Linux fréttir

Intuit has cut its full time workforce by 17 percent and is considering closing offices in some markets “to become “faster, leaner, and more focused,” company CEO Sasan Goodarzi told investors during a Wednesday earnings call. “This was not about AI,” Goodarzi said, before explaining that over the last year company management has studied the question "beyond the tools that we are putting in place across the company, what is actually the biggest blocker and what is getting in our way?" One of the answers was that Intuit had too many layers of management. Goodarzi said doing so will "reduce the complexity of information flow of ... so we can push decision making to our frontline folks that are the builders.” The CEO said Intuit also decided to cut in what he described as “coordination-heavy” roles such as project managers and business operations jobs that have become less necessary due to the speed at which the remaining teams can build products. He said Intuit also merged TurboTax and Credit Karma as a business unit so some of the cuts resulted from overlaps within that group. The move to fire over 3,000 employees comes as the company said it spent $3.4 billion in stock repurchases during the previous nine months ended April 30. Intuit’s board of directors also mandated the company lean in to share buybacks as it authorized an additional $8 billion to be spent on Intuit stock at the discretion of management and the board. The job cuts are expected to cost the company about $340 million in restructuring charges, with much of that coming in the form of severance payments, according to SEC filings Intuit published Wednesday afternoon. “A big chunk of this, you can count on it to go to margin expansion and EPS growth, and a smaller part is going to be scaling the growth engines because we feel good that the growth engines are funded quite well, just because of the productivity we see internally,” Goodarzi told investors. Several victims of the cuts posted their story to LinkedIn and many of them were, as Goodarzi said, in product, or project management positions. “I would like to thank all my teammates, both past and present, who have made the job such a fulfilling experience. I’d like to thank each and every one of the managers who have helped guide me along my path from entry-level technical support to Staff Engineer,” wrote one employee who said he had been with the company for 13 years. The cuts also included a senior sales and productivity analyst who has been with Intuit for 25 years, a software engineer with nine years at the company, and an engineering team leader with two years in that role, according to LinkedIn posts. In addition to reducing the number of managers, Goodarzi the cuts would also serve to “rightsize” staffing for Intuit’s email marketing product, Mailchimp. One customer experience leader in that organization wrote on LinkedIn that after more than eight years it was hard to believe he would no longer work for Mailchimp. “Mailchimp... it's ridiculous to get emotional over a piece of software, but if folks understood what this company meant to the city of Atlanta. It was our brand right alongside Coca-Cola, Delta, and The Home Depot ... it was OUR tech company,” he wrote. “It was also a company willing to take a risk on folks … I'm still processing that Mailchimp and Intuit will no longer be my home. Keep an eye out for me if you don't mind.” Goodarzi said the cuts were not in response to any underperformance, but were deliberate actions to scale its “growth engine and strengthen its core.” “We are at an important inflection point,” he said. “To fully capitalize on this opportunity, we must operate with greater velocity, urgency, and discipline. These deliberate actions are about scaling our growth engine and strengthening our core. We’re sharpening our cost structure to deliver durable long-term growth and margin expansion.” ®

Intuit is reportedly cutting about 3,000 jobs, or 17% of its workforce, as it restructures around AI and simplifies its corporate organization. TechCrunch reports: The layoffs come during a bad year for the tech workforce. The tech industry has already cut more than 100,000 jobs this year, per Statista, and is on track to outpace both 2024 and 2025 if the layoff trend continues. Companies such as Amazon, Block, Cisco, Cloudflare, Meta, Microsoft, and Oracle have let go of thousands of employees each, all of them citing a need to refocus expenditures around AI projects as a reason to cut jobs and restructure their organizations. [...] Intuit, however, hasn't been perceived as a beneficiary of the AI boom, with its shares consistently underperforming in the broader S&P 500 over the past 12 months. The company has been caught up in the broader current of worries that traditional software-as-a-service firms will not be able to keep up or compete, as new and upcoming AI products and services threaten to change how software is developed and how it is used. In its fiscal second quarter ended January, Intuit reported revenue of $4.65 billion, a 17% increase, and net profit of $693 million, a 48% improvement compared to a year earlier. The company expects revenue to increase by about 10% in the third quarter, for which it will report results later today.

Read more of this story at Slashdot.

The rapid adoption of AI-generated code is driving production failures and higher costs for enterprise customers. Eighty-one percent of enterprise technology leaders among more than 200 surveyed reported an increase in production issues linked to AI-generated code, according to a study published by enterprise software delivery biz CloudBees. Sunil Gottumukkala, CEO of Averlon, an agentic vulnerability remediation biz, told The Register in an email that these issues tend to refer to functionality bugs, performance issues, availability problems, and security vulnerabilities rather than CI/CD failures. "These are issues that surface after code has already been deployed to production, which means the code passed every review and deployment gate and still broke things," said Gottumukkala. "When failures happen post-deployment, it signals that the validation process itself isn’t keeping pace with what AI is producing." Yet 92 percent of respondents expressed confidence that their code was production-ready before it shipped. Jacob Krell, senior director of secure AI solutions and cybersecurity at Suzu Labs, told The Register in an email that the report does not isolate what specifically failed at these organizations. "It spans functional defects, security vulnerabilities, and compliance violations that reach production because governance and validation have not scaled with output," he said. "The same study found 69 percent citing security vulnerabilities and 63 percent citing compliance issues introduced by AI generated code specifically." Krell said what ties them together is the verification gap. "AI generates code faster than teams can validate it," he said. "Seventy percent of respondents now say test suite maintenance is a larger burden than writing code itself. These are not system crashes in the traditional sense. They are the full spectrum of what reaches production when volume outpaces the capacity to verify quality, security, and compliance before deployment." Respondents said 61 percent of their organizations' code has been generated by AI or has come into being with AI assistance. And 64 percent of the engineering organizations involved say AI is widely or fully integrated into their workflows. The result is that more than half (52 percent) of those surveyed report an uptick in software development output. And while 68 percent of organizations appear to be convinced AI is delivering business value, only 31 percent of AI-related spending can be linked to specific business results. In 36 percent of organizations, AI spending is tracked without measuring the return on investment or isn't tracked at all. With more code comes more cost from infrastructure spending, in the form of increased CI/CD, testing, and security scanning. Some 54 percent of respondents said CI/CD infrastructure spending has risen significantly in the past 12 months, and 53 percent flagged rising testing, security, and deployment costs. Only 45 percent of respondents say these costs are predictable quarter to quarter. Yet relatively few organizations have taken steps to control AI spending: 27 percent report quotas or limits on token usage, while just 18 percent have automated spending controls. And this is a problem without ownership. Just 12 percent of organizations have dedicated AI governance. For 46 percent, the buck stops with the CTO or VP of engineering when there's a production failure. For 32 percent, blame falls on the engineering lead or team associated with the tool that messed up the code. For 7 percent, the developer who shipped the pull request takes the heat. It may be tempting to take comfort in the fact that 93 percent of respondents say their organization has a formal process for reviewing and releasing AI-generated code. But keep in mind that only 56 percent of survey takers say those processes are always enforced. ®

An anonymous reader quotes a report from Ars Technica: Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other Chromium-based browsers. The proof-of-concept code exploits the Browser Fetch programming interface, a standard that allows long videos and other large files to be downloaded in the background. An attacker can use the exploit to create a connection for monitoring some aspects of a user's browser usage and as a proxy for viewing sites and launching denial-of-service attacks. Depending on the browser, the connections either reopen or remain open even after it or the device running it has rebooted. The unfixed vulnerability can be exploited by any website a user visits. In effect, a compromise amounts to a limited backdoor that makes a device part of a limited botnet. The capabilities are limited to the same things a browser can do, such as visit malicious sites, provide anonymous proxy browsing by others, enable proxied DDoS attacks, and monitor user activity. Nonetheless, the exploit could allow an attacker to wrangle thousands, possibly millions, of devices into a network. Once a separate vulnerability becomes available, the attacker could use it to then compromise all those devices. "The dangerous part here is that you can just have a lot of different browsers together that you can in the future run something on that you figure out," said Lyra Rebane, the independent researcher who discovered the vulnerability and privately reported it to Google in late 2022 in an interview. He said using the exploit code Google prematurely published would be "pretty easy," although scaling it to wrangle large numbers of devices into a single network would require more work. In the thread of Rebane's disclosure to Google, two developers said in separate responses that it was a "serious vulnerability." Its severity was rated S1, the second-highest classification. Since its reporting 29 months ago, the vulnerability remained unknown except to Chromium developers. Then on Wednesday morning, it was published to the Chromium bug tracker. Rebane initially assumed the vulnerability was finally fixed. Shortly thereafter, he learned that, in fact, it remained unpatched. While Google removed the post, it remains available on archival sites, along with the exploit code. Google representatives didn't immediately respond to an email asking how and why it published the vulnerability and if or when a fix would become available. The exploit works by abusing Chromium's Browser Fetch API to open a service worker that remains persistently active. A malicious website can trigger it through JavaScript, creating a connection that can be used "for monitoring some aspects of a user's browser usage and as a proxy for viewing sites and launching denial-of-service attacks," reports Ars. Depending on the browser, those connections "either reopen or remain open even after it or the device running it has rebooted," effectively turning the device into part of a "limited botnet."

Read more of this story at Slashdot.

Red Hat has released RHEL 10.2 and 9.8 with new AI-assisted command-line tools. The releases also add updated developer toolchains such as Go 1.26, LLVM 21, Rust 1.92, Python 3.14, and PHP 8.4. Phoronix reports: Red Hat Enterprise Linux has introduced the goose command for power users. Goose is an optional CLI AI assistance with model context protocol (MCP) integration. There is also improved visual output via color output enhancements. As for their rationale with the new AI integration: "The business value: Faster problem resolution, and a quicker path for new administrators to become proficient. This translates into higher developer productivity and accelerated project timelines."

Read more of this story at Slashdot.

Two now-patched bypass bugs in Claude Code’s network sandbox put users at risk, and one of these allows baddies to send anything inside the sandbox - credentials, source code, other private data - to any server on the internet, according to a researcher who found and reported both flaws to Anthropic. Aonan Guan, who leads cloud and AI security at Wyze Labs and has hunted down bugs in pretty much every AI system out there, told The Register that this is the second time in five months Anthropic has silently fixed a sandbox bypass vulnerability in Clade Code without issuing a CVE or security advisory specific to the agentic coding tool. The latest issue was a SOCKS5 hostname null-byte injection that can be exploited to trick the sandbox allowlist filter into approving connections it should block. It’s especially dangerous when combined with prompt injection, which Guan previously detailed in his earlier comment and control research. When paired with prompt injection, the new flaw can be abused to force Claude to read hidden instructions and then run attacker-controlled code in the sandbox, allowing miscreants to exfiltrate anything the sandbox could reach. This includes cloud and GitHub credentials, the GitHub token Claude authenticated with, cloud metadata and internal APIs. “For anyone who ran Claude Code with a wildcard allowlist on a credential-bearing system, the network boundary did not exist for the 5.5 months from sandbox GA to v2.1.90,” Guan wrote in research published Wednesday. “Treat that window as a potential exfiltration event.” Anthropic says it found and fixed the latest flaw before receiving Guan’s report. The fix, according to a spokesperson, is a public commit in the sandbox-runtime repository, which shipped in Claude Code 2.1.88 on March 31. “Anyone can view” the commit, they told us. Guan filed his bug bounty report with HackerOne on April 3. “Because the report described a vulnerability Anthropic had already caught and patched, it was closed as a duplicate of an internal finding,” the spokesperson said. “We appreciate the researcher’s time on this report.” Guan says he doesn’t dispute the timeline. “That is not the core issue,” he told The Register. “The core issue is that this was a bypass of a user-configured network sandbox, and there's still no advisory CVE, and no changelog note," he said. "Shipping a sandbox with a hole is worse than not shipping one. The user with no sandbox knows they have no boundary. The user with a broken sandbox thinks they do.” Claude, for its part, seems to side with Guan. When he showed Claude its own hole, the bot responded “This is a real bypass of the network sandbox filter,” according to a screenshot published in his research. The earlier bug, which Guan reported and detailed in December 2025, was ultimately assigned a CVE tracker - CVE-2025-66479 - and patched in v0.0.16. But the CVE only applies to Anthropic's sandbox-runtime, an upstream package, and not specifically to Claude Code, which Guan says means users have no way to know if their AI coding assistant is reading “allow nothing” as “allow everything.” He requested a CVE for Claude Code, and Anthropic said no because “The root cause is in the library.” Guan told us he’s glad Anthropic ultimately addressed the security holes. But the entire disclosure process illustrates another problem that researchers and The Reg vultures have reported with how AI vendors often handle vulnerabilities in their products: no CVEs issued, and if the flaw is fixed, it usually happens silently, with no public advisories. More often than not, the burden of securing AI agents and other systems gets pushed to the end users. “Some vendors issue CVEs and some do not,” Guan said. "I think either approach can be reasonable, but the advisory is a must. The users need to know the risk is real, and in many cases, they may never know. What the public often does not see is that vendors may reward researchers and silently patch the software, while end users never learn from release notes or public advisories that the risk existed.” According to Guan, this shows why users need their own protections, either from a security company or user-controlled runtime isolation. But he said he does hope big tech “takes on the burden of clearly communicating” security issues with users. “Because of that, I think companies should treat AI agents more like employees than ordinary software tools,” he told us. “Before hiring an employee, companies do background checks. Before giving them access to systems, they define permissions. The same discipline should apply to AI agents.” ®

When Lip-Bu Tan took over as Intel CEO, the company's balance sheet was so dire that potential recruits turned him down flat, worried they'd be joining a chipmaker on the verge of going bust. Speaking at the JP Morgan Global Technology, Media and Communications Conference on Tuesday, he said: "I tried to recruit some talent. They said 'It's almost a bankrupt company, why should I join you?'" Fixing that became his first priority. That effort has since paid off as Lip-Bu secured equity investment from the Trump administration, which converted funds from the CHIPS program in exchange for a stake. He also drew on long-standing personal relationships, with Nvidia CEO Jenson Huang committing $5 billion and Softbank's Masayoshi Son - a former Intel board member - signing on as a backer. "So far, knock on wood, I made money for them, and they're quite happy," Lip-Bu said. The stronger balance sheet has since enabled Intel to buy back a stake it had sold to Apollo, reducing earnings-per-share dilution in the process, he added. Now, a year into the job, Lip-Bu is betting on agentic AI, inference workloads and a bold chipmaking roadmap to complete Intel's revival - looking beyond the upcoming 14A process node to future 10A and 7A chipmaking technology. When asked for a progress report on the process technology Intel uses to manufacture its products, Lip-Bu said the recently introduced 18A is seeing a 7 percent per month yield improvement, and the next-gen 14A node is "ahead of schedule" compared to the end of the year target. "And now I'm starting to look at the 10A, 7A, the roadmap," Lip-Bu said. "People don't go to you just for one node. They're looking for the roadmap for the future. So we want to build a long-term business. And then we can drive the efficiency, the defect density, and then we can go to that Rule of 45, how to drive the operating efficiency, the profitability, cash generation." Intel's 18A and 14A processes refer to 18 and 14 angstroms, and as there are 10 angstroms in 1nm, this could imply that the company is working toward a sub-nanometer process technology with 7A. The Register asked Intel if it was willing to disclose when these process nodes would likely come into use, and we will update this story if we get a response. However, Lip-Bu did mention that for 14A, "my risk production is 2028 and volume production in 2029 is about the same time as A14 for TSMC," implying that 10A and 7A are unlikely to be used to make chips before 2030. On Intel's efforts to reinvent its internal chipmaking operation as a foundry service for third-party customers, he confirmed it is engaged with multiple clients, but declined to identify any, saying disclosure was up to the customer. Manufacturing used to be Intel's strength, but it lost its way, and has never really been in the foundry service business, Lip-Bu said. For this reason, he recently poached Shawn Han, a veteran with three decades' experience at Samsung Foundry, to operate as SVP of Foundry Services. Customers are also asking about Intel's 18AP process node, an enhanced, performance-focused variant of 18A, he claimed. Previously, Intel's foundry biz planned to offer the 14A node as its first mainstream commercial offering. To show how keen potential customers are, Lip-Bu claimed they are even willing to help Intel with pre-payments on wafer substrate materials. "Some of the substrate material is very [short], they're all asking us to prepay the substrate commitment. And we ask our customers, if you are serious to use our EMIB-T [packaging technology], can you help me on the substrate prepay? They jump on it," he claimed. "So they show the commitment, they really want our technology. And this is not a few million, it's billions in the next few years." Lip-Bu expects AI to be Intel's route to recovery after a disastrous few business years, as agentic AI and inference workloads look set to favor CPUs rather than the GPUs that have been making Nvidia's fortune. "It used to be that training is 1 CPU to 8 GPUs. And now in the agentic AI with all the agents, startups all tell me, Lip-Bu, CPU actually is more useful, even single-threaded," he said. "So I can start to see not just my wishful thinking, customers have said to me, Lip-Bu, more like 1:1. And now even some of them tell me it's 4:1. So 4 CPU to 1 GPU, for the inference and agents. And so CPU [is in] high demand, and I try to make sure that we can meet the requirement from the customer." Intel still has some way to go. As The Register pointed out earlier this year, the chipmaker lost $267 million on revenues of $52.9 billion during 2025, compared to an $18.8 billion loss the year before. Maybe it will even turn a profit this year. ®

Longtime Slashdot reader Himmy32 writes: GitHub has announced on X that their internal repositories have been breached through a compromised VS Code Extension on an employee's workstation. Bleeping Computer reported that the attack is linked to TeamPCP who have been in the news for a recent campaign affecting Checkmarx, Trivy, SAP, TanStack, and Bitwarden. The group appears to be attempting to sell the stolen code on cybercrime forums. "Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately," the company said. "Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far." Although the investigation remains ongoing, GitHub says it has "no evidence of impact to customer information stored outside of GitHub's internal repositories." The company has also not said whether it's in contact with the hackers or if it's received a ransom demand.

Read more of this story at Slashdot.

OpenAI is now offering its customers a guarantee that it will actually provide the service it's selling if customers need more AI sauce. All that's required is an annual spending commitment. AI is in short supply as demand – stoked by flat-rate subscriptions – races ahead of datacenter inference capacity. AI workloads require a lot of computing power, especially when they run for hours on end, a common scenario for AI agents. They require more computing power than OpenAI and its cloud partners can provide. Promised datacenter construction is unlikely to address this shortfall any time soon, assuming those projects are actually completed at all. The result has been thinly disguised rationing through usage limits, variable pricing, subscription restrictions, and token consumption arbitrage – swapping out expensive models for cheaper ones. OpenAI’s answer is a new offering meant to ensure it can deliver on its AI promises. "Today we announced OpenAI Guaranteed Capacity, a new offering that helps eligible customers plan for reliable access to OpenAI compute across supported cloud providers as they scale critical workflows," said Sachin Katti, who runs compute for OpenAI, in a LinkedIn post. "It gives customers a clearer framework to align forecasted demand, commercial commitments, and guaranteed shared capacity over time." According to Katti, AI adoption has made processor availability the salient constraint on modern software. He argues that companies dependent on AI workflows need to take steps to ensure infrastructure availability. Guaranteed Capacity is intended to ensure that if client demand grows, compute infrastructure will be available to support that growth. OpenAI says customers can make annual spending commitments ranging from one to three years, with discounts that scale according to duration. "Guaranteed Capacity includes certainty of access to compute based on spend levels, and customers can draw down from this commitment across the portfolio of OpenAI products," the company says. Not everyone is buying OpenAI's pitch. Santosh Ahuja, founder and CEO of enterprise infrastructure biz Pervasiviti and an experienced CTO and researcher, challenged Katti's announcement as a repackaging of basic cloud service obligations in a discussion thread reply. "Every hyperscaler solved 'reserve now, scale later' a decade ago," he wrote. "So the actual announcement is: OpenAI now offers what every cloud provider has treated as a basic procurement primitive but positions it as a strategic differentiator." Ahuja argues that OpenAI's AI evangelism can't keep up with its execution. "Enterprises don't need a 'clearer framework to align forecasted demand,'" he wrote. "They need deterministic SLAs with penalty clauses." In a message to The Register, Ahuja explained that the problem is not guaranteed capacity, it's the way OpenAI has framed cloud business assumptions as innovation. "Reserved instance models have existed at every hyperscaler for over a decade – AWS, GCP, Azure," he explained. "When you strip the marketing, OpenAI is acknowledging that demand has outrun their infrastructure planning and asking customers to pay for predictability that mature platforms deliver by default. "The real question enterprises should ask is whether these guarantees come with enforceable SLAs and financial penalties for breach, because without those, 'guaranteed' is just a word in a press release." Ahuja pointed to a response to Katti's post from Keith Strier, SVP of global AI markets at AMD ("Brilliant. We accept the challenge.") which he takes to mean, "We will try our best." "That's your supply chain partner speaking – and 'we will try our best' is not the language of guaranteed anything," Ahuja said. "It sounds like OpenAI is promising capacity they don't yet have firm commitments on from their own silicon suppliers. That's not a product launch. That's wishful thinking with a price tag." So too is OpenAI's preparation to go public, which reportedly could result in a corporate filing as soon as this week. ®

An anonymous reader quotes a report from TorrentFreak: A coalition of thirteen major publishers has won a massive $19.5 million default judgment against shadow library Anna's Archive. A New York federal judge fully approved the publishers' requests, issuing a broad permanent injunction that orders more than twenty specific global registries, hosts, and service providers to immediately disable the site's remaining domains. [...] At first glance, the damages award is the headline figure. Judge Rakoff granted the maximum statutory damages of $150,000 for each of the 130 "Works in Suit." This brings the final damages bill amount to a staggering $19,500,000. However, as with the $322 million judgment won by the music industry against Anna's Archive in the related Spotify case, it's highly unlikely that this money will be recouped. For now, the operators of Anna's Archive remain strictly anonymous, which doesn't help either. The default judgment (PDF) addresses this and requires the operators to unmask their identities and provide a sworn statement with valid contact information to the court within 10 days. However, since the operators have previously stated they hide their identities to avoid "decades of prison time," it is safe to assume that the operators will simply ignore this request. The true power of this default judgment lies in the permanent injunction. Anna's Archive is known to evade enforcement and change domain names when needed, so the injunction targets the technical intermediaries that keep the site online. Specifically, the injunction orders "all domain name registries and registrars of record" to permanently disable access to Anna's Archive's domains and prevent their transfer to anyone other than the publishers or the music industry plaintiffs in the related case. In addition to domain name services, the order also extends to international hosting providers, who are also ordered to stop working with the site. Leaving no room for interpretation, the order specifically names more than twenty companies and organizations. This includes familiar names like Cloudflare, Njalla, and DDOS-Guard, as well as the domain name registries of the site's current active domains [...]. The names include some intermediaries that were already listed in the Spotify default judgment, as well as new ones.

Read more of this story at Slashdot.

Seagate CEO Dave Mosley said Monday that building new memory chip factories or adding capacity would "take too long" to keep up with AI-driven storage demand. "If we took the teams off and started building new factories or bringing up new machines, that would just take too long. You would end up with more capacity, but then you'd slow the rate of growth on that technology," Mosely said. CNBC reports: Memory chip stocks have soared in recent months as a flood of AI investing has sent demand soaring, with the chips a key part of the AI buildout in data centers. Chip production cycles stretch over many quarters for a single unit, and investors are increasingly wary of how long the leading memory makers can capture demand. CME Group is launching a new futures market for semiconductors, enabling more traders to lock in prices and hedge against the rising prices of computing power. At Monday's conference, Mosely also addressed the "very long lead times" and maintaining predictability with its clients. "We know what's coming out a year from now," he said. "And we've basically gone to the customers and said, 'Look, if you want to plan this really well, which it should be for your data centers, we know what's coming out. You can buy this stuff up to a certain period.' And so we want to keep that four or five quarters of visibility very, very solid for what's being built. But the demand is significantly higher than that."

Read more of this story at Slashdot.

Microsoft has announced a new, Fedora-based Linux distro for Azure VMs, while Fedora has consigned the Deepin desktop to the bin. Fedora decided to remove a component maintained outside Red Hat. In the same week, another external company - granted, a slightly better-known one - decided to rebase one of its projects onto Fedora as its upstream distro. It’s the circle of life, or something. Fedora 💔Deepin Seven years after it added the Deepin Desktop Environment in Fedora 30, Tuesday's FESCo meeting decided to drop Deepin from the distro. The minutes say: AGREED: Retire all packages maintained by the deepinde-sig group The decision comes one year after the project called for a security review of the Deepin Desktop Environment, after openSUSE dropped the desktop following a negative security assessment. We reported on that decision at the time. SUSE asked Deepin for feedback, but didn’t get good enough answers – for which, some months later, the Chinese project issued an apology. Linux Deepin is very much still around: we most recently looked at version 25 in January, and, back in 2023, the project claimed it had passed three million installs of its paid Tongxin UOS desktop edition. It’s a very pretty Windows-like desktop environment, but it never made it to having its own Fedora spin – and it certainly won’t now. Microsoft ❤️ Fedora But as one door closes, another opens. Fedora is still winning new friends and allies, and mere days earlier, there was a surprise announcement at the Open Source Summit North America, which as we write is winding down. On Monday, Microsoft announced a new version of its in-house Linux distro, Azure Linux 4, along with a companion distro called Azure Container Linux. There have been products called Azure Linux for quite a while. It’s based on the much more minimal CBL-Mariner distro, which we tried in 2022. The Register reported on Azure Linux becoming generally available in 2023, and then on the release of version 3 in 2024. We also knew back then that the company was working on turning it into a more general-purpose server OS: we reported on it migrating LinkedIn to Azure Linux in place of CentOS Linux that same year. There isn’t very much information about Azure Linux 4 yet; the broader rollout will be at the Microsoft Build conference next month. For now, all you can do is fill in a form to register your interest. However, the announcement reveals that version 4 switches to Fedora as its upstream distro. It was already based on the RPM packaging tools, hinting at some Red Hat or SUSE heritage in there somewhere. There’s slightly more information about Azure Container Linux. This is a separate distro, an immutable host OS for running containers. The announcement says “Azure Container Linux is based on the Flatcar project.” Flatcar is the continuation of CoreOS Container Linux, which The Reg has covered since it released its first version in 2014. As Linux Weekly News reported that year, CoreOS was based on Google’s ChromeOS, but redesigned to host containers. Red Hat acquired CoreOS in 2018, and then two years later, discontinued Container Linux. It replaced the Google and Gentoo-based distro with a new one based on Red Hat’s own immutable tool chain, called Fedora CoreOS. German FOSS consultancy Kinvolk forked the CoreOS code and continued development under the name of Flatcar Container Linux. Kinvolk was acquired by Microsoft in 2021, but continued to work on Flatcar. Now it seems that, with the announcement of Azure Linux 4 as well as Azure Container Linux, Microsoft has two separate in-house distros: one based on Fedora, and one based on ChromeOS. For now, Flatcar is still trundling along the tracks just fine, but we suspect some future consolidation may be coming down the line. ®

A long-running lawsuit over Vizio's Linux-based smart TV software is headed to trial in August, with the Software Freedom Conservancy arguing that GPL rules require Vizio to release complete source code owners could use to modify, maintain, or strip ads and tracking from their TVs. Ars Technica reports: The outcome could reverberate across the industry. Because many of today's popular smart TV operating systems are Linux-based, the case may help determine how much control many owners have over their sets. Access to the full code would allow users to make meaningful changes to how their TVs work, including limiting ads or deactivating automatic content recognition. [...] The Software Freedom Conservancy argues it has the right to Vizio OS's source code because it owns several Vizio TVs and because the operating system is based on Ubuntu, a Linux distribution. (SFC employees bought seven Vizio TVs from 2018 to 2021 after getting complaints about Vizio not sharing its TVs' source code, according to the complaint.) In general, the Linux kernel is provided under the terms of GPLv2, as noted by kernel.org, which is run by the Linux Kernel Organization. SFC's lawsuit alleges that Vizio breached GPLv2 and LGPLv2.1 by failing to make available the complete source code for Vizio OS. The case is currently in the Orange County Superior Court of the State of California. The lawsuit targets Vizio specifically, but the impact could extend to other Linux-based smart TV OSes such as LG's webOS, Samsung's Tizen, and Roku's Roku OS. "We expect all companies who distribute Linux and other software using right-to-repair agreements like the GPL in their products would comply with these agreements," Denver Gingerich, the director of compliance at SFC, told Ars. [...] SFC expects a ruling within three to six months of the conclusion of the trial, which is currently scheduled for August 10.

Read more of this story at Slashdot.

Pour one out for the Gemini Command Line Interface. Come June 18, the open source development agent will stop serving most users in favor of the new Antigravity CLI, and developers aren’t happy that the replacement is far less open than the old tool. Google announced the Antigravity CLI at Google I/O this week, billing it as a way for the Chocolate Factory to unify its efforts in developing a command line interface for AI agents. One of the key arguments Google makes in a post about transitioning from Gemini CLI to Antigravity CLI is that the new one has improved support for multi-agent environments, but the company isn’t giving most of its users much of a choice on whether to switch. “On June 18, 2026, Gemini CLI and Gemini Code Assist IDE extensions will stop serving requests for Google AI Pro and Ultra, as well as those using it free of charge using Gemini Code Assist for individuals,” the Gemini CLI team wrote in their announcement of the transition. The change also affects Gemini Code Assist for GitHub, which won’t allow new installations beginning June 18, and will stop serving requests in the following weeks. Enterprises appear to be getting a pass, however, with Google noting that those using Gemini CLI or its IDE extensions through a Gemini Code Assist Standard or Enterprise license won’t see any changes in their access, nor will Gemini Code Assist for GitHub users accessing the tools through their enterprise Google Cloud accounts. “Gemini CLI will remain accessible via paid Gemini and Gemini Enterprise Agent Platform API keys,” Google explained. For everyone else, sorry: It’s Antigravity CLI or bust, but don’t expect the same experience. “There won't be 1:1 feature parity right out of the gate” between Gemini CLI and Antigravity CLI, Google added. Agent skills, hooks, subagents, and extensions are all being supported by Antigravity CLI at launch. But other stuff may take time to arrive, if it does at all. Pray we don’t alter the deal any further Take a look at the Gemini CLI GitHub page, and you'll find all the code that made it possible - it is an open-source project, after all. Surf over to the Antigravity CLI GitHub page and all you’ll see is a change log, readme, and a GIF file demonstrating the tool’s appearance. That’s right: Antigravity CLI isn’t open source - at least not from what Google has published so far - and it took developers no time at all to notice. Gemini CLI Lead Product Manager Dmitry Lyalin took to GitHub to make an announcement detailing some additional info about the forced CLI tool migration, and the comments are rife with people frustrated by the move. No small portion of the vitriol is targeted at apparent usage limits, with multiple people reporting they’d hit their weekly quota with just a couple of requests. The issues page for Antigravity CLI similarly has numerous posts asking Google to look into usage limits. Other posts accuse Google of using open-source contributions to improve a new closed-source product and generally express frustration with Google for killing yet another thing customers relied on. At the same time, Lyalin teased developers by telling them that, no, Gemini CLI isn’t truly gone if you’re willing to pay top dollar for it. “The project remains available to the community as an Apache 2.0 licensed repository with no changes,” Lyalin noted in his GitHub post. “You will continue to see us work on GitHub as we keep Gemini CLI updated with latest model releases, bugs and security fixes for our enterprise customers.” Now please open your wallets if you want access to this open-source product. Google didn’t respond to questions for this story. ®

The 2026 Commonwealth Short Story Prize is facing backlash after several winning entries were accused of being AI-generated, with one Caribbean winner's story flagged as fully AI-written by a detector that WIRED says it independently confirmed. From the report: Each year, the Commonwealth Foundation, a nongovernmental organization in London, awards its short story prize to one writer in each of five regions: Africa, Asia, Canada and Europe, the Caribbean, and the Pacific. One overall winner is then selected from that short list. Regional winners take home [about $3,350], while the top winner, to be announced next month, claims [about $6,700]. On May 12, the respected UK literary magazine Granta published the top five 2026 entries -- all previously unpublished, per the rules of the contest -- on its website. (It has hosted the winning submissions for the prize since 2012.) Within days, however, one entry aroused suspicion. "The Serpent in the Grove," a story by Jamir Nazir of Trinidad and Tobago, which had taken honors for the Caribbean region, struck a few people as bearing the stylistic tells of AI-generated text. "Well, this is a first: a ChatGPT-generated story won a prestigious literary prize," wrote researcher and entrepreneur Nabeel S. Qureshi, a former visiting scholar of AI at the Mercatus Center at George Mason University, in a post on X on Monday. "'Not X, not Y, but Z' sentences everywhere, the 'hums' trope, and plenty of other obvious markers of AI writing. A major milestone for AI, at any rate..." "They say the grove still hums at noon," Nazir's mysterious and atmospheric tale begins. In his screenshot of the opening paragraphs, Quereshi highlighted the second line as what he considered to be a signature example of AI syntax: "Not the bees' neat industry or the clean rasp of cutlass on vine, but a belly sound -- as if the earth swallows a shout and holds it there." As the literary community undertook a closer read of Nazir's story, many criticized its language and metaphors as nonsensical, wondering how the Commonwealth judges could have seen any merit to them. Others shared screenshots showing that the AI-detection tool Pangram flagged "The Serpent in the Grove" as 100 percent AI-generated, a result that WIRED independently confirmed. (While no AI-detection software is perfect, third-party analysis has consistently determined Pangram to be the most accurate, with a near-zero rate of false positives.) [...] Besides Nazir, two more winning authors have drawn allegations of using AI in their work. Pangram finds that "The Bastion's Shadow," by Maltese writer John Edward DeMicoli, winner for the Canada and Europe region, is fully AI-generated; it scans "Mehendi Nights," by Indian writer Sharon Aruparayil, winner for the Asia region, as partly AI-generated. Neither DeMicoli nor Aruparayil immediately returned requests for comment when reached through their respective social media accounts. The other two short-listed stories, by Holly Ann Miller of New Zealand and Lisa-Anne Julien of South Africa, deliver "fully human-written" results from Pangram. Wired also reports that one of the judges for the prize has been "accused of using AI to craft her descriptive blurb that accompanied the listing of 'The Serpent in the Grove' as a regional winner.'" Pangram labels the text as "AI-assisted."

Read more of this story at Slashdot.

Software platform Plex is killing its buy-once-use-forever model with an eye-watering hike of its Lifetime Plex Pass from $249.99 to $749.99. The increase will take effect on July 1, but does not apply to existing Lifetime Plex Pass holders. The existing monthly and annual subscription pricing for the service is also unchanged, suggesting Plex really would rather you subscribed. Lifetime Plex Passes used to cost $74.99, before increasing to $149.99 in 2014. It later fell back to $119.99 before jumping to $249.99 in April 2025. Just over a year later, the price is heading to $749.99. Plex is used primarily as a media server. Load it up with content and point clients at it. The project has its origins in the Xbox Media Center (XBMC) from which it was forked. The server software runs on Windows, macOS, Linux, and several network devices, and the client runs almost everywhere, including iOS and Android devices. Remote access to a Plex media server used to be free, but in 2025 Plex shifted that functionality to its paid tiers. Other paid-tier functionality includes hardware transcoding and media file downloads. "We've considered eliminating the Lifetime Plex Pass," Plex wrote. Considering the hike, it might as well have. An annual subscription costs $69.99, meaning it will take more than a decade before that $749.99 pays off. Unless, of course, Plex increases the subscription cost in the future. The increase is the latest in a long line of price hikes from media companies, though it is among the most extreme. Plex has made no secret of the fact that "recurring subscriptions help us sustain long-term development" – hence the attempt to make the one-off lifetime payment less attractive. The jump might be eye-watering, but it also reflects a growing realization across the tech and streaming industries. One-off payments don't cut it anymore and ads aren't enough, so a subscription is the way to go to sustain development. Although existing Lifetime Plex Pass customers are not affected, the hike highlights how important subscriptions have become across all sectors (we can't see Microsoft weaning itself off Microsoft 365 any time soon) and what "lifetime" actually means. ®

An anonymous reader quotes a report from TechCrunch: The AI coding boom is now coming directly for Android app development. On Tuesday at Google IO 2026, the company announced new native Android app creation capabilities in its web-based Google AI Studio, shrinking a process that takes weeks of setup and coding down to minutes. The company also said that consumers will be able to use Gemini AI to find the apps they need, both on the Play Store and the web, expanding opportunities for developers to have their apps discovered. Google says the new capabilities could make sense for anyone from a seasoned developer looking to prototype a new app quickly to a first-time creator. [...] The apps are built with the Kotlin programming language using Google's Jetpack Compose toolkit and with support integration with hardware sensors like GPS, Bluetooth, and NFC, the company says. However, the resulting creations, for now, are only meant to be used personally, as publishing for family and friends is still on the roadmap. The company suggests the technology could be used for the creation of personal utilities and simple social apps, hardware-enabled experiences, or AI-powered experiences. Google is also adding an "Ask Play" AI overlay to the Play Store that lets users discover apps through natural-language conversations. "Perhaps more importantly, apps will begin to be surfaced with users' conversations with Google's Gemini virtual assistant, exposing developers' apps to millions of users," adds TechCrunch.

Read more of this story at Slashdot.

Meta's massive role reshuffle begins today, with thousands of staff being transferred to AI-focused teams and their managers reportedly laid off. The tech giant is reassigning 7,000 workers to AI projects, eliminating around 10 percent of its current workforce, and closing 6,000 open positions, according to Reuters, which saw copies of the internal memos. The workforce changes, the latest in a series of moves that started 2022, will affect roughly 20 percent of Meta's approximately 78,000 employees. Janelle Gale, Meta's chief people officer, penned the memos to affected staff. Some have already begun their new AI-related duties, while the rest will be told of their fates today, she reportedly said. "As org leaders worked on the changes, many of them incorporated AI-native design principles ⁠into their new org structures," Gale's memo read. "We're now at the stage where many orgs can operate with a flatter structure with smaller teams of pods/cohorts that can move faster and with more ownership." This flatter structure will involve, in part, managers being either laid off or moved into roles where they are producing work instead of overseeing teams. Previous memos sent to staff in April stated that top engineers – those who represented the company's "strong software engineering talent" – were being "selected" for brand-new divisions within the business. Among these were the Applied AI Engineering and Agent Transformation Accelerator units, as well as Central Analytics. Once famed for letting its staff pick and choose their projects, Meta said those selected for this new AI mission had no say in the matter. Responding to an employee's question, Maher Saba, VP of AAI Engineering, wrote: "AAI is one of the company's highest priorities and we're resourcing it by moving our strongest talent to address it. Therefore, the transfers aren't optional." Both AI units were established for engineers to develop AI agents capable of automating and taking over duties previously undertaken by human employees. Those transferred to Central Analytics will work on ways of assessing productivity and analytics for agent development. According to Gale's memo, another new unit called Enterprise Solutions will soon be established, but Meta has not yet revealed details. The Register asked Meta for a statement, but it did not immediately respond. The Great Flattening Gale's language regarding "flatter structures" echoes chief Mark Zuckerberg's wording from Meta's January earnings report, promising to flatten teams over the coming year. "We're elevating individual contributors, and flattening teams," Zuck wrote in a post-earnings note on January 28. "We're starting to see projects that used to require big teams now be accomplished by a single very talented person. "I want to make sure as many of these very talented people as possible choose Meta as the place they can make the greatest impact – to deliver personalized products to billions of people around the world. And if we do this, then I think we'll get a lot more done and it's going to be a lot more fun." Reports surfaced around the same time about a major round of job cuts at the company, equivalent to 20 percent of its workforce, or around 15,000 roles, but it was unclear when or if this would materialize. Meta's latest round of layoffs follows a smaller-scale round in March, affecting 700 roles across Reality Labs, the social media division, and recruitment. The changes come against a backdrop of Meta investing heavily in AI, with the company saying it plans to spend between $162 billion and $167 billion this year, up from $118 billion in 2025. The company has reportedly also tried tempting top AI talent to join its ranks with nine-figure pay packets, and ex-OpenAI players with $100 million sign-on bonuses. The revolt Meta slashing roles to embrace AI replacements has led to protests across its Menlo Park HQ and internal Workspace comms platform, Reuters reports. First announced in April, Meta said it would be tracking mouse clicks and keystrokes to train AI rather than assess staff productivity. A company spokesperson told the BBC: "If we're building agents to help people complete everyday tasks using computers, our models need real examples of how people actually use them." They said the data is not used for any other purpose, and there are safeguards in place to protect sensitive content. But Meta staff have expressed their disdain for the changes in various ways, including by setting up an online petition – which now has over 1,000 signatures – and plastering flyers all over US offices referring to the company as an "Employee Data Extraction Factory." ®

The UK government may move to forestall objections to datacenter projects via an overhaul of planning regulations that would shield critical energy and infrastructure buildouts from legal challenges. Finance minister, Chancellor of the Exchequer Rachel Reeves, is preparing to unveil reforms allowing Parliament to designate key projects as having critical national importance to prevent them from being subject to judicial review. "For too long, vital infrastructure delivery has been delayed by judicial reviews of projects," a spokesperson for HM Treasury said in a ⁠statement. The Chancellor "is clear that Parliament must take back control to get Britain building the ⁠power plants, wind farms and grid connections that will bring ⁠bills down, strengthen our energy security, and ⁠deliver growth in every part of our country." This does not explicitly mention datacenters, but as The Register has reported previously, massive server farms have already been lumped in with energy generation as projects to be urgently fast-tracked by government. Back in 2024, server farms were given Critical National Infrastructure (CNI) designation - a move that a government a civil servant warned would allow the authorities to override opposition to datacenter sites by local residents. Last year, a datacenter project management biz urged the government go a step further and categorize large datacenter developments as Nationally Significant Infrastructure Projects (NSIPs). This would shift decision-making from local authorities to the national level, potentially expediting approvals for large projects, while removing any say that local residents may have in developments that affect them. Parliament’s Public Accounts Committee also published a report last year on Treasury plans to implement stronger governance to speed large infrastructure schemes, criticizing it for not including “technically complex” projects such as those involving “digital transformation and artificial intelligence (AI),” despite the government’s focus on these to deliver economic growth. Some are already welcoming the planning reforms before they have even been officially announced. “Today’s announcement is the right thing to do if we are serious about growth, energy security and getting Britain building again,” said Ben Brittain, director of public affairs at the Association for Consultancy and Engineering (ACE). “For too long, critical infrastructure projects have been delayed by blockers, layers of uncertainty and lengthy legal challenge, driving up costs and holding back investment." But the government should be wary, as public sentiment is turning against the growing number of datacenters being built and the AI technology that is driving their construction. Putting them beyond the reach of any legal challenge could easily exacerbate this. In America, for example, a recent survey found that people would sooner see a nuclear power plant sited in their locality than a datacenter. Gunshots were also fired at the home of an Indianapolis councilor who backed plans for a server farm in his area. In the UK, there have been protests against various datacenter building projects. Activist group Global Action Plan organized several at the end of February at sites including Iver in Buckinghamshire and Potters Bar in Hertfordshire where recently announced campuses are being constructed. HM Treasury had not responded to our requests for further information at the time of publication. ®

Microsoft has confirmed that SMS is on the way out as a method of authentication and recovery for personal Microsoft accounts. Fraud and dubious security were cited as reasons for the move: "SMS authentication is vulnerable to phishing and SIM-swap attacks." Passwordless accounts, passkeys, and verified email are the future, according to Microsoft. The announcement was first spotted by WindowsLatest and comes as passkeys are increasingly accepted as a default authentication standard. In April 2026, the UK's National Cyber Security Centre officially endorsed the technology and urged consumers to adopt it. For its part, Microsoft has promoted the use of passkeys for more than a year, declaring in 2025 that all new Microsoft accounts would be passwordless by default. As such, the days of SMS as a method of authentication and account recovery have been numbered for some time, and Microsoft's announcement confirms that users will be directed elsewhere. However, it did not state when it will pull the plug on the technology once and for all. Dropping SMS is laudable, but users will still need to learn a new authentication method. Microsoft promises to guide them through it - offering options to sign in with or create a passkey at login – yet that transition may prove easier said than done. Passkeys also have challenges, most notably when used over multiple devices. In that instance, a synchronization tool or password manager can help, but users might not be familiar with these technologies. Ultimately, SMS as a method of authentication and recovery for a Microsoft account is on the way out. For many security professionals, it is not a moment too soon. ®