"Homebrew, the package manager for macOS and Linux, just got a handy new feature in the latest v5.0.4 update," reports How-To Geek.

Brewfile install scripts "are now more like a one-stop shop for installing software, as Flatpaks are now supported alongside Brew packages, Mac App Store Apps, and other packages." For those times when you need to install many software packages at once, like when setting up a new PC or virtual machine, you can create a Brewfile with a list of packages and run it with the 'brew bundle' command. However, the Brewfile isn't limited to just Homebrew packages. You can also use it to install Mac App Store apps, graphical apps through Casks, Visual Studio Code extensions, and Go language packages. Starting with this week's Homebrew v5.0.4 release, Flatpaks are now supported in Brewfiles as well...

This turns Homebrew into a fantastic setup tool for macOS, Linux, and Windows Subsystem for Linux (WSL) environments. You can have one script with all your preferred software, and use 'if' statements with platform variables and existing file checks for added portability.

Today America's college professors "struggle to accommodate the many students with an official disability designation," reports the Atlantic, "which may entitle them to extra time, a distraction-free environment, or the use of otherwise-prohibited technology."

Their staff writer argues these accommodations "have become another way for the most privileged students to press their advantage." [Over the past decade and a half] the share of students at selective universities who qualify for accommodations — often, extra time on tests — has grown at a breathtaking pace. At the University of Chicago, the number has more than tripled over the past eight years; at UC Berkeley, it has nearly quintupled over the past 15 years. The increase is driven by more young people getting diagnosed with conditions such as ADHD, anxiety, and depression, and by universities making the process of getting accommodations easier. The change has occurred disproportionately at the most prestigious and expensive institutions. At Brown and Harvard, more than 20 percent of undergraduates are registered as disabled. At Amherst, that figure is 34 percent. Not all of those students receive accommodations, but researchers told me that most do. The schools that enroll the most academically successful students, in other words, also have the largest share of students with a disability that could prevent them from succeeding academically. "You hear 'students with disabilities' and it's not kids in wheelchairs," one professor at a selective university, who requested anonymity because he doesn't have tenure, told me. "It's just not. It's rich kids getting extra time on tests...."

Recently, mental-health issues have joined ADHD as a primary driver of the accommodations boom. Over the past decade, the number of young people diagnosed with depression or anxiety has exploded. L. Scott Lissner, the ADA coordinator at Ohio State University, told me that 36 percent of the students registered with OSU's disability office have accommodations for mental-health issues, making them the largest group of students his office serves. Many receive testing accommodations, extensions on take-home assignments, or permission to miss class. Students at Carnegie Mellon University whose severe anxiety makes concentration difficult might get extra time on tests or permission to record class sessions, Catherine Samuel, the school's director of disability resources, told me. Students with social-anxiety disorder can get a note so the professor doesn't call on them without warning... Some students get approved for housing accommodations, including single rooms and emotional-support animals. Other accommodations risk putting the needs of one student over the experience of their peers. One administrator told me that a student at a public college in California had permission to bring their mother to class. This became a problem, because the mom turned out to be an enthusiastic class participant. Professors told me that the most common — and most contentious — accommodation is the granting of extra time on exams...

Several of the college students I spoke with for this story said they knew someone who had obtained a dubious diagnosis... The surge itself is undeniable. Soon, some schools may have more students receiving accommodations than not, a scenario that would have seemed absurd just a decade ago. Already, at one law school, 45 percent of students receive academic accommodations. Paul Graham Fisher, a Stanford professor who served as co-chair of the university's disability task force, told me, "I have had conversations with people in the Stanford administration. They've talked about at what point can we say no? What if it hits 50 or 60 percent? At what point do you just say 'We can't do this'?" This year, 38 percent of Stanford undergraduates are registered as having a disability; in the fall quarter, 24 percent of undergraduates were receiving academic or housing accommodations.

"First the penny. Next, paper checks?" asks CNN: When the U.S. Mint stopped making pennies last month for the first time in 238 years, it drew a lot of attention. But there have been quiet moves to stop using paper checks as well. The government stopped sending out most paper checks to recipients as of the end of September, part of an effort to fully modernize federal benefits payments. And on Thursday the Federal Reserve put out a notice that suggested it is considering — but only considering — the "winding down" of checking services it now provides for banks.

The central bank's statement said that as an alternative to winding down those services, it is mulling more investment in its check processing services, but noted that would come at a higher cost. But it is also considering not making any such investments, in order to keep costs roughly unchanged. That would lead to reduced reliability of those services going forward. "Over time, check use has steadily declined, digital payment methods have grown in availability and use, and check fraud has risen," said the notice from the Fed. "Also, the Reserve Banks will need to make substantial investments in their check infrastructure to continue providing the same level of check services going forward."

A report from the Federal Reserve Bank of Atlanta in June found that as of last year, more than 90% of surveyed consumers said they prefer to use something other than a check for paying bills, and just 6% paid by check. That's a sharp drop from the 18% of bills paid by checks as recently as 2017. Consumers also reported they view checks as second-worst for convenience and speed of payment, ahead of only money orders. And they're ranked as the least secure form of any payment other than cash.

But even if it's true that options such as direct deposit, automatic bill paying and electronic payment systems such as Venmo, PayPal and Zelle have all reduced the need for traditional checks, paper checks are still an important part of the payment system. They make up about 5% of transactions and represent 21% of the value of all those payments, according to a statement from Michelle Bowman, the Fed's vice chair for supervision, who dissented from the Fed's Thursday statement.

What happened when a school in Los Angeles gave a sixth grader an iPad for use throughout the school day? "He used the iPad during school to watch YouTube and participate in Fortnite video game battles," reports NBC News.

His mother has now launched a coalition of parents called Schools Beyond Screens "organizing in WhatsApp groups, petition drives and actions at school board meetings and demanding meetings with district administrators, pressuring them to pull back on the school-mandated screen time." Los Angeles Unified is the first district of its size to face an organized — and growing — campaign by parents demanding that schools pull back on mandatory screen time. The discontent in Los Angeles Unified, the second-largest school district in the country, reflects a growing unease nationally about the amount of time children spend learning through screens in classrooms. While a majority of states prohibit children from using cellphones in class, 88% of schools provide students with personal devices, according to the National Center for Education Statistics, often Chromebook laptops or iPads. The parents hope getting a district that has over 409,000 students across nearly 800 schools to change how it approaches screen time would send a signal across public school districts to pull back from a yearslong effort to digitize classrooms....

[In the Los Angeles school district] Students in grade levels as low as kindergarten are provided iPads, and some schools require them to take the tablets home. Some teachers have allowed students to opt out of the iPad-based assignments, but other parents say they've been told that they can't. Parents can also opt their children out of having access to YouTube and several other Google products... The billion-dollar 2014 initiative to give tablet computers to everyone became a scandal after the bidding process appeared to heavily favor Apple, and it faced criticism once it became clear that students could bypass security protocols and that few teachers used the tablets. Currently, the district leaves it up to individual schools to decide whether they want students to take home iPads or Chromebooks every day and how much time they spend on them in class...

Around 300 parents attended listening sessions the district held last month about technology in the classroom. Nearly all who spoke criticized how much screen time schools gave their children in class, pointing to ways their behavior and grades suffered as students watched YouTube and played Minecraft... Several also asked district officials to explain why children as young as kindergartners were asked to sign a form to use devices in which they promised they would honor intellectual property law and refrain from meeting people in person whom they met online. "Is it possible for children to meet people over the internet on school-issued devices?" one father asked. The district officials declined to answer, saying it was meant to be a listening session.
In 2022, Los Angeles Unified started requiring students to complete benchmark assessments on educaitonal software i-Ready, the article points out, which generates unique questions for each students. "But parents and teachers are unable to see what children are asked, in part because the company that makes the program considers them proprietary information..."

One teacher says his school's administartors are requiring him to use i-Ready even though it doesn't have any material for the science class he's actually teaching. He's also noticed some students will use answers from AI chatbots, bypassing the school's monitoring software by creating alternate user profiles. But the monitoring software company suggests the school misconfigured their software's settings, adding "More commonly, when students attempt to bypass filtering or monitoring, they do so by using proxies."

Thanks to long-time Slashdot reader schwit1 for sharing the article.

Meta has officially confirmed it is shifting investment away from the metaverse and VR toward AI-powered smart glasses, following a Bloomberg report of an up to 30% budget cut for Reality Labs. "Within our overall Reality Labs portfolio we are shifting some of our investment from Metaverse toward AI glasses and Wearables given the momentum there," a statement from Meta reads. "We aren't planning any broader changes than that." From the report: Following Bloomberg's report, other mainstream news outlets including The New York Times, The Wall Street Journal, and Business Insider have published their own reports corroborating the general claim, with slightly differing details...

Business Insider's report suggests that the cuts will primarily hit Horizon Worlds, and that employees are facing "uncertainty" about whether this will involve layoffs. One likely cut BI's report mentions is the funding for third-party studios to build Horizon Worlds content. The New York Times report, on the other hand, seems more definitive in stating that these cuts will come via layoffs. The Reality Labs division "has racked up more than $70 billion in losses since 2021," notes Fortune in their reporting, "burning through cash on blocky virtual environments, glitchy avatars, expensive headsets, and a user base of approximately 38 people as of 2022."

U.S. and Canadian cybersecurity agencies say Chinese-linked actors deployed "Brickstorm" malware to infiltrate critical infrastructure and maintain long-term access for potential sabotage. Reuters reports: The Chinese-linked hacking operations are the latest example of Chinese hackers targeting critical infrastructure, infiltrating sensitive networks and "embedding themselves to enable long-term access, disruption, and potential sabotage," Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency, said in an advisory signed by CISA, the National Security Agency and the Canadian Centre for Cyber Security. According to the advisory, which was published alongside a more detailed malware analysis report (PDF), the state-backed hackers are using malware known as "Brickstorm" to target multiple government services and information technology entities. Once inside victim networks, the hackers can steal login credentials and other sensitive information and potentially take full control of targeted computers.

In one case, the attackers used Brickstorm to penetrate a company in April 2024 and maintained access through at least September 3, 2025, according to the advisory. CISA Executive Assistant Director for Cybersecurity Nick Andersen declined to share details about the total number of government organizations targeted or specifics around what the hackers did once they penetrated their targets during a call with reporters on Thursday. The advisory and malware analysis reports are based on eight Brickstorm samples obtained from targeted organizations, according to CISA. The hackers are deploying the malware against VMware vSphere, a product sold by Broadcom's VMware to create and manage virtual machines within networks. [...] In addition to traditional espionage, the hackers in those cases likely also used the operations to develop new, previously unknown vulnerabilities and establish pivot points to broader access to more victims, Google said at the time.

On Dec. 2, QuickTime turned 34, and despite its origins in Apple's chaotic 1990s (1991 to be exact), "it's still the backbone of video on our devices," writes Macworld's Jason Snell. That includes MP4 and Apple's immersive video formats for Vision Pro. From the report: By the late '80s and early '90s, digital audio had been thoroughly integrated into Macs. (PCs needed add-on cards to do much more than issue beeps.) The next frontier was video, and even better, synchronized video and audio. There were a whole lot of challenges: the Macs of the day were not really powerful to decode and display more than a few frames per second, which was more of a slideshow than a proper video. Also, the software written to decode and encode such video (called codecs) was complex and expensive, and there were lots of different formats, making file exchange unreliable.

Apple's solution wasn't to invent entirely new software to cover every contingency, but to build a framework for multimedia creation and playback that could use different codecs as needed. At its heart was a file that was a container for other streams of audio and video in various formats: the QuickTime Movie, or MOV.

[...] QuickTime's legacy lives on. At a recent event I attended at Apple Park, Apple's experts in immersive video for the Vision Pro pointed out that the standard format for immersive videos is, at its heart, a QuickTime container. And perhaps the most ubiquitous video container format on the internet, the MP4 file? That standard file format is actually a container format that can encompass different kinds of audio, video, and other information, all in one place. If that sounds familiar, that's because MPEG-4 is based on the QuickTime format.

Thirty-four years later, QuickTime may seem like a quaint product of a long-lost era of Apple. But the truth is, it's become an integral part of the computing world, so pervasive that it's almost invisible. I'd like to forget most of what happened at Apple in the early 1990s, but QuickTime definitely deserves our appreciation.

Netflix says its open AV1 video codec now powers about 30% of all streaming on the platform and is rapidly becoming its primary delivery format thanks to major gains in compression, bandwidth efficiency, HDR support, and film-grain rendering. TVTechnology reports: The blog by Liwei Guo, Zhi Li, Sheldon Radford and Jeff Watts comes at a time when AV2 is on the horizon. [...] The blog revisits Netflix's AV1 journey to date, highlights emerging use cases, and shares adoption trends across the device ecosystem. It noted that since entering the streaming business in 2007, Netflix has primarily relied on H.264/AVC as its streaming format. "Looking ahead, we are excited about the forthcoming release of AV2, announced by the Alliance for Open Media for the end of 2025," said the authors. "AV2 is poised to set a new benchmark for compression efficiency and streaming capabilities, building on the solid foundation laid by AV1. At Netflix, we remain committed to adopting the best open technologies to delight our members around the globe. While AV2 represents the future of streaming, AV1 is very much the present -- serving as the backbone of our platform and powering exceptional entertainment experiences across a vast and ever-expanding ecosystem of devices."

NASA and CNES's SWOT satellite captured the first high-resolution, wide-swath image of a major tsunami in the open ocean after the July 2025 Kuril-Kamchatka quake. "Instead of a single neat crest racing across the basin, the image revealed a complicated, braided pattern of energy dispersing and scattering over hundreds of miles," reports Earth.com. "These are details that traditional instruments almost never resolve. They suggest the physics we use to forecast tsunami hazards -- especially the assumption that the largest ocean-crossing waves travel as largely "non-dispersive" packets -- need a revision." From the report: Three takeaways emerge. First, high-resolution satellite altimetry can see the internal structure of a tsunami in mid-ocean, not just its presence. Second, researchers now argue that dispersion -- often downplayed for great events -- may shape how energy spreads into leading and trailing waves, which could alter run-up timing and the force on harbor structures. Third, combining satellite swaths, DART time series, seismic records, and geodetic deformation gives a more faithful picture of the source and its evolution along strike.

For tsunami modelers and hazard planners, the message is equal parts caution and opportunity. The physics now has to catch up with the complexity that SWOT has revealed, and planners need forecasting systems that can merge every available data stream. The waves won't get any simpler -- but our predictions can get a lot sharper. The findings have been published in the journal The Seismic Record.

Longtime Slashdot reader williamyf writes: The Italian company Bending Spoons seems to be on an acquisitions spree. Their recent acquisitions of AOL and Vimeo are not yet finalized, yet on Dec. 2 they announced they are buying Eventbrite, a company specializing in publicizing and organizing local events, for just half a milliard USD. Bending Spoons' portfolio also includes other companies like Evernote and WeTransfer. Further reading: Private Equity Hipsters Are Coming For Your Favorite Apps (2024)

An anonymous reader quotes a report from the Guardian: Almost three in 10 GPs in the UK are using AI tools such as ChatGPT in consultations with patients, even though it could lead to them making mistakes and being sued, a study reveals. The rapid adoption of AI to ease workloads is happening alongside a "wild west" lack of regulation of the technology, which is leaving GPs unaware which tools are safe to use. That is the conclusion of research by the Nuffield Trust thinktank, based on a survey of 2,108 family doctors by the Royal College of GPs about AI and on focus groups of GPs.

Ministers hope that AI can help reduce the delays patients face in seeing a GP. The study found that more and more GPs were using AI to produce summaries of appointments with patients, assisting their diagnosis of the patient's condition and routine administrative tasks. In all, 598 (28%) of the 2,108 survey respondents said they were already using AI. More male (33%) than female (25%) GPs have used it and far more use it in well-off than in poorer areas.

It is moving quickly into more widespread use. However, large majorities of GPs, whether they use it or not, worry that practices that adopt it could face "professional liability and medico-legal issues," and "risks of clinical errors" and problems of "patient privacy and data security" as a result, the Nuffield Trust's report says. [...] In a blow to ministerial hopes, the survey also found that GPs use the time it saves them to recover from the stresses of their busy days rather than to see more patients. "While policymakers hope that this saved time will be used to offer more appointments, GPs reported using it primarily for self-care and rest, including reducing overtime working hours to prevent burnout," the report adds.

A London Assembly report warns that surging demand from "energy-hungry" data centers is straining the electricity grid and delaying new housing developments. With data-center electricity use expected to rise up to 600% by 2050, officials fear London's housing crisis could worsen without coordinated action. The BBC reports: According to the report (PDF) from the London Assembly Planning and Regeneration Committee, some new housing developments in west London were temporarily delayed after the electricity grid reached full capacity. The committee's chair James Small-Edwards said energy capacity had become a "real constraint" on housing and economic growth in the city.

In 2022, the General London Assembly (GLA) began to investigate delays to housing developments in the boroughs of Ealing, Hillingdon and Hounslow - after it received reports that completed projects were being told they would have to "wait until 2037" to get a connection to the electricity grid. There were fears the boroughs may have to "pause new housing altogether" until the issue was resolved. But the GLA found short-term fixes with the National Grid and energy regulator Ofgem to ensure the "worst-case scenario" did not happen -- though several projects were still set back. The strains on parts of London's housing highlighted the need for "longer term planning" around grid capacity in the future, said the report.

Nature has retracted a headline-grabbing climate-economics study after critics found flawed data that massively inflated its predicted global economic collapse. The New York Times reports: The decision came after a team of economists noticed problems with the data for one country, Uzbekistan, that significantly skewed the results. If Uzbekistan were excluded, they found, the damages would look similar to earlier research (PDF). Instead of a 62 percent decline in economic output by 2100 in a world where carbon emissions continue unabated, global output would be reduced by 23 percent.

Of course, erasing more than 20 percent of the world's economic activity would still be a devastating blow to human welfare. The paper's detractors emphasize that climate change is a major threat, as recent meta analyses have found, and that more should be done to address it -- but, they say, unusual results should be treated skeptically. "Most people for the last decade have thought that a 20 percent reduction in 2100 was an insanely large number," said Solomon Hsiang, a professor of global environmental policy at Stanford University who co-wrote the critique published in August. "So the fact that this paper is coming out saying 60 percent is off the chart."

An anonymous reader quotes a report from The Verge's Sean Hollister If you wrote off the Steam Frame as yet another VR headset few will want to wear, I guarantee you're not alone. But the Steam Frame isn't just a headset; it's a Trojan horse that contains the tech gamers need to play Steam games on the next Samsung Galaxy, the next Google Pixel, perhaps Arm gaming notebooks to come. I know, because I'm already using that tech on my Samsung Galaxy. There is no official Android version of Hollow Knight: Silksong, one of the best games of 2025, but that doesn't have to stop you anymore. Thanks to a stack of open-source technologies, including a compatibility layer called Proton and an emulator called Fex, games that were developed for x86-based Windows PCs can now run on Linux-based phones with the Arm processor architecture. With Proton, the Steam Deck could already do the Windows-to-Linux part; now, Fex is bridging x86 and Arm, too.

This stack is what powers the Steam Frame's own ability to play Windows games, of course, and it was widely reported that Valve is using the open-source Fex emulator to make it happen. What wasn't widely reported: Valve is behind Fex itself. In an interview, Valve's Pierre-Loup Griffais, one of the architects behind SteamOS and the Steam Deck, tells The Verge that Valve has been quietly funding almost all the open-source technologies required to play Windows games on Arm. And because they're open-source, Valve is effectively shepherding a future where Arm phones, laptops, and desktops could freely do the same. He says the company believes game developers shouldn't be wasting time porting games if there's a better way.

Remember when the Steam Deck handheld showed that a decade of investment in Linux could make Windows gaming portable? Valve paid open-source developers to follow their passions to help achieve that result. Valve has been guiding the effort to bring games to Arm in much the same way: In 2016 and 2017, Griffais tells me, the company began recruiting and funding open-source developers to bring Windows games to Arm chips. Fex lead developer Ryan Houdek tells The Verge he chatted with Griffais himself at conferences those years and whipped up the first prototype in 2018. He tells me Valve pays enough that Fex is his full-time job. "I want to thank the people from Valve for being here from the start and allowing me to kickstart this project," he recently wrote.

404 Media's Claire Woodcock writes: As prices for streaming subscriptions continue to soar and finding movies to watch, new and old, is becoming harder as the number of streaming services continues to grow, people are turning to the unexpected last stronghold of physical media: the public library. Some libraries are now intentionally using iconic Blockbuster branding to recall the hours visitors once spent looking for something to rent on Friday and Saturday nights.

John Scalzo, audiovisual collection librarian with a public library in western New York, says that despite an observed drop-off in DVD, Blu-ray, and 4K Ultra disc circulation in 2019, interest in physical media is coming back around. "People really seem to want physical media," Scalzo told 404 Media. Part of it has to do with consumer awareness: People know they're paying more for monthly subscriptions to streaming services and getting less. The same has been true for gaming.

As the audiovisual selector with the Free Library of Philadelphia since 2024, Kris Langlais has been focused on building the library's video game collections to meet comparable interest in demand. Now that every branch library has a prominent video game collection, Langlais says that patrons who come for the games are reportedly expressing interest in more of what the library has to offer. "Librarians out in our branches are seeing a lot of young people who are really excited by these collections," Langlais told 404 Media. "Folks who are coming in just for the games are picking up program flyers and coming back for something like that." IP disputes are fueling the shift, too.

The report notes how rights and licensing battles are making some films harder to access -- from titles that quietly slip out of commercial circulation, to streaming-only releases that never make it to disc, to entire shows vanishing during mergers like HBO Max-Discovery+. One prominent example is The People's Joker, which was briefly pulled from the Toronto International Film Festival over a conflict with Batman's rightsholders.

Situations like that are pushing librarians to grab physical copies while they still can, before these works risk disappearing altogether.

YouTube has launched its first-ever "Recap" for videos watched on the main platform, giving users personalized cards that showcase their top channels, interests, and a personality type based on their watch habits. The feature rolls out across North America today and globally this week. TechCrunch reports: Users can find their Recap directly on the YouTube homepage or under the "You" tab. Recaps are accessible on mobile devices and desktop. YouTube says the new feature was requested by users and that it conducted over 50 different concept tests before landing on the final product. Alongside the launch of Recap, YouTube also released trend charts showcasing the top creators, podcasts, and songs of the year.

An anonymous reader quotes a report from GamesIndustry.biz: Japanese game makers are struggling to locate affordable commercial fonts after one of the country's leading font licensing services raised the cost of its annual plan from around $380 to $20,500 (USD). As reported by Gamemakers and GameSpark and translated by Automaton, Fontworks LETS discontinued its game license plan at the end of November. The expensive replacement plan -- offered through Fontwork's parent company, Monotype -- doesn't even provide local pricing for Japanese developers, and comes with a 25,000 user-cap, which is likely not workable for Japan's bigger studios.

The problem is further compounded by the difficulties and complexities of securing fonts that can accurately transcribe Kanji and Katakana characters. UI/UX designer Yamanaka stressed that this would be particularly problematic for live service games; even if studios moved quickly and switched to fonts available through an alternate licensee, they will have to re-test, re-validate, and re-QA check content already live and in active use. The crisis could even eventually force some Japanese studios to rebrand entirely if their corporate identity is tied to a commercial font they can no longer afford to license.

During last month's KubeCon North America in Atlanta, Kubernetes maintainers announced the upcoming retirement of Ingress NGINX. "Best-effort maintenance will continue until March 2026," noted the Kubernetes SIG Network and the Security Response Committee. "Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered." In a recent op-ed for The Register, Steven J. Vaughan-Nichols reflects on the decision and speculates about what might have prevented this outcome: Ingress NGINX, for those who don't know it, is an ingress controller in Kubernetes clusters that manages and routes external HTTP and HTTPS traffic to the cluster's internal services based on configurable Ingress rules. It acts as a reverse proxy, ensuring that requests from clients outside the cluster are forwarded to the correct backend services within the cluster according to path, domain, and TLS configuration. As such, it's vital for network traffic management and load balancing. You know, the important stuff.

Now this longstanding project, once celebrated for its flexibility and breadth of features, will soon be "abandonware." So what? After all, it won't be the first time a once-popular program shuffled off the stage. Off the top of my head, dBase, Lotus 1-2-3, and VisiCalc spring to my mind. What's different is that there are still thousands of Ingress NGINX controllers in use. Why is it being put down, then, if it's so popular? Well, there is a good reason. As Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, pointed out: "Ingress NGINX has always struggled with insufficient or barely sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours, and on weekends. Last year, the Ingress NGINX maintainers announced their plans to wind down Ingress NGINX and develop a replacement controller together with the Gateway API community. Unfortunately, even that announcement failed to generate additional interest in helping maintain Ingress NGINX or develop InGate to replace it." [...]

The final nail in the coffin was when security company Wix found a killer Ingress NGINX security hole. How bad was it? Wix declared: "Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, which could lead to complete cluster takeover." [...] You see, the real problem isn't that Ingress NGINX has a major security problem. Heck, hardly a month goes by without another stop-the-presses Windows bug being uncovered. No, the real issue is that here we have yet another example of a mission-critical open source program no one pays to support...

The UK government plans to ban political donations made in cryptocurrency over fears of anonymity, foreign influence, and traceability issues, though the ban won't be ready in time for the upcoming elections bill. The Guardian reports: The government's ambition to ban crypto donations will be a blow to Nigel Farage's Reform UK party, which became the first to accept contributions in digital currency this year. It is believed to have received its first registrable donations in cryptocurrency this autumn and the party has set up its own crypto portal to receive contributions, saying it is subject to "enhanced" checks. Government sources have said ministers believe cryptocurrency donations to be a problem, as they are difficult to trace and could be exploited by foreign powers or criminals.

Pat McFadden, then a Cabinet Office minister, first raised the idea in July, saying: "I definitely think it is something that the Electoral Commission should be considering. I think that it's very important that we know who is providing the donation, are they properly registered, what are the bona fides of that donation." The Electoral Commission provides guidance on crypto donations but ministers accept any ban would probably have to come from the government through legislation. "Crypto donations present real risks to our democracy," said Susan Hawley, the executive director of Spotlight on Corruption. "We know that bad actors like Russia use crypto to undermine and interfere in democracies globally, while the difficulties involved in tracing the true source of transactions means that British voters may not know everyone who's funding the parties they vote for."

An anonymous reader quotes a report from BleepingComputer: The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. The compromise became known when multiple users reported that Play Protect, Android's built-in antivirus module, blocked SmartTube on their devices and warned them of a risk.

The developer of SmartTube, Yuriy Yuliskov, admitted that his digital keys were compromised late last week, leading to the injection of malware into the app. Yuliskov revoked the old signature and said he would soon publish a new version with a separate app ID, urging users to move to that one instead. [...] A user who reverse-engineered the compromised SmartTube version number 30.51 found that it includes a hidden native library named libalphasdk.so [VirusTotal]. This library does not exist in the public source code, so it is being injected into release builds.

[...] The library runs silently in the background without user interaction, fingerprints the host device, registers it with a remote backend, and periodically sends metrics and retrieves configuration via an encrypted communications channel. All this happens without any visible indication to the user. While there's no evidence of malicious activity such as account theft or participation in DDoS botnets, the risk of enabling such activities at any time is high.