News

In 30 minutes the Free Software Foundation holds a live auction of memorabilia to celebrate their upcoming 40th anniversary. "By moving out of the FSF office, we got to sort through all the fun and historically important memorabilia and selected the best ones," they announced earlier — and 25 items will up for bids. (To participate in the live auction, you must register in advance.) "This is your chance to get your very own personal souvenir of the FSF," explains an 11-page auction booklet, "from original GNU art to a famous katana and the Internet Hall of Fame medal of the FSF's founder." That's right... a katana. Once upon a time, this 41-inch blade turned heads at the FSF's tech team office. Donated by FSF friends and fans of the XKCD webcomic #225, it became a lighthearted "weapon" in the war for user freedom. As RMS himself is anti-violence, he made a silly joke by examining the katana closely instead of brandishing it, symbolizing that software freedom can be defended with wit. In a legendary photo, this was perceived as if he sniffed the blade. Between the etched dragon on the scabbard and the wavy hamon on the blade, it's as flashy as it is symbolic — especially if you like taking on proprietary software with style (and a dash of humor). The auction is intended "to entrust some of the historically important free software memorabilia that were in the FSF's office and archive to the free software community instead of locking them away in a storage unit where no one can enjoy them. "Hopefully, this way some of these unique items will be displayed in galleries or on the walls of free software enthusiasts. All auction proceeds will go towards the FSF's mission to promote computer user freedom." And speaking of user freedom, here's how they described the Internet Hall of Fame medal: When Richard M. Stallman, the founder of the FSF, was inducted into the Internet Hall of Fame, it was the ultimate nod to free software's immense impact on the Internet... The medal is shiny, and the frame is fancy, but the real radiance is the recognition that the Internet might look much more locked down and dull without those original free software seeds. Hang it on your wall, and you'll be reminded that hacking for user freedom can change the world.

Read more of this story at Slashdot.

Reuters reported this week that several U.S. national security agencies "have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks..." The plan was led by the president's National Security Council (NSC) and involved at least seven national security agencies working with European allies to disrupt plots targeting Europe and the United States, seven former officials who participated in the working groups told Reuters... [S]ince Trump took office on January 20 much of the work has come to a standstill, according to eleven current and former officials, all of whom requested anonymity to discuss classified matters... Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies... The FBI last month ended an effort to counter interference in U.S. elections by foreign adversaries including Russia and put on leave staff working on the issue at the Department of Homeland Security. The Department of Justice also disbanded a team that seized the assets of Russian oligarchs... Department of Homeland Security Assistant Secretary Tricia McLaughlin told Reuters the agency had placed on administrative leave personnel working on misinformation and disinformation on its election security team, without elaborating further.

Read more of this story at Slashdot.

"For developers and organisations that require a custom software image, a flexible and transparent build system is essential," according to an announcement Friday at Raspberry Pi.com. "[T]o support these customers, we have created rpi-image-gen, a powerful new tool designed to put you in complete control of your Raspberry Pi images." If you're building an embedded system or an industrial controller, you'll need complete control over the software resident on the device, and home users may wish to build their own OS and have it pre-configured exactly the way they want... rpi-image-gen is an alternative to pi-gen, which is the tool we use to create and deploy the Raspberry Pi OS distribution. rpi-image-gen... offers a very granular level of control over file system construction and software image creation... [B]eing able to help reduce software build time, provide guaranteed ownership of support, and reuse standard methodologies to ensure authenticity of software were all of paramount importance, and among the reasons why we created a new home-grown build tool for Raspberry Pi devices... There is a small number of examples in the tree which demonstrate different use cases of rpi-image-gen [including the lightweight image slim and webkiosk for booting into browser kiosk mode]. All create bootable disk images and serve to illustrate how one might use rpi-image-gen to create a bespoke image for a particular purpose. The number of examples will grow over time and we welcome suggestions for new ones... Visit the rpi-image-gen GitHub repository to get started. There, you'll find documentation and examples to guide you through creating custom Raspberry Pi images. Some technical details from the announcement. "Similar to pi-gen, rpi-image-gen leverages the power, reliability, and trust of installing a Debian Linux system for the device. However, unlike pi-gen, rpi-image-gen introduces some new concepts [profiles, image layouts, and config] which serve to dictate the build footprint and installation." The tool also lets you exclude from your package "things that would otherwise be installed as part of the profile." The tool's GitHub repository notes that it also allows you output your software bill of materials (SBOM) "to list the exact set of packages that were used to create the image." And it can even generate a list of CVEs identified from the SBOM to "give consumers of your image confidence that your image does not contain any known vulnerabilities."

Read more of this story at Slashdot.

Science magazine reports: A strange-looking telescope that scanned the skies from a perch in northern Chile for 15 years has released its final data set: detailed maps of the infant universe showing the roiling clouds of hydrogen and helium gas that would one day coalesce into the stars and galaxies we see today. The Atacama Cosmology Telescope is not the first to survey the cosmic microwave background (CMB), the light released 380,000 years after the Big Bang when the early universe's soup of particles formed atoms and space became transparent. But the data — posted as preprints online today — give researchers a new level of detail on the density of the gas clouds and how they were moving. At the top of the page for Science's article is an image where different colors "show areas where the polarization of the CMB light — its direction of vibration — differ, revealing how gases first move tangentially around areas of higher density (orange) and later fall straight in (blue) under the influence of gravity." Long-time Slashdot reader sciencehabit writes: Using the data, researchers tested how well the standard cosmological theory, known as lambda cold dark matter, described the universe at that time 13.8 billion years ago; it's a remarkably good fit, they conclude. The article notes that "back in the Chilean desert," the Atacama Cosmology Telescope's successor, the Simons Observatory, has already taken its first image, and "will begin its even more detailed examination of the CMB in the coming months."

Read more of this story at Slashdot.

Wired's web site "is going to stop paywalling articles that are primarily based on public records obtained through the Freedom of Information Act," their global editorial director announced this week: They're called public records for a reason, after all. And access to public documents is more important than ever at this moment, with government websites and records disappearing... [S]ome may argue that, from a business standpoint, not charging for stories primarily relying on public records automatically means fewer subscriptions and therefore less revenue. We disagree. Sure, the FOIA process is time- and labor-intensive. Reporters face stonewalling, baseless denials, lengthy appeals processes, and countless other obstacles and delays. Investigative reports based on public records are among the most expensive stories to produce and share with the public... But while some readers might not subscribe to outlets that give away some of their best journalism for free, it's just as possible that readers will recognize this sacrifice and reward these outlets with more traffic and subscriptions in the long run... We hope others will follow Wired's lead (and shoutout to outlets like 404 Media that also make their FOIA-based reporting available for free). We also hope those who stand to benefit from these outlets' leadership (that's you, reader) will do their part and subscribe if you can afford it. They're not asking for an arm and a leg... The Fourth Estate needs to step up and invest in serving the public during these unprecedented times. And the public needs to return the favor and support quality journalism, so that hopefully one day we can do away with those annoying paywalls altogether.

Read more of this story at Slashdot.

NASA is considering "closing its headquarters and scattering responsibilities among the states," reports Politico, citing two people familiar with the plan. "The proposal could affect up to 2,500 jobs and redistribute critical functions, including who manages space exploration and organizes major science missions." While much of the day-to-day work occurs at NASA's 10 centers, the Washington office plays a strategic role in lobbying for the agency's priorities in Congress, ensuring the White House supports its agenda and partnering with foreign countries on critical space projects. Some of the headquarter's offices might remain in Washington, the people said, but it's not clear which ones those would be or who would keep their jobs... One of the biggest fallouts is the damage it could do to coordination among NASA leadership on pressing issues... It would also limit cooperation with international partners on space, which is often done through embassies in Washington. NASA works with foreign partners on a range of projects, including the International Space Station and returning to the moon. The European Space Agency, for example, plans to provide modules for Gateway, a lunar space station that is central to NASA's Artemis program to land American astronauts back on the moon... The agency also helps coordinate support from foreign nations for the Artemis accords, which set goals for transparency and data sharing — and help create a level of trust in an unregulated part of the universe. But the reallocation could have some benefits. Such a move would bring headquarters employees closer to the processes they manage. And it would give legislative liaison staff a chance to interact with lawmakers in their districts. "You're probably getting a lot more time with [lawmakers] at the local center or hosting events in the state or district," said Tom Culligan, a longtime space lobbyist,, the space industry lobbyist.

Read more of this story at Slashdot.

Hungary's Parliament not only voted to ban Pride events. They also voted to "allow authorities to use facial recognition software to identify attenders and potentially fine them," reports the Guardian. [The nationwide legislation] amends the country's law on assembly to make it an offence to hold or attend events that violate Hungary's contentious "child protection" legislation, which bars any "depiction or promotion" of homosexuality to minors under the age of 18. The legislation was condemned by Amnesty International, which described it as the latest in a series of discriminatory measures the Hungarian authorities have taken against LGBTQ+ people... Organisers said they planned to go ahead with the march in Budapest, despite the law's stipulation that those who attend a prohibited event could face fines of up to 200,000 Hungarian forints [£425 or $549 U.S. dollars].

Read more of this story at Slashdot.

"Italy is using its Piracy Shield law to go after Google," reports Ars Technica, "with a court ordering the Internet giant to immediately begin poisoning its public DNS servers" to prevent people from reaching pirate streams of football games. "Italy's communication regulator praises the ruling and hopes to continue sticking it to international tech firms." Spotted by TorrentFreak, AGCOM Commissioner Massimiliano Capitanio took to LinkedIn to celebrate the ruling, as well as the existence of the Italian Piracy Shield. "The Judge confirmed the value of AGCOM's investigations, once again giving legitimacy to a system for the protection of copyright that is unique in the world," said Capitanio. Capitanio went on to complain that Google has routinely ignored AGCOM's listing of pirate sites, which are supposed to be blocked in 30 minutes or less under the law. He noted the violation was so clear-cut that the order was issued without giving Google a chance to respond, known as inaudita altera parte in Italian courts.

Read more of this story at Slashdot.

"China is considering trying to blunt greater U.S. tariffs and other trade barriers," reports the Wall Street Journal, "by offering to curb the quantity of certain goods exported to the U.S., according to advisers to the Chinese government." Tokyo's adoption of so-called voluntary export restraints, or VERs, to limit its auto shipments to the U.S. in the 1980s helped prevent Washington from imposing higher import duties. A similar move from Beijing, especially in sectors of key concern to Washington, like electric vehicles and batteries, would mitigate criticism from the U.S. and others over China's "economic imbalances": heavily subsidized companies making stuff for slim profits but saturating global markets, to the detriment of other countries' manufacturers... The Xi leadership has indicated a desire to cut a deal with the Trump administration to head off greater trade attacks... Similar to Japan, the Chinese advisers say, Beijing may also consider negotiating export restraints on EVs and batteries in return for investment opportunities in those sectors in the U.S. In some officials' views, they say, that might be an attractive offer to Trump, who at times has indicated an openness to more Chinese investment in the U.S. even though members of his administration firmly oppose it. The article notes agreements like this are also hard to enforce, "particularly when Chinese companies export to the U.S. from third countries including Mexico and Vietnam."

Read more of this story at Slashdot.

Besides administering standardized pre-college tests, America's nonprofit College Board designs college-level classes that high school students can take. But now they're also crafting courses "not just with higher education at the table, but industry partners such as the U.S. Chamber of Commerce and the technology giant IBM," reports Education Week. "The organization hopes the effort will make high school content more meaningful to students by connecting it to in-demand job skills." It believes the approach may entice a new kind of AP student: those who may not be immediately college-bound.... The first two classes developed through this career-driven model — dubbed AP Career Kickstart — focus on cybersecurity and business principles/personal finance, two fast-growing areas in the workforce." Students who enroll in the courses and excel on a capstone assessment could earn college credit in high school, just as they have for years with traditional AP courses in subjects like chemistry and literature. However, the College Board also believes that students could use success in the courses as a selling point with potential employers... Both the business and cybersecurity courses could also help fulfill state high school graduation requirements for computer science education... The cybersecurity course is being piloted in 200 schools this school year and is expected to expand to 800 schools next school year... [T]he College Board is planning to invest heavily in training K-12 teachers to lead the cybersecurity course. IBM's director of technology, data and AI called the effort "a really good way for corporations and companies to help shape the curriculum and the future workforce" while "letting them know what we're looking for." In the article the associate superintendent for teaching at a Chicago-area high school district calls the College Board's move a clear signal that "career-focused learning is rigorous, it's valuable, and it deserves the same recognition as traditional academic pathways." Also interesting is why the College Board says they're doing it: The effort may also help the College Board — founded more than a century ago — maintain AP's prominence as artificial intelligence tools that can already ace nearly every existing AP test on an ever-greater share of job tasks once performed by humans. "High schools had a crisis of relevance far before AI," David Coleman, the CEO of the College Board, said in a wide-ranging interview with EdWeek last month. "How do we make high school relevant, engaging, and purposeful? Bluntly, it takes [the] next generation of coursework. We are reconsidering the kinds of courses we offer...." "It's not a pivot because it's not to the exclusion of higher ed," Coleman said. "What we are doing is giving employers an equal voice." Thanks to long-time Slashdot reader theodp for sharing the article.

Read more of this story at Slashdot.

The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore "are likely customers of Israeli spyware maker Paragon Solutions," reports TechCrunch, "according to a new technical report by a renowned digital security lab." On Wednesday, The Citizen Lab, a group of academics and security researchers housed at the University of Toronto that has investigated the spyware industry for more than a decade, published a report about the Israeli-founded surveillance startup, identifying the six governments as "suspected Paragon deployments." At the end of January, WhatsApp notified around 90 users that the company believed were targeted with Paragon spyware, prompting a scandal in Italy, where some of the targets live... Paragon's executive chairman John Fleming told TechCrunch that the company "licenses its technology to a select group of global democracies — principally, the United States and its allies." Israeli news outlets reported in late 2024 that U.S. venture capital AE Industrial Partners had acquired Paragon for at least $500 million upfront.... Among the suspected customer countries, Citizen Lab singled out Canada's Ontario Provincial Police (OPP), which specifically appears to be a Paragon customer given that one of the IP addresses for the suspected Canadian customer is linked directly to the OPP. In a related development the Guardian reports that a prominent activist in Italy "has warned the international criminal court that his mobile phone was under surveillance" when he was providing them confidential information about torture victims in Libya. Both articles submitted by long-time Slashdot reader ISayWeOnlyToBePolite.

Read more of this story at Slashdot.

This week the "Old Vintage Computing Research" blog published a 21,000-word exploration of the DEC PDP-11, the 16-bit minicomputer sold by Digital Equipment Corporation. Slashdot reader AndrewZX calls the blog post "an excellent deep dive" into the machine's history and capabilities "and the classic Venix UNIX that it ran." The blogger still owns a working 1984 DEC Professional 380, "a tank of a machine, a reasonably powerful workstation, and the most practical PDP-adjacent thing you can actually slap on a (large) desk." But more importantly, "It runs PRO/VENIX, the only official DEC Unix option for the Pros." In that specific market it was almost certainly the earliest such licensed Unix (in 1983) and primarily competed against XENIX, Microsoft's dominant "small Unix," which first emerged for XT-class systems as SCO XENIX in 1984. You'd wonder how rogue processes could be prevented from stomping on each other in such systems when neither the Intel 8086/8088 nor the IBM PC nor the PC/XT had a memory management unit, and the answer was not to try and just hope for the best. It was for this reason that IBM's own Unix variant PC/IX, developed by Interactive Systems Corporation under contract as their intended AT&T killer, was multitasking but single-user since in such an architecture there could be no meaningful security guarantees... One of Venix's interesting little idiosyncrasies, seen in all three Pro versions, was the SUPER> prompt when you've logged on as root (there is also a MAINT> prompt when you're single-user... Although Bill Gates had been their biggest nemesis early on, most of the little Unices that flourished in the 1980s and early 90s met their collective demise at the hands of another man: Linus Torvalds. The proliferation of free Unix alternatives like Linux on commodity PC hardware caused the bottom to fall out of the commercial Unix market. The blogger even found a 1989 log for the computer's one and only guest login session — which seems to consist entirely of someone named tom trying to exit vi. But the most touching part of the article comes when the author discovers a file named /thankyou that they're certain didn't come with the original Venix. It's an ASCII drawing of a smiling face, under the words "THANK YOU FOR RESCUING ME". "It's among the last files created on the system before it came into my possession..." It's all a fun look back to a time when advances in semiconductor density meant microcomputers could do nearly as much as the more expensive minicomputers (while taking up less space) — leaving corporations pondering the new world that was coming: As far back as 1974, an internal skunkworks unit had presented management with two small systems prototypes described as a PDP-8 in a VT50 terminal and a portable PDP-11 chassis. Engineers were intrigued but sales staff felt these smaller versions would cut into their traditional product lines, and [DEC president Ken] Olsen duly cancelled the project, famously observing no one would want a computer in their home.

Read more of this story at Slashdot.

Was the cutting of undersea cables part of a larger pattern? Russia and its proxies are accused by western officials of "staging dozens of attacks and other incidents across Europe since the invasion of Ukraine three years ago," reports the Associated Press. That includes cyberattacks and committing acts of sabotage/vandalism/arson, as well as spreading propaganda and even plotting killings, according to the article. ("Western intelligence agencies uncovered what they said was a Russian plot to kill the head of a major German arms manufacturer that is a supplier of weapons to Ukraine...") The news agency documented 59 incidents "in which European governments, prosecutors, intelligence services or other Western officials blamed Russia, groups linked to Russia or its ally Belarus." [Western officials] allege the disruption campaign is an extension of Russian President Vladimir Putin's war, intended to sow division in European societies and undermine support for Ukraine... The incidents range from stuffing car tailpipes with expanding foam in Germany to a plot to plant explosives on cargo planes. They include setting fire to stores and a museum, hacking that targeted politicians and critical infrastructure, and spying by a ring convicted in the U.K. Richard Moore, the head of Britain's foreign intelligence service, called it a "staggeringly reckless campaign" in November... The cases are varied, and the largest concentrations are in countries that are major supporters of Ukraine... In about a quarter of the cases, prosecutors have brought charges or courts have convicted people of carrying out the sabotage. But in many more, no specific culprit has been publicly identified or brought to justice. Despite that, "more and more governments are publicly attributing attacks to Russia," the article points out. This week a nonprofit, bipartisan think tank on global policy released a report which "found that Russian attacks in Europe quadrupled from 2022 to 2023 and then tripled again from 2023 to 2024," reports the New York Times. Prime Minister Donald Tusk of Poland noted in a social media post on Monday that Lithuanian officials had confirmed his assessment that Russia was responsible for a series of fires in shopping centers in Warsaw and Vilnius, the Lithuanian capital...

Read more of this story at Slashdot.

Slashdot reader Required Snark shared this article from Phys.org: In the realm of science fiction, [sun-energy capturing] Dyson spheres and ringworlds have been staples for decades. But it is well known that the simplest designs are unstable against gravitational forces and would thus be torn apart. Now a scientist from Scotland, UK has shown that certain configurations of these objects near a two-mass system can be stable against such fractures... [A] rigid ring around a star or planet, as in Larry Niven's "Ringworld" series of novels, is also unstable, as it would drift under any slight gravitational differences and collide with the star. So [engineering science professor Colin] McInnes considered a restricted three-body problem where two equal masses orbit each other circularly with a uniform ring of infinitesimal mass rotating in their orbital plane. The ring could enclose both masses, just one or none... McInnes also investigated a shell-restricted three-body problem with the shell also of infinitesimal mass, again with the shell enclosing two masses, one or none. For the restricted ring, McInnes found that there are seven equilibrium points in the orbital plane of the dual masses, on which, if the ring's center were placed, it would stay and not experience stresses, akin to the three stable Lagrange points where a small mass can reside permanently for the two-body problem... McInnes restricted this research to a planar ring (in the plane of the circularly orbiting masses) but says it can be shown that a vertical ring, normal to the plane, can also generate equilibria... These results can aid the search for extraterrestrial intelligence, McInnes said, "If we can understand when such structures can be stable, then this could potentially help direct future SETI surveys." An important technosignature would be one bright star orbiting in tandem with an object showing a strong infrared excess. Shells around a sun-exoplanet pair or an exoplanet-exoplanet pair could also be possible. A nested set of Dyson spheres is also a feasible geometry. In 2003 Ringworld author Larry Niven answered questions from Slashdot readers...

Read more of this story at Slashdot.

"I intend to sue the National Archives," said Joseph diGenova, an 80-year-old former Trump campaign lawyer (and a U.S. Attorney from 1983 to 1988). While releasing 63,000 unredacted pages about the 1963 assassination of President Kennedy, the U.S. government erroneously "made public the Social Security numbers and other sensitive personal information of potentially hundreds of former congressional staffers and other people," reports USA Today. ("It is virtually impossible to tell the scope of the breach because the National Archives put them online without a way to search them by keyword, some JFK files experts and victims of the information release told USA TODAY...") Mark Zaid, a national security lawyer who represented current and former spies and other officials in cases against the government, told USA Today that he "saw a few names I know and I informed them of the breach... Hundreds were doxxed but of that number I don't know how many are still living." Zaid, who has fought for decades for the JFK records to be made public, said many of the thousands of investigative documents had been made public long ago with everything declassified and unredacted except for the personal information. Releasing that information now, he told USA TODAY, poses significant threats to those whose information is now public, including dates and places of birth, but especially their Social Security numbers. "The purpose of the release was to inform the public about the JFK assassination, not to help permit identity theft of those who actually investigated the events of that day," Zaid said. The Associated Press reported Thursday afternoon that government officials "said they are still screening the records to identify all the Social Security numbers that were released." One of the newly unredacted documents... discloses the Social Security numbers of more than two dozen people seeking security clearances in the 1990s to review JFK-related documents for the Assassination Records Review Board.

Read more of this story at Slashdot.

Founded in 1979, the Association for the Advancement of AI is an international scientific society. Recently 25 of its AI researchers surveyed 475 respondents in the AAAI community about "the trajectory of AI research" — and their results were surprising. Futurism calls the results "a resounding rebuff to the tech industry's long-preferred method of achieving AI gains" — namely, adding more hardware: You can only throw so much money at a problem. This, more or less, is the line being taken by AI researchers in a recent survey. Asked whether "scaling up" current AI approaches could lead to achieving artificial general intelligence (AGI), or a general purpose AI that matches or surpasses human cognition, an overwhelming 76 percent of respondents said it was "unlikely" or "very unlikely" to succeed... "The vast investments in scaling, unaccompanied by any comparable efforts to understand what was going on, always seemed to me to be misplaced," Stuart Russel, a computer scientist at UC Berkeley who helped organize the report, told New Scientist. "I think that, about a year ago, it started to become obvious to everyone that the benefits of scaling in the conventional sense had plateaued...." In November last year, reports indicated that OpenAI researchers discovered that the upcoming version of its GPT large language model displayed significantly less improvement, and in some cases, no improvements at all than previous versions did over their predecessors. In December, Google CEO Sundar Pichai went on the record as saying that easy AI gains were "over" — but confidently asserted that there was no reason the industry couldn't "just keep scaling up." Cheaper, more efficient approaches are being explored. OpenAI has used a method known as test-time compute with its latest models, in which the AI spends more time to "think" before selecting the most promising solution. That achieved a performance boost that would've otherwise taken mountains of scaling to replicate, researchers claimed. But this approach is "unlikely to be a silver bullet," Arvind Narayanan, a computer scientist at Princeton University, told New Scientist.

Read more of this story at Slashdot.

Two "groundbreaking research reports" on open source security were announced this week by the Linux Foundation in partnership with the Open Source Security Foundation (OpenSSF) and Linux Foundation Europe. The reports specifically address the EU's Cyber Resilience Act (or CRA) and "highlight knowledge gaps and best practices for CRA compliance." "Unaware and Uncertain: The Stark Realities of CRA-Readiness in Open Source" includes a survey which found that when it comes to CRA requirements, 62% of respondents were either "not familiar at all" (36%) or "slightly familiar" (26%) — while 51% weren't sure about its deadlines. ("Only 28% correctly identified 2027 as the target year for full compliance," according to one infographic, which adds that CRA "is expected to drive a 6% average price increase, though 53% of manufacturers are still assessing pricing impacts.") Manufacturers, who bear primary responsibility, lack readiness — many [46%] passively rely on upstream security fixes, and only a small portion produce Software Bills of Materials (SBOMs). The report recommends that manufacturers take a more active role in open source security, that more funding and legal support is needed to support security practices, and that clear regulatory guidance is essential to prevent unintended negative impacts on open source development. The research also provides "an in-depth analysis of how open collaboration can strengthen software security and innovation across global markets," with another report that "examines how three Linux Foundation projects are meeting the CRA's minimum compliance requirements" and "provides insight on the elements needed to ensure leadership in cybersecurity best practices." (It also includes CRA-related resources.) "These two reports offer actionable conclusions for open source stakeholders to ready themselves for 2027, when the CRA comes into force," according to a Linux Foundation reserach executive cited in the announcement. "We hope that these reports catalyze higher levels of collaboration across the open source community."

Read more of this story at Slashdot.

The following vulnerabilities have been discovered in the WebKitGTK web engine:

CVE-2024-44192

Tashita Software Security discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-54467

Narendra Bhati discovered that a malicious website may exfiltrate data cross-origin.

CVE-2025-24201

Apple discovered that maliciously crafted web content may be able to break out of Web Content sandbox.

https://security-tracker.debian.org/tracker/DSA-5885-1

Ivan Fratric discovered two use-after-free vulnerabilities in libxslt, an XSLT processing runtime library, which may result in the execution of arbitrary code if a specially crafted files are processed.

https://security-tracker.debian.org/tracker/DSA-5884-1

Computer programming jobs in the US have declined by more than a quarter over the past two years, placing the profession among the 10 hardest-hit occupations of 420-plus jobs tracked by the Bureau of Labor Statistics and potentially signaling the first concrete evidence of artificial intelligence replacing workers. The timing coincides with OpenAI's release of ChatGPT in late 2022. Anthropic researchers found people use AI to perform programming tasks more than those of any other job, though 57 percent of users employ AI to augment rather than automate work. "Without getting hysterical, the unemployment jump for programming really does look at least partly like an early, visible labor market effect of AI," said Mark Muro of the Brookings Institution. While software developer positions have remained stable with only a 0.3 percent decline, programmers who perform more routine coding from specifications provided by others have seen their ranks diminish to levels not seen since 1980. Economists caution that high interest rates and post-pandemic tech industry contraction have also contributed to the decline in programming jobs, which typically pay $99,700 compared to $132,270 for developers.

Read more of this story at Slashdot.