Microsoft

More Game Workers at Microsoft's 'Blizzard' Join a Union (aftermath.site) 186

This week workers on Blizzard's "Story and Franchise Development" team "strongly voted" to join America's largest communications and media labor union, the Communications Workers of America.

From the union's announcement: The Story and Franchise Development team is Blizzard's in-house cinematics, animation, and narrative team, producing the trailers, promotional videos, in-game cutscenes, and other narrative content for Blizzard franchises — as well as franchise archival workers and historians. These workers will be the first in-house cinematic, animation, and narrative studio to form a union in the North American game industry, joining nearly 3,000 workers at Microsoft-owned studios who have organized with CWA to build better standards across the video game industry after Microsoft acquired Activision Blizzard in 2023...

The announcement is the latest update in organizing the tech and video game industry, as over 6,000 workers in the United States and Canada have organized with the Campaign to Organize Digital Employees (CODE-CWA) since launching over five years ago. Last week, workers at Raven Software secured a historic contract with Microsoft, joining ZeniMax QA developers at CWA, who also secured a contract with the company in June.

"CWA says that Blizzard owner Microsoft has recognized the union," reports the gaming news site Aftermath, in accordance with the labor neutrality policy Microsoft agreed to in 2022, leading to several other union game studios at Microsoft: In July 2024, 500 workers on Blizzard-owned World of Warcraft formed a union that they called "the largest wall-to-wall union at a Microsoft-owned studio," alongside Blizzard QA workers in Austin. Other studios across Microsoft have also unionized in recent years, including at Bethesda, ZeniMax Online Studios, and ZeniMax QA, the latter of which finally reached a contract in May after nearly two years of bargaining. Unionized workers at Raven Studios reached a contract with Microsoft earlier this month.
The CWA's announcement this week included this quote from one organizing committee member (and a cinematic producer). "I'm excited that we have joined together in forming a union to protect my colleagues from things like misguided policies and instability as a result of layoffs."
Security

Security Flaws In Carmaker's Web Portal Let a Hacker Remotely Unlock Cars (techcrunch.com) 27

Three years ago security researcher Eaton Zveare discovered a vulnerability in Jacuzzi's SmartTub interface allowing access to the personal data of every hot tub owner.

Now Zverae says flaws in an unnamed carmaker's dealership portal "exposed the private information and vehicle data of its customers," reports TechCrunch, "and could have allowed hackers to remotely break into any of its customers' vehicles." Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the creation of a ["national"] admin account that granted "unfettered access" to the unnamed carmaker's centralized web portal. With this access, a malicious hacker could have viewed the personal and financial data of the carmaker's customers, tracked vehicles, and enrolled customers in features that allow owners — or the hackers — to control some of their cars' functions from anywhere.

Zveare said he doesn't plan on naming the vendor, but said it was a widely known automaker with several popular sub-brands.

In an interview with TechCrunch ahead of his talk at the Def Con security conference in Las Vegas on Sunday, Zveare said the bugs put a spotlight on the security of these dealership systems, which grant their employees and associates broad access to customer and vehicle information... The flaws were problematic because the buggy code loaded in the user's browser when opening the portal's login page, allowing the user — in this case, Zveare — to modify the code to bypass the login security checks. Zveare told TechCrunch that the carmaker found no evidence of past exploitation, suggesting he was the first to find it and report it to the carmaker.

When logged in, the account granted access to more than 1,000 of the carmakers' dealers across the United States, he told TechCrunch... With access to the portal, Zveare said it was also possible to pair any vehicle with a mobile account, which allows customers to remotely control some of their cars' functions from an app, such as unlocking their cars... "The takeaway is that only two simple API vulnerabilities blasted the doors open, and it's always related to authentication," said Zveare. "If you're going to get those wrong, then everything just falls down."

Zveare told TechCrunch the portals even included "telematics systems that allowed the real-time location tracking of rental or courtesy cars...

"Zveare said the bugs took about a week to fix in February 2025 soon after his disclosure to the carmaker."

Thanks to long-time Slashdot reader schwit1 for sharing the article.
AI

America's Labor Unions are Backing State Regulations for AI Use in Workplaces (msn.com) 95

"As employers and tech companies rush to deploy AI software into workplaces to improve efficiency, labor unions are stepping up work with state lawmakers across the nation to place guardrails on its use..." reports the Washington Post.

"Union leaders say they must intervene to protect workers from the potential for AI to cause massive job displacement or infringe on employment rights." In Massachusetts, the Teamsters labor union is backing a proposed state law that would require autonomous vehicles to have a human safety operator who can intervene during the ride, effectively forbidding truly driverless rides. Oregon lawmakers recently passed a bill supported by the Oregon Nurses Association that prohibits AI from using the title "nurse" or any associated abbreviations. The American Federation of Labor and Congress of Industrial Organizations, a federation of 63 national and international labor unions, launched a national task force last month to work with state lawmakers on more laws that regulate automation and AI affecting workers... The AFL-CIO task force plans to help unions take on problematic use of AI in collective bargaining and contracts and in coming months to develop a slate of model legislation available to state leaders, modeled on recently passed and newly proposed legislation in places including California and Massachusetts.
The president of the California Federation of Labor Unions also supports a proposed state law "that would prevent employers from primarily relying on AI software to automate decisions like terminations or disciplinary actions," according to the article. "Instead, humans would have to review decisions. The law would also prohibit use of tools that predict workers' behaviors, emotional states and personality."
Open Source

Remember the Companies Making Vital Open Source Contributions (infoworld.com) 22

Matt Asay answered questions from Slashdot readers in 2010 as the then-COO of Canonical. Today he runs developer marketing at Oracle (after holding similar positions at AWS, Adobe, and MongoDB).

And this week Asay contributed an opinion piece to InfoWorld reminding us of open source contributions from companies where "enlightened self-interest underwrites the boring but vital work — CI hardware, security audits, long-term maintenance — that grassroots volunteers struggle to fund." [I]f you look at the Linux 6.15 kernel contributor list (as just one example), the top contributor, as measured by change sets, is Intel... Another example: Take the last year of contributions to Kubernetes. Google (of course), Red Hat, Microsoft, VMware, and AWS all headline the list. Not because it's sexy, but because they make billions of dollars selling Kubernetes services... Some companies (including mine) sell proprietary software, and so it's easy to mentally bucket these vendors with license fees or closed cloud services. That bias makes it easy to ignore empirical contribution data, which indicates open source contributions on a grand scale.
Asay notes Oracle's many contributions to Linux: In the [Linux kernel] 6.1 release cycle, Oracle emerged as the top contributor by lines of code changed across the entire kernel... [I]t's Oracle that patches memory-management structures and shepherds block-device drivers for the Linux we all use. Oracle's kernel work isn't a one-off either. A few releases earlier, the company topped the "core of the kernel" leaderboard in 5.18, and it hasn't slowed down since, helping land the Maple Tree data structure and other performance boosters. Those patches power Oracle Cloud Infrastructure (OCI), of course, but they also speed up Ubuntu on your old ThinkPad. Self-interested contributions? Absolutely. Public benefit? Equally absolute.

This isn't just an Oracle thing. When we widen the lens beyond Oracle, the pattern holds. In 2023, I wrote about Amazon's "quiet open source revolution," showing how AWS was suddenly everywhere in GitHub commit logs despite the company's earlier reticence. (Disclosure: I used to run AWS' open source strategy and marketing team.) Back in 2017, I argued that cloud vendors were open sourcing code as on-ramps to proprietary services rather than end-products. Both observations remain true, but they miss a larger point: Motives aside, the code flows and the community benefits.

If you care about outcomes, the motives don't really matter. Or maybe they do: It's far more sustainable to have companies contributing because it helps them deliver revenue than to contribute out of charity. The former is durable; the latter is not.

There's another practical consideration: scale. "Large vendors wield resources that community projects can't match."

Asay closes by urging readers to "Follow the commits" and "embrace mixed motives... the point isn't sainthood; it's sustainable, shared innovation. Every company (and really every developer) contributes out of some form of self-interest. That's the rule, not the exception. Embrace it." Going forward, we should expect to see even more counterintuitive contributor lists. Generative AI is turbocharging code generation, but someone still has to integrate those patches, write tests, and shepherd them upstream. The companies with the most to lose from brittle infrastructure — cloud providers, database vendors, silicon makers — will foot the bill. If history is a guide, they'll do so quietly.
Transportation

Volkswagen Wants You To Pay Monthly To Unlock More Horsepower (neowin.net) 143

Slashdot reader darwinmac writes: Volkswagen is offering a subscription model for extra horsepower on its ID.3 electric cars. Want to bump your ride from the standard 201 bhp to the full 228 bhp? That will be about £16.50 per month or £165 per year, or a one-time £649 "lifetime" fee that is tied to the car, not you. If you sell it, you have to pay again.

VW defended this to the BBC by saying you are basically paying for a sportier experience without buying a higher powered model upfront, calling it "nothing new." Nothing changes mechanically. You are just paying VW to essentially flip a boolean somewhere in the car's software.

Bug

Plex Users Urged To Update Media Server After Security Flaw Exposed (nerds.xyz) 19

BrianFagioli shares a report from NERDS.xyz: If you run Plex Media Server, it's time to drop everything and update. The company has quietly patched a security issue that affects recent versions of its software, and users are being told to upgrade as soon as possible. According to an email Plex sent to affected customers, versions 1.41.7.x through 1.42.0.x are vulnerable. The newly released build, 1.42.1.10060 or later, contains the fix. Plex says the flaw was found through its bug bounty program, but sadly, it has not publicly shared details about how severe the issue is or whether it could be exploited remotely.
AI

Dodgy Huawei Chips Nearly Sunk DeepSeek's Next-Gen R2 Model 18

DeepSeek's development of its next-gen R2 AI model was severely delayed after months of failed training attempts on Huawei's Ascend chips, which suffered from unstable hardware, slow interconnects, and immature software. The Register reports: Following the industry rattling launch of DeepSeek R1 earlier this year, the Chinese AI darling faced pressure from government authorities to train the model's successor on Huawei's homegrown silicon, three unnamed sources have told the Financial Times. But after months of work and the help of an entire team of Huawei engineers, unstable chips, glacial interconnects, and immature software proved insurmountable for DeepSeek, which was apparently unable to complete a single successful training run. The failure, along with challenges with data labeling, ultimately delayed the release of DeepSeek R2 as the company started anew, using Nvidia's H20 GPUs instead. The company has reportedly relegated Huawei's Ascend accelerators to inference duty.
The Courts

Apple Returns Blood Oxygen Monitoring to the Latest Apple Watches (techcrunch.com) 23

Apple has reintroduced blood oxygen monitoring to certain Apple Watch models in the U.S. by shifting the feature's calculations to the paired iPhone, sidestepping an ITC import ban stemming from its legal dispute with medical device maker Masimo. TechCrunch reports: Blood oxygen data will be measured and calculated on the user's paired iPhone, and results can be viewed in the Respiratory section of the Health app. This means users won't be able to view the data on their Apple Watch, as they'll need to do so on their iPhone. Apple says the update announced today is enabled by a recent U.S. Customs ruling, which means that the tech giant is allowed to import Apple Watches with the redesigned Blood Oxygen feature.

The change doesn't affect previously sold models with the original version of the feature or units bought outside the U.S. The redesigned feature only applies to Apple Watches that were sold after the ITC import ban took effect in early 2024. These users can access the redesigned Blood Oxygen feature through an iPhone and Apple Watch software update coming on Thursday.

The Military

How the Unraveling of Two Pentagon Projects May Result In a Costly Do-Over (reuters.com) 84

The Pentagon is poised to cancel two nearly finished Navy and Air Force HR software projects worth over $800 million so new contracts can be awarded to other vendors, including Salesforce, Palantir, and Workday. "The reason for the unusual move: officials at those departments, who have so far put the existing projects on hold, want other firms, including Salesforce and billionaire Peter Thiel's Palantir, to have a chance to win similar projects, which could amount to a costly do-over," reports Reuters. From the report: In 2019, Accenture said it had won a contract to expand an HR platform to modernize the payroll, absence management, and other HR functions for the Air Force with Oracle software. The project, which includes other vendors and was later expanded to include Space Force, grew to cost $368 million and was scheduled for its first deployment this summer at the Air Force Academy. An April "status update" on the project conducted by the Air Force and obtained by Reuters described the project as "on track," with initial deployment scheduled for June, noting that it would end up saving the Air Force $39 million annually by allowing it to stop using an older system. But on May 30, Darlene Costello, then-Acting assistant Secretary of the Air Force, sent out a memo placing a "strategic pause" on the project for ninety days and calling for the study of alternate technical solutions, according to a copy of the memo seen by Reuters that was previously unreported. Costello, who has since retired, was reacting to pressure from other Air Force officials who wanted to steer a new HR project to SalesForce and Palantir, three sources said. [...] The Air Force said in a statement that it "is committed to reforming acquisition practices, assessing the acquisition workforce, and identifying opportunities to improve major defense acquisition programs."

Space Force, which operates within the Air Force, was set to receive the Air Force's new payroll system in the coming months. But it is also pulling out of the project because officials there want to launch yet another HR platform project to be led by Workday, according to three people familiar with the matter. The service put out a small business tender on May 7 for firms to research HR platform alternatives, with the goal of selecting a company that will recommend Workday as the best option, the people said. Now the Air Force and Space Force "want to start over with vendors that do not meet their requirements, leading to significant duplication and massive costs," said John Weiler, director of the Information Technology Acquisition Advisory Council, a government-chartered nonprofit group that makes recommendations to improve federal IT contracting.

In 2022, the Honolulu-based Nakupuna Companies took over a 2019 project with other firms to integrate the Navy's payroll and personnel systems into one platform using Oracle software and known as "NP2". The project, which has cost about $425 million since 2023, according to the Government Accountability Office, was set to be rolled out earlier this year after receiving a positive review by independent reviewer and consulting firm Guidehouse in January, according to a copy obtained by Reuters. But the head of Navy's human resources, now retired Admiral Rick Cheeseman, sought to cancel the project according to a June 5 memo seen by Reuters, directing another official to "take appropriate contractual actions" to cancel the project. Navy leaders instead mandated yet another assessment of project, according to a memo seen by Reuters, leaving it in limbo, two sources said.

Cheeseman's reason for trying to kill the project was his anger over a decision by DOGE earlier this year to cancel a $171 million contract for data services provider Pantheon Data that essentially duplicated parts of the HR project. In an email obtained by Reuters, he threatened to withhold funding from the Nakupuna-led project unless the Pantheon contract was restored. "I am beyond exasperated with how this happened," Cheeseman wrote in a May 7 email to Chief Information Officer Jane Rathbun about the contract cancellation, arguing the Pantheon contract was not "duplicative of any effort." "From where I sit, I'm content taking every dime away from NP2 in order to continue this effort," he added in the email. The pausing of NP2 was "unexpected, especially given that multiple comprehensive reviews validated the technical solution as the fastest and most affordable approach," Nakupuna said in a statement, adding it was disappointed by the change because the project was ready to deploy. The Navy said it "continues to prioritize essential personnel resources in support of efforts to strengthen military readiness through fiscal responsibility and departmental efficiency."

Communications

ULA Launches First National Security Mission On Vulcan Centaur Rocket (space.com) 25

United Launch Alliance's Vulcan Centaur rocket successfully completed its first-ever national security mission, launching the U.S. military's first experimental navigation satellite in 48 years. Space.com reports: The mission saw the company's powerful new Vulcan Centaur rocket take off from Space Launch Complex 41 (SLC-41) at Cape Canaveral Space Force Station in Florida. Vulcan launched with four side-mounted solid rocket boosters in order to generate enough thrust to send its payload directly into geosynchronous orbit on one of ULA's longest flights ever, a seven-hour journey that will span over 22,000 miles (35,000 kilometers), according to ULA.

The payload launching on Tuesday's mission was the U.S. military's first experimental navigation satellite to be launched in 48 years. It is what's known as a position, navigation and timing (PNT) satellite, a type of spacecraft that provides data similar to that of the well-known GPS system. This satellite will be testing many experimental new technologies that are designed to make it resilient to jamming and spoofing, according to Andrew Builta with L3Harris Technologies, the prime contractor for the PNT payload integrated onto a satellite bus built by Northrop Grumman.

The satellite, identified publicly only as Navigation Technology Satellite-3 (NTS-3), features a phased array antenna that allows it to "focus powerful beams to ground forces and combat jamming environments," Builta said in a media roundtable on Monday (Aug. 11). GPS jamming has become an increasingly worrisome problem for both the U.S. military and commercial satellite operators, which is why this spacecraft will be conducting experiments to test how effective these new technologies are at circumventing jamming attacks. In addition, the satellite features a software architecture that allows it to be reprogrammed while in orbit. "This is a truly game-changing capability," Builta said.

Linux

Linus Torvalds Blasts Kernel Dev For 'Making the World Worse' With 'Garbage' Patches (zdnet.com) 118

An anonymous reader quotes a report from ZDNet: You can't say Linux creator Linus Torvalds didn't give the kernel developers fair warning. He'd told them: "The upcoming merge window for 6.17 is going to be slightly chaotic for me. I have multiple family events this August (a wedding and a big birthday), and with said family being spread not only across the US, but in Finland too, I'm spending about half the month traveling." Therefore, Torvalds continued, "That does not mean I'll be more lenient to late pull requests (probably quite the reverse, since it's just going to add to the potential chaos)." So, when Meta software engineer Palmer Dabbelt pushed through a set of RISC-V patches and admitted "this is very late," he knew he was playing with fire. He just didn't know how badly he'd be burned.

Torvalds fired back on the Linux Kernel Mailing List (LKML): "This is garbage and it came in too late. I asked for early pull requests because I'm traveling, and if you can't follow that rule, at least make the pull requests good." It went downhill from there. Torvalds continued: "This adds various garbage that isn't RISC-V specific to generic header files. And by 'garbage," I really mean it. This is stuff that nobody should ever send me, never mind late in a merge window." Specifically, Torvalds hated the "crazy and pointless" way in which one of the patch's helper functions combined two unsigned 16-bit integers into a 32-bit integer. How bad was it? "That thing makes the world actively a worse place to live. It's useless garbage that makes any user incomprehensible, and actively *WORSE* than not using that stupid 'helper.'"

In addition to the quality issues, Torvalds was annoyed that the offending code was added to generic header files rather than the RISC-V tree. He emphasized that such generic changes could negatively impact the broader Linux community, writing: "You just made things WORSE, and you added that 'helper' to a generic non-RISC-V file where people are apparently supposed to use it to make other code worse too... So no. Things like this need to get bent. It does not go into generic header files, and it damn well does not happen late in the merge window. You're on notice: no more late pull requests, and no more garbage outside the RISC-V tree." [...] Dabbelt gets it. He replied, "OK, sorry. I've been dropping the ball lately, and it kind of piled up, taking a bunch of stuff late, but that just leads to me making mistakes. So I'll stop being late, and hopefully that helps with the quality issues."

AI

Cornell Researchers Develop Invisible Light-Based Watermark To Detect Deepfakes 56

Cornell University researchers have developed an "invisible" light-based watermarking system that embeds unique codes into the physical light that illuminates the subject during recording, allowing any camera to capture authentication data without special hardware. By comparing these coded light patterns against recorded footage, analysts can spot deepfake manipulations, offering a more resilient verification method than traditional file-based watermarks. TechSpot reports: Programmable light sources such as computer monitors, studio lighting, or certain LED fixtures can be embedded with coded brightness patterns using software alone. Standard non-programmable lamps can be adapted by fitting them with a compact chip -- roughly the size of a postage stamp -- that subtly fluctuates light intensity according to a secret code. The embedded code consists of tiny variations in lighting frequency and brightness that are imperceptible to the naked eye. Michael explained that these fluctuations are designed based on human visual perception research. Each light's unique code effectively produces a low-resolution, time-stamped record of the scene under slightly different lighting conditions. [Abe Davis, an assistant professor] refers to these as code videos.

"When someone manipulates a video, the manipulated parts start to contradict what we see in these code videos," Davis said. "And if someone tries to generate fake video with AI, the resulting code videos just look like random variations." By comparing the coded patterns against the suspect footage, analysts can detect missing sequences, inserted objects, or altered scenes. For example, content removed from an interview would appear as visual gaps in the recovered code video, while fabricated elements would often show up as solid black areas. The researchers have demonstrated the use of up to three independent lighting codes within the same scene. This layering increases the complexity of the watermark and raises the difficulty for potential forgers, who would have to replicate multiple synchronized code videos that all match the visible footage.
The concept is called noise-coded illumination and was presented on August 10 at SIGGRAPH 2025 in Vancouver, British Columbia.
Transportation

Ford Announces Investment To Bring Affordable EVs To Market (freep.com) 130

An anonymous reader quotes a report from the Detroit Free Press: Ford is announcing the creation of a new electric vehicle production system and a new EV platform that will allow the automaker to more efficiently bring several lower-cost EVs to market, the first of which will be a midsize, four-door electric pickup that seats five, to launch in 2027. That pickup, which is expected to start around $30,000, will be assembled at Ford's Louisville Assembly Plant for U.S. and export markets. The Dearborn-based automaker said it will invest $2 billion to retool the Louisville plant starting later this year. [...] Ford's investment in Louisville Assembly is in addition to Ford's previously announced $3 billion commitment for BlueOval Battery Park in Marshall, Michigan, where Ford will make the prismatic LFP batteries, starting next year, for the midsize electric pickup. Together, the nearly $5 billion investments mean Ford expects to create or secure nearly 4,000 direct jobs while strengthening the domestic supply chain with dozens of new U.S.-based suppliers.

Ford executives and Kentucky officials also introduced on Monday, Aug. 11, the new Ford Universal EV Production System, which they said will simplify production and ease operations for workers. Ford leaders also announced the creation of the Ford Universal Electric Vehicle Platform, which will enable the development of "a family of affordable electric vehicles produced at scale." The vehicles will be software-defined with over-the-air updates to keep improving the vehicles over time. "We took a radical approach to solve a very hard challenge: Create affordable vehicles that are breakthrough in every way that matters design, technology, performance, space and cost of ownership and do it with American workers," Ford CEO Jim Farley said in a statement. "Nobody wants to see another good college try by a Detroit automaker to make an affordable vehicle that ends up with idled plants, layoffs and uncertainty."

Farley has teased this announcement since Ford's second-quarter earnings when he said Ford would have a "Model-T moment" on Aug. 11. He's referring to the classic vehicle that helped turn Ford into a mass market automaker and perfect the assembly line process. At that time, Farley said it was critical that Ford unveil an EV strategy that would position it to make money selling the electric cars and effectively compete against the Chinese, who are known for making high-quality, desirable and affordable EVs. "So, this has to be a good business," Farley said of Ford's investments in the new process and platform. "From Day 1, we knew there was no incremental path to success. We empowered a tiny skunkworks team three time zones away from Detroit. We reinvented the line. And we are on a path to be the first automaker to make prismatic LFP batteries in the U.S. We will not rely on imports."
Ford says its new Universal Electric Vehicle Platform "reduces parts by 20% versus a typical vehicle, with 25% fewer fasteners, 40% fewer workstations dock-to-dock in the plant and 15% faster assembly time." The new EV pickup built using this platform is targeting a "starting MSRP at about $30,000, roughly the same as the Model T when adjusted for inflation," adds Farley.

He shared additional details in an interview with Wired, such as how the automaker hired Tesla veterans Doug Field (who also helped lead Apple's now-defunct EV project) and Alan Clarke. "Turns out, Doug and Alan and the team built a propulsion system that was like Apollo 13, managed down to the watt so that our battery could be so much smaller than BYD's," said Farley.
Python

How Python is Fighting Open Source's 'Phantom' Dependencies Problem (blogspot.com) 33

Since 2023 the Python Software Foundation has had a Security Developer-in-Residence (sponsored by the Open Source Security Foundation's vulnerability-finding "Alpha-Omega" project). And he's just published a new 11-page white paper about open source's "phantom dependencies" problem — suggesting a way to solve it.

"Phantom" dependencies aren't tracked with packaging metadata, manifests, or lock files, which makes them "not discoverable" by tools like vulnerability scanners or compliance and policy tools. So Python security developer-in-residence Seth Larson authored a recently-accepted Python Enhancement Proposal offering an easy way for packages to provide metadata through Software Bill-of-Materials (SBOMs). From the whitepaper: Python Enhancement Proposal 770 is backwards compatible and can be enabled by default by tools, meaning most projects won't need to manually opt in to begin generating valid PEP 770 SBOM metadata. Python is not the only software package ecosystem affected by the "Phantom Dependency" problem. The approach using SBOMs for metadata can be remixed and adopted by other packaging ecosystems looking to record ecosystem-agnostic software metadata...

Within Endor Labs' [2023 dependencies] report, Python is named as one of the most affected packaging ecosystems by the "Phantom Dependency" problem. There are multiple reasons that Python is particularly affected:

- There are many methods for interfacing Python with non-Python software, such as through the C-API or FFI. Python can "wrap" and expose an easy-to-use Python API for software written in other languages like C, C++, Rust, Fortran, Web Assembly, and more.

- Python is the premier language for scientific computing and artificial intelligence, meaning many high-performance libraries written in system languages need to be accessed from Python code.

- Finally, Python packages have a distribution type called a "wheel", which is essentially a zip file that is "installed" by being unzipped into a directory, meaning there is no compilation step allowed during installation. This is great for being able to inspect a package before installation, but it means that all compiled languages need to be pre-compiled into binaries before installation...


When designing a new package metadata standard, one of the top concerns is reducing the amount of effort required from the mostly volunteer maintainers of packaging tools and the thousands of projects being published to the Python Package Index... By defining PEP 770 SBOM metadata as using a directory of files, rather than a new metadata field, we were able to side-step all the implementation pain...

We'll be working to submit issues on popular open source SBOM and vulnerability scanning tools, and gradually, Phantom Dependencies will become less of an issue for the Python package ecosystem.

The white paper "details the approach, challenges, and insights into the creation and acceptance of PEP 770 and adopting Software Bill-of-Materials (SBOMs) to improve the measurability of Python packages," explains an announcement from the Python Software Foundation. And the white paper ends with a helpful note.

"Having spoken to other open source packaging ecosystem maintainers, we have come to learn that other ecosystems have similar issues with Phantom Dependencies. We welcome other packaging ecosystems to adopt Python's approach with PEP 770 and are willing to provide guidance on the implementation."
AI

Autonomous AI-Guided Black Hawk Helicopter Tested to Fight Wildfires (yahoo.com) 36

Imagine this. Lightning sparks a wildfire, but "within seconds, a satellite dish swirling overhead picks up on the anomaly and triggers an alarm," writes the Los Angeles Times. "An autonomous helicopter takes flight and zooms toward the fire, using sensors to locate the blaze and AI to generate a plan of attack. It measures the wind speed and fire movement, communicating constantly with the unmanned helicopter behind it, and the one behind that. Once over the site, it drops a load of water and soon the flames are smoldering. Without deploying a single human, the fire never grows larger than 10 square feet.

"This is the future of firefighting." On a recent morning in San Bernardino, state and local fire experts gathered for a demonstration of the early iterations of this new reality. An autonomous Sikorski Black Hawk helicopter, powered by technology from Lockheed Martin and a California-based software company called Rain, is on display on the tarmac of a logistics airport in Victorville — the word "EXPERIMENTAL" painted on its military green-black door. It's one of many new tools on the front lines of firefighting technology, which experts say is evolving rapidly as private industry and government agencies come face-to-face with a worsening global climate crisis...

Scientific studies and climate research models have found that the number of extreme fires could increase by as much as 30% globally by 2050. By 2100, California alone could see a 50% increase in wildfire frequency and a 77% increase in average annual acres burned, according to the state's most recent climate report. That's largely because human-caused climate change is driving up temperatures and drying out the landscape, priming it to burn, according to Kate Dargan Marquis, a senior advisor with the Gordon and Betty Moore Foundation who served as California's state fire marshal from 2007 to 2010.... "[T]he policies of today and the technologies of today are not going to serve us tomorrow."

Today, more than 1,100 mountaintop cameras positioned across California are already using artificial intelligence to scan the landscape for the first sign of flames and prompt crews to spring into action. NASA's Earth-observing satellites are studying landscape conditions to help better predict fires before they ignite, while a new global satellite constellation recently launched by Google is helping to detect fires faster than ever before.

One 35-year fire service veteran who consults on fire service technologies even predicts fire-fighting robots will also be used in high-risk situations like the Colossus robot that battled flames searing through Notre-Dame Cathedral in Paris...

And a bill moving through California's legislation "would direct the California Department of Forestry and Fire Protection to establish a pilot program to assess the viability of incorporating autonomous firefighting helicopters in the state."
The Internet

AOL Finally Discontinues Its Dial-Up Internet Access - After 34 Years (pcmag.com) 75

AOL (now a Yahoo subsidiary) just announced its dial-up internet service will be discontinued at the end of September.

"The change also means the retirement of the AOL Dialer software and the AOL Shield browser, both designed for older operating systems and slow connections that relied on the familiar screech of a modem handshake," remembers Slashdot reader BrianFagioli (noting that dial-up Internet "was once the gateway to the web for millions of households, back when speeds were measured in kilobits and waiting for a picture to load could feel like an eternity.")

AOL's dial-up service "has been publicly available for 34 years," writes Tom's Hardware. But AppleInsider notes the move comes more than 40 years after AOL started "as a very early Apple service." AOL itself started back in 1983 under the name Control Video Corporation, offering online services for the Atari 2600 console. After failing, it became Quantum Computer Services in 1985, eventually launching AppleLink in 1988 to connect Macintosh computers together... With the launch of PC Link for IBM-compatible PCs in 1988 and parting from Apple in October 1989, the company rebranded itself as America Online, or AOL... Even at its height, dial-up connections could get up to 56 kilobits per second under ideal conditions, while modern connections are measured in megabits and gigabits. Most of the service was also what's considered a "walled garden," with features that were only available through AOL itself and that it wasn't the actual, untamed Internet.
In the 1990s AOL "was how millions of people were introduced to the Internet," the article remembers, adding that "Even after the AOL Time Warner acquisition and the 2015 acquisition by Verizon, AOL was still a popular service. Astoundingly, it counted about two million dial-up subscribers at the time." In the 2021 acquisition of assets from Verizon by Apollo Global Management, AOL was said to have 1.5 million people paying for services. However, this was more for technical support and software, rather than for actual Internet access. A CNBC report at the time reports that the dial-up user count was "in the low thousands".... While it dies off, not with a bang but a whimper, AOL's dial-up is still remembered as one of the most transformative services in the Internet age.
"This change does not impact the numerous other valued products and services that these subscribers are able to access and enjoy as part of their plans," a Yahoo spokesperson told PC Magazine this week. "There is also no impact to our users' free AOL email accounts." AOL's disastrous 2001 merger with Time Warner and ongoing inability to deliver broadband to its customers... left it on a path to decline that acquiring such widely read sites as Engadget [2005] and TechCrunch [2010] did not stem. By 2014, the number of dial-up AOL customers had collapsed to 2.34 million. A year later, Verizon bought the company for $4.4 billion in an internet-content play that turned out to be as doomed as the Time Warner transaction. In 2021, Verizon unloaded both AOL and Yahoo, which it had separately purchased in 2017, to the private-equity firm Apollo Global Management....

The demise of AOL's dial-up service does not mean the extinction of the oldest form of consumer online access. Estimates from the Census Bureau's 2023 American Community Survey show 163,401 Americans connected to the internet via dial-up that year.

That was by far the smallest segment of the internet-using population, dwarfed by 100,166,949 subscribing to such forms of broadband as "cable, fiber optic, or DSL"; 8,628,648 using satellite; 3,318,901 using "Internet access without a subscription" (which suggests Wi-Fi from coffee shops or public libraries); and 1,445,135 via "other service."

The remaining AOL dial-up subscribers will need to find some sort of replacement, which in rural areas may be limited to fixed wireless or SpaceX's considerably more expensive Starlink. Or they may wind up joining the ranks of Americans with no internet access: 6,866,059, in those 2023 estimates.

Security

Google Says Its AI-Based Bug Hunter Found 20 Security Vulnerabilities (techcrunch.com) 17

"Heather Adkins, Google's vice president of security, announced Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software," reports TechCrunch: Adkins said that Big Sleep, which is developed by the company's AI department DeepMind as well as its elite team of hackers Project Zero, reported its first-ever vulnerabilities, mostly in open source software such as audio and video library FFmpeg and image-editing suite ImageMagick. [There's also a "medium impact" issue in Redis]

Given that the vulnerabilities are not fixed yet, we don't have details of their impact or severity, as Google does not yet want to provide details, which is a standard policy when waiting for bugs to be fixed. But the simple fact that Big Sleep found these vulnerabilities is significant, as it shows these tools are starting to get real results, even if there was a human involved in this case.

"To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention," Google's spokesperson Kimberly Samra told TechCrunch.

Google's vice president of engineering posted on social media that this demonstrates "a new frontier in automated vulnerability discovery."
AI

Initiative Seeks AI Lab to Build 'American Truly Open Models' (ATOM) (msn.com) 20

"Benchmarking firm Artificial Analysis found that only five of the top 15 AI models are open source," reports the Washington Post, "and all were developed by Chinese AI companies...."

"Now some American executives, investors and academics are endorsing a plan to make U.S. open-source AI more competitive." A new campaign called the ATOM Project, for American Truly Open Models, aims to create a U.S.-based AI lab dedicated to creating software that developers can freely access and modify. Its blueprint calls for access to serious computing power, with upward of 10,000 of the cutting-edge GPU chips used to power corporate AI development. The initiative, which launched Monday, has gathered signatures of support from more than a dozen industry figures. They include veteran tech investor Bill Gurley; Clement Delangue, CEO of Hugging Face, a repository for open-source AI models and datasets; Stanford professor and AI investor Chris Manning; chipmaker Nvidia's director of applied research, Oleksii Kuchaiev; Jason Kwon, chief strategy officer for OpenAI; and Dylan Patel, CEO and founder of research firm SemiAnalysis...

The lack of progress in open-source AI underscores the case for initiatives like ATOM: The U.S. has not produced a major new open-source AI release since Meta's launch of its Llama 4 model in April, which disappointed some AI experts... "A lot of it is a coordination problem," said ATOM's creator, Nathan Lambert, a senior research scientist at the nonprofit Allen Institute for AI who is launching the project in a personal capacity... Lambert said the idea was to develop much more powerful open-source AI models than existing U.S. efforts such as Bloom, an AI language model from Hugging Face, Pythia from EleutherAI, and others. Those groups were willing to take on more legal risk in the name of scientific progress but suffered from underfunding, said Lambert, who has worked at Google's DeepMind AI lab, Facebook AI Research and Hugging Face.

The other problem? The hefty cost of top-performing AI. Lambert estimates that getting access to 10,000 state-of-the-art GPUs will cost at least $100 million. But the funding must be found if American efforts are to stay competitive, he said.

The initiative's web page is seeking signatures, but also asks visitors to the site to "consider how your expertise or resources might contribute to building the infrastructure America needs."
AI

Students Have Been Called to the Office - Or Arrested - for False Alarms from AI-Powered Surveillance Systems (apnews.com) 162

In 2023 a 13-year-old girl "made an offensive joke while chatting online with her classmates," reports the Associated Press.

But when the school's surveillance software spotted that joke, "Before the morning was even over, the Tennessee eighth grader was under arrest. She was interrogated, strip-searched and spent the night in a jail cell, her mother says." Her parents filed a lawsuit against the school system, according to the article (which points out the girl wasn't allowed to talk to her parents until the next day). "A court ordered eight weeks of house arrest, a psychological evaluation and 20 days at an alternative school for the girl." Gaggle's CEO, Jeff Patterson, said in an interview that the school system did not use Gaggle the way it is intended. The purpose is to find early warning signs and intervene before problems escalate to law enforcement, he said. "I wish that was treated as a teachable moment, not a law enforcement moment," said Patterson.
But that's just one example, the article points out. "Surveillance systems in American schools increasingly monitor everything students write on school accounts and devices." Thousands of school districts across the country use software like Gaggle and Lightspeed Alert to track kids' online activities, looking for signs they might hurt themselves or others. With the help of artificial intelligence, technology can dip into online conversations and immediately notify both school officials and law enforcement... In a country weary of school shootings, several states have taken a harder line on threats to schools. Among them is Tennessee, which passed a 2023 zero-tolerance law requiring any threat of mass violence against a school to be reported immediately to law enforcement....

Students who think they are chatting privately among friends often do not realize they are under constant surveillance, said Shahar Pasch, an education lawyer in Florida. One teenage girl she represented made a joke about school shootings on a private Snapchat story. Snapchat's automated detection software picked up the comment, the company alerted the FBI, and the girl was arrested on school grounds within hours... The technology can also involve law enforcement in responses to mental health crises. In Florida's Polk County Schools, a district of more than 100,000 students, the school safety program received nearly 500 Gaggle alerts over four years, officers said in public Board of Education meetings. This led to 72 involuntary hospitalization cases under the Baker Act, a state law that allows authorities to require mental health evaluations for people against their will if they pose a risk to themselves or others...

Information that could allow schools to assess the software's effectiveness, such as the rate of false alerts, is closely held by technology companies and unavailable publicly unless schools track the data themselves. Students in one photography class were called to the principal's office over concerns Gaggle had detected nudity. The photos had been automatically deleted from the students' Google Drives, but students who had backups of the flagged images on their own devices showed it was a false alarm. District officials said they later adjusted the software's settings to reduce false alerts. Natasha Torkzaban, who graduated in 2024, said she was flagged for editing a friend's college essay because it had the words "mental health...."

School officials have said they take concerns about Gaggle seriously, but also say the technology has detected dozens of imminent threats of suicide or violence. "Sometimes you have to look at the trade for the greater good," said Board of Education member Anne Costello in a July 2024 board meeting.

Bug

UK Courts Service 'Covered Up' IT Bug That Lost Evidence (bbc.co.uk) 20

Bruce66423 shares a report from the BBC: The body running courts in England and Wales has been accused of a cover-up, after a leaked report found it took several years to react to an IT bug that caused evidence to go missing, be overwritten or appear lost. Sources within HM Courts & Tribunals Service (HMCTS) say that as a result, judges in civil, family and tribunal courts will have made rulings on cases when evidence was incomplete. The internal report, leaked to the BBC, said HMCTS did not know the full extent of the data corruption, including whether or how it had impacted cases, as it had not undertaken a comprehensive investigation. It also found judges and lawyers had not been informed, as HMCTS management decided it would be "more likely to cause more harm than good." HMCTS says its internal investigation found no evidence that "any case outcomes were affected as a result of these technical issues." However, the former head of the High Court's family division, Sir James Munby, told the BBC the situation was "shocking" and "a scandal." Bruce66423 comments: "Given the relative absence of such stories from the USA, should I congratulate you for better-quality software or for being better at covering up disasters?"

Slashdot Top Deals