Python

Survey Finds More Python Developers Like PostgreSQL, AI Coding Agents - and Rust for Packages (jetbrains.com) 85

More than 30,000 Python developers from around the world answered questions for the Python Software Foundation's annual survey — and PSF Fellow Michael Kennedy tells the Python community what they've learned in a new blog post. Some highlights: Most still use older Python versions despite benefits of newer releases... Many of us (15%) are running on the very latest released version of Python, but more likely than not, we're using a version a year old or older (83%). [Although less than 1% are using "Python 3.5 or lower".] The survey also indicates that many of us are using Docker and containers to execute our code, which makes this 83% or higher number even more surprising... You simply choose a newer runtime, and your code runs faster. CPython has been extremely good at backward compatibility. There's rarely significant effort involved in upgrading... [He calculates some cloud users are paying up to $420,000 and $5.6M more in compute costs.] If your company realizes you are burning an extra $0.4M-$5M a year because you haven't gotten around to spending the day it takes to upgrade, that'll be a tough conversation...

Rust is how we speed up Python now... The Python Language Summit of 2025 revealed that "Somewhere between one-quarter and one-third of all native code being uploaded to PyPI for new projects uses Rust", indicating that "people are choosing to start new projects using Rust". Looking into the survey results, we see that Rust usage grew from 27% to 33% for binary extensions to Python packages... [The blog post later advises Python developers to learn to read basic Rust, "not to replace Python, but to complement it," since Rust "is becoming increasingly important in the most significant portions of the Python ecosystem."]

PostgreSQL is the king of Python databases, and only it's growing, going from 43% to 49%. That's +14% year over year, which is remarkable for a 28-year-old open-source project... [E]very single database in the top six grew in usage year over year. This is likely another indicator that web development itself is growing again, as discussed above...

[N]early half of the respondents (49%) plan to try AI coding agents in the coming year. Program managers at major tech companies have stated that they almost cannot hire developers who don't embrace agentic AI. The productive delta between those using it and those who avoid it is simply too great (estimated at about 30% greater productivity with AI).

It's their eighth annual survey (conducted in collaboration with JetBrains last October and November). But even though Python is 34 years old, it's still evolving. "In just the past few months, we have seen two new high-performance typing tools released," notes the blog post. (The ty and Pyrefly typecheckers — both written in Rust.) And Python 3.14 will be the first version of Python to completely support free-threaded Python... Just last week, the steering council and core developers officially accepted this as a permanent part of the language and runtime... Developers and data scientists will have to think more carefully about threaded code with locks, race conditions, and the performance benefits that come with it. Package maintainers, especially those with native code extensions, may have to rewrite some of their code to support free-threaded Python so they themselves do not enter race conditions and deadlocks.

There is a massive upside to this as well. I'm currently writing this on the cheapest Apple Mac Mini M4. This computer comes with 10 CPU cores. That means until this change manifests in Python, the maximum performance I can get out of a single Python process is 10% of what my machine is actually capable of. Once free-threaded Python is fully part of the ecosystem, I should get much closer to maximum capacity with a standard Python program using threading and the async and await keywords.

Some other notable findings from the survey:
  • Data science is now over half of all Python. This year, 51% of all surveyed Python developers are involved in data exploration and processing, with pandas and NumPy being the tools most commonly used for this.
  • Exactly 50% of respondents have less than two years of professional coding experience! And 39% have less than two years of experience with Python (even in hobbyist or educational settings)...
  • "The survey tells us that one-third of devs contributed to open source. This manifests primarily as code and documentation/tutorial additions."

United States

FBI Warns Russian Hackers Targeted 'Thousands' of Critical US Infrastructure IT Systems (thehill.com) 69

The Hill reports: Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, the FBI warned Wednesday. The cyber actors are associated with the Russian Federal Security Service's (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.

In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has "revealed their interest in protocols and applications commonly associated with industrial control systems," the FBI said.

Cisco's threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named "Static Tundra," is targeting a seven-year-old vulnerability in the company's Smart Install feature. The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.

"Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering," warns the Talos blog. "This is demonstrated by the group's ability to maintain access in target environments for multiple years without being detected."

In a statement emailed to The Register, a Cisco spokesperson "said the company is aware of ongoing exploitation targeting this flaw." "We strongly urge customers to immediately upgrade to fixed software versions as outlined in the security advisory and follow our published security best practices," the spokesperson said, directing customers to the FBI's announcement and Cisco Talos blog for additional details.

The ongoing campaign targets telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, "with victims selected based on their strategic interest to the Russian government," according to Talos researchers Sara McBroom and Brandon White. "We assess that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government," McBroom and White wrote.

And while both security alerts focus on the FSB's latest round of network intrusions, "many other state-sponsored actors also covet the access these devices afford," the Talos team warned. "Organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well."

Some context from Hot Hardware: Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018.
Transportation

New Zealand Air Traffic Control Failure Likely Caused By Data Transfer Issue (rnz.co.nz) 22

Last weekend New Zealand experienced an hour-long air traffic control failure that disrupted flights, leaving five plans circling and four others unable to take off, according to Radio New Zealand.

The country's sole air traffic service provider, Airways, now says it was caused by a software glitch when flight data was unable to be transferred between systems: [Airways chief executive James Young told Morning Report] "We noticed that was not occurring as it should and as a result of that our air traffic controllers took measures to manage traffic, either by holding on the ground or in an air hold." Airways operated a modern air traffic control system that involved back up systems but Young said they were not instantaneous and it took time to validate flight information data.

"At no point did we lose control of all aircraft. We were able to communicate with all aircraft and we had line of sight of all aircraft," Young said. He said flights in the New Zealand air space were held, put into a hold with two eventually continuing on and three returning to origin... "What we couldn't do was process any changes to the flight path during the period of the outage, which lasted for about one hour."

Thanks to Slashdot reader twosat for sharing the news.
GNU is Not Unix

FSF Announces Photo Contest Honoring 40 Years of Free Software (fsf.org) 9

The Free Software Foundation announced a special photography contest honoring its 40th anniversary: The technology we use every day has changed dramatically since our founding nearly forty years ago, including the way we interact with it... We're incredibly grateful for the countless hours that developers and users have put into the free software programs that exist today. Without all the people who cared enough to make and use software that respects the four freedoms four decades or even a year ago, we wouldn't have much to celebrate.

We want to honor the hard work that has gone into free software and its development with the FSF40 Photo Contest. Starting on August 14, 2025, we're inviting free software supporters worldwide to share how they use free software on a daily basis. While we can think of hundreds of ways that free software can be used, there's almost certainly many of you who have thought of much more creative ways to involve libre software every day!

Shortly after the photo contest closes on August 31, 2025, we will invite you and other free software supporters to vote for your favorite of the #FSF40Photos... We will be displaying the winning photos at our fortieth [anniversary] celebration in Boston, MA on October 4, 2025 — we hope you get to see them on a big screen with us!

Earlier this month the FSF also shared 40 links from around the FSF and GNU sites "that give a sense of what we've been doing all this time as we work for your freedom." (For example, 2007's announcement of the GNU General Public License, version 3.)
Open Source

Arch Linux Faces 'Ongoing' DDoS Attack (theregister.com) 29

"Some joyless ne'er-do-well has loosed a botnet on the community-driven Arch Linux distro," reports the Register, with a distributed denial of service (DDoS) attack that apparently started a week ago.

Arch maintainer Cristian Heusel announced Thursday on the project's web site that the attack "primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums." We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards... As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues.
A status update Friday acknowledged "we are suffering from partial outages." The Register reports: The attack comes as the project has been enjoying a boost in mainstream success. The distro was picked by Valve to underpin the SteamOS software running on its Steam Deck handheld gaming gadget, with the company providing the project with funding for further development. Late last year, a new version of the archinstall tool was released, with a view to making the system more friendly to newcomers...

For now, the Arch team is working to mitigate the attack's impact, which highlights a bootstrapping issue. Tools designed to shift traffic to mirrors in the event the main infrastructure is unavailable rely on a mirror list obtained from that same main infrastructure, with Heusel advising that users should "default to the mirrors listed in the pacman-mirrorlist package" if tools like reflector fail. Installation media can be downloaded from a range of mirrors, too, but should be checked against the project's official signing key before being trusted.

Windows

LibreOffice 25.8 Slams the Door On Windows 7 and 8.x (nerds.xyz) 106

BrianFagioli shares a report from NERDS.xyz: LibreOffice 25.8 has landed, and while it packs in new features and speed improvements, the biggest headline is who just got left behind. If you are still running Windows 7 or Windows 8/8.1, this is the end of the road. LibreOffice will not run on those systems anymore, and there are no workarounds. The suite has slammed the door shut.

For years, LibreOffice kept older Windows users afloat while Microsoft and other developers moved on. That lifeline is gone. Anyone stubbornly clinging to Windows 7 or 8 now has two choices: upgrade or stay stuck on outdated software. LibreOffice has made it clear that it will not carry dead platforms any further. And the cuts do not stop there. 32-bit Windows builds are on their way out, with deprecation already in place. On the Mac side, 25.8 is the last release that runs on macOS 10.15. Starting with LibreOffice 26.2, only macOS 11 and newer will be supported. In other words, if your computer is too old to run modern systems, LibreOffice is walking away.

Google

Google Says It Dropped the Energy Cost of AI Queries By 33x In One Year 30

Google has released (PDF) a new analysis of its AI's environmental impact, showing that it has cut the energy use of AI text queries by a factor of 33 over the past year. Each prompt now consumes about 0.24 watt-hours -- the equivalent of watching nine seconds of TV. An anonymous reader shares an excerpt from an Ars Technica article: "We estimate the median Gemini Apps text prompt uses 0.24 watt-hours of energy, emits 0.03 grams of carbon dioxide equivalent (gCO2e), and consumes 0.26 milliliters (or about five drops) of water," they conclude. To put that in context, they estimate that the energy use is similar to about nine seconds of TV viewing. The bad news is that the volume of requests is undoubtedly very high. The company has chosen to execute an AI operation with every single search request, a compute demand that simply didn't exist a couple of years ago. So, while the individual impact is small, the cumulative cost is likely to be considerable.

The good news? Just a year ago, it would have been far, far worse. Some of this is just down to circumstances. With the boom in solar power in the US and elsewhere, it has gotten easier for Google to arrange for renewable power. As a result, the carbon emissions per unit of energy consumed saw a 1.4x reduction over the past year. But the biggest wins have been on the software side, where different approaches have led to a 33x reduction in energy consumed per prompt.

The Google team describes a number of optimizations the company has made that contribute to this. One is an approach termed Mixture-of-Experts, which involves figuring out how to only activate the portion of an AI model needed to handle specific requests, which can drop computational needs by a factor of 10 to 100. They've developed a number of compact versions of their main model, which also reduce the computational load. Data center management also plays a role, as the company can make sure that any active hardware is fully utilized, while allowing the rest to stay in a low-power state.

The other thing is that Google designs its own custom AI accelerators, and it architects the software that runs on them, allowing it to optimize both sides of the hardware/software divide to operate well with each other. That's especially critical given that activity on the AI accelerators accounts for over half of the total energy use of a query. Google also has lots of experience running efficient data centers that carries over to the experience with AI. The result of all this is that it estimates that the energy consumption of a typical text query has gone down by 33x in the last year alone.
Microsoft

Microsoft Reportedly Cuts China's Early Access to Bug Disclosures, PoC Exploit Code (theregister.com) 15

An anonymous reader quotes a report from The Register: Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program. The software behemoth gives some software vendors early bug disclosures under its Microsoft Active Protections Program (MAPP), which typically delivers info two weeks before Patch Tuesday. MAPP participants sign a non-disclosure agreement, and in exchange get vulnerability details so that they can provide updated protections to customers more quickly.

According to Microsoft spokesperson David Cuddy, who spoke with Bloomberg about changes to the program, MAPP has begun limiting access to companies in "countries where they're required to report vulnerabilities to their governments," including China. Companies in these countries will no longer receive "proof of concept" exploit code, but instead will see "a more general written description" that Microsoft sends at the same time as patches, Cuddy told the news outlet.
"A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register in July. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."

Childs said the MAPP change "is a positive change, if a bit late. Anything Microsoft can do to help prevent leaks while still offering MAPP guidance is welcome."

"In the past, MAPP leaks were associated with companies out of China, so restricting information from flowing to these companies should help," Childs said. "The MAPP program remains a valuable resource for network defenders. Hopefully, Microsoft can squelch the leaks while sending out the needed information to companies that have proven their ability (and desire) to protect end users."
Software

Russia Orders State-Backed WhatsApp Rival Pre-Installed On Phones and Tablets (reuters.com) 29

Starting September 1st, Russia will require all smartphones and tablets sold in the country to come with MAX, a state-backed messaging app seen as a rival to WhatsApp and Telegram. Critics say the app could be used to track users. Reuters reports: The Russian government said in a statement that MAX, which will be integrated with government services, would be on a list of mandatory pre-installed apps on all "gadgets," including mobile phones and tablets, sold in Russia from September 1. State media says accusations from Kremlin critics that MAX is a spying app are false and that it has fewer permissions to access user data than rivals WhatsApp and Telegram. It will also be mandatory that from September 1, Russia's domestic app store, RuStore, which is pre-installed on all Android devices, will be pre-installed on Apple devices.

A Russian-language TV app called LIME HD TV, which allows people to watch state TV channels for free, will be pre-installed on all smart TVs sold in Russia from January 1, the government added. [...] MAX said this week that 18 million users had downloaded its app, parts of which are still in a testing phase. Russia's interior ministry said on Wednesday that MAX was safer than foreign rivals, but that it had arrested a suspect in the first fraud case using the new messenger.

Businesses

Cisco Announces Mass Layoffs Just After Soaring Revenue Report (sfgate.com) 34

Cisco, the San Jose-based technology giant, has announced another round of layoffs affecting Bay Area workers, marking a familiar pattern of reporting skyrocketing revenue followed by drastic job cuts. From a report: According to Aug. 13 WARN filings with California's Employment Development Department, the company will eliminate 221 positions across its Milpitas and San Francisco offices.

WARN documents are generally required by the state in the event of mass layoffs. Employees were notified of the layoffs on Aug. 14 and their terminations will be effective Oct. 13. The most cuts, affecting 157 jobs, largely in software engineering roles, were at Cisco's Milpitas office at 560 McCarthy Blvd.

Cisco's San Francisco office at 500 Terry A. Francois Blvd. will cut 64 positions, according to the filing. The filings came the same day Cisco released its fourth-quarter earnings, which reported $14.7 billion in revenue, an 8% increase from the same quarter last year. Revenue for the 2025 fiscal year was $56.7 billion, up 5% from the previous year.

AI

The AI-Powered PDF Marks the End of an Era (wired.com) 69

The era of software without embedded AI assistants is increasingly ending as Adobe launches Acrobat Studio, adding collaborative AI workspaces to the 32-year-old PDF format. The new platform allows users to upload multiple documents into "PDF spaces" where personalized chatbot assistants parse and answer questions about their contents.

Adobe began integrating generative AI into Acrobat last year and now positions this release as the format's biggest transformation since its 1993 debut. The shift arrives amid growing user fatigue with AI features proliferating across everyday applications -- a Pew Research Center report found US adults more concerned than excited about AI's impact on their lives. Adobe's move cements 2025 as the year generative AI became inescapable in essential software, fundamentally altering how users interact with documents that once replicated the familiarity of paper.
Security

Intuit Claims Security Concerns In Dropping Windows 10 For TurboTax (intuit.com) 114

Longtime Slashdot reader Xesdeeni writes: I received an email indicating Intuit will not support Windows 10 for the desktop versions of TurboTax starting this tax year. Laughably, they say "security is a top priority for us" before adding: "To use TurboTax Desktop software for tax year 2025, your computer will need to run on Microsoft Windows 11 [or] TurboTax Online."

I'm just paranoid enough to use the desktop version, since at least it limits what they see to the forms they send to the IRS -- rather than everything. Even if I was willing to endure the added burden of printing and mailing the forms, this would be the end of that, since I'm out on Windows 11 for the reasons you already know.

Here's what they sent: Hi there,

We're reaching out to provide an update on TurboTax Desktop software for tax year 2025. After October 14, 2025, Microsoft will no longer provide software updates, technical assistance, or security fixes for Windows 10 operating system. Because security is a top priority for us, TurboTax Desktop software for tax year 2025 onwards will not be compatible with Windows 10 operating system.

To use TurboTax Desktop software for tax year 2025, your computer will need to run on Microsoft Windows 11 operating system. You can also consider switching to TurboTax Online, which will work on any supported browser (available December 2025).

For more resources and additional information about this change, go to this help article: How does the end of support for Windows 10 affect my TurboTax Desktop experience?

Thanks for being part of the TurboTax family.

Warm regards,

The TurboTax Team
Xesdeeni comments: "I've wanted a Linux offering for years now and only kept Windows for such limited products as this. I guess I can completely punt it now."
The Courts

Masimo Sues US Customs Over Apple Watch Blood Oxygen Workaround (9to5mac.com) 57

Last week, following a recent U.S. Customs ruling, Apple reintroduced blood oxygen monitoring to certain Apple Watch models in the U.S., sidestepping an ITC import ban stemming from its legal dispute with medical device maker Masimo. Today, Masimo fired back with a new lawsuit against the U.S. Customs and Border Protection. 9to5Mac reports: The company says US Customs and Border Protection (CBP) overstepped its authority and violated due process when it reversed its earlier decision on August 1 and allowed Apple to restore the feature. Moreover, Masimo says it found out about the decision when Apple publicly announced the return of the feature: "It has now come to light that CBP thereafter reversed itself without any meaningful justification, without any material change in circumstances, and without any notice to Masimo, let alone an opportunity for Masimo to be heard. CBP changed its position on Apple's watch-plus-iPhone redesign through an ex parte proceeding. Specifically, on August 1, 2025, CBP issued an 3 ex parte ruling permitting Apple to import devices that, when used with iPhones already in the United States, perform the same functionality that the ITC found to infringe Masimo's patents. Masimo only discovered this ruling on Thursday, August 14, 2025, when Apple publicly announced it would be reintroducing the pulse oximetry functionality through a software update."

The company is now asking the court for a temporary restraining order and preliminary injunction to block the CBP's decision, and reinstate the original ruling that "determined that Apple's redesigned watches could be imported only to the extent the infringing functionality was completely disabled." As reported by Bloomberg Law, Masimo says the following in its supporting brief: "Each passing day that this unlawful ruling remains in effect irreparably deprives Masimo of its right to be free from unfair trade practices and to preserve its competitive standing in the U.S. marketplace." Masimo further argues that CBP's move "effectively nullified" the ITC's exclusion order against Apple. Apple's appeal of that ban is still pending before the Federal Circuit.

Android

Amazon Looks To Ditch Homegrown Software For Android in Fire Tablet Revamp (reuters.com) 10

Amazon is plotting a big change to its Fire tablet lineup following years of escalating gripes from consumers and app developers over the company's homegrown operating system. Reuters: As part of a project known internally as Kittyhawk, Amazon plans to release a higher-end tablet as soon as next year offering the Android operating system software for the first time, according to six people familiar with the matter. Since the Fire tablet's introduction in 2011, Amazon has used what is known as a "forked" version of Android with custom modifications that make it work like a unique operating system.

[...] The first Amazon Android tablet, slated for next year, will be pricier than current models, the people said. One of them said Amazon had discussed a $400 price tag, nearly double the cost of its current higher-end $230 Fire Max 11 tablet. IPads, by comparison, range from $350 to $1,200. Reuters could not learn additional specifications for the planned Amazon tablet, such as screen size and speaker quality or memory capacity. Amazon historically has avoided using software or other products from third parties, preferring to develop the services in-house or, barring that, to acquire a competitor.

AI

US Tech Stocks Hit By Concerns Over Future of AI Boom 44

US tech stocks sold off as warnings that the hype surrounding AI could be overdone hit some of the year's best-performing shares. From a report: Nvidia, the chips group that has surged to become the world's first $4tn company on the back of AI, fell 3.5 per cent on Tuesday, while software group Palantir dropped 9.4 per cent and chip designer Arm shed 5 per cent.

The tech-heavy Nasdaq Composite closed down 1.4 per cent, the biggest one-day drop for the index since August 1. The blue-chip S&P 500 fell 0.7 per cent. European and Asian markets largely followed Wall Street lower on Wednesday. [...] Japan's Nikkei 225 index fell 1.5 per cent and South Korea's Kospi slipped 0.6 per cent. Futures price indicated moderate declines when Wall Street opens.

Traders pinned some of the declines in the US on a critical report on Monday authored by a branch of the Massachusetts Institute of Technology. Researchers said "95 per cent of organisations are getting zero return" from their investments in generative AI, the technology that has sent US stocks soaring to record highs in recent months.
IT

Google's AI Overviews Led Users Astray, Reports Say Some Phone Numbers Are Scams (androidcentral.com) 39

Google's AI Overviews has returned fraudulent customer service phone numbers in multiple reported incidents.

A Reddit user reported their friend received a fake number when searching "Swiggy [an Indian food delivery firm] customer care number," leading to attempted screen-sharing and money request scams. Facebook user Alex Rivlin encountered scammers after searching "royal caribbean customer service phone number 24 hours usa." The fraudulent representative requested credit card information before Rivlin detected the scam. Google said it is "aware" of the issue and has "taken action" against identified numbers. The company stated it is working to "improve results."
AI

Amazon Cloud Chief Says Replacing Junior Staff With AI is 'Dumbest' Idea (yahoo.com) 50

Matt Garman, Amazon's cloud boss, has a warning for business leaders rushing to swap workers for AI: Don't ditch your junior employees. From a report: The Amazon Web Services CEO said on an episode of the "Matthew Berman" podcast published Tuesday that replacing entry-level staff with AI tools is "one of the dumbest things I've ever heard."

"They're probably the least expensive employees you have. They're the most leaned into your AI tools," he said. "How's that going to work when you go like 10 years in the future and you have no one that has built up or learned anything?" Garman said companies should keep hiring graduates and teaching them how to build software, break down problems, and adopt best practices.

He also said the most valuable skills in an AI-driven economy aren't tied to any one college degree. "If you spend all of your time learning one specific thing and you're like, 'That's the thing I'm going to be expert at for the next 30 years,' I can promise you that's not going to be valuable 30 years from now," he said.

Microsoft

AI 'Business Agents' Will Kill SaaS by 2030, Says Microsoft (thenewstack.io) 123

Traditional business applications will become the mainframes of the 2030s - functioning but obsolete systems replaced by AI agents, predicts Microsoft corporate vice president Charles Lamanna. AI agents featuring generative AI interfaces, goal-oriented processing, and vector databases will supplant today's form-driven, workflow-based enterprise software within five years, said Lamanna, who leads Microsoft's business applications and platforms division.

The executive projects industry patterns for agent-based systems will solidify within 6-18 months. Microsoft MVP Rocky Lhotka called the 2030 timeline "very forward-looking and optimistic," noting that capital-intensive industries cannot readily replace existing infrastructure with virtual agents.
Android

Android's pKVM Becomes First Globally Certified Software to Achieve SESIP Level 5 Security Certification (googleblog.com) 32

Protected KVM (pKVM), the hypervisor powering the Android Virtualization Framework, has officially achieved SESIP Level 5 certification (in testing by cybersecurity lab Dekra against the TrustCB SESIP scheme).

Google's security blog called the certification "a watershed moment," and a "new benchmark" for both open-source security — and for the future of consumer electronics. "It provides a single, open-source, and exceptionally high-quality firmware base that all device manufacturers can build upon." This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device AI workloads that can operate on ultra-personalized data, with the highest assurances of privacy and integrity...

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the highest level of vulnerability analysis and penetration testing under the ISO 15408 (Common Criteria) standard. A system certified to this level has been evaluated to be resistant to highly skilled, knowledgeable, well-motivated, and well-funded attackers who may have insider knowledge and access. This certification is the cornerstone of the next-generation of Android's multi-layered security strategy. Many of the TEEs (Trusted Execution Environments) used in the industry have not been formally certified or have only achieved lower levels of security assurance... Looking ahead, Android device manufacturers will be required to use isolation technology that meets this same level of security for various security operations that the device relies on. Protected KVM ensures that every user can benefit from a consistent, transparent, and verifiably secure foundation.

"This achievement represents just one important aspect of the immense, multi-year dedication from the Linux and KVM developer communities and multiple engineering teams at Google developing pKVM and AVF," the post concludes.

"We look forward to seeing the open-source community and Android ecosystem continue to build on this foundation, delivering a new era of high-assurance mobile technology for users."
AI

Duolingo's Stock Down 38%, Plummets After OpenAI's GPT-5 Language App-Building Demo (yahoo.com) 93

Duolingo's stock peaked at $529.05 on May 16th. Three months later, it's down 38% — with that drop starting shortly after backlash to the CEO's promise to make it an "AI-first" company.

Yet "The backlash against Duolingo going 'AI-first' didn't even matter," TechCrunch wrote August 7th, noting Duolingo's stock price surged almost 30% overnight. That surge vanished within two days — and instead of a 30% surge, Duolingo now shows a 5% drop over the last eight days.

Yahoo Finance blames the turnaround on OpenAI's GPT-5 demo, "which demonstrated, among many other things, its ability to create a language-learning tool from a short prompt." OpenAI researcher Yann Dubois asked the model to create an app to help his partner learn French. And in a few minutes GPT-5 churned out several iterations, with flashcards, a progress tracker, and even a simple snake-style game with a French twist, a mouse and cheese variation to learn new vocab....

[Duolingo's] corporate lawyers, of course, did warn against this in its annual 10-K, albeit in boilerplate language. Tucked into the risk factors section, Duolingo notes, "It is possible that a new product could gain rapid scale at the expense of existing brands through harnessing a new technology (such as generative AI)." Consider this another warning to anyone making software. [The article adds later that "Rapid development and fierce competition can leave firms suddenly behind — perceived as under threat, inferior, or obsolete — from every iteration of OpenAI's models and from the moves of other influential AI players..."]

There's also irony in the wild swings. Part of Duolingo's successful quarter stemmed from the business's efficient use of AI. Gross margins, the company said, outperformed management expectations due to lower AI costs. And AI conversational features have become part of the company's learning tools, helping achieve double-digit subscriber growth... But the enthusiasm for AI, which led to the initial stock bump this week, also led to the clawback. AI giveth and taketh away.

Meanwhile, this week a blog announced it was "able to activate a long-rumored Practice feature" hidden in Google Translate, notes PC Magazine, with the blogger even sharing a screen recording of "AI-led features within Translate" showing its ability to create personalized lessons. "Google's take on Duolingo is effectively ready for release," the Android Authority blog concluded. "Furthermore, the fact that a Telegram user spotted this in their app suggests that Google is already testing this in a limited fashion."

Duolingo's CEO revisited the backlash to his original "AI-first" promise today in a new interview today with the New York Times, emphasizing his hope that AI would only reduce the company's use of contractors. "We've never laid off any full-time employees. We don't plan to...." But: In the next five years, people's jobs will probably change. We're seeing it with many of our engineers. They may not be doing some rote tasks anymore. What will probably happen is that one person will be able to accomplish more, rather than having fewer people.

NYT: How are you managing that transition for employees?

Every Friday morning, we have this thing: It's a bad acronym, f-r-A-I-days. I don't know how to pronounce it. Those mornings, we let each team experiment on how to get more efficient to use A.I.

Yesterday there was also a new announcement from attorneys at Pomerantz LLP, which calls itself "the oldest law firm in the world dedicated to representing the rights of defrauded investors."

The firm announced it was investigating "whether Duolingo and certain of its officers and/or directors have engaged in securities fraud or other unlawful business practices."

Slashdot Top Deals