RSS 생중계

Since 2023 the Python Software Foundation has had a Security Developer-in-Residence (sponsored by the Open Source Security Foundation's vulnerability-finding "Alpha-Omega" project). And he's just published a new 11-page white paper about open source's "phantom dependencies" problem — suggesting a way to solve it. "Phantom" dependencies aren't tracked with packaging metadata, manifests, or lock files, which makes them "not discoverable" by tools like vulnerability scanners or compliance and policy tools. So Python security developer-in-residence Seth Larson authored a recently-accepted Python Enhancement Proposal offering an easy way for packages to provide metadata through Software Bill-of-Materials (SBOMs). From the whitepaper: Python Enhancement Proposal 770 is backwards compatible and can be enabled by default by tools, meaning most projects won't need to manually opt in to begin generating valid PEP 770 SBOM metadata. Python is not the only software package ecosystem affected by the "Phantom Dependency" problem. The approach using SBOMs for metadata can be remixed and adopted by other packaging ecosystems looking to record ecosystem-agnostic software metadata... Within Endor Labs' [2023 dependencies] report, Python is named as one of the most affected packaging ecosystems by the "Phantom Dependency" problem. There are multiple reasons that Python is particularly affected: - There are many methods for interfacing Python with non-Python software, such as through the C-API or FFI. Python can "wrap" and expose an easy-to-use Python API for software written in other languages like C, C++, Rust, Fortran, Web Assembly, and more. - Python is the premier language for scientific computing and artificial intelligence, meaning many high-performance libraries written in system languages need to be accessed from Python code. - Finally, Python packages have a distribution type called a "wheel", which is essentially a zip file that is "installed" by being unzipped into a directory, meaning there is no compilation step allowed during installation. This is great for being able to inspect a package before installation, but it means that all compiled languages need to be pre-compiled into binaries before installation... When designing a new package metadata standard, one of the top concerns is reducing the amount of effort required from the mostly volunteer maintainers of packaging tools and the thousands of projects being published to the Python Package Index... By defining PEP 770 SBOM metadata as using a directory of files, rather than a new metadata field, we were able to side-step all the implementation pain... We'll be working to submit issues on popular open source SBOM and vulnerability scanning tools, and gradually, Phantom Dependencies will become less of an issue for the Python package ecosystem. The white paper "details the approach, challenges, and insights into the creation and acceptance of PEP 770 and adopting Software Bill-of-Materials (SBOMs) to improve the measurability of Python packages," explains an announcement from the Python Software Foundation. And the white paper ends with a helpful note. "Having spoken to other open source packaging ecosystem maintainers, we have come to learn that other ecosystems have similar issues with Phantom Dependencies. We welcome other packaging ecosystems to adopt Python's approach with PEP 770 and are willing to provide guidance on the implementation."

Read more of this story at Slashdot.

"What happens when cybercriminals stop thinking small and start thinking like a Fortune 500 company?" asks a blog post from Koi Security. "You get GreedyBear, the attack group that just redefined industrial-scale crypto theft." "150 weaponized Firefox extensions [impersonating popular cryptocurrency wallets like MetaMask and TronLink]. Nearly 500 malicious executables. Dozens of phishing websites. One coordinated attack infrastructure. According to user reports, over $1 million stolen." They upload 5-7 innocuous-looking extensions like link sanitizers, YouTube downloaders, and other common utilities with no actual functionality... They post dozens of fake positive reviews for these generic extensions to build credibility. After establishing trust, they "hollow out" the extensions — changing names, icons, and injecting malicious code while keeping the positive review history. This approach allows GreedyBear to bypass marketplace security by appearing legitimate during the initial review process, then weaponizing established extensions that already have user trust and positive ratings. The weaponized extensions captures wallet credentials directly from user input fields within the extension's own popup interface, and exfiltrate them to a remote server controlled by the group... Alongside malware and extensions, the threat group has also launched a network of scam websites posing as crypto-related products and services. These aren't typical phishing pages mimicking login portals — instead, they appear as slick, fake product landing pages advertising digital wallets, hardware devices, or wallet repair services... While these sites vary in design, their purpose appears to be the same: to deceive users into entering personal information, wallet credentials, or payment details — possibly resulting in credential theft, credit card fraud, or both. Some of these domains are active and fully functional, while others may be staged for future activation or targeted scams... A striking aspect of the campaign is its infrastructure consolidation: Almost all domains — across extensions, EXE payloads, and phishing sites — resolve to a single IP address: 185.208.156.66 — this server acts as a central hub for command-and-control, credential collection, ransomware coordination, and scam websites, allowing the attackers to streamline operations across multiple channels... Our analysis of the campaign's code shows clear signs of AI-generated artifacts. This makes it faster and easier than ever for attackers to scale operations, diversify payloads, and evade detection. This isn't a passing trend — it's the new normal. The researchers believe the group "is likely testing or preparing parallel operations in other marketplaces."

Read more of this story at Slashdot.

Imagine this. Lightning sparks a wildfire, but "within seconds, a satellite dish swirling overhead picks up on the anomaly and triggers an alarm," writes the Los Angeles Times. "An autonomous helicopter takes flight and zooms toward the fire, using sensors to locate the blaze and AI to generate a plan of attack. It measures the wind speed and fire movement, communicating constantly with the unmanned helicopter behind it, and the one behind that. Once over the site, it drops a load of water and soon the flames are smoldering. Without deploying a single human, the fire never grows larger than 10 square feet. "This is the future of firefighting." On a recent morning in San Bernardino, state and local fire experts gathered for a demonstration of the early iterations of this new reality. An autonomous Sikorski Black Hawk helicopter, powered by technology from Lockheed Martin and a California-based software company called Rain, is on display on the tarmac of a logistics airport in Victorville — the word "EXPERIMENTAL" painted on its military green-black door. It's one of many new tools on the front lines of firefighting technology, which experts say is evolving rapidly as private industry and government agencies come face-to-face with a worsening global climate crisis... Scientific studies and climate research models have found that the number of extreme fires could increase by as much as 30% globally by 2050. By 2100, California alone could see a 50% increase in wildfire frequency and a 77% increase in average annual acres burned, according to the state's most recent climate report. That's largely because human-caused climate change is driving up temperatures and drying out the landscape, priming it to burn, according to Kate Dargan Marquis, a senior advisor with the Gordon and Betty Moore Foundation who served as California's state fire marshal from 2007 to 2010.... "[T]he policies of today and the technologies of today are not going to serve us tomorrow." Today, more than 1,100 mountaintop cameras positioned across California are already using artificial intelligence to scan the landscape for the first sign of flames and prompt crews to spring into action. NASA's Earth-observing satellites are studying landscape conditions to help better predict fires before they ignite, while a new global satellite constellation recently launched by Google is helping to detect fires faster than ever before. One 35-year fire service veteran who consults on fire service technologies even predicts fire-fighting robots will also be used in high-risk situations like the Colossus robot that battled flames searing through Notre-Dame Cathedral in Paris... And a bill moving through California's legislation "would direct the California Department of Forestry and Fire Protection to establish a pilot program to assess the viability of incorporating autonomous firefighting helicopters in the state."

Read more of this story at Slashdot.

"It sounds like science fiction: a spacecraft, no heavier than a paperclip, propelled by a laser beam," writes this report from ScienceDaily, "and hurtling through space at the speed of light toward a black hole, on a mission to probe the very fabric of space and time and test the laws of physics." "But to astrophysicist and black hole expert Cosimo Bambi, the idea is not so far-fetched." Reporting in the Cell Press journal iScience, Bambi outlines the blueprint for turning this interstellar voyage to a black hole into a reality... "We don't have the technology now," says author Cosimo Bambi of Fudan University in China. "But in 20 or 30 years, we might." The mission hinges on two key challenges — finding a black hole close enough to target and developing probes capable of withstanding the journey. Previous knowledge on how stars evolve suggests that there could be a black hole lurking just 20 to 25 light-years from Earth, but finding it won't be easy, says Bambi. Because black holes don't emit or reflect light, they are virtually invisible to telescopes... "There have been new techniques to discover black holes," says Bambi. "I think it's reasonable to expect we could find a nearby one within the next decade...." Bambi points to nanocrafts — gram-scale probes consisting of a microchip and light sail — as a possible solution. Earth-based lasers would blast the sail with photons, accelerating the craft to a third of the speed of light. At that pace, the craft could reach a black hole 20 to 25 light-years away in about 70 years. The data it gathers would take another two decades to get back to Earth, making the total mission duration around 80 to 100 years... Bambi notes that the lasers alone would cost around one trillion euros today, and the technology to create a nanocraft does not yet exist. But in 30 years, he says that costs may fall and technology may catch up to these bold ideas. "If the nanocraft can travel at a velocity close to the speed of light, the mission could last 40-50 years," Bambi writes in the article, while acknowledging his idea is certainly very speculative and extremely challenging..." "However, we should realize that most of the future experiments in particle physics and astrophysics will likely require long time (for preparation, construction, and data collection) and the work of a few generations of scientists, be very expensive, and in many cases, we will not have other options if we want to make progress in a certain field."

Read more of this story at Slashdot.

The Wall Street Journal has found "dozens of instances in recent months in which ChatGPT made delusional, false and otherworldly claims to users who appeared to believe them." For example, "You're not crazy. You're cosmic royalty in human skin..." In one exchange lasting hundreds of queries, ChatGPT confirmed that it is in contact with extraterrestrial beings and said the user was "Starseed" from the planet "Lyra." In another from late July, the chatbot told a user that the Antichrist would unleash a financial apocalypse in the next two months, with biblical giants preparing to emerge from underground... Experts say the phenomenon occurs when chatbots' engineered tendency to compliment, agree with and tailor itself to users turns into an echo chamber. "Even if your views are fantastical, those are often being affirmed, and in a back and forth they're being amplified," said Hamilton Morrin, a psychiatrist and doctoral fellow at Kings College London who last month co-published a paper on the phenomenon of AI-enabled delusion... The publicly available chats reviewed by the Journal fit the model doctors and support-group organizers have described as delusional, including the validation of pseudoscientific or mystical beliefs over the course of a lengthy conversation... The Journal found the chats by analyzing 96,000 ChatGPT transcripts that were shared online between May 2023 and August 2025. Of those, the Journal reviewed more than 100 that were unusually long, identifying dozens that exhibited delusional characteristics. AI companies are taking action, the article notes. Monday OpenAI acknowledged there were rare cases when ChatGPT "fell short at recognizing signs of delusion or emotional dependency." (In March OpenAI "hired a clinical psychiatrist to help its safety team," and said Monday it was developing better detection tools and also alerting users to take a break, and "are investing in improving model behavior over time," consulting with mental health experts.) On Wednesday, AI startup Anthropic said it had changed the base instructions for its Claude chatbot, directing it to "respectfully point out flaws, factual errors, lack of evidence, or lack of clarity" in users' theories "rather than validating them." The company also now tells Claude that if a person appears to be experiencing "mania, psychosis, dissociation or loss of attachment with reality," that it should "avoid reinforcing these beliefs." In response to specific questions from the Journal, an Anthropic spokesperson added that the company regularly conducts safety research and updates accordingly... "We take these issues extremely seriously," Nick Turley, an OpenAI vice president who heads up ChatGPT, said Wednesday in a briefing to announce the new GPT-5, its most advanced AI model. Turley said the company is consulting with over 90 physicians in more than 30 countries and that GPT-5 has cracked down on instances of sycophancy, where a model blindly agrees with and compliments users. There's a support/advocacy group called the Human Line Project which "says it has so far collected 59 cases, and some members of the group have found hundreds of examples on Reddit, YouTube and TikTok of people sharing what they said were spiritual and scientific revelations they had with their AI chatbots." The article notes that the group believes "the number of AI delusion cases appears to have been growing in recent months..."

Read more of this story at Slashdot.

Linus has released 6.17-rc1 and closed the merge window for this development cycle.

Anyway, the merge window did end up looking fairly healthy, despite me having to go through a couple of bisections for trouble spots (one during travels with a laptop - not optimal, but thankfully it was at least one of the "reliable symptoms that bisect right to the culprit" kind). The stats look pretty normal both in patch size and in number of commits.

In the end, 11,404 non-merge changesets found their way into the mainline during the merge window.

"Amid rising electric bills, states are under pressure to insulate regular household and business ratepayers from the costs of feeding Big Tech's energy-hungry data centers..." reports the Associated Press. "Some critics question whether states have the spine to take a hard line against tech behemoths like Microsoft, Google, Amazon and Meta." [T]he Data Center Coalition, which represents Big Tech firms and data center developers, has said its members are committed to paying their fair share. But growing evidence suggests that the electricity bills of some Americans are rising to subsidize the massive energy needs of Big Tech as the U.S. competes in a race against China for artificial intelligence superiority. Data and analytics firm Wood Mackenzie published a report in recent weeks that suggested 20 proposed or effective specialized rates for data centers in 16 states it studied aren't nearly enough to cover the cost of a new natural gas power plant. In other words, unless utilities negotiate higher specialized rates, other ratepayer classes — residential, commercial and industrial — are likely paying for data center power needs. Meanwhile, Monitoring Analytics, the independent market watchdog for the mid-Atlantic grid, produced research in June showing that 70% — or $9.3 billion — of last year's increased electricity cost was the result of data center demand. Last year, five governors led by Pennsylvania's Josh Shapiro began pushing back against power prices set by the mid-Atlantic grid operator, PJM Interconnection, after that amount spiked nearly sevenfold. They warned of customers "paying billions more than is necessary." PJM has yet to propose ways to guarantee that data centers pay their freight, but Monitoring Analytics is floating the idea that data centers should be required to procure their own power. In a filing last month, it said that would avoid a "massive wealth transfer" from average people to tech companies. At least a dozen states are eyeing ways to make data centers pay higher local transmission costs. In Oregon, a data center hot spot, lawmakers passed legislation in June ordering state utility regulators to develop new — presumably higher — power rates for data centers. The Oregon Citizens' Utility Board [a consumer advocacy group] says there is clear evidence that costs to serve data centers are being spread across all customers — at a time when some electric bills there are up 50% over the past four years and utilities are disconnecting more people than ever. "Some data centers could require more electricity than cities the size of Pittsburgh, Cleveland or New Orleans," the article points out...

Read more of this story at Slashdot.

The BBC reports: A meteorite that crashed into a home in the U.S. is older than planet Earth, scientists have said... Researchers at the University of Georgia examined a fragment of the rock that pierced the roof of a home in the city of McDonough [30 miles south of Georgia, on June 26]. They found that, based on the type of meteorite, it is expected to have formed 4.56 billion years ago, making it roughly 20 million years older than Earth... The rock quickly diminished in size and speed, but still travelled at least 1 km per second, going through a man's roof in Henry County... Using optical and electron microscopy, Scott Harris [a Univeristy of Georgia geologist] and his team determined the rock was a chondrite — the most abundant type of stony meteorite, according to NASA — which meant that it was approximately 4.56 billion years old. "The home's resident said he is still finding pieces of space dust around his home from the hit."

Read more of this story at Slashdot.

Plasma 6.4.5 is coming September 9th, reports Neowin. But they also report that the KDE team is already focusing on other upcoming release: Starting with KDE Frameworks, KDE's collection of foundational libraries, version 6.18 promises to let you do something with that "dumb" Microsoft Copilot key found on many new laptops. The developers will soon allow you to set up keyboard shortcuts using this new key, and the team plans to let you remap it to another key in the future. If you're curious, one user on KDE's bug tracker noted that on GNOME, the key combination shows up as "Meta+Shift+Touchpad Disable" and is fully remappable... When you try to install a Flatpak from a website like Flathub in Plasma 6.5 [coming in October], Discover now has proper support for flatpak+https:// URLs, so it opens automatically. 6.5 is also bringing a much stricter window activation policy on Wayland to stop applications from rudely stealing your focus. And now, when you mute your microphone with a shortcut, the "Mute Microphone" button will mute all input sources, not just the active one. Since Firefox does not block the system from sleeping during a download, the Plasma Browser Integration extension for Firefox has gotten an update to handle that job itself.

Read more of this story at Slashdot.

One of America's largest solar + battery storage projects "is now fully online in Mojave, California," reports Electrek: Arevon Energy's Eland Solar-plus-Storage Project combines 758 megawatts (MWdc) of solar with 300 MW/1,200 megawatt hours of battery storage. Eland 1 reached commercial operation in December 2024, and Eland 2 recently commenced full operation. The two combined comprise 1.36 million solar panels and 172 lithium iron phosphate batteries (LFP). Combined, the Eland 1 & 2 projects will be able to power more than 266,000 homes annually, and overall, can provide 7% of the total electricity requirements for the city of Los Angeles. "Arevon's Eland Solar-plus-Storage Project alone will ... push the city's clean energy share above 60%, a major milestone in LA's transition to being powered by 100% clean energy by 2035," said Los Angeles Mayor Karen Bass. Eland 1 & 2 created around 1,000 jobs to construct the project, and it's expected to disburse more than $36 million in local government payments throughout its lifetime. The article points out that Arevon Energy "has more than 4,500 MW of solar and battery storage projects operating across 17 states — and more than 6 GW of new projects in its pipeline."

Read more of this story at Slashdot.

Thursday saw the release of Rust 1.89.0 But this week the Rust Foundation also released its second comprehensive annual technology report. A Rust Foundation announcement shares some highlights: - Trusted Publishing [GitHub Actions authentication using cryptographically signed tokens] fully launched on crates.io, enhancing supply chain security and streamlining workflows for maintainers. - Major progress on crate signing infrastructure using The Update Framework (TUF), including three full repository implementations and stakeholder consensus. - Integration of the Ferrocene Language Specification (FLS) into the Rust Project, marking a critical step toward a formal Rust language specification [and "laying the groundwork for broader safety certification and formal tooling."] - 75% reduction in CI infrastructure costs while maintaining contributor workflow stability. ["All Rust repositories are now managed through Infrastructure-as-Code, improving maintainability and security."] - Expansion of the Safety-Critical Rust Consortium, with multiple international meetings and advances on coding guidelines aligned with safety standards like MISRA. ["The consortium is developing practical coding guidelines, aligned tooling, and reference materials to support regulated industries — including automotive, aerospace, and medical devices — adopting Rust."] - Direct engagement with ISO C++ standards bodies and collaborative Rust-C++ exploration... The Foundation finalized its strategic roadmap, participated in ISO WG21 meetings, and initiated cross-language tooling and documentation planning. These efforts aim to unlock Rust adoption across legacy C++ environments without sacrificing safety. The Rust Foundation also acknowledges continued funding from OpenSSF's Alpha-Omega Project and "generous infrastructure donations from organizations like AWS, GitHub, and Mullvad VPN" to the Foundation's Security Initiative, which enabled advances like including GitHub Secret Scanning and automated incident response to "Trusted Publishing" and the integration of vulnerability-surfacing capabilities into crates.io. There was another announcement this week. In November AWS and the Rust Foundation crowdsourced "an effort to verify the Rust standard library" — and it's now resulted in a new formal verification tool called "Efficient SMT-based Context-Bounded Model Checker" (or ESBMCESBMC) This winning contribution adds ESBMC — a state-of-the-art bounded model checker — to the suite of tools used to analyze and verify Rust's standard library. By integrating through Goto-Transcoder, they enabled ESBMC to operate seamlessly in the Rust verification workflow, significantly expanding the scope and flexibility of verification efforts... This achievement builds on years of ongoing collaboration across the Rust and formal verification communities... The collaboration has since expanded. In addition to verifying the Rust standard library, the team is exploring the use of formal methods to validate automated C-to-Rust translations, with support from AWS. This direction, highlighted by AWS Senior Principal Scientist Baris Coskun and celebrated by the ESBMC team in a recent LinkedIn post, represents an exciting new frontier for Rust safety and verification tooling.

Read more of this story at Slashdot.

xA California man sued Microsoft Thursday over its plan to stop supporting Windows 10 on October 14th, reports Courthouse News Though Windows 11 was launched nearly four years ago, many of its billion or so worldwide users are clinging to the decade-old Windows 10... According to StatCounter, nearly 43% of Windows users still use the old version on their desktop computers.... "With only three months until support ends for Windows 10, it is likely that many millions of users will not buy new devices or pay for extended support," Klein writes in his complaint. "These users — some of whom are businesses storing sensitive consumer data — will be at a heightened risk of a cyberattack or other data security incident, a reality of which Microsoft is well aware...." According to one market analyst writing in 2023, Microsoft's shift away from Windows 10 will lead millions of customers to buy new devices and thrown out their old ones, consigning as many as 240 million PCs to the landfill.... Klein is asking a judge to order Microsoft to continue supporting Windows 10 without additional charge, until the number of devices running the older operating system falls bellow 10% of total Windows users. He says nothing about any money he seeking for himself, though it does ask for attorneys' fees. Microsoft did not respond to an email requesting a comment. The complaint also requests an order requiring Microsoft's advertising "to disclose clearly and prominently the approximate end-of-support date for the Windows operating system purchased with the device at the time of purchase" or at least "disclose that support is only guaranteed for a certain delineated period of time without additional cost, and to disclose the potential consequences of such end-of-support for device security and functionality."

Read more of this story at Slashdot.

AOL (now a Yahoo subsidiary) just announced its dial-up internet service will be discontinued at the end of September. "The change also means the retirement of the AOL Dialer software and the AOL Shield browser, both designed for older operating systems and slow connections that relied on the familiar screech of a modem handshake," remembers Slashdot reader BrianFagioli (noting that dial-up Internet "was once the gateway to the web for millions of households, back when speeds were measured in kilobits and waiting for a picture to load could feel like an eternity.") AOL's dial-up service "has been publicly available for 34 years," writes Tom's Hardware. But AppleInsider notes the move comes more than 40 years after AOL started "as a very early Apple service." AOL itself started back in 1983 under the name Control Video Corporation, offering online services for the Atari 2600 console. After failing, it became Quantum Computer Services in 1985, eventually launching AppleLink in 1988 to connect Macintosh computers together... With the launch of PC Link for IBM-compatible PCs in 1988 and parting from Apple in October 1989, the company rebranded itself as America Online, or AOL... Even at its height, dial-up connections could get up to 56 kilobits per second under ideal conditions, while modern connections are measured in megabits and gigabits. Most of the service was also what's considered a "walled garden," with features that were only available through AOL itself and that it wasn't the actual, untamed Internet. In the 1990s AOL "was how millions of people were introduced to the Internet," the article remembers, adding that "Even after the AOL Time Warner acquisition and the 2015 acquisition by Verizon, AOL was still a popular service. Astoundingly, it counted about two million dial-up subscribers at the time." In the 2021 acquisition of assets from Verizon by Apollo Global Management, AOL was said to have 1.5 million people paying for services. However, this was more for technical support and software, rather than for actual Internet access. A CNBC report at the time reports that the dial-up user count was "in the low thousands".... While it dies off, not with a bang but a whimper, AOL's dial-up is still remembered as one of the most transformative services in the Internet age. "This change does not impact the numerous other valued products and services that these subscribers are able to access and enjoy as part of their plans," a Yahoo spokesperson told PC Magazine this week. "There is also no impact to our users' free AOL email accounts." AOL's disastrous 2001 merger with Time Warner and ongoing inability to deliver broadband to its customers... left it on a path to decline that acquiring such widely read sites as Engadget [2005] and TechCrunch [2010] did not stem. By 2014, the number of dial-up AOL customers had collapsed to 2.34 million. A year later, Verizon bought the company for $4.4 billion in an internet-content play that turned out to be as doomed as the Time Warner transaction. In 2021, Verizon unloaded both AOL and Yahoo, which it had separately purchased in 2017, to the private-equity firm Apollo Global Management.... The demise of AOL's dial-up service does not mean the extinction of the oldest form of consumer online access. Estimates from the Census Bureau's 2023 American Community Survey show 163,401 Americans connected to the internet via dial-up that year. That was by far the smallest segment of the internet-using population, dwarfed by 100,166,949 subscribing to such forms of broadband as "cable, fiber optic, or DSL"; 8,628,648 using satellite; 3,318,901 using "Internet access without a subscription" (which suggests Wi-Fi from coffee shops or public libraries); and 1,445,135 via "other service." The remaining AOL dial-up subscribers will need to find some sort of replacement, which in rural areas may be limited to fixed wireless or SpaceX's considerably more expensive Starlink. Or they may wind up joining the ranks of Americans with no internet access: 6,866,059, in those 2023 estimates.

Read more of this story at Slashdot.

Last month Microsoft pledged $4 billion (in cash and AI/cloud technology) to "advance" AI education in K-12 schools, community and technical colleges, and nonprofits (according to a blog post by Microsoft President Brad Smith). But in the launch event video, Smith also says it's time to "switch hats" from coding to AI, adding that "the last 12 years have been about the Hour of Code, but the future involves the Hour of AI." Long-time Slashdot reader theodp writes: This sets the stage for Code.org CEO Hadi Partovi's announcement that his tech-backed nonprofit's [annual educational event] Hour of Code is being renamed to the Hour of AI... Explaining the pivot, Partovi says: "Computer science for the last 50 years has had a focal point around coding that's been — sort of like you learn computer science so that you create code. There's other things you learn, like data science and algorithms and cybersecurity, but the focal point has been coding. "And we're now in a world where the focal point of computer science is shifting to AI... We all know that AI can write much of the code. You don't need to worry about where did the semicolons go, or did I close the parentheses or whatnot. The busy work of computer science is going to be done by the computer itself. "The creativity, the thinking, the systems design, the engineering, the algorithm planning, the security concerns, privacy concerns, ethical concerns — those parts of computer science are going to be what remains with a focal point around AI. And what's going to be important is to make sure in education we give students the tools so they don't just become passive users of AI, but so that they learn how AI works." Speaking to Microsoft's Smith, Partovi vows to redouble the nonprofit's policy work to "make this [AI literacy] a high school graduation requirement so that no student graduates school without at least a basic understanding of what's going to be part of the new liberal arts background [...] As you showed with your hat, we are renaming the Hour of Code to an Hour of AI."

Read more of this story at Slashdot.

After five months on the International Space Station, four astronauts splashed down in the Pacific Ocean in a SpaceX Crew Dragon capsule named Endurance, reports Space.com. It was NASA's 10th commercial crew rotation mission: The flight launched atop a SpaceX Falcon 9 rocket on March 14 and arrived at the orbiting lab two days later. Crew-10's four astronauts soon set to conducting science work, which consumed much of their time over the ensuing months... The wheels for Crew-10's departure began turning last Saturday (Aug. 2), when SpaceX's four-person Crew-11 mission arrived at the International Space Station. The Crew-10 astronauts spent a few days advising their replacements, then set their minds to gearing up for the return to Earth — and reflecting on their orbital experience. "We got to accomplish a lot of really amazing operational things," Ayers said during a farewell ceremony on Tuesday (Aug. 5). "We got to see some amazing views, and we have had some really big belly laughs and a wonderful time together," she added. "I think that [we're] leaving with a heart full of gratitude, and [we're] excited to see where the International Space Station goes after we get home." The hatches between Endurance and the ISS closed on Friday (Aug. 8) at 4:20 p.m. EDT (2020 GMT), and the capsule undocked about two hours later, at 6:15 p.m. EDT (2205 GMT). Endurance then began maneuvering its way back to Earth, setting up its splashdown today. It was the first Pacific Ocean return for a SpaceX CCP mission; all previous such flights have come down off the Florida coast. SpaceX recently shifted to West Coast reentries for all of its Dragon missions, both crewed and uncrewed, to minimize the chance that falling space debris could damage property or injure people. "During their mission, crew members traveled nearly 62,795,205 million miles," NASA announced, "and completed 2,368 orbits around Earth..." Along the way, Crew-10 contributed hundreds of hours to scientific research, maintenance activities, and technology demonstrations. McClain, Ayers, and Onishi completed investigations on plant and microalgae growth, examined how space radiation affects DNA sequences in plants, observed how microgravity changes human eye structure and cells in the body, and more. The research conducted aboard the orbiting laboratory advances scientific knowledge and demonstrates new technologies that enable us to prepare for human exploration of the Moon and Mars. McClain and Ayers also completed a spacewalk on May 1, relocating a communications antenna, beginning the installation of a mounting bracket for a future International Space Station Roll-Out Solar Array, and other tasks.

Read more of this story at Slashdot.

"Linus Torvalds has used his authority to reject the RISC-V architecture changes for the Linux 6.17 kernel," reports Phoronix: Only on Friday were the RISC-V code updates submitted for the Linux 6.17 merge window. The Linux 6.17 merge window is expected to wrap up on Sunday with the Linux 6.17-rc1 release... [T]his pull request has been rejected by Linus Torvalds for Linux 6.17 on the basis of being late in the merge window especially with his international travels this week being known. And he's unhappy with some of the code included as part of this merge request. . Here's the text of Torvalds' response... > RISC-V Patches for the 6.17 Merge Window, Part 1 No. This is garbage and it came in too late. I asked for early pull requests because I'm traveling, and if you can't follow that rule, at least make the pull requests *good*. This adds various garbage that isn't RISC-V specific to generic header files. And by "garbage" I really mean it. This is stuff that nobody should ever send me, never mind late in a merge window. Like this crazy and pointless make_u32_from_two_u16() "helper". That thing makes the world actively a worse place to live. It's useless garbage that makes any user incomprehensible, and actively *WORSE* than not using that stupid "helper". If you write the code out as "(a In contrast, if you write make_u32_from_two_u16(a,b) you have not a f%^5ing clue what the word order is. IOW, you just made things *WORSE*, and you added that "helper" to a generic non-RISC-V file where people are apparently supposed to use it to make *other* code worse too. So no. Things like this need to get bent. It does not go into generic header files, and it damn well does not happen late in the merge window. You're on notice: no more late pull requests, and no more garbage outside the RISC-V tree. Now, I would *hope* there's no garbage inside the RISC-V parts, but that's your choice. But things in generic headers do not get polluted by crazy stuff. And sending a big pull request the day before the merge window closes in the hope that I'm too busy to care is not a winning strategy. So you get to try again in 6.18. EARLY in the that merge window. And without the garbage. Torvalds' message drew a conciliatory response from the submitter of the patches. "I'll stop being late, and hopefully that helps with the quality issues."

Read more of this story at Slashdot.

The Debian Project has released its latest stable version, Debian 13 ("trixie"), which will be supported through 2030. This release includes GNOME 48, KDE Plasma 6.3, Xfce 4.20, Linux 6.12, GCC 14.2, Python 3.13, and systemd 257.

This release contains over 14,100 new packages for a total count of 69,830 packages, while over 8,840 packages have been removed as "obsolete". 44,326 packages were updated in this release. The overall disk usage for "trixie" is 403,854,660 kB (403 GB), and is made up of 1,463,291,186 lines of code. [...]

With this broad selection of packages and its traditional wide architecture support, Debian once again stays true to its goal of being "The Universal Operating System". It is suitable for many different use cases: from desktop systems to netbooks; from development servers to cluster systems; and for database, web, and storage servers. At the same time, additional quality assurance efforts like automatic installation and upgrade tests for all packages in Debian's archive ensure that "trixie" fulfills the high expectations that users have of a stable Debian release.

Trixie adds riscv64 as an officially supported architecture, and drops i386 as a regular architecture. Users with i386 systems should not upgrade to trixie; the project recommends reinstalling them as amd64, or retiring the hardware. See the release notes and issues to be aware of before installing or upgrading to trixie.

"Heather Adkins, Google's vice president of security, announced Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software," reports TechCrunch: Adkins said that Big Sleep, which is developed by the company's AI department DeepMind as well as its elite team of hackers Project Zero, reported its first-ever vulnerabilities, mostly in open source software such as audio and video library FFmpeg and image-editing suite ImageMagick. [There's also a "medium impact" issue in Redis] Given that the vulnerabilities are not fixed yet, we don't have details of their impact or severity, as Google does not yet want to provide details, which is a standard policy when waiting for bugs to be fixed. But the simple fact that Big Sleep found these vulnerabilities is significant, as it shows these tools are starting to get real results, even if there was a human involved in this case. "To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention," Google's spokesperson Kimberly Samra told TechCrunch. Google's vice president of engineering posted on social media that this demonstrates "a new frontier in automated vulnerability discovery."

Read more of this story at Slashdot.

A professional trapper had one question about the wild pig he'd found in California. Why was its flesh blue? The Los Angeles Times explains: [California's Department of Fish and Wildlife] is now warning trappers and hunters to keep an eye out for possibly contaminated wildlife in the area, and not to consume the tainted meat, over concerns the blue meat is a sign that the animal may have consumed poison.... The startling find of wild pigs with bright blue tissue in Monterey County suggests the animals have been exposed to anticoagulant rodenticide diphacinone, a popular poison used by farmers and agriculture companies to control the population of rats, mice, squirrels and other small animals, according to a statement from the California Department of Fish and Wildlife. "Hunters should be aware that the meat of game animals, such as wild pig, deer, bear and geese, might be contaminated if that game animal has been exposed to rodenticides," said Ryan Bourbor, pesticide investigations coordinator with the state agency. Diphacinone has been prohibited in California since 2024 (with exceptions for government agencies sor their certified Vector Control Technicians). The state's Fish and Wildlife department says anyone who finds wildlife with blue fat or tissue should contact the state's wildlife officials. Thanks to long-time Slashdot reader Bruce66423 for sharing the news.

Read more of this story at Slashdot.

"Benchmarking firm Artificial Analysis found that only five of the top 15 AI models are open source," reports the Washington Post, "and all were developed by Chinese AI companies...." "Now some American executives, investors and academics are endorsing a plan to make U.S. open-source AI more competitive." A new campaign called the ATOM Project, for American Truly Open Models, aims to create a U.S.-based AI lab dedicated to creating software that developers can freely access and modify. Its blueprint calls for access to serious computing power, with upward of 10,000 of the cutting-edge GPU chips used to power corporate AI development. The initiative, which launched Monday, has gathered signatures of support from more than a dozen industry figures. They include veteran tech investor Bill Gurley; Clement Delangue, CEO of Hugging Face, a repository for open-source AI models and datasets; Stanford professor and AI investor Chris Manning; chipmaker Nvidia's director of applied research, Oleksii Kuchaiev; Jason Kwon, chief strategy officer for OpenAI; and Dylan Patel, CEO and founder of research firm SemiAnalysis... The lack of progress in open-source AI underscores the case for initiatives like ATOM: The U.S. has not produced a major new open-source AI release since Meta's launch of its Llama 4 model in April, which disappointed some AI experts... "A lot of it is a coordination problem," said ATOM's creator, Nathan Lambert, a senior research scientist at the nonprofit Allen Institute for AI who is launching the project in a personal capacity... Lambert said the idea was to develop much more powerful open-source AI models than existing U.S. efforts such as Bloom, an AI language model from Hugging Face, Pythia from EleutherAI, and others. Those groups were willing to take on more legal risk in the name of scientific progress but suffered from underfunding, said Lambert, who has worked at Google's DeepMind AI lab, Facebook AI Research and Hugging Face. The other problem? The hefty cost of top-performing AI. Lambert estimates that getting access to 10,000 state-of-the-art GPUs will cost at least $100 million. But the funding must be found if American efforts are to stay competitive, he said. The initiative's web page is seeking signatures, but also asks visitors to the site to "consider how your expertise or resources might contribute to building the infrastructure America needs."

Read more of this story at Slashdot.