position (or "geodesy") requires using telescopes that track radiation from distant black holes. Their signals "pass cleanly through the atmosphere and we can receive them during day and night and in all weather conditions," writes a senior scientist at the University of Tasmania. But there's a problem... Radio waves are also used for communication on Earth — including things such as wifi and mobile phones... [A] few narrow lanes are reserved for radio astronomy. However, in previous decades the radio highway had relatively little traffic. Scientists commonly strayed from the radio astronomy lanes to receive the black hole signals. To reach the very high precision needed for modern technology, geodesy today relies on more than just the lanes exclusively reserved for astronomy. In recent years, human-made electromagnetic pollution has vastly increased. When wifi and mobile phone services emerged, scientists reacted by moving to higher frequencies. However, they are running out of lanes. Six generations of mobile phone services (each occupying a new lane) are crowding the spectrum... Today, the multitude of signals are often too strong for geodetic observatories to see through them to the very weak signals emitted by black holes. This puts many satellite services at risk. To keep working into the future — to maintain the services on which we all depend — geodesy needs some more lanes on the radio highway. When the spectrum is divided up via international treaties at world radio conferences, geodesists need a seat at the table. Other potential fixes might include radio quiet zones around our essential radio telescopes. Work is also underway with satellite providers to avoid pointing radio emissions directly at radio telescopes. Any solution has to be global. For our geodetic measurements, we link radio telescopes together from all over the world, allowing us to mimic a telescope the size of Earth. The radio spectrum is primarily regulated by each nation individually, making this a huge challenge. But perhaps the first step is increasing awareness. If we want satellite navigation to work, our supermarkets to be stocked and our online money transfers arriving safely, we need to make sure we have a clear view of those black holes in distant galaxies — and that means clearing up the radio highway.

Read more of this story at Slashdot.

Linus has released the 6.16 kernel:

It's Sunday afternoon, and the release cycle has come to an end. Last week was nice and calm, and there were no big show-stopper surprises to keep us from the regular schedule, so I've tagged and pushed out 6.16 as planned.

Headline changes in this release include enabling five-level page tables by default on x86 systems, a number of core-dump changes including the ability to send core dumps to a socket, the ability to create pipes in io_uring, atomic-write support in the XFS filesystem, the elimination of block-layer bounce buffering, a new DMA-mapping API, an option to block file descriptors passed in via Unix-domain sockets, and more.

See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.16 page for more information.

Star Wars creator George Lucas made his first Comic-Con appearance ever on Sunday. The Hollywood Reporter describes the scene: Thousands waited hours just to get inside, chanted "Lu-cas, Lu-cas!" while they waited, and then gave a wild standing ovation as the filmmaker took to the stage, introduced by rapper-actress Queen Latifah, and sat down next to filmmaker Guillermo del Toro and Star Wars production designer Doug Chiang. If the 6,500-strong crowd was disappointed he didn't talk a whiff about Star Wars or Indiana Jones, it wasn't shown, as cries of "I love you, George!" and waving lightsabers punctuated the air several times. Lucas even received a standing ovation when he left the presentation, which was devoted entirely to the Lucas Museum of Narrative Art. He, along with museum board member and fellow art collector del Toro and Chiang, were there to not only give a first look at the museum but also make a case for the importance and validity of narrative art, which includes comic book art, as a vital form of expression... A video presentation showed interior looks at the museum — there are no right angles anywhere, Latifah underscored — as well as images that will be in the collection. A cover of DC comic Mystery in Space, featuring the first appearance of Adam Strange; the first ever Flash Gordon comic strip; a cover of 1950s EC comic Tales from the Crypt; strips of Peanuts and Garfield; art ranging from Brian Bolland and Hellboy creator Mike Mignola to underground cartoonist Robert Crumb, Windsor McKay and Moebius; art of Astro Boy and Scrooge McDuck. But there were also images of art by Norman Rockwell, N.C. Wyeth and Frieda Kahlo. Also in the museum will be concept and storyboard art from Star Wars and Raiders of the Lost Ark by Ralph McQuarrie and Jim Steranko, as well as the props of starships and speeders from various Star Wars movies. Chiang explained that comic art in particular had long been discounted. "It's not taken seriously," he said, and when he was younger was told, "You will outgrow it one day.... I'm so glad I didn't," he said, before driving home the point that one of the strengths of narrative art is that it's driven by story. "Story comes first. Art comes second...." The museum, which has had its opening pushed back several times, is slated to open in 2026. More Comic-Con highlights: Pennywise, the scary clown, returns in the upcoming HBO series "IT: Welcome to Derry" Comic-Con also saw a trailer for the new rock mockumentary Spinal Tap II: The End Continues. (Bassist Derek Smalls is now apparently into cryptocurrency...) Breaking Bad creator Vince Gilligan has a new series called Pluribus coming to AppleTV+, a nine-episode sci-fi drama starring Rhea Seehorn from Better Call Saul. (Watch its bizarre trailer here.)

Read more of this story at Slashdot.