Linux fréttir

Writing in Communications of the ACM, former Go tech lead Russ Cox warns we need to keep improving defenses of software supply chains, highlighting "promising approaches that should be more widely used" and "areas where more work is needed." There are important steps we can take today, such as adopting software signatures in some form, making sure to scan for known vulnerabilities regularly, and being ready to update and redeploy software when critical new vulnerabilities are found. More development should be shifted to safer languages that make vulnerabilities and attacks less likely. We also need to find ways to fund open source development to make it less susceptible to takeover by the mere offer of free help. Relatively small investments in OpenSSL and XZ development could have prevented both the Heartbleed vulnerability and the XZ attack. Some highlights from the 5,000-word article: Make Builds Reproducible. "The Reproducible Builds project aims to raise awareness of reproducible builds generally, as well as building tools to help progress toward complete reproducibility for all Linux software. The Go project recently arranged for Go itself to be completely reproducible given only the source code... A build for a given target produces the same distribution bits whether you build on Linux or Windows or Mac, whether the build host is X86 or ARM, and so on. Strong reproducibility makes it possible for others to easily verify that the binaries posted for download match the source code..." Prevent Vulnerabilities. "The most secure software dependencies are the ones not used in the first place: Every dependency adds risk... Another good way to prevent vulnerabilities is to use safer programming languages that remove error-prone language features or make them needed less often..." Authenticate Software. ("Cryptographic signatures make it impossible to nefariously alter code between signing and verifying. The only problem left is key distribution...") "The Go checksum database is a real-world example of this approach that protects millions of Go developers. The database holds the SHA256 checksum of every version of every public Go module..." Fund Open Source. [Cox first cites the XKCD cartoon "Dependencies," calling it "a disturbingly accurate assessment of the situation..."] "The XZ attack is the clearest possible demonstration that the problem is not fixed. It was enabled as much by underfunding of open source as by any technical detail." The article also emphasized the importance of finding and fixing vulnerabilities quickly, arguing that software attacks must be made more difficult and expensive. "We use source code downloaded from strangers on the Internet in our most critical applications; almost no one is checking the code.... We all have more work to do."

Read more of this story at Slashdot.

Near Microsoft's headquarters in Redmond, the Five Stones coffee shop advertised for a barista a few months ago — and started getting resumes from "people who listed Microsoft and other tech companies," writes the Wall Street Journal: The applicants typically had master's degrees and experience in graphic design or marketing roles, Andrews said — sometimes senior ones. They were applying to jobs at Five Stones that would pay Redmond's minimum wage, $16.66 an hour. Five Stones hasn't yet hired such candidates because the coffee shop gives priority to more traditional entry-level baristas, like high-schoolers... [Microsoft and Amazon] have laid off more than 46,000 employees since 2023, according to Layoffs.fyi, which tracks workforce reductions. That represents 85% of layoffs by Seattle-area tech companies... As Amazon and Microsoft have made cuts — and other local tech firms including Expedia and Redfin have followed suit — the effects have rippled through Seattle's other business sectors. Weakness in payroll and sales tax contributed to a projected $146 million shortfall in revenue over the next two years. Restaurant and retail spending is down in the business and shopping districts surrounding Amazon's and Microsoft's campuses, with total transactions falling by as much as 7% in some popular areas in the past year, according to data from Square. In the first half of 2025, around 450 restaurants closed in Seattle, or about 16% of its total. "At the halfway point of the year, we've already seen as many closures as we'd usually see in a full year," said Anthony Anton, chief executive officer of the Washington Hospitality Association. Uber driver Juan Prado made six figures in 2021, often shuttling passengers in town for job interviews and doing frequent drop-offs near downtown tech offices. Now, he said, demand is much lower. "There are moments where you can be online, and in certain areas, it shows nothing...." Seattle tech firms are asking for significantly fewer job placements than years ago, said Noelle McDonald, senior vice president at recruiting company Aquent, which counts Amazon and Microsoft as clients. Hiring windows have lengthened and open roles receive around 10 times as many applications. And of course, "Commercial real-estate vacancies stand at a record high as offices built to accommodate a boom sit empty... " While some laid-off employees launched their own startups, "the outlook for many tech workers is dour as companies invest in software tools they can use to streamline teams," the article points out. Microsoft CEO Satya Nadella "has said the company is increasingly looking to AI to perform coding and other tasks once done by people," while in June, Amazon "said its workforce would shrink going forward."

Read more of this story at Slashdot.

Mickey Mouse's first movie Steamboat Willie entered the public domain in 2024. Now one of America's largest personal injury firms is suing Disney, reports the Associated Press, "in an effort to get a ruling that would allow it to use Steamboat Willie in advertisements..." [The law firm said] it had reached out to Disney to make sure the entertainment company wouldn't sue them if they used images from the animated film for their TV and online ads. Disney's lawyers responded by saying they didn't offer legal advice to third parties, according to the lawsuit. Morgan & Morgan said it was filing the lawsuit to get a decision because it otherwise feared being sued by Disney for trademark infringement if it used Steamboat Willie. "Without waiver of any of its rights, Disney will not provide such advice in response to your letter," Disney's attorneys wrote in their letter (adding "Very truly yours..."). A local newscast showed a glimpse of the letter, along with a few seconds of the ad (which ends with Minnie Mouse pulling out a cellphone to call for a lawyer...) Attorney John Morgan tells the newscast that Disney's legal team "is playing cute, and so we're just trying to get a yes or no answer.. They wrote us back a bunch of mumbo-jumbo that made no sense, didn't answer the question. We tried it again, they didn't answer the question..." (The newscast adds that the case isn't expected to go to court for at least a year.)

Read more of this story at Slashdot.

From pain-free shutdowns to crap-free search, these tweaks will improve your experience

hands on Windows 11 has a number of puzzling or annoying UI changes from Windows 10 that power users might wish to change. But you can't make these tweaks from the Settings menu or even the legacy Control Panel. To make these changes, you’ll need to edit the Registry.…

When Meta finally unveiled its newest smart glasses, CEO Mark Zuckerberg "drew more snickers than applause," wrote the New York Times. (Mashable points out a video call failing onstage followed by an unsuccessful recipe demonstration.) Meta chief technology officer Andrew Bosworth later explained the funny reason their demo didn't work, reports TechCrunch, while answering questions on Instagram: "When the chef said, 'Hey, Meta, start Live AI,' it started every single Ray-Ban Meta's Live AI in the building. And there were a lot of people in that building," Bosworth explained. "That obviously didn't happen in rehearsal; we didn't have as many things," he said, referring to the number of glasses that were triggered... The second part of the failure had to do with how Meta had chosen to route the Live AI traffic to its development server to isolate it during the demo. But when it did so, it did this for everyone in the building on the access points, which included all the headsets. "So we DDoS'd ourselves, basically, with that demo," Bosworth added... Meta's dev server wasn't set up to handle the flood of traffic from the other glasses in the building — Meta was only planning for it to handle the demos alone. The issue with the failed WhatsApp call, on the other hand, was the result of a new bug. The smart glasses' display had gone to sleep at the exact moment the call came in, Bosworth said. When Zuckerberg woke the display back up, it didn't show the answer notification to him. The CTO said this was a "race condition" bug... "We've never run into that bug before," Bosworth noted. "That's the first time we'd ever seen it. It's fixed now, and that's a terrible, terrible place for that bug to show up." He stressed that, of course, Meta knows how to handle video calls, and the company was "bummed" about the bug showing up here... "It really was just a demo fail and not, like, a product failure," he said. Thanks to Slashdot reader fjo3 for sharing the news.

Read more of this story at Slashdot.

The consumer advocacy nonprofit PIRG (Public Interest Research Group) is now petitioning Microsoft to reconsider pulling support for Windows 10 in 2025, since "as many as 400 million perfectly good computers that can't upgrade to Windows 11 will be thrown out." In a petition addressed to Microsoft CEO Satya Nadella, the group warned the October 14 end of free support could cause "the single biggest jump in junked computers ever, and make it impossible for Microsoft to hit their sustainability goals." About 40% of PCs currently in use can't upgrade to Windows 11, even if users want to... Less than a quarter of electronic waste is recycled, so most of those computers will end up in landfills. Consumer Reports recently also urged Microsoft to not to "strand millions of customers.". And now more groups are also pushing back, according to a post from the blog Windows: Central The Restart Project co-developed the "End of 10" toolkit, which is designed to support Windows 10 users who can't upgrade to Windows 11 after the operating system hits its end-of-support date. They also note that a Paris-based company called Back Market plans to sell Windows 10 laptops refurbished with Ubuntu Linux or ChromeOS Flex. ("We refuse to watch hundreds of millions of perfectly good computers end up in the trash as e-waste," explains their web site.) Back Market's ad promises an "up-to-date, secure operating system — so instead of paying for a new computer you don't need, you can help us give this one a brand new life." Right now Windows 10 holds 71.9% of Microsoft's market share, with Windows 11 at 22.95%, according to figures from StatCounter cited by the blog Windows Central. And HP and Dell "recently indicated that half of the global PCs are still running Windows 10," according to another Windows Central post...

Read more of this story at Slashdot.

The consumer advocacy nonprofit PIRG (Public Interest Research Group) is now petitioning Microsoft to reconsider pulling support for Windows 10 in 2025, since "as many as 400 million perfectly good computers that can't upgrade to Windows 11 will be thrown out." In a petition addressed to Microsoft CEO Satya Nadella, the group warned the October 14 end of free support could cause "the single biggest jump in junked computers ever, and make it impossible for Microsoft to hit their sustainability goals." About 40% of PCs currently in use can't upgrade to Windows 11, even if users want to... Less than a quarter of electronic waste is recycled, so most of those computers will end up in landfills. Consumer Reports recently also urged Microsoft to not to "strand millions of customers.". And now more groups are also pushing back, according to a post from the blog Windows: Central The Restart Project co-developed the "End of 10" toolkit, which is designed to support Windows 10 users who can't upgrade to Windows 11 after the operating system hits its end-of-support date. They also note that a Paris-based company called Back Market plans to sell Windows 10 laptops refurbished with Ubuntu Linux or ChromeOS Flex. ("We refuse to watch hundreds of millions of perfectly good computers end up in the trash as e-waste," explains their web site.) Back Market's ad promises an "up-to-date, secure operating system — so instead of paying for a new computer you don't need, you can help us give this one a brand new life." Right now Windows 10 holds 71.9% of Microsoft's market share, with Windows 11 at 22.95%, according to figures from StatCounter cited by the blog Windows Central. And HP and Dell "recently indicated that half of the global PCs are still running Windows 10," according to another Windows Central post...

Read more of this story at Slashdot.

An anonymous reader shared this article from the Washington Post: A student taking an online quiz sees a button appear in their Chrome browser: "homework help." Soon, Google's artificial intelligence has read the question on-screen and suggests "choice B" as the answer. The temptation to cheat was suddenly just two clicks away Sept. 2, when Google quietly added a "homework help" button to Chrome, the world's most popular web browser. The button has been appearing automatically on the kinds of course websites used by the majority of American college students and many high-schoolers, too. Pressing it launches Google Lens, a service that reads what's on the page and can provide an "AI Overview" answer to questions — including during tests. Educators I've spoken with are alarmed. Schools including Emory University, the University of Alabama, the University of California at Los Angeles and the University of California at Berkeley have alerted faculty how the button appears in the URL box of course sites and their limited ability to control it. Chrome's cheating tool exemplifies Big Tech's continuing gold rush approach to AI: launch first, consider consequences later and let society clean up the mess. "Google is undermining academic integrity by shoving AI in students' faces during exams," says Ian Linkletter, a librarian at the British Columbia Institute of Technology who first flagged the issue to me. "Google is trying to make instructors give up on regulating AI in their classroom, and it might work. Google Chrome has the market share to change student behavior, and it appears this is the goal." Several days after I contacted Google about the issue, the company told me it had temporarily paused the homework help button — but also didn't commit to keeping it off. "Students have told us they value tools that help them learn and understand things visually, so we're running tests offering an easier way to access Lens while browsing," Google spokesman Craig Ewer said in a statement.

Read more of this story at Slashdot.

An anonymous reader shared this report from the Washington Post: Finnish tech firm Bluefors, a maker of ultracold refrigerator systems critical for quantum computing, has purchased tens of thousands of liters of Helium-3 from the moon — spending "above $300 million" — through a commercial space company called Interlune. The agreement, which has not been previously reported, marks the largest purchase of a natural resource from space. Interlune, a company founded by former executives from Blue Origin and an Apollo astronaut, has faced skepticism about its mission to become the first entity to mine the moon (which is legal thanks to a 2015 law that grants U.S. space companies the rights to mine on celestial bodies). But advances in its harvesting technology and the materialization of commercial agreements are gradually making this undertaking sound less like science fiction. Bluefors is the third customer to sign up, with an order of up to 10,000 liters of Helium-3 annually for delivery between 2028 and 2037... Helium-3 is lighter than the Helium-4 gas featured at birthday parties. It's also much rarer on Earth. But moon rock samples from the Apollo days hint at its abundance there. Interlune has placed the market value at $20 million per kilogram (about 7,500 liters). "It's the only resource in the universe that's priced high enough to warrant going out to space today and bringing it back to Earth," said Rob Meyerson [CEO of Interlune and former president of Blue Origin]... [H]eat, even in small doses, can cause qubits to produce errors. That's where Helium-3 comes in. Bluefors makes the cooling technology that allows the computer to operate — producing chandelier-type structures known as dilution refrigerators. Their fridges, used by quantum computer leader IBM, contain a mixture of Helium-3 and Helium-4 that pushes temperatures below 10 millikelvins (or minus-460 degrees Fahrenheit)... Existing quantum computers have been built with more than a thousand qubits, he said, but a commercial system or data center would need a million or more. That could require perhaps thousands of liters of Helium-3 per quantum computer. "They will need more Helium-3 than is available on planet Earth," said Gary Lai [a co-founder and chief technology officer of Interlune, who was previously the chief architect at Blue Origin]. Most Helium-3 on Earth, he said, comes from the decay of tritium (an isotope of hydrogen) in nuclear weapons stockpiles, but between 22,000 and 30,000 liters are made each year... "We estimate there's more than a million metric tons of Helium-3 on the moon," Meyerson said. "And it's been accumulating there for 4 billion years." Now, they just need to get it. Interlune CEO Meyerson tells the post "It's really all about establishing a resilient supply chain for this critical material" — adding that in the long-term he could also see Helium-3 being used for other purposes including fusion energy.

Read more of this story at Slashdot.

A large U.S.-made bomb left over from World War II was discovered at a construction site, reports the Associated Press: Police said the bomb was 1.5 meters (nearly 5 feet) in length and weighed about 1,000 pounds (450 kilograms). It was discovered by construction workers in Quarry Bay, a bustling residential and business district on the west side of Hong Kong island... [A police official] said that because of "the exceptionally high risks associated with its disposal," approximately 1,900 households involving 6,000 individuals were "urged to evacuate swiftly." The operation to deactivate the bomb began late Friday and lasted until around 11:30 a.m. Saturday. No one was injured in the operation. Bombs left over from World War II are discovered from time to time in Hong Kong. The city was occupied by Japanese forces during the war, when it became a base for the Japanese military and shipping. The United States, along with other Allied forces, targeted Hong Kong in air raids to disrupt Japanese supply lines and infrastructure. "Bombs from the war have triggered evacuations and emergency measures around the globe in recent months," reports CBS News: Earlier this month, a 500-pound bomb was discovered in Slovakia's capital during construction work, prompting evacuations. In August, large parts of Dresden, Germany, were evacuated so experts could defuse an unexploded World War II bomb found during clearance work for a collapsed bridge. In June, over 20,000 people were evacuated from Cologne after three unexploded U.S. bombs from the war were found... In March, a World War II bomb was found near the tracks of Paris' Gare du Nord station. In February, more than 170 bombs were found near a children's playground in northern England. And in October 2024, a World War II bomb exploded at a Japanese airport.

Read more of this story at Slashdot.