Operating Systems

Linux 6.16 Brings Faster File Systems, Improved Confidential Memory Support, and More Rust Support (zdnet.com) 50

ZDNet's Steven Vaughan-Nichols shares his list of "what's new and improved" in the latest Linux 6.16 kernel. An anonymous reader shares an excerpt from the report: First, the Rust language is continuing to become more well-integrated into the kernel. At the top of my list is that the kernel now boasts Rust bindings for the driver core and PCI device subsystem. This approach will make it easier to add new Rust-based hardware drivers to Linux. Additionally, new Rust abstractions have been integrated into the Direct Rendering Manager (DRM), particularly for ioctl handling, file/GEM memory management, and driver/device infrastructure for major GPU vendors, such as AMD, Nvidia, and Intel. These changes should reduce vulnerabilities and optimize graphics performance. This will make gamers and AI/ML developers happier.

Linux 6.16 also brings general improvements to Rust crate support. Crate is Rust's packaging format. This will make it easier to build, maintain, and integrate Rust kernel modules into the kernel. For those of you who still love C, don't worry. The vast majority of kernel code remains in C, and Rust is unlikely to replace C soon. In a decade, we may be telling another story. Beyond Rust, this latest release also comes with several major file system improvements. For starters, the XFS filesystem now supports large atomic writes. This capability means that large multi-block write operations are 'atomic,' meaning all blocks are updated or none. This enhances data integrity and prevents data write errors. This move is significant for companies that use XFS for databases and large-scale storage.

Perhaps the most popular Linux file system, Ext4, is also getting many improvements. These boosts include faster commit paths, large folio support, and atomic multi-fsblock writes for bigalloc filesystems. What these improvements mean, if you're not a file-system nerd, is that we should see speedups of up to 37% for sequential I/O workloads. If your Linux laptop doubles as a music player, another nice new feature is that you can now stream your audio over USB even while the rest of your system is asleep. That capability's been available in Android for a while, but now it's part of mainline Linux.

If security is a top priority for you, the 6.16 kernel now supports Intel Trusted Execution Technology (TXT) and Intel Trusted Domain Extensions (TDX). This addition, along with Linux's improved support for AMD Secure Encrypted Virtualization and Secure Memory Encryption (SEV-SNP), enables you to encrypt your software's memory in what's known as confidential computing. This feature improves cloud security by encrypting a user's virtual machine memory, meaning someone who cracks a cloud can't access your data.
Linux 6.16 also delivers several chip-related upgrades. It introduces support for Intel's Advanced Performance Extensions (APX), doubling x86 general-purpose registers from 16 to 32 and boosting performance on next-gen CPUs like Lunar Lake and Granite Rapids Xeon. Additionally, the new CONFIG_X86_NATIVE_CPU option allows users to build processor-optimized kernels for greater efficiency.

Support for Nvidia's AI-focused Blackwell GPUs has also been improved, and updates to TCP/IP with DMABUF help offload networking tasks to GPUs and accelerators. While these changes may go unnoticed by everyday users, high-performance systems will see gains and OpenVPN users may finally experience speeds that challenge WireGuard.
IOS

Jack Dorsey's Bluetooth Messaging App Bitchat Now On App Store 30

Jack Dorsey's new app Bitchat is now available on the iOS App Store. The decentralized, peer-to-peer messaging app uses Bluetooth mesh networks for encrypted, ephemeral chats without requiring accounts, servers, or internet access. Dorsey said he built it over a weekend and cautioned that it "has not received external security review and may contain vulnerabilities..." TechCrunch reports: The app's UX is very minimal. There is no log-in system, and you're immediately brought to an instant messaging box, where you can see what nearby users are saying (if anyone is actually around you and using the app) and set your display name, which can be changed at any time. [...] Dorsey has not directly addressed the fake Bitchat apps on the Google Play store, but he did repost another user's X post that said that Bitchat is not yet on Google Play, and to "beware of fakes."
AI

Cisco Donates the AGNTCY Project to the Linux Foundation 7

Cisco has donated its AGNTCY initiative to the Linux Foundation, aiming to create an open-standard "Internet of Agents" to allow AI agents from different vendors to collaborate seamlessly. The project is backed by tech giants like Google Cloud, Dell, Oracle and Red Hat. "Without such an interoperable standard, companies have been rushing to build specialized AI agents," writes ZDNet's Steven Vaughan-Nichols. "These work in isolated silos that cannot work and play well with each other. This, in turn, makes them less useful for customers than they could be." From the report: AGNTCY was first open-sourced by Cisco in March 2025 and has since attracted support from over 75 companies. By moving it under the Linux Foundation's neutral governance, the hope is that everyone else will jump on the AGNTCY bandwagon, thus making it an industry-wide standard. The Linux Foundation has a long history of providing common ground for what otherwise might be contentious technology battles. The project provides a complete framework to solve the core challenges of multi-agent collaboration:

- Agent Discovery: An Open Agent Schema Framework (OASF) acts like a "DNS for agents," allowing them to find and understand the capabilities of others.
- Agent Identity: A system for cryptographically verifiable identities ensures agents can prove who they are and perform authorized actions securely across different vendors and organizations.
- Agent Messaging: A protocol named Secure Low-latency Interactive Messaging (SLIM) is designed for the complex, multi-modal communication patterns of agents, with built-in support for human-in-the-loop interaction and quantum-safe security.
- Agent Observability: A specialized monitoring framework provides visibility into complex, multi-agent workflows, which is crucial for debugging probabilistic AI systems.

You may well ask, aren't there other emerging AI agency standards? You're right. There are. These include the Agent2Agent (A2A) protocol, which was also recently contributed to the Linux Foundation, and Anthropic's Model Context Protocol (MCP). AGNTCY will help agents using these protocols discover each other and communicate securely. In more detail, it looks like this: AGNTCY enables interoperability and collaboration in three primary ways:

- Discovery: Agents using the A2A protocol and servers using MCP can be listed and found through AGNTCY's directories. This enables different agents to discover each other and understand their functions.
- Messaging: A2A and MCP communications can be transported over SLIM, AGNTCY's messaging protocol designed for secure and efficient agent interaction.
- Observability: The interactions between these different agents and protocols can be monitored using AGNTCY's observability software development kits (SDKs), which increase transparency and help with debugging complex workflows
You can view AGNTCY's code and documentary on GitHub.
Android

Say Goodbye To Your Custom ROMs As Samsung's One UI 8 Kills Bootloader Unlock (sammobile.com) 32

Samsung's new One UI 8 update has quietly disabled the ability to unlock the bootloader on all Galaxy devices globally, ending the custom ROM and kernel era for Android enthusiasts. While most users won't notice, the developer community sees this as a major blow to modding freedom -- one that could potentially raise regulatory concerns within the EU. SamMobile reports: A new report highlights evidence found in the Galaxy S25 One UI 8 beta builds that the bootloader unlock option has been removed. A similar change has also been confirmed on the Galaxy Z Fold 7 and Z Flip 7 which are running stable versions of One UI 8. A deep dive into the stable version's code has also confirmed that regardless of the region, the bootloader unlock option will not be available on devices running One UI 8. The enthusiast community won't like it.

They won't be able to use custom ROMs to update devices when the official software support runs out or use custom kernels to extract more performance. However, with most Samsung phones now offering seven years of Android OS upgrades, one can argue that the utility of this capability is not as significant as it once was.

Windows

Windows 11 is a 'Minefield of Micro-aggressions in the Shipping Lane of Progress' (theregister.com) 220

Windows 11 has become indistinguishable from malware because of the way Microsoft has inserted intrusive advertising, AI monitoring features, and constant distractions designed to drive user engagement and monetization to the operating system, argues veteran writer and developer Rupert Goodwins of The Register.

Goodwins contends that Microsoft has transformed Windows 11 into "an ADHD horror show, full of distractions, promotions and snares" where AI features "constantly video what you're doing and send it back to Mother." He applies the term malware to describe software that intervenes in work to advertise and monitors user data, concluding that "for Windows it isn't a class of third-party nasties, it's an edition name."
IT

Security Researchers Find Evidence SkyRover X1 Is Disguised DJI Product (theverge.com) 16

Security researchers have discovered evidence suggesting the SkyRover X1 drone sold on Amazon for some $750 is a DJI product operating under a different brand name. The findings come at a time when DJI is facing an unofficial ban at US customs.

The drone shares identical specifications and features with the DJI Mini 4 Pro and connects to DJI's online infrastructure, including DJIGlobal, DJISupport, and DJIEnterprise services.

Hacker Kevin Finisterre successfully logged into the SkyRover system using his existing DJI credentials. Security consultant Jon Sawyer found the SkyRover app uses the same encryption keys as DJI software, with the company making only basic attempts to conceal its origins by replacing "DJI" references with "xxx" or "uav." DJI didn't deny to The Verge that the SkyRover X1 is their product.
Open Source

Google's New Security Project 'OSS Rebuild' Tackles Package Supply Chain Verification (googleblog.com) 13

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts.

It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey...

OSS Rebuild helps detect several classes of supply chain compromise:

- Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact.

- Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether.

- Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review.


For enterprises and security professionals, OSS Rebuild can...

Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem.

Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture...

- Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions...


The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface.

"With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."
Piracy

Creator of 1995 Phishing Tool 'AOHell' On Piracy, Script Kiddies, and What He Thinks of AI (yahoo.com) 14

In 1995's online world, AOL existed mostly beside the internet as a "walled, manicured garden," remembers Fast Company.

Then along came AOHell "the first of what would become thousands of programs designed by young hackers to turn the system upside down" — built by a high school dropout calling himself "Da Chronic" who says he used "a computer that I couldn't even afford" using "a pirated copy of Microsoft Visual Basic." [D]istributed throughout the teen chatrooms, the program combined a pile of tricks and pranks into a slick little control panel that sat above AOL's windows and gave even newbies an arsenal of teenage superpowers. There was a punter to kick people out of chatrooms, scrollers to flood chats with ASCII art, a chat impersonator, an email and instant message bomber, a mass mailer for sharing warez (and later mp3s), and even an "Artificial Intelligence Bot" [which performed automated if-then responses]. Crucially, AOHell could also help users gain "free" access to AOL. The program came with a program for generating fake credit card numbers (which could fool AOL's sign up process), and, by January 1995, a feature for stealing other users' passwords or credit cards. With messages masquerading as alerts from AOL customer service reps, the tool could convince unsuspecting users to hand over their secrets...

Of course, Da Chronic — actually a 17-year-old high school dropout from North Carolina named Koceilah Rekouche — had other reasons, too. Rekouche wanted to hack AOL because he loved being online with his friends, who were a refuge from a difficult life at home, and he couldn't afford the hourly fee. Plus, it was a thrill to cause havoc and break AOL's weak systems and use them exactly how they weren't meant to be, and he didn't want to keep that to himself. Other hackers "hated the fact that I was distributing this thing, putting it into the team chat room, and bringing in all these noobs and lamers and destroying the community," Rekouche told me recently by phone...

Rekouche also couldn't have imagined what else his program would mean: a free, freewheeling creative outlet for thousands of lonely, disaffected kids like him, and an inspiration for a generation of programmers and technologists. By the time he left AOL in late 1995, his program had spawned a whole cottage industry of teenage script kiddies and hackers, and fueled a subculture where legions of young programmers and artists got their start breaking and making things, using pirated software that otherwise would have been out of reach... In 2014, [AOL CEO Steve] Case himself acknowledged on Reddit that "the hacking of AOL was a real challenge for us," but that "some of the hackers have gone on to do more productive things."

When he first met Mark Zuckerberg, he said, the Facebook founder confessed to Case that "he learned how to program by hacking [AOL]."

"I can't imagine somebody doing that on Facebook today," Da Chronic says in a new interview with Fast Company. "They'll kick you off if you create a Google extension that helps you in the slightest bit on Facebook, or an extension that keeps your privacy or does a little cool thing here and there. That's totally not allowed."

AOHell's creators had called their password-stealing techniques "phishing" — and the name stuck. (AOL was working with federal law enforcement to find him, according to a leaked internal email, but "I didn't even see that until years later.") Enrolled in college, he decided to write a technical academic paper about his program. "I do believe it caught the attention of Homeland Security, but I think they realized pretty quickly that I was not a threat."

He's got an interesting perspective today, noting with today's AI tool's it's theoretically possible to "craft dynamic phishing emails... when I see these AI coding tools I think, this might be like today's Visual Basic. They take out a lot of the grunt work."

What's the moral of the story? "I didn't have any qualifications or anything like that," Da Chronic says. "So you don't know who your adversary is going to be, who's going to understand psychology in some nuanced way, who's going to understand how to put some technological pieces together, using AI, and build some really wild shit."
Movies

Comic-Con Peeks at New 'Alien' and 'Avatar' Series, Plus 'Predator' and 'Coyote vs. Acme' Movies (cnet.com) 29

At this weekend's Comic-Con, "Excitement has been high over the sneak peeks at Tron: Ares and Predator: Badlands," reports CNET. (Nine Inch Nails has even recorded a new song for Tron: Ares .)

A few highlights from CNET's coverage:
  • The Coyote vs. Acme movie will hit theaters next year "after being rescued from the pile of scrapped ashes left by Warner Bros. Discovery," with footage screened during a Comic-Con panel.
  • The first episode of Alien: Earth was screened before its premiere August 12th on FX.
  • A panel reunited creators of the animated Avatar: The Last Airbender for its 20th anniversary — and discussed the upcoming sequel series Avatar: Seven Havens.

To capture some of the ambience, the Guardian has a collection of cosplayer photos. CNET notes there's even booths for Lego and Hot Wheels (which released toys commemorating the 40th anniversary of Back to the Future and the 50th anniversary of Jaws).

But while many buildings are "wrapped" with slick advertisements, SFGate notes the ads are technically illegal, "with penalties for each infraction running up to $1,000 per day," (according to the San Diego Union-Tribune). "Last year's total ended up at $22,500."

The Union-Tribune notes that "The fines are small enough that advertisers clearly think it is worth it, with about 30 buildings in the process of being wrapped Monday morning."


Technology

Pebble Is Officially Pebble Again (theverge.com) 12

Pebble smartwatches are officially reclaiming their iconic name after Core Devices CEO Eric Migicovsky successfully recovered the Pebble trademark. "Great news -- we've been able to recover the trademark for Pebble! Honestly, I wasn't expecting this to work out so easily," Core Devices CEO Eric Migicovsky writes in an update blog. "Core 2 Duo is now Pebble 2 Duo. Core Time 2 is now Pebble Time 2." The Verge reports: As a refresher, Pebble was one of the OG smartwatches. Despite a loyal customer base, however, it wasn't able to compete with bigger names like Fitbit, the Apple Watch, or Samsung. In 2016, Pebble was acquired by Fitbit for $23 million, marking the end of the first Pebble era. Along the way, Fitbit was acquired by Google. That's important because the tech giant agreed to open-source Pebble's software, and Migicovsky announced earlier this year that Pebble was making a comeback. However, because Migicovsky didn't have the trademark, the new Pebble watches were initially dubbed the Core 2 Duo and the Core Time 2.

"With the recovery of the Pebble trademark, that means you too can use the word Pebble for Pebble related software and hardware projects," Migicovsky writes, acknowledging Pebble's history of community development.

Wireless Networking

Echelon Kills Smart Home Gym Equipment Offline Capabilities With Update (arstechnica.com) 52

A recent Echelon firmware update has effectively bricked offline functionality for its smart gym equipment, cutting off compatibility with popular third-party apps like QZ and forcing users to connect to Echelon's servers -- even just to view workout stats. Ars Technica reports: As explained in a Tuesday blog post by Roberto Viola, who develops the "QZ (qdomyos-zwift)" app that connects Echelon machines to third-party fitness platforms, like Peloton, Strava, and Apple HealthKit, the firmware update forces Echelon machines to connect to Echelon's servers in order to work properly. A user online reported that as a result of updating his machine, it is no longer syncing with apps like QZ, and he is unable to view his machine's exercise metrics in the Echelon app without an Internet connection. Affected Echelon machines reportedly only have full functionality, including the ability to share real-time metrics, if a user has the Echelon app active and if the machine is able to reach Echelon's servers.

Viola wrote: "On startup, the device must log in to Echelon's servers. The server sends back a temporary, rotating unlock key. Without this handshake, the device is completely bricked -- no manual workout, no Bluetooth pairing, no nothing." Because updated Echelon machines now require a connection to Echelon servers for some basic functionality, users are unable to use their equipment and understand, for example, how fast they're going without an Internet connection. If Echelon were to ever go out of business, the gym equipment would, essentially, get bricked. Viola told Ars Technica that he first started hearing about problems with QZ, which launched in 2020, at the end of 2024 from treadmill owners. He said a firmware update appears to have rolled out this month on Echelon bikes that bricks QZ functionality. In his blog, Viola urged Echelon to let its machines send encrypted data to another device, like a phone or a tablet, without the Internet. He wrote: "Users bought the bike; they should be allowed to use it with or without Echelon's services."

Businesses

Graduate Job Postings Plummet, But AI May Not Be the Primary Culprit (ft.com) 41

Job postings for entry-level roles requiring degrees have dropped nearly two-thirds in the UK and 43% in the US since ChatGPT launched in 2022, according to Financial Times analysis of Adzuna data. The decline spans sectors with varying AI exposure -- UK graduate openings fell 75% in banking, 65% in software development, but also 77% in human resources and 55% in civil engineering.

Indeed research found only weak correlation between occupations mentioning AI most frequently and those with the steepest job posting declines. US Bureau of Labor Statistics data showed no clear relationship between an occupation's AI exposure and young worker losses between 2022-2024. Economists say economic uncertainty, post-COVID workforce corrections, increased offshoring, and reduced venture capital funding are likely primary drivers of the graduate hiring slowdown.
The Courts

'Call of Duty' Maker Goes To War With 'Parasitic' Cheat Developers in LA Federal Court (msn.com) 18

A federal court has denied requests by Ryan Rothholz to dismiss or transfer an Activision lawsuit targeting his alleged Call of Duty cheating software operation. Rothholz, who operated under the online handle "Lerggy," submitted motions in June and earlier this month seeking to dismiss the case or move it to the Southern District of New York, but both were rejected due to filing errors.

The May lawsuit alleges Rothholz created "Lergware" hacking software that enabled players to cheat by kicking opponents offline, then rebranded to develop "GameHook" after receiving a cease and desist letter in June 2023. Court filings say he sold a "master key" for $350 that facilitated cheating across multiple games. The hacks "are parasitic in nature," the complaint said, alleging violations of the game's terms of service, copyright law and the Computer Fraud and Abuse Act.
AI

Two Major AI Coding Tools Wiped Out User Data After Making Cascading Mistakes (arstechnica.com) 151

An anonymous reader quotes a report from Ars Technica: Two recent incidents involving AI coding assistants put a spotlight on risks in the emerging field of "vibe coding" -- using natural language to generate and execute code through AI models without paying close attention to how the code works under the hood. In one case, Google's Gemini CLI destroyed user files while attempting to reorganize them. In another, Replit's AI coding service deleted a production database despite explicit instructions not to modify code. The Gemini CLI incident unfolded when a product manager experimenting with Google's command-line tool watched the AI model execute file operations that destroyed data while attempting to reorganize folders. The destruction occurred through a series of move commands targeting a directory that never existed. "I have failed you completely and catastrophically," Gemini CLI output stated. "My review of the commands confirms my gross incompetence."

The core issue appears to be what researchers call "confabulation" or "hallucination" -- when AI models generate plausible-sounding but false information. In these cases, both models confabulated successful operations and built subsequent actions on those false premises. However, the two incidents manifested this problem in distinctly different ways. [...] The user in the Gemini CLI incident, who goes by "anuraag" online and identified themselves as a product manager experimenting with vibe coding, asked Gemini to perform what seemed like a simple task: rename a folder and reorganize some files. Instead, the AI model incorrectly interpreted the structure of the file system and proceeded to execute commands based on that flawed analysis. [...] When you move a file to a non-existent directory in Windows, it renames the file to the destination name instead of moving it. Each subsequent move command executed by the AI model overwrote the previous file, ultimately destroying the data. [...]

The Gemini CLI failure happened just days after a similar incident with Replit, an AI coding service that allows users to create software using natural language prompts. According to The Register, SaaStr founder Jason Lemkin reported that Replit's AI model deleted his production database despite explicit instructions not to change any code without permission. Lemkin had spent several days building a prototype with Replit, accumulating over $600 in charges beyond his monthly subscription. "I spent the other [day] deep in vibe coding on Replit for the first time -- and I built a prototype in just a few hours that was pretty, pretty cool," Lemkin wrote in a July 12 blog post. But unlike the Gemini incident where the AI model confabulated phantom directories, Replit's failures took a different form. According to Lemkin, the AI began fabricating data to hide its errors. His initial enthusiasm deteriorated when Replit generated incorrect outputs and produced fake data and false test results instead of proper error messages. "It kept covering up bugs and issues by creating fake data, fake reports, and worse of all, lying about our unit test," Lemkin wrote. In a video posted to LinkedIn, Lemkin detailed how Replit created a database filled with 4,000 fictional people.

The AI model also repeatedly violated explicit safety instructions. Lemkin had implemented a "code and action freeze" to prevent changes to production systems, but the AI model ignored these directives. The situation escalated when the Replit AI model deleted his database containing 1,206 executive records and data on nearly 1,200 companies. When prompted to rate the severity of its actions on a 100-point scale, Replit's output read: "Severity: 95/100. This is an extreme violation of trust and professional standards." When questioned about its actions, the AI agent admitted to "panicking in response to empty queries" and running unauthorized commands -- suggesting it may have deleted the database while attempting to "fix" what it perceived as a problem. Like Gemini CLI, Replit's system initially indicated it couldn't restore the deleted data -- information that proved incorrect when Lemkin discovered the rollback feature did work after all. "Replit assured me it's ... rollback did not support database rollbacks. It said it was impossible in this case, that it had destroyed all database versions. It turns out Replit was wrong, and the rollback did work. JFC," Lemkin wrote in an X post.

Operating Systems

Apple Releases Public Betas of Its New Software Updates With Liquid Glass (theverge.com) 29

Apple has released the first public betas of its upcoming operating systems with its new design language called Liquid Glass. The list of new betas includes iOS 26, iPadOS 26, macOS Tahoe 26, watchOS 26, and tvOS 26. The Verge's Jay Peters reports: The design language is inspired by visionOS and, as the name implies, features a lot of transparency. I felt it was a wild change to my iPhone when I tried the first developer beta, and Apple has already tweaked some of the translucency and changed how Control Center looks in subsequent betas.

The new operating systems also have an updated numbering scheme: they now all end with 26, taking cues from how the car industry names its cars after the following year. It's a simpler and better system, if you ask me, and it should make it easier to know if you're on the newest software.

Communications

Starlink Suffers Worldwide Outage (mirror.co.uk) 43

Longtime Slashdot reader gbkersey shares a report from The Mirror: Elon Musk's satellite internet Starlink has been hit with a global outage preventing thousands of users from accessing the internet. According to DownDetector, reports of issues began to surge around 8pm GMT, with nearly 60,000 global users affected at the peak of the outage. "Starlink is currently in a network outage and we are actively implementing a solution," the company said in a post on X. "We appreciate your patience, we'll share an update once this issue is resolved."

Outages are being reported across the U.S., as well as along the Ukrainian frontline. Meanwhile, more than 10,000 people in the UK have logged issues with Starlink since 8pm this evening. "The majority of the reports (64%) are concerning a total blackout, while the rest point to internet problems," the report says.

UPDATE: Michael Nicolls, VP of Starlink Engineering, wrote in a post: "Starlink has now mostly recovered from the network outage, which lasted approximately 2.5 hours. The outage was due to failure of key internal software services that operate the core network. We apologize for the temporary disruption in our service; we are deeply committed to providing a highly reliable network, and will fully root cause this issue and ensure it does not occur again."

UPDATE #2: Starlink said in an update at 5:18 PM PT: "The network issue has been resolved, and Starlink service has been restored. We understand how important connectivity is and apologize for the disruption."
Microsoft

Microsoft Says Some SharePoint Server Hackers Now Using Ransomware (reuters.com) 26

A cyber-espionage campaign exploiting vulnerable Microsoft server software has escalated to deploying ransomware against victims, Microsoft said, marking a significant shift from typical state-backed data theft operations to attacks designed to paralyze networks until payment is made. The campaign by a group Microsoft calls "Storm-2603" has compromised at least 400 organizations, according to Netherlands-based cybersecurity firm Eye Security, quadrupling from 100 victims cataloged over the weekend. The National Institutes of Health confirmed one server was breached and additional servers were isolated as a precaution, while reports indicate the Department of Homeland Security and multiple other federal agencies were also compromised.
Security

VMware Prevents Some Perpetual License Holders From Downloading Patches (theregister.com) 34

An anonymous reader quotes a report from The Register: Some customers of Broadcom's VMware business currently cannot access security patches, putting them at greater risk of attack. Customers in that perilous position hold perpetual licenses for VMware products but do not have a current support contract with Broadcom, which will not renew those contracts unless users sign up for software subscriptions. Yet many customers in this situation run products that Broadcom continues to support with patches and updates.

In April 2024, Broadcom CEO Hock Tan promised "free access to zero-day security patches for supported versions of vSphere" so customers "are able to use perpetual licenses in a safe and secure fashion." VMware patches aren't freely available; users must log on to Broadcom's support portal to access the software. Some VMware users in this situation have told The Register that when they enter the portal they cannot download patches, and that VMware support staff have told them it may be 90 days before the software fixes become available.
"Because our support portal requires validation of customer entitlements for software patches, only entitled customers have access to the patches at this time," a VMware spokesperson said. "A separate patch delivery cycle will also be available for non-entitled customers and will follow at a later date."

The timing of that "later date" remains uncertain. The Register also notes that "users haven't had access to patches since May."
AI

Nvidia's CUDA Platform Now Support RISC-V (tomshardware.com) 20

An anonymous reader quotes a report from Tom's Hardware: At the 2025 RISC-V Summit in China, Nvidia announced that its CUDA software platform will be made compatible with the RISC-V instruction set architecture (ISA) on the CPU side of things. The news was confirmed during a presentation during a RISC-V event. This is a major step in enabling the RISC-V ISA-based CPUs in performance demanding applications. The announcement makes it clear that RISC-V can now serve as the main processor for CUDA-based systems, a role traditionally filled by x86 or Arm cores. While nobody even barely expects RISC-V in hyperscale datacenters any time soon, RISC-V can be used on CUDA-enabled edge devices, such as Nvidia's Jetson modules. However, it looks like Nvidia does indeed expect RISC-V to be in the datacenter.

Nvidia's profile on RISC-V seems to be quite high as the keynote at the RISC-V Summit China was delivered by Frans Sijsterman, who appears to be Vice President of Hardware Engineering at Nvidia. The presentation outlined how CUDA components will now run on RISC-V. A diagram shown at the session illustrated a typical configuration: the GPU handles parallel workloads, while a RISC-V CPU executes CUDA system drivers, application logic, and the operating system. This setup enables the CPU to orchestrate GPU computations fully within the CUDA environment. Given Nvidia's current focus, the workloads must be AI-related, yet the company did not confirm this. However, there is more.

Also featured in the diagram was a DPU handling networking tasks, rounding out a system consisting of GPU compute, CPU orchestration, and data movement. This configuration clearly suggests Nvidia's vision to build heterogeneous compute platforms where RISC-V CPU can be central to managing workloads while Nvidia's GPUs, DPUs, and networking chips handle the rest. Yet again, there is more. Even with this low-profile announcement, Nvidia essentially bridges proprietary CUDA stack to an open architecture, one that seems to develop fast in China. Yet, being unable to ship flagship GB200 and GB300 offerings to China, the company has to find ways to keep its CUDA thriving.

Programming

Surge CEO Says '100x Engineers' Are Here (businessinsider.com) 129

Surge CEO Edwin Chen says AI is creating "100x engineers" who can outperform traditional software developers by orders of magnitude. Chen argued that AI coding tools multiply the productivity gains already seen in Silicon Valley's "10x engineers," who can produce ten times the work of their colleagues through faster coding, harder work, and fewer distractions.

Chen said AI efficiencies compound these factors to reach 100x productivity levels. The CEO, whose company reached $1 billion in revenue without venture capital funding, believes this could enable billion-dollar single-person companies, extending beyond the $10 million single-person startups that already exist.

Slashdot Top Deals