"Microsoft's Outlook email service malfunctioned for over 21 hours Wednesday and Thursday," reports CNBC, "prompting some people to post on social media about the inability to reach their virtual mailboxes." The issue began at 6:20 p.m. Eastern time on Wednesday, according to a dashboard the software company maintains. It affected Outlook.com as well as Outlook mobile apps and desktop programs. At 12:21 ET on Thursday, the Microsoft 365 Status account posted that it was rolling out a fix.
Although earlier on Thursday Microsoft posted on X that "We identified an issue with the initial fix, and we've corrected it..."

More details from the Associated Press: Disruptions appeared to peak just before noon ET on Thursday, when more than 2,700 users worldwide reported issues with Outlook, formerly also Hotmail, to outage tracker Downdetector. Some said they encountered problems like loading their inboxes or signing in. By later in the afternoon, reports had fallen to just over a couple hundred...

Microsoft did not immediately provide more information about what had caused the hourslong outage. A spokesperson for Microsoft had no further comment when reached by The Associated Press on Thursday.

An anonymous reader quotes a report from Reuters: Contrary to popular belief, using cutting-edge artificial intelligence tools slowed down experienced software developers when they were working in codebases familiar to them, rather than supercharging their work, a new study found. AI research nonprofit METR conducted the in-depth study on a group of seasoned developers earlier this year while they used Cursor, a popular AI coding assistant, to help them complete tasks in open-source projects they were familiar with. Before the study, the open-source developers believed using AI would speed them up, estimating it would decrease task completion time by 24%. Even after completing the tasks with AI, the developers believed that they had decreased task times by 20%. But the study found that using AI did the opposite: it increased task completion time by 19%. The study's lead authors, Joel Becker and Nate Rush, said they were shocked by the results: prior to the study, Rush had written down that he expected "a 2x speed up, somewhat obviously." [...]

The slowdown stemmed from developers needing to spend time going over and correcting what the AI models suggested. "When we watched the videos, we found that the AIs made some suggestions about their work, and the suggestions were often directionally correct, but not exactly what's needed," Becker said. The authors cautioned that they do not expect the slowdown to apply in other scenarios, such as for junior engineers or engineers working in codebases they aren't familiar with. Still, the majority of the study's participants, as well as the study's authors, continue to use Cursor today. The authors believe it is because AI makes the development experience easier, and in turn, more pleasant, akin to editing an essay instead of staring at a blank page. "Developers have goals other than completing the task as soon as possible," Becker said. "So they're going with this less effortful route."

An anonymous reader quotes a report from Ars Technica: For the second time in a year, Google has announced that it will render some of its past phones almost unusable with a software update, and users don't have any choice in the matter. After nerfing the Pixel 4a's battery capacity earlier this year, Google has now confirmed a similar update is rolling out to the Pixel 6a. The new July Android update adds "battery management features" that will make the phone unusable. Given the risks involved, Google had no choice but to act, but it could choose to take better care of its customers and use better components in the first place. Unfortunately, a lot more phones are about to end up in the trash. [...]

Pixel 4a units contained one of two different batteries, and only the one manufactured by a company called Lishen was downgraded. For the Pixel 6a, Google has decreed that the battery limits will be imposed when the cells hit 400 charge cycles. Beyond that, the risk of fire becomes too great -- there have been reports of Pixel 6a phones bursting into flames. Clearly, Google had to do something, but the remedies it settled on feel unnecessarily hostile to customers. It had a chance to do better the second time, but the solution for the Pixel 6a is more of the same. [...]

When Google killed the Pixel 4a's battery life, it offered a few options. You could have the battery replaced for free, get $50 cash, or accept a $100 credit in the Google Store. However, claiming the money or free battery was a frustrating experience that was rife with fees and caveats. The store credit is also only good on phones and can't be used with other promotions or discounts. And the battery swap? You'd better hope there's nothing else wrong with the device. If it has any damage, like cracked glass, it may not qualify for a free battery replacement.

Now we have the Pixel 6a Battery Performance Program with all the same problems. Pixel 6a owners can get $100 in cash or $150 in store credit. Alternatively, Google offers a free battery replacement with the same limits on phone condition. This is all particularly galling because the Pixel 6a is still an officially supported phone, with its final guaranteed update coming in 2027. Google also pulled previous software packages for this phone to prevent rollbacks. [...] If you have a Pixel 6a, the battery-killing update is rolling out now. You'll have no choice but to install it if you want to remain on the official software. Google has a support site where you can try to get a free battery swap or some cash.

The University of Washington's Paul G. Allen School of Computer Science & Engineering is overhauling its approach to computer science education as AI reshapes the tech industry. Director Magdalena Balazinska has declared that "coding, or the translation of a precise design into software instructions, is dead" because AI can now handle that work.

The Pacific Northwest's premier tech program now allows students to use GPT tools in assignments, requiring them to cite AI as a collaborator just as they would credit input from a fellow student. The school is considering "coordinated changes to our curriculum" after encouraging professors to experiment with AI integration.

The city of Centerville, Ohio has deployed AI-enabled garbage trucks that scan residents' trash and send personalized postcards scolding them for improper recycling. Dayton Daily News reports: "Reducing contamination in our recycling system lowers processing costs and improves the overall efficiency of our collection," City Manager Wayne Davis said in a statement regarding the AI pilot program. "This technology allows us to target problem areas, educate residents and make better use of city resources." Residents whose items don't meet the guidelines will be notified via a personalized postcard, one that tells them which items are not accepted and provides tips on proper recycling.

The total contract amount for the project is $74,945, which is entirely funded through a Montgomery County Solid Waste District grant, Centerville spokeswoman Kate Bostdorff told this news outlet. The project launched Monday, Bostdorff said. "A couple of the trucks have been collecting baseline recycling data, and we have been working through software training for a few weeks now," she said. [...] Centerville said it will continually evaluate how well the AI system works and use what it learns during the pilot project to "guide future program enhancements."

An anonymous reader quotes a report from The Record: A German court has ruled that Meta must pay $5,900 to a German Facebook user who sued the platform for embedding tracking technology in third-party websites -- a ruling that could open the door to large fines down the road over data privacy violations relating to pixels and similar tools. The Regional Court of Leipzig in Germany ruled Friday that Meta tracking pixels and software development kits embedded in countless websites and apps collect users' data without their consent and violate the continent's General Data Protection Regulation (GDPR).

The ruling in favor of the plaintiff sets a precedent which the court acknowledged will allow countless other users to sue without "explicitly demonstrating individual damages," according to a Leipzig Regional Court press release. "Every user is individually identifiable to Meta at all times as soon as they visit the third-party websites or use an app, even if they have not logged in via the Instagram and Facebook account," the press release said. "This may very well be one of the most substantial rulings coming out of Europe this year," said Ronni K. Gothard Christiansen, the CEO of AesirX, a consultancy which helps businesses comply with data privacy laws. "$5,900 in damages for one visitor adds up quickly if you have tens of thousands of visitors, or even millions."

Russia's State Duma rejected legislation that would have legalized ethical hacking, citing national security concerns. Politicians worried that discovering vulnerabilities in software from hostile countries would require sharing those security flaws with foreign companies, potentially enabling strategic exploitation.

The bill also failed to explain how existing laws would accommodate white-hat hacking provisions. Russia's Ministry of Digital Development introduced the proposal in 2022, with a first draft in 2023. Individual security researchers currently face prosecution under Russian Criminal Code for unauthorized computer access, while established cybersecurity companies can conduct limited vulnerability research.

An anonymous reader quotes a report from TechCrunch: On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver "secure" and "private" messaging without a centralized infrastructure. The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey's white paper detailing the app's protocols and privacy mechanisms, Bitchat's system design "prioritizes" security.

But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all -- by Dorsey's own admission. Since launching, Dorsey has added a warning to Bitchat's GitHub page: "This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed." This warning now also appears on Bitchat's main GitHub project page but was not there at the time the app debuted.

As of Wednesday, Dorsey added: "Work in progress," next to the warning on GitHub. This latest disclaimer came after security researcher Alex Radocea found that it's possible to impersonate someone else and trick a person's contacts into thinking they are talking to the legitimate contact, as the researcher explained in a blog post. Radocea wrote that Bitchat has a "broken identity authentication/verification" system that allows an attacker to intercept someone's "identity key" and "peer id pair" -- essentially a digital handshake that is supposed to establish a trusted connection between two people using the app. Bitchat calls these "Favorite" contacts and marks them with a star icon. The goal of this feature is to allow two Bitchat users to interact, knowing that they are talking to the same person they talked to before.

Amazon's Prime Day sales plunged 41% on the first day compared to last year's kickoff, with experts attributing the drop to shoppers delaying purchases in anticipation of better deals during the extended four-day event. From a report: Momentum Commerce reported that figure for Tuesday (July 8), with Momentum's Founder and CEO John Shea saying that the sales numbers for this year's longer event could still surpass those of last year's shorter one, Bloomberg reported Wednesday (July 9). Shea attributed the drop in first-day sales to consumers putting items in their shopping carts but holding off on completing the purchase in case better deals come along, according to the report. Last year's shorter event encouraged shoppers to head to checkout to ensure they wouldn't miss out on the discounts, Shea said, per the report. Amazon Prime Vice President Jamil Ghani remains optimistic, telling Bloomberg Television the company was "pleased by the engagement" with shoppers during the event and that it is "very early." He said the company extended the duration of Prime Day because shoppers wanted more time to discover the deals.

According to numbers provided by Adobe, Prime Day's kickoff surpassed Thanksgiving 2024's $6.1 billion in eCommerce spend. The software company also found that 50.2% of sales came through a mobile device and that buy now, pay later orders for Amazon's Prime Day were up 13.6% year over year.

After discovering that ChatGPT was falsely telling users that Soundslice could convert ASCII tablature into playable music, founder Adrian Holovaty decided to actually build the feature -- even though the app was never designed to support that format. TechCrunch reports: Soundslice is an app for teaching music, used by students and teachers. It's known for its video player synchronized to the music notations that guide users on how the notes should be played. It also offers a feature called "sheet music scanner" that allows users to upload an image of paper sheet music and, using AI, will automatically turn that into an interactive sheet, complete with notations. [Adrian Holovaty, founder of music-teaching platform Soundslice] carefully watches this feature's error logs to see what problems occur, where to add improvements, he said. That's where he started seeing the uploaded ChatGPT sessions.

They were creating a bunch of error logs. Instead of images of sheet music, these were images of words and a box of symbols known as ASCII tablature. That's a basic text-based system used for guitar notations that uses a regular keyboard. (There's no treble key, for instance, on your standard QWERTY keyboard.) The volume of these ChatGPT session images was not so onerous that it was costing his company money to store them and crushing his app's bandwidth, Holovaty said. He was baffled, he wrote in a blog post about the situation.

"Our scanning system wasn't intended to support this style of notation. Why, then, were we being bombarded with so many ASCII tab ChatGPT screenshots? I was mystified for weeks -- until I messed around with ChatGPT myself." That's how he saw ChatGPT telling people they could hear this music by opening a Soundslice account and uploading the image of the chat session. Only, they couldn't. Uploading those images wouldn't translate the ASCII tab into audio notes. He was struck with a new problem. "The main cost was reputational: New Soundslice users were going in with a false expectation. They'd been confidently told we would do something that we don't actually do," he described to TechCrunch.

He and his team discussed their options: Slap disclaimers all over the site about it -- "No, we can't turn a ChatGPT session into hearable music" -- or build that feature into the scanner, even though he had never before considered supporting that offbeat musical notation system. He opted to build the feature. "My feelings on this are conflicted. I'm happy to add a tool that helps people. But I feel like our hand was forced in a weird way. Should we really be developing features in response to misinformation?" he wrote.

An anonymous reader quotes a report from VentureBeat: Hugging Face, the $4.5 billion artificial intelligence platform that has become the GitHub of machine learning, announced Tuesday the launch of Reachy Mini, a $299 desktop robot designed to bring AI-powered robotics to millions of developers worldwide. The 11-inch humanoid companion represents the company's boldest move yet to democratize robotics development and challenge the industry's traditional closed-source, high-cost model.

The announcement comes as Hugging Face crosses a significant milestone of 10 million AI builders using its platform, with CEO Clement Delangue revealing in an exclusive interview that "more and more of them are building in relation to robotics." The compact robot, which can sit on any desk next to a laptop, addresses what Delangue calls a fundamental barrier in robotics development: accessibility. "One of the challenges with robotics is that you know you can't just build on your laptop. You need to have some sort of robotics partner to help in your building, and most people won't be able to buy $70,000 robots," Delangue explained, referring to traditional industrial robotics systems and even newer humanoid robots like Tesla's Optimus, which is expected to cost $20,000-$30,000.

Reachy Mini emerges from Hugging Face's April acquisition of French robotics startup Pollen Robotics, marking the company's most significant hardware expansion since its founding. The robot represents the first consumer product to integrate natively with the Hugging Face Hub, allowing developers to access thousands of pre-built AI models and share robotics applications through the platform's "Spaces" feature. [...] Reachy Mini packs sophisticated capabilities into its compact form factor. The robot features six degrees of freedom in its moving head, full body rotation, animated antennas, a wide-angle camera, multiple microphones, and a 5-watt speaker. The wireless version includes a Raspberry Pi 5 computer and battery, making it fully autonomous. The robot ships as a DIY kit and can be programmed in Python, with JavaScript and Scratch support planned. Pre-installed demonstration applications include face and hand tracking, smart companion features, and dancing moves. Developers can create and share new applications through Hugging Face's Spaces platform, potentially creating what Delangue envisions as "thousands, tens of thousands, millions of apps." Reachy Mini's $299 price point could significantly transform robotics education and research. "Universities, coding bootcamps, and individual learners could use the platform to explore robotics concepts without requiring expensive laboratory equipment," reports VentureBeat. "The open-source nature enables educational institutions to modify hardware and software to suit specific curricula. Students could progress from basic programming exercises to sophisticated AI applications using the same platform, potentially accelerating robotics education and workforce development."

"... For the first time, a major AI platform is betting that the future of robotics belongs not in corporate research labs, but in the hands of millions of individual developers armed with affordable, open-source tools."

An anonymous reader quotes a report from Wired: If you want a job at McDonald's today, there's a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and resume, directs them to a personality test, and occasionally makes them "go insane" by repeatedly misunderstanding their most basic questions. Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants -- including all the personal information they shared in those conversations -- with tricks as straightforward as guessing the username and password "123456."

On Wednesday, security researchers Ian Carroll and Sam Curryrevealedthat they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with along track record of independent security testing, discovered that simple web-based vulnerabilities -- including guessing one laughably weak password -- allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.

Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener and personality test. "I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more," says Carroll. "So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years." Paradox.ai confirmed the security findings, acknowledging that only a small portion of the accessed records contained personal data. The company stated that the weak-password account ("123456") was only accessed by the researchers and no one else. To prevent future issues, Paradox is launching a bug bounty program. "We do not take this matter lightly, even though it was resolved swiftly and effectively," Paradox.ai's chief legal officer, Stephanie King, told WIRED in an interview. "We own this."

In a statement to WIRED, McDonald's agreed that Paradox.ai was to blame. "We're disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us," the statement reads. "We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection."

Microsoft is keen to show employees how much AI is transforming its own workplace, even as the company terminates thousands of personnel. From a report: During a presentation this week, Chief Commercial Officer Judson Althoff said artificial intelligence tools are boosting productivity in everything from sales and customer service to software engineering, according to a person familiar with his remarks.

Althoff said AI saved Microsoft more than $500 million last year in its call centers alone and increased both employee and customer satisfaction, according to the person, who requested anonymity to discuss an internal matter. The company is also starting to use AI to handle interactions with smaller customers, Althoff said. This effort is nascent, but already generating tens of millions of dollars, he said.

The UK police plan to spend up to 75 million pounds ($102 million) to digitize their vast archive of VHS tapes, aiming to preserve evidence by converting analog media into digital files integrated with evidence management systems. The procurement includes both in-house solutions and outsourced services, with additional funding earmarked for converting other legacy formats like microfiche and DVDs. The Register reports: According to a tender notice published last week, Bluelight Commercial - a not-for-profit buyer that acts on behalf of the emergency services - says the police force requires either in-house technology or outsourced services to convert the arcane magnetic tape format to digital storage. The notice, which sets out procurement plans, says the framework agreement will help forces with the "conversion of analog media to digital records, including metadata for integration with a digital evidence management system."

In the first lot of the framework, Bluelight asks for in-house VHS media digitization software, hardware, and training to "enable a Police Force to convert VHS tapes to digital files." This chunk of the arrangement could be worth 50 million pounds ($68 million) for four years, excluding VAT. The second lot asks for outsourced VHS media digitization "for the provision of conversion services delivered completely by a third party with electronic files being returned securely to the customer force." The output is also set to be ingested by a digital evidence management solution. It could be worth up to 25 million pounds ($34 million) over the same period. In addition, Bluelight Commercial is looking for a provider to help with more niche media digitization, including converting microfiche, CD, DVDs to an electronic file format, in an arrangement which could be worth a total of up to 25 million pounds ($34 million).

An anonymous reader quotes a report from ZDNet: The Linux Foundation announced at the Open Source Summit in Denver that it will now host the Agent2Agent (A2A) protocol. Initially developed by Google and now supported by more than 100 leading technology companies, A2A is a crucial new open standard for secure and interoperable communication between AI agents. In his keynote presentation, Mike Smith, a Google staff software engineer, told the conference that the A2A protocol has evolved to make it easier to add custom extensions to the core specification. Additionally, the A2A community is working on making it easier to assign unique identities to AI agents, thereby improving governance and security.

The A2A protocol is designed to solve one of AI's most pressing challenges: enabling autonomous agents -- software entities capable of independent action and decision-making -- to discover each other, securely exchange information, and collaborate across disparate platforms, vendors, and frameworks. Under the hood, A2A does this work by creating an AgentCard. An AgentCard is a JavaScript Object Notation (JSON) metadata document that describes its purpose and provides instructions on how to access it via a web URL. A2A also leverages widely adopted web standards, such as HTTP, JSON-RPC, and Server-Sent Events (SSE), to ensure broad compatibility and ease of integration. By providing a standardized, vendor-neutral communication layer, A2A breaks down the silos that have historically limited the potential of multi-agent systems.

For security, A2A comes with enterprise-grade authentication and authorization built in, including support for JSON Web Tokens (JWTs), OpenID Connect (OIDC), and Transport Layer Security (TLS). This approach ensures that only authorized agents can participate in workflows, protecting sensitive data and agent identities. While the security foundations are in place, developers at the conference acknowledged that integrating them, particularly authenticating agents, will be a hard slog. Antje Barth, an Amazon Web Services (AWS) principal developer advocate for generative AI, explained what the adoption of A2A will mean for IT professionals: "Say you want to book a train ride to Copenhagen, then a hotel there, and look maybe for a fancy restaurant, right? You have inputs and individual tasks, and A2A adds more agents to this conversation, with one agent specializing in hotel bookings, another in restaurants, and so on. A2A enables agents to communicate with each other, hand off tasks, and finally brings the feedback to the end user."

Jim Zemlin, executive director of the Linux Foundation, said: "By joining the Linux Foundation, A2A is ensuring the long-term neutrality, collaboration, and governance that will unlock the next era of agent-to-agent powered productivity." Zemlin expects A2A to become a cornerstone for building interoperable, multi-agent AI systems.

An impostor pretending to be Secretary of State Marco Rubio contacted foreign ministers, a U.S. governor and a member of Congress by sending them voice and text messages that mimic Rubio's voice and writing style using AI-powered software, Washington Post reported Tuesday, citing a senior U.S. official and a State Department cable. From the report: U.S. authorities do not know who is behind the string of impersonation attempts but they believe the culprit was probably attempting to manipulate powerful government officials "with the goal of gaining access to information or accounts," according to a cable sent by Rubio's office to State Department employees.

Using both text messaging and the encrypted messaging app Signal, which the Trump administration uses extensively, the impostor "contacted at least five non-Department individuals, including three foreign ministers, a U.S. governor, and a U.S. member of Congress," said the cable, dated July 3. The impersonation campaign began in mid-June when the impostor created a Signal account using the display name "Marco.Rubio@state.gov" to contact unsuspecting foreign and domestic diplomats and politicians, said the cable.

An anonymous reader quotes a report from 404 Media: For someone who says she is fighting AI bot scrapers just in her free time, Xe Iaso seems to be putting up an impressive fight. Since she launched it in January, Anubis, a "program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies," has been downloaded nearly 200,000 times, and is being used by notable organizations including GNOME, the popular open-source desktop environment for Linux, FFmpeg, the open-source software project for handling video and other media, and UNESCO, the United Nations organization for educations, science, and culture. [...]

"Anubis is an uncaptcha," Iaso explains on her site. "It uses features of your browser to automate a lot of the work that a CAPTCHA would, and right now the main implementation is by having it run a bunch of cryptographic math with JavaScript to prove that you can run JavaScript in a way that can be validated on the server." Essentially, Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot. One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do. This check is invisible to the user, and most browsers since 2022 are able to complete this test. In theory, bot scrapers could pretend to be users with browsers as well, but the additional computational cost of doing so on the scale of scraping the entire internet would be huge. This way, Anubis creates a computational cost that is prohibitively expensive for AI scrapers that are hitting millions and millions of sites, but marginal for an individual user who is just using the internet like a human.

Anubis is free, open source, lightweight, can be self-hosted, and can be implemented almost anywhere. It also appears to be a pretty good solution for what we've repeatedly reported is a widespread problem across the internet, which helps explain its popularity. But Iaso is still putting a lot of work into improving it and adding features. She told me she's working on a non cryptographic challenge so it taxes users' CPUs less, and also thinking about a version that doesn't require JavaScript, which some privacy-minded disable in their browsers. The biggest challenge in developing Anubis, Iaso said, is finding the balance. "The balance between figuring out how to block things without people being blocked, without affecting too many people with false positives," she said. "And also making sure that the people running the bots can't figure out what pattern they're hitting, while also letting people that are caught in the web be able to figure out what pattern they're hitting, so that they can contact the organization and get help. So that's like, you know, the standard, impossible scenario."

Nintendo plans to maintain its "traditional approach" to game development while managing rising costs during the Switch 2 transition, company president Shuntaro Furukawa said during a recent shareholders meeting.

"Recent game software development has become larger in scale and longer in duration, resulting in higher development costs," he said, adding that "rising development costs are increasing that risk" in what has always been "a high-risk business."

Nintendo's development teams are "currently devising various ways to maintain our traditional approach to creating games amidst the increasing scale and length of development," Furukawa said. The company believes, he said, "it is important to make the necessary investments for more efficient development."

The early Switch 2 lineup reflects increased ambition, with Mario Kart World introducing open-world structure to the racing series and Donkey Kong Bananza adding destructive elements to 3D platforming. Mario Kart World sells for $79.99, $10 more than most Nintendo games, while the Switch 2 costs $449.99, a $100 increase over the Switch OLED.

The Free Software Foundation's services face "ongoing (and increasing) distributed denial of service (DDoS) attacks," senior systems administrator Ian Kelling wrote Wednesday. But "Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins."

"We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue." Our infrastructure has been under attack since August 2024. Large Language Model (LLM) web crawlers have been a significant source of the attacks, and as for the rest, we don't expect to ever know what kind of entity is targeting our sites or why.

- In the fall Bulletin, we wrote about the August attack on gnu.org. That attack continues, but we have mitigated it. Judging from the pattern and scope, the goal was likely to take the site down and it was not an LLM crawler. We do not know who or what is behind the attack, but since then, we have had more attacks with even higher severity.

- To begin with, GNU Savannah, the FSF's collaborative software development system, was hit by a massive botnet controlling about five million IPs starting in January. As of this writing, the attack is still ongoing, but the botnet's current iteration is mitigated. The goal is likely to build an LLM training dataset. We do not know who or what is behind this.

- Furthermore, gnu.org and ftp.gnu.org were targets in a new DDoS attack starting on May 27, 2025. Its goal seems to be to take the site down. It is currently mitigated. It has had several iterations, and each has caused some hours of downtime while we figured out how to defend ourselves against it. Here again, the goal was likely to take our sites down and we do not know who or what is behind this.

- In addition, directory.fsf.org, the server behind the Free Software Directory, has been under attack since June 18. This likely is an LLM scraper designed to specifically target Media Wiki sites with a botnet. This attack is very active and now partially mitigated...

Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins. We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue.
The full-time FSF tech staff is just two systems administrators, "and we currently lack the funds to hire more tech staff any time soon," Kelling points out. Kelling titled his post "our small team vs millions of bots," suggesting that supporters purchase FSF memberships "to improve our staffing situation... Can you join us in our crucial work to guard user freedom and defy dystopia?"

Kelling also points out they're also facing "run-of-the-mill standard crawlers, SEO crawlers, crawlers pretending to be normal users, crawlers pretending to be other crawlers, uptime systems, vulnerability scanners, carrier-grade network address translation, VPNs, and normal browsers hitting our sites..."

"Some of the abuse is not unique to us, and it seems that the health of the web has some serious problems right now."

An anonymous reader shared this report from the San Francisco Standard: About an hour into my meeting with the undisputed hackathon king of San Francisco, Rene Turcios asked if I wanted to smoke a joint with him. I politely declined, but his offer hardly surprised me. Turcios has built a reputation as a cannabis-loving former professional Yu-Gi-Oh! player who resells Labubus out of his Tenderloin apartment when he's not busy attending nearly every hackathon happening in the city. Since 2023, Turcios, 29, has attended more than 200 events, where he's won cash, software credits, and clout. "I'm always hustling," he said.

The craziest part: he doesn't even know how to code.

"Rene is the original vibe coder," said RJ Moscardon, a friend and fellow hacker who watched Turcios win second place at his first-ever hackathon at the AGI House mansion in Hillsborough. "All the engineers with prestigious degrees scoffed at him at first. But now they're all doing exactly the same thing...." Turcios was vibe coding long before the technique had a name — and was looked down upon by longtime hackers for using AI. But as Tiger Woods once said, "Winning takes care of everything...."

Instead of vigorously coding until the deadline, he finished his projects hours early by getting AI to do the technical work for him. "I didn't write a single line of code," Turcios said of his first hackathon where he prompted ChatGPT using plain English to generate a program that can convert any song into a lo-fi version. When the organizers announced Turcios had won second place, he screamed in celebration.... "I realized that I could compete with people who have degrees and fancy jobs...."

Turcios is now known for being able to build anything quickly. Businesses reach out to him to contract out projects that would take software engineering teams weeks — and he delivers in hours. He's even started running workshops to teach non-technical groups and experienced software engineers how to get the most out of AI for coding.
"He grew up in Missouri to parents who worked in an international circus, taming bears and lions..."