У [ легендарного ]( https://www.kvant.digital/about/history/ ) журнала «Квант» открылся новый [ сайт ]( https://www.kvant.digital/ ) – там и свежий номер, и архив старых, созданных под руководством Андрея Колмогорова и других крупнейших математиков.

Сайт позволяет искать по автоматически распознанным изображениям представленных номеров журнала. Попробуйте на странице [ «Архив номеров» ]( https://www.kvant.digital/issues/ ) ввести интересующее вас словосочетание. В качестве примера: [ кубик Рубика ]( https://www.kvant.digital/issues/?query=%D0%BA%D1%83%D0%B1%D0%B8%D0%BA+%D0%A0%D1%83%D0%B1%D0%B8%D0%BA%D0%B0 ) . По клику на номер с жёлтым фоном открывается страница номера с подсвеченными найденными словами. А если вы школьником отправляли решения в «Задачник „Кванта“», то можете попробовать найти свою фамилию в списках читателей, приславших решения.

( [ читать дальше... ]( https://www.linux.org.ru/news/opensource/18120089#cut ) )

Фонда STF (Sovereign Tech Fund) представил новые открытые проекты, которым решено предоставить финансирование. Организация учреждена в Германии для стимулирования развития открытой цифровой инфраструктуры и экосистем с открытым исходным кодом. Фонд создан на средства, предоставленные Министерством экономики и защиты климата Германии, и курируется Федеральным агентством подрывных инноваций SPRIND. Отмечается, что инвестирование в открытое ПО способствует развитию инноваций в Германии и Европе, а также повышает конкурентоспобность, продуктивность и возможность продвижения инноваций в малых и средних предприятиях.

https://www.opennet.ru/opennews/art.shtml?num=64105

Разработчики проекта AlmaLinux, развивающего редакцию дистрибутива Red Hat Enterprise Linux (RHEL), объявили о добавлении поддержки файловой системы Btrfs и реализации в инсталляторе возможности разметки накопителей с использованием Btrfs. В качестве причины упоминается прогресс в разработке Btrfs и продвинутые возможности, такие как контрольные суммы для обнаружения повреждения данных и метаданных, снапшоты, удобное управление томами, прозрачное сжатие и поддержка операции reflink для создания копии файлов через клонирование метаданных.

https://www.opennet.ru/opennews/art.shtml?num=64103

Опубликовано: Thu, 23 Oct 2025 08:00:31 GMT
Канал: Все статьи подряд / Системное программирование / Хабр

Всем привет! Меня зовут Виктор, и я программист. Восемь лет работаю в команде Т-Банка и все это время вместе с коллегами занимаюсь проектом «Т-Телефония». Моя команда разрабатывает сервисы, которые обеспечивают голосовую коммуникацию внутри и вне банка. Звонки — один из основных способов связи с нами, поэтому система критична для бизнеса с высоким требованием к доступности. Она обрабатывает более 2 млн звонков в день. Если происходит сбой в любой пользовательской системе и нашим клиентам плохо, количество звонков сразу увеличивается, а нагрузка на систему повышается в два-три раза.Когда мне прилетела первая задача с дампом, единственным инструментом, который я знал, был WinDbg. Я потратил несколько дней, чтобы хоть немного разобраться в нем. С развитием проекта приходилось все чаще снимать дампы, и теперь я знаю о них намного больше.В статье покажу, что такое дампы, какие есть инструменты для работы с ними и какие у них особенности, покажу наши примеры проблем, расскажу, как мы их решали. Читать далее]]>

https://habr.com/ru/companies/tbank/articles/955140/

Опубликовано: Thu, 23 Oct 2025 07:01:21 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

После первой статьи про мой дом и баню я получил массу откликов — от инженеров, интеграторов и людей, которые строят свои умные дома. Многие писали, что узнали себя в описании, делились своими решениями, задавали вопросы про детали и надежность.Поэтому я решил написать продолжение о том, как проект вышел за рамки личного опыта. Сначала соседи приходили просто посмотреть, потом просили помочь. Так мой «умный дом» постепенно превратился в бизнес — инженерные системы и автоматизация полива для соседей и всего поселка Wright Village.Сейчас у меня за плечами уже несколько частных участков и поселковая система полива, которая обслуживает сквер, парк и центральные аллеи.И этим опытом я тоже решил поделиться. Читать далее]]>

https://habr.com/ru/companies/wirenboard/articles/959232/

Опубликовано: Thu, 23 Oct 2025 07:05:22 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

Предположим, что мы живём в постапокалиптическом мире, так как по каким-то причинам - выжили («оптимистичное» начало, да:-) ). Соответственно, «вопросы производительности железа или софта» и тому подобные проблемы - нас будут интересовать в самую последнюю очередь, так как на самый первый план выходят вопросы банального выживания, где одним из них является задача найти себе укрытие для тела от неблагоприятных факторов окружающей среды. И если, обратиться к заголовку, то первые два фактора мы пока оставим за скобками этого исследования, и, обратимся к третьему: а как нам получить одежду «с нуля»? Сразу надо оговориться, что скиллы «офисного/удалённого планктона» нам мало помогут в задаче «раздобыть себе бизона» и забрать его шкуру:-) - может статься, что нам ещё и ноги унести не получится... Поэтому, обратимся к «травоядным» вариантам - тем более, что человечество имеет достаточно богатую историю создания тканей, опираясь только на природные растительные источники. Итак... Читать далее]]>

https://habr.com/ru/companies/beget/articles/957994/

SpaceX has deactivated over 2,500 Starlink terminals allegedly used by scam operations in Myanmar, where the service isn't licensed but was reportedly enabling large-scale cybercrime networks tied to human trafficking and fraud. Ars Technica reports: Lauren Dreyer, vice president of Starlink business operations, described the action in an X post last night after reports that Myanmar's military shut down a major scam operation: "SpaceX complies with local laws in all 150+ markets where Starlink is licensed to operate," Dreyer wrote. "SpaceX continually works to identify violations of our Acceptable Use Policy and applicable law... On the rare occasion we identify a violation, we take appropriate action, including working with law enforcement agencies around the world. In Myanmar, for example, SpaceX proactively identified and disabled over 2,500 Starlink Kits in the vicinity of suspected 'scam centers.'"

Starlink is not licensed to operate in Myanmar. While Dreyer didn't say how the terminals were disabled, it's known that Starlink can disable individual terminals based on their ID numbers or use geofencing to block areas from receiving signals. On Monday, Myanmar state media reported that "Myanmar's military has shut down a major online scam operation near the border with Thailand, detaining more than 2,000 people and seizing dozens of Starlink satellite Internet terminals," according to an Associated Press article. The army reportedly raided a cybercrime center known as KK Park as part of operations that began in early September. The operations reportedly targeted 260 unregistered buildings and resulted in seizure of 30 Starlink terminals and detention of 2,198 people.

"Maj. Gen. Zaw Min Tun, the spokesperson for the military government, charged in a statement Monday night that the top leaders of the Karen National Union, an armed ethnic organization opposed to army rule, were involved in the scam projects at KK Park," the AP wrote. The Karen National Union is "part of the larger armed resistance movement in Myanmar's civil war" and "deny any involvement in the scams."

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/23/0311231/spacex-disables-2500-starlink-terminals-allegedly-used-by-asian-scam-centers?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

TOP10 VISITORS:

[1] 37.252.14.x point=144 web=0 up=27.1MB (35%) <--- ake (6/hr)
[2] 45.135.180.x point=238 web=0 up=20.6MB (26%) <--- yesterlink (10/hr)
[3] PetalBot point=1 web=1024 up=6.0MB (7%) <--- PetalBot
[4] Amazon point=0 web=128 up=4.2MB (5%)
[5] Google point=0 web=329 up=2.5MB (3%)
[6] 217.114.158.x point=25 web=0 up=1.0MB (1%) <--- fox (1/hr)
[7] TikTok point=2 web=56 up=0.9MB (1%) <--- TikTok
[8] 65.108.78.x point=0 web=5 up=0.8MB (1%)
[9] 145.239.195.x point=0 web=4 up=0.7MB (<1%)
[10] 188.165.217.x point=0 web=14 up=0.5MB (<1%)

TOTAL TRAFFIC: 76MB

Управляющий совет проекта Fedora утвердил правила, регламентирующие применение AI-инструментов при разработке Fedora Linux. AI-инструменты рассматриваются как потенциальная возможность сделать платформу лучше, но при этом имеются опасения, связанные с конфиденциальностью, безопасностью, этикой и качеством. Решено не запрещать использование AI-ассистентов при обязательном человеческом контроле за результатом их работы и несении разработчиком ответственности за код.

https://www.opennet.ru/opennews/art.shtml?num=64102

Опубликовано: Thu, 23 Oct 2025 05:33:33 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

В конце сентября - начале октября в рамках межрегионального форума «ИТ-трансформация 2025: профессионалы цифрового будущего» [https://itforumaltai.ru/2025/], проходившего в г.Барнаул проводился кейс-чемпионат «Код успеха». В номинации «Промышленная разработка» два из тех кейсов были посвящены проектам на ПЛИС: Кейс 1. Retro Game Console – разработка устройства вывода графики, анимации и текста с интерактивными эффектами Данный кейс родился спонтанно, под влиянием книг Steven Hugg «Making Games for the NES» и «Designing Video Game Hardware in Verilog», а также ряда дискуссий в чате «Школы синтеза цифровых схем» и от этого кейса ожидались как минимум яркие красивые картинки, да и обычно вывод на дисплей/экран и манипуляции с картинками доставляют яркие и незабываемые эмоции (особенно при отладке, да…) Кейс 2. «RTL-SoC-challenge» – разработка и прототипирование системы-на-кристалле на базе FPGA Второй кейс родился по образу и подобию SoC Design Challenge 2025 [https://edu.yadro.com/soc-design-challenge/ https://habr.com/ru/companies/yadro/articles/909410/], но в несколько упрощенном (??ооочень не точно) варианте – только RTL синтез с небольшими включениями тестирования модулей. В этом кейсе участникам в качестве подопытного кролика был предложен вариант многопоточной архитектуры процессора RISC-V, разработанного для учебного курса [https://riscv-alliance.ru/material/risc-v-dlya-fpga-arhitektura-mikroarhitekturnye-realizaczii/] созданного в рамках выполнения гранта Альянса RISC-V на разработку учебных материалов. Соревнование собрало команды и индивидуальных участников из АлтГУ, ИТМО, МИЭМ НИУ ВШЭ, РТУ МИРЭА, Санкт-Петербургского политехнического университета. Работы оценивали специалисты компании YADRO (огромное спасибо Юрию Гринишкину и Евгению Максимову за помощь и организацию процесса). В целом инженерами отмечен высокий уровень участников и большой объем работы, проделанный за неполные две недели, отведенные на решение задач. Читать далее]]>

https://habr.com/ru/articles/959276/

Компания Apple опубликовала исходный код низкоуровневых системных компонентов операционной системы macOS 26.0 (Tahoe), в которых используется свободное программное обеспечение, включая составные части Darwin, компоненты, программы и библиотеки, не связанные с GUI. Всего опубликован 171 пакет с исходными текстами.

https://www.opennet.ru/opennews/art.shtml?num=64104

An anonymous reader quotes a report from The Drive: This week, a reader wrote to us sharing that the infotainment in their 2020 Audi A4 had been "rebooting every five minutes all year." It looks like the problem was caused by a compatibility issue with a SiriusXM app update. Audi tells us the situation's been rectified, but it illustrates a serious pain point in modern cars -- myriad apps interacting with a diverse population of in-car software systems. Our reader was not the only Audi owner affected. "Randomly restarting" Audi infotainment screens have been discussed on Reddit, the Audiworld forum, and elsewhere, going back many months. Audi's recall notice and related service action only went out this summer.

It looks like this particular problem was caused when the satellite radio app pushed an update that was supposed to work on the latest version of Audi's infotainment software, but not all cars were running that. Then SiriusXM reverted, which, I guess, did not solve the problem for every owner. Audi now states that the problem has been fixed and originated with the SiriusXM app, but really, the automaker bears more than a little blame, too. [...] I dropped our own contacts at Audi a note about how and why this might have happened, and they added this clarification: "At the beginning of the year, SiriusXM did a programming update which was addressed via a software update to the MMI. However, as not all customers had their cars updated and SiriusXM then reverted back to the previous category numbering. Nonetheless, a MMI update is recommended as the two versions do seem to cause the issue."

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/23/003245/a-siriusxm-update-sent-some-audi-screens-into-a-forced-reboot-loop-for-months?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Meta is laying off about 600 employees from its AI division as part of a restructuring to streamline operations and solidify Alexandr Wang's leadership over the company's AI strategy. "Workers across Meta's AI infrastructure units, Fundamental Artificial Intelligence Research unit (FAIR) and other product-related positions will be impacted," notes CNBC. "However, the cuts did not impact employees within TBD Labs, which includes many of the top-tier AI hires brought into the social media company this summer." From the report: Those employees, overseen by Wang, were spared by the layoffs, underscoring Meta CEO Mark Zuckerberg's bet on his expensive hires versus the legacy employees, the people said. Within Meta, the AI unit was considered to be bloated, with teams like FAIR and more product-oriented groups often vying for computing resources, the people said. When the company's new hires joined the company to create Superintelligence Labs, it inherited the oversized Meta AI unit, they said. The layoffs are an attempt by Meta to continue trim the department and further cement Wang's role in steering the company's AI strategy. Following the cuts, Meta's Superintelligence Labs' workforce now sits at just under 3,000, the people said.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/22/2351229/meta-lays-off-600-from-bloated-ai-unit?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликовано: Thu, 23 Oct 2025 00:37:46 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

Это начиналось как эксперимент, но показало определенную практическую полезность.Старый регистратор, переделанный в сетевое хранилище, вот уже год бесперебойно обеспечивает хранение данных.Всё бы хорошо, вот только диск в нем внутри - единственный, а USB-порты, чтобы подключить больше дисков - медленные. Кто еще ни разу не слышал, как в один прекрасный день диск вдруг делает "цок-цок-цок" - и больше диска нет? И когда это произойдет - не предскажет никакой SMART: может, никогда, а может - через пару минут.Во взрослых системах для этого существуют RAID-массивы, с корзинами дисков, гудением вентиляторов и прочими сопутствующими радостями. Для SOHO тоже придумали такие ящики, со встроенной корзиной - и непременными вентиляторами. Куда ж без вентиляторов?Захотелось сделать почти такое же, но маленькое и бесшумное. Читать далее]]>

https://habr.com/ru/articles/959250/

As it nears its 30th anniversary, Pitchfork is testing user reviews and comments in a major shift from its long-standing critic-only model. The site will now let readers rate albums and leave comments, combining those into an aggregated "reader score" alongside the official Pitchfork score. The Verge reports: Pitchfork has historically been a one-sided affair. While it ran the occasional reader poll, there was no way for readers to directly voice their opinion on the site. If you thought that Jet's Shine On deserved better than a 0.0 (first off, you're wrong), there was no way to let the author know other than shouting into the void of this new thing at the time called Twitter. Now the site is considering letting users comment directly on reviews and give albums scores of their own. And then those scores will be averaged up into a single reader score for each album.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/22/2030236/pitchfork-is-beta-testing-user-reviews-and-comments-as-it-approaches-30?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google is migrating all its internal workloads to run on both x86 and its custom Axion Arm chips, with major services like YouTube, Gmail, and BigQuery already running on both architectures. The Register reports: The search and ads giant documented its move in a preprint paper published last week, titled "Instruction Set Migration at Warehouse Scale," and in a Wednesday post that reveals YouTube, Gmail, and BigQuery already run on both x86 and its Axion Arm CPUs -- as do around 30,000 more applications. Both documents explain Google's migration process, which engineering fellow Parthasarathy Ranganathan and developer relations engineer Wolff Dobson said started with an assumption "that we would be spending time on architectural differences such as floating point drift, concurrency, intrinsics such as platform-specific operators, and performance." [...]

The post and paper detail work on 30,000 applications, a collection of code sufficiently large that Google pressed its existing automation tools into service -- and then built a new AI tool called "CogniPort" to do things its other tools could not. [...] Google found the agent succeeded about 30 percent of the time under certain conditions, and did best on test fixes, platform-specific conditionals, and data representation fixes. That's not an enormous success rate, but Google has at least another 70,000 packages to port.

The company's aim is to finish the job so its famed Borg cluster manager -- the basis of Kubernetes -- can allocate internal workloads in ways that efficiently utilize Arm servers. Doing so will likely save money, because Google claims its Axion-powered machines deliver up to 65 percent better price-performance than x86 instances, and can be 60 percent more energy-efficient. Those numbers, and the scale of Google's code migration project, suggest the web giant will need fewer x86 processors in years to come.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/10/22/2022215/google-porting-all-internal-workloads-to-arm?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from the BBC: New research coordinated by the European Broadcasting Union (EBU) and led by the BBC has found that AI assistants -- already a daily information gateway for millions of people -- routinely misrepresent news content no matter which language, territory, or AI platform is tested. The intensive international study of unprecedented scope and scale was launched at the EBU News Assembly, in Naples. Involving 22 public service media (PSM) organizations in 18 countries working in 14 languages, it identified multiple systemic issues across four leading AI tools. Professional journalists from participating PSM evaluated more than 3,000 responses from ChatGPT, Copilot, Gemini, and Perplexity against key criteria, including accuracy, sourcing, distinguishing opinion from fact, and providing context.

Key findings: - 45% of all AI answers had at least one significant issue. - 31% of responses showed serious sourcing problems - missing, misleading, or incorrect attributions. - 20% contained major accuracy issues, including hallucinated details and outdated information. - Gemini performed worst with significant issues in 76% of responses, more than double the other assistants, largely due to its poor sourcing performance. - Comparison between the BBC's results earlier this year and this study show some improvements but still high levels of errors. The team has released a News Integrity in AI Assistants Toolkit to help develop solutions to these problems and boost users' media literacy. They're also urging regulators to enforce laws on information integrity and continue independent monitoring of AI assistants.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/22/2011239/ai-assistants-misrepresent-news-content-45-of-the-time?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

OpenBSD 7.8 has been released, adding Raspberry Pi 5 support, enhanced AMD Secure Encrypted Virtualization (SEV-ES) capabilities, and expanded hardware compatibility including new Qualcomm, Rockchip, and Apple ARM drivers. Phoronix reports: OpenBSD 7.8 also brings multiple improvements around enabling AMD Secure Encrypted Virtualization (AMD SEV) support with support for the PSP ioctl for encrypting and measuring state for SEV-ES, a new VMD option to run guests in SEV-ES mode, and other enablement work pertaining to that AMD SEV work in SEV-ES form at this point as a precursor to SEV-SNP. AMD SEV-ES should be working to start confidential virtual machines (VMs) when using the VMM/VMD hypervisor and the OpenBSD guests with KVM/QEMU.

OpenBSD 7.8 also improves compatibility of the FUSE file-system support with the Linux implementation, suspend/hibernate improvements, SMP improvements, updating to the Linux 6.12.50 DRM graphics drivers, several new Rockchip drivers, Raspberry Pi RP1 drivers, H.264 video support for the uvideo driver, and many network driver improvements. The changelog and download page can be found via OpenBSD.org.

[ Read more of this story ]( https://bsd.slashdot.org/story/25/10/22/205215/openbsd-78-released?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Samsung has officially launched the Galaxy XR, the first Android headset powered by Google's new Android XR platform. Priced at $1,800 without controllers, the device features dual 4.3K Micro-OLED displays, a Snapdragon XR2+ Gen 2 chip, extensive camera tracking, and deep Gemini AI integration. Ars Technica reports: Galaxy XR is a fully enclosed headset with passthrough video. It looks similar to the Apple Vision Pro, right down to the battery pack at the end of a cable. It packs solid hardware, including 16GB of RAM, 256GB of storage, and a Snapdragon XR2+ Gen 2 processor. That's a slightly newer version of the chip powering Meta's Quest 3 headset, featuring six CPU cores and an Adreno GPU that supports up to dual 4.3K displays. The new headset has a pair of 3,552 x 3,840 Micro-OLED displays with a 109-degree field of view. That's marginally more pixels than the Vision Pro and almost three times as many as the Quest 3. The displays can refresh at up to 90Hz, but the default is 72Hz to save power.

Like other XR (extended reality) devices, the Galaxy XR is covered with cameras. There are two 6.5 MP stereoscopic cameras that stream your surroundings to the high-quality screens, allowing the software to add virtual elements on top. There are six more outward-facing cameras for headset positioning and hand tracking. Four more cameras are on the inside for eye-tracking, and they can scan your iris for secure unlocking and password fill (in select apps). Samsung says the Galaxy XR has enough juice for two hours of general use or two and a half hours of video. That's not terribly long, but you may not want to wear the 545 grams (1.2 pounds) headset for even two hours. That's even a little heavier than the Quest 3, which has an integrated battery. However, both pale in comparison to the 800 g (1.7 pounds) second-generation Vision Pro.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/10/22/1959251/samsung-galaxy-xr-is-the-first-android-xr-headset?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Reuters: The hack of Jaguar Land Rover, owned by India's Tata Motors, cost the British economy an estimated $2.55 billion and affected over 5,000 organizations, an independent cybersecurity body said in a report published on Wednesday. The report was produced by the Cyber Monitoring Centre, an independent, not for profit organization made up of industry specialists, including the former head of Britain's National Cyber Security Centre. It said losses could be higher if there were unexpected delays to the restoration of production at the vehicle manufacturer to levels before the hack took place in August.

"This incident appears to be the most economically damaging cyber event to hit the UK, with the vast majority of the financial impact being due to the loss of manufacturing output at JLR and its suppliers," the report said. JLR will report its financial results in November, according to the company's website. A spokesperson for JLR declined to comment on the report. [...] JLR, which analysts estimated was losing around 50 million pounds per week from the shutdown, was provided with a 1.5 billion pound loan guarantee by the British government in late September to help it support suppliers.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/22/1952245/jaguar-land-rover-hack-cost-uk-economy-an-estimated-25-billion?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Coal use hit a record high around the world last year despite efforts to switch to clean energy, imperilling the world's attempts to rein in global heating. From a report: The share of coal in electricity generation dropped as renewable energy surged ahead. But the general increase in power demand meant that more coal was used overall, according to the annual State of Climate Action report, published on Wednesday. The report painted a grim picture of the world's chances of avoiding increasingly severe impacts from the climate crisis. Countries are falling behind the targets they have set for reducing greenhouse gas emissions, which have continued to rise, albeit at a lower rate than before.

Clea Schumer, a research associate at the World Resources Institute thinktank, which led the report, said: "There's no doubt that we are largely doing the right things. We are just not moving fast enough. One of the most concerning findings from our assessment is that for the fifth report in our series in a row, efforts to phase out coal are well off track."

[ Read more of this story ]( https://news.slashdot.org/story/25/10/22/1936249/global-use-of-coal-hit-record-high-in-2024?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Представлен выпуск свободной UNIX-подобной операционной системы OpenBSD 7.8. Проект OpenBSD был основан Тэо де Раадтом (Theo de Raadt) в 1995 году после конфликта с разработчиками NetBSD, в результате которого для Тэо был закрыт доступ к CVS репозиторию NetBSD. После этого Тэо де Раадт с группой единомышленников создал на базе дерева исходных текстов NetBSD новую открытую операционную систему, главными целями развития которой стали переносимость (поддерживается 13 аппаратных платформ), стандартизация, корректная работа, проактивная безопасность и интегрированные криптографические средства. Размер полного установочного ISO-образа базовой системы OpenBSD 7.8 составляет 597 МБ.

https://www.opennet.ru/opennews/art.shtml?num=64101

YouTube has added a new Shorts feature that makes it easier to manage how much time you're spending watching videos. From a report: Mobile users can now set a customizable daily limit that restricts how long they can scroll Shorts feeds, aiming to help viewers better manage their time instead of endlessly scrolling. When a user reaches their time limit, they will receive a notification saying Shorts has been paused for the day.

This notification is dismissible, however, so it's on the user to honor these self-imposed restrictions.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/22/192225/youtube-will-help-you-quit-watching-shorts?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Air pollution in New Delhi hit a five-year high this week, as Diwali fireworks combined with farming fires to shroud the city in a toxic haze. From a report: The annual spike has become something of a tradition in the megalopolis, with some parts of the city this week recording an air-quality index reading of 1,800 -- 20 times higher than levels the World Health Organization deems healthy. The news points to the challenge facing Indian authorities as they look to combat pollution and cut carbon emissions: The country has made huge progress in deploying renewable energy, but will still need up to $21 trillion in new investments in order to meet its 2070 net-zero target, according to government plans reported by Bloomberg.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/22/1818215/new-delhi-pollution-hits-five-year-high?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликовано: Wed, 22 Oct 2025 19:09:40 GMT
Канал: Все статьи подряд / Системное программирование / Хабр

Мост для тех кто привык к Systemd. Без эмуляции, без Systemd-зависимостей. Только переводит команды. Читать далее]]>

https://habr.com/ru/articles/959200/

Google and Apple face enforced changes to how they operate their mobile phone platforms, after the UK's competition watchdog ruled the companies require tougher regulatory oversight. From a report: The Competition and Markets Authority has conferred "strategic market status" (SMS) on the tech firms after investigating their mobile operating systems, app stores and browsers. It means Apple and Google will be subjected to tailormade guidelines to regulate their behaviour in the mobile market.

The CMA said the two companies have "substantial, entrenched" market power, with UK mobile phone owners using either Google or Apple's platforms and unlikely to switch between them. The regulator flagged the importance of their platforms to the UK economy and said they could be a bottleneck for businesses.

[...] Changes under consideration by the CMA include allowing users to be "steered" out of app stores to make purchases elsewhere, like on a company's own website. App developers have long taken issue with Apple and Google taking a cut from purchases made via apps. The CMA also wants both companies to ensure users have a "genuine choice" over the services they use on their devices, like digital wallets on Apple.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/22/181246/apple-and-google-face-enforced-changes-over-uk-smartphone-dominance?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shares a report: Social media platform Reddit sued AI startup Perplexity in New York federal court on Wednesday, accusing it and three other companies of unlawfully scraping its data to train Perplexity's AI-based search engine. Reddit said in the complaint that the data-scraping companies circumvented its data protection measures in order to steal data that Perplexity "desperately needs" to power its "answer engine" system.

[ Read more of this story ]( https://yro.slashdot.org/story/25/10/22/1743250/reddit-sues-perplexity-for-scraping-data-to-train-ai-system?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Meta removed a deepfake video from Facebook that falsely depicted Catherine Connolly withdrawing from Ireland's presidential election. The video was posted to an account called RTE News AI and viewed almost 30,000 times over 12 hours before the Irish Independent contacted the platform. The fabricated bulletin featured AI-generated versions of RTE newsreader Sharon Ni Bheolain and political correspondent Paul Cunningham announcing that Connolly had ended her campaign and the election scheduled for Friday would be cancelled.

Connolly responded in a statement that she remained a candidate and called the video a disgraceful attempt to mislead voters. Meta confirmed the account violated its community standards against impersonating people and organizations. Ireland's media regulator Coimisiun na Mean contacted Meta about the incident and reminded the platform of its obligations under the EU Digital Services Act. An Irish Times poll published last Thursday found Connolly leading the race with 38% support.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/22/1724212/meta-allows-deepfake-of-irish-presidential-candidate-to-spread-for-12-hours-before-removal?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shares a report: As it rushes to meet its pledge for "100 percent" of trips in electric vehicles by 2030, Uber is offering grants of $4,000 for drivers to swap their gas-guzzlers for zero-tailpipe emission vehicles. The company is also dropping its "Uber Green" branding in favor of the more simple "Uber Electric."

Uber has said it will be completely carbon neutral in North America and Europe by 2030 and in all global markets by 2040. But when it first announced this pledge in 2020, it said it wouldn't directly pay drivers to ditch their gas-burning vehicles in favor of EVs. Now, the company is reversing that decision in the hopes that direct payments can help accelerate EV adoption.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/22/1639229/uber-will-pay-drivers-4000-to-switch-to-evs?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google announced Wednesday that its quantum computer achieved the first verifiable quantum advantage, running a new algorithm 13,000 times faster than a top supercomputer. The algorithm, called Quantum Echoes, was published in the journal Nature. The results can be replicated on another quantum computer of similar quality, something Google had not demonstrated before. The quantum computer uses a chip called Willow, which was announced in December 2024. Hartmut Neven, head of Google's Quantum AI research lab, called the work a demonstration of the first algorithm with verifiable quantum advantage and a milestone on the software track.

Michel H. Devoret, who won this year's Nobel Prize in Physics and joined Google in 2023, said future quantum computers will run calculations impossible with classical algorithms. Google stopped short of claiming the work would have practical uses on its own. Instead, the company said Quantum Echoes demonstrated a technique that could be applied to other algorithms in drug discovery and materials science.

A second paper published Wednesday on arXiv showed how the method could be applied to nuclear magnetic resonance. The experiment involved a relatively small quantum system that fell short of full practical quantum advantage because it was not able to work faster than a traditional computer. Google exhaustively red-teamed the research, putting some researchers to work trying to disprove its own results.

Prineha Narang, a professor at UCLA, called the advance meaningful. The quantum computer tested two molecules, one with 15 atoms and another with 28 atoms. Results on the quantum computer matched traditional NMR and revealed information not usually available from NMR. Google's research competes against Microsoft, IBM, universities and efforts in China. The Chinese government has committed more than $15.2 billion to quantum research. Previous claims of quantum advantage have been met with skepticism.

[ Read more of this story ]( https://science.slashdot.org/story/25/10/22/163228/googles-quantum-computer-makes-a-big-technical-leap?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The proliferation of difficult-to-treat bacterial diseases represents a growing threat, according to the World Health Organization's (WHO) Global Antibiotic Resistance Surveillance Report. Wired: The report reveals that, between 2018 and 2023, antibiotic resistance increased by more than 40 percent in monitored pathogen-drug combinations, with an average annual increase of 5-15 percent. According to data reported by more than 100 countries to WHO's Global Antimicrobial Resistance and Use Surveillance System (GLASS), one in six laboratory-confirmed bacteria in 2023 proved resistant to antibiotic treatment, all related to various common diseases globally.

For the first time, this edition of the report includes prevalence estimates of resistance to 22 antibiotics used to treat urinary tract, gastrointestinal, bloodstream, and gonorrheal conditions. The analysis focused on eight common pathogens: Acinetobacter spp, Escherichia coli, Klebsiella pneumoniae, Neisseria gonorrhoeae, non-typhoidal Salmonella spp, Shigella spp, Staphylococcus aureus, and Streptococcus pneumoniae. The results show that resistant gram-negative bacteria pose the greatest threat. Of particular note are Escherichia coli and Klebsiella pneumoniae, which are associated with bloodstream infections that can lead to sepsis, organ failure, and death. "More than 40 percent of E. coli and more than 55 percent of K. pneumoniae strains worldwide are now resistant to third-generation cephalosporins, the first-choice treatment for these types of infections," the report warns.

[ Read more of this story ]( https://science.slashdot.org/story/25/10/22/1524248/resistant-bacteria-are-advancing-faster-than-antibiotics?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

More than 1,100 public figures have signed a statement calling for a prohibition on the development of superintelligence. The signatories included Nobel laureate Geoffrey Hinton, former Joint Chiefs of Staff Chairman Mike Mullen, Apple co-founder Steve Wozniak, entrepreneur Sir Richard Branson, former chief strategist to President Trump Steve Bannon and Turing Award winner Yoshua Bengio. The statement was organized by the Future of Life Institute, led by Anthony Aguirre, a physicist at the University of California, Santa Cruz. It proposes halting work on superintelligence until there is broad scientific consensus on safety and strong public support.

The institute's biggest recent donor is Vitalik Buterin, a co-founder of Ethereum. Notable tech executives did not sign the statement. Meta CEO Mark Zuckerberg said in July that superintelligence was now in sight. OpenAI CEO Sam Altman said last month he would be surprised if superintelligence did not arrive by 2030.

[ Read more of this story ]( https://slashdot.org/story/25/10/22/1448213/more-than-1100-public-figures-call-for-ban-on-ai-superintelligence?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Early Monday, an Amazon Web Services outage disrupted banks, games, and Peloton classes. Eight Sleep customers faced a different problem. Their internet-enabled mattresses malfunctioned. People woke to beds locked in upright positions, excessive heat, flashing lights, and unexpected alarms. Matteo Franceschetti, the company's chief executive, apologized and said engineers were building an outage-proof mode. By Monday evening, all devices functioned again, though some experienced data processing delays. The mattresses adjust temperature between 55 and 110 degrees and elevate bodies into different positions. They activate soundscapes and vibrational alarms. The advanced models cost over $5,000. A yearly subscription of $199 to $399 is required for temperature controls.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/22/1347211/smart-beds-malfunctioned-during-aws-outage?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from the Financial Times: A lot of critical financial and government infrastructure runs on Cobol. The more-than-60-year-old mainframe coding language is embedded into payments and transaction rails, even though there are very few Cobol-literate coders available to maintain them. The big argument in favor of sticking with Cobol systems is that they work. The catch is that, whenever they stop working, it is difficult to figure out why. That's not good in a crisis, which is exactly when they're most likely to break. Covid-19 put a lot of strain the US state benefit systems.

The ones that used Cobol for processing unemployment claims failed spectacularly, according to a new working paper from The Atlanta Fed: "States that used an antiquated [unemployment insurance]-benefit system experienced a 2.8 percentage point decline in total credit and debit card consumption relative to card consumption in states with more modern UI benefit systems. [...] Using this estimate in a back-of-the-envelope calculation, I find that the lack of investment in updating UI-benefit systems in COBOL states was associated with a reduction in real GDP of at least $40 billion (in 2019 dollars) lower during this [March 13 2020 to year-end] period

The paper uses Cobol as a proxy for old and inefficient IT, not the direct cause of failure. Claimants faced much longer delays in the 28 states that still used Cobol in 2020, both because of the unprecedented volume of claims and the difficulty updating systems with new eligibility rules, author Michael Navarrete finds. [...] As an aside, one oddity of the data is that Republican-controlled states were more likely to have replaced old IT systems, even though their standard unemployment insurance payments are lower on average. Why? Absolutely no idea, but here are the maps. And, once adjusted for state politics, here's the key finding.

[ Read more of this story ]( https://it.slashdot.org/story/25/10/22/047219/rubbish-it-systems-cost-the-us-at-least-40-billion-during-covid?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

General Motors is ending production of its Chevy BrightDrop electric delivery vans after sluggish demand and the expiration of key EV tax credits. "This is not a decision we made lightly because of the impact on our employees," GM CEO Mary Barra said during the company's third quarter earnings call Tuesday. "However the commercial electric van market has been developing much slower than expected, and changes to the regulatory framework and fleet incentives has made the business even more challenging." The Verge reports: Brightdrop first launched in 2021 as GM's effort to capture a large portion of the commercial EV market, starting with a pair of electric vans, as well as fleet management software and electric-powered carts for goods delivery. The automaker made deals with Walmart, FedEx, and other major retailers to add the van to their delivery fleets. But after trying to make a go of it as a standalone brand, GM reabsorbed BrightDrop in 2023, and then later assigned it to Chevy in order to tap into the brand's sales and service dealer network.

Now the van will stand as yet another casualty of the expiration of the $7,500 federal EV tax credit, which ended on September 30th. In addition to the consumer credit, there was also a $7,500 discount for commercial EVs under 18,000 lbs -- which Brightdrop was eligible for. The van was a range leader, but also was more expensive than its most prominent competitor. Brightdrop's vans started at $74,000, while Ford's E-Transit van with extended battery range sold for $51,600.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/22/0413239/gm-to-end-production-of-electric-chevy-brightdrop-vans?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

NASA has reopened SpaceX's $4.4 billion moon lander contract to new bidders like Blue Origin and Lockheed Martin after delays in Starship's development threatened the 2027 Artemis 3 mission. Reuters reports: The move paves the way for rivals such as Jeff Bezos' Blue Origin to snatch a high-profile mission to land the first astronauts on the moon in half a century. "I'm in the process of opening that contract up. I think we'll see companies like Blue get involved, and maybe others," the U.S. space agency's acting chief Sean Duffy, who also serves as U.S. Transportation Secretary, told Fox News' "Fox & Friends" program.

Duffy's comments follow months of mounting pressure within NASA to speed up its Artemis lunar program and push SpaceX to make greater progress on its Starship lunar lander, while China progresses toward its own goal of sending humans to the moon by 2030.
It represents a major shift in NASA's lunar strategy, starting a new competitive juncture in the program for a crewed moon lander just two years before the scheduled landing date. Blue Origin is widely expected to compete for the mission, while Lockheed Martin has indicated it would convene an industry team to heed NASA's call.

Starship, picked by NASA in 2021 under a contract now worth $4.4 billion, faces a 2027 moon landing deadline that agency advisers estimate could slip years behind schedule, citing competing priorities. Musk sees Starship as crucial to launching larger batches of Starlink satellites to space and eventually ferrying humans to Mars, among other missions. "They do remarkable things, but they're behind schedule," Duffy said of SpaceX's lunar lander work, adding President Donald Trump wants to see the mission take place before his White House term ends in January 2029.

[ Read more of this story ]( https://science.slashdot.org/story/25/10/22/0358206/nasa-opens-spacexs-moon-lander-contract-to-rivals-over-starship-delays?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from TechCrunch: WordPress co-founder and Automattic CEO Matt Mullenweg called the company's Tumblr acquisition his biggest failure -- but one he hasn't given up on yet. The comments were made at the recent WordCamp Canada 2025 conference, where Mullenweg went live for a Town Hall session to connect with the open source-focused WordPress community.

The exec noted that Tumblr was still on a different technical stack than WordPress -- something he had intended to correct by migrating the back end to WordPress infrastructure. However, that massive undertaking was put on hold earlier this year, as the cost to move Tumblr's half-billion blogs would be difficult given that the blogging platform wasn't profitable and continues to be sustained by the profits of other Automattic products.

The company has tried to trim costs with layoffs and the reallocation of Tumblr resources to more profitable parts of the business, but those efforts have yet to pay off. Mullenweg acknowledged these concerns at his Town Hall session, saying, "I need to switch [Tumblr] over to WordPress, but it's a big lift. It's over 500 million blogs, actually, and, as a business, it's costing so much more to run than it generates in revenue." As a result, Automattic had to prioritize other projects to make Tumblr sustainable, he said. "It's probably my biggest failure or missed opportunity right now, but we're still working on it," he added.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/2334237/automattic-ceo-calls-tumblr-his-biggest-failure-so-far?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликовано: 2025-10-22T12:20:24+00:00

Как в японском городке Макабе уже несколько столетий делают фонари из гранита? Такие традиционные фонарики можно встретить в садах по всей Японии, а также возле синтоистских и буддийских храмов Юго-Восточной Азии. В ролике демонстрируется традиционная техника изготовления фонарика Макабе, передаваемая из поколения в поколение. Мастера даже сдают государственные сертификационные экзамены по традиционному ремеслу!

https://www.youtube.com/watch?v=3tW5zye3dNs

Опубликовано: Wed, 22 Oct 2025 13:16:26 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

На изображении выше результат многолетних экспериментов и мучений в поисках облегчения такой, казалось бы, простой процедуры как поливать растения, кхе-кхе, вовремя 😊Это модульная система полива комнатных растений, которая взяла на себя всю заботу о круглогодичном поливе растений. Оно умеет подавать нужную порцию воды в требуемый канал и по необходимости туда же добавить жидкие удобрения. Система масштабируется и можно начать с одного канала и по надобности подключить дополнительные модули расширения.Ну, а далее распишу про все прототипы, которые придумывал на пути к данному решению... Читать далее]]>

https://habr.com/ru/articles/959086/

Опубликовано: Wed, 22 Oct 2025 12:19:16 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

В предыдущей статье я подключил два мотора к драйверу двигателей L298N. Сам драйвер управлялся с одноплатного компьютера Orange Pi Zero H+ через библиотеку gpiod, написанную на языке Python. Также я использовал avahi-daemon, чтобы задать для динамического IP одноплатника имя хоста, по которому к нему всегда можно обратиться, находясь в локальной сети.В этом материале я установлю все электрические компоненты на гусеничную платформу. Напишу код для LED, который будет выполнять роль индикации состояния подключения робота. Для этого я спаяю небольшую плату, на которой будут установлены светодиод, резистор на 150 Ом и провода для подключения. В конце статьи робот пройдёт полосу препятствий, что продемонстрирует эффективность софта для управления. Также исправлю некоторые ошибки, обнаруженные в процессе разработки.Статья будет полезна любителям DIY-проектов и веб-разработчикам, интересующимся фреймворком FastAPI. Читать далее]]>

https://habr.com/ru/companies/first/articles/958686/

Опубликовано: Wed, 22 Oct 2025 07:15:23 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

Привет, Хабр! Меня зовут Александр Фокин, я лидер по стратегии в ИТ-кластере «Развитие инфраструктуры», занимаюсь стратегическим менеджментом и технологической трансформацией. В прошлом у меня есть образование и опыт трехмерного моделирования, поэтому всегда с интересом наблюдал за развитием аддитивных технологий и 3D-печати. В 2024 году я купил первый 3D-принтер, а теперь планирую приобрести еще два (и это не шутка). Сегодня расскажу и покажу, что я напечатал за эти полтора года. Залетайте! Читать далее]]>

https://habr.com/ru/companies/ru_mts/articles/957498/

TOP10 VISITORS:

[1] 37.252.14.x point=144 web=0 up=27.0MB (32%) <--- ake (6/hr)
[2] 45.135.180.x point=240 web=0 up=20.8MB (25%) <--- yesterlink (10/hr)
[3] PetalBot point=6 web=1018 up=5.9MB (7%) <--- PetalBot
[4] Amazon point=0 web=125 up=3.9MB (4%)
[5] BLEXBot point=0 web=53 up=3.0MB (3%)
[6] ChatGPT point=0 web=22 up=2.9MB (3%)
[7] Google point=2 web=325 up=2.3MB (2%) <--- Google
[8] 217.114.158.x point=25 web=0 up=1.0MB (1%) <--- fox (1/hr)
[9] 94.25.231.x point=1 web=0 up=0.9MB (1%) <--- 94.25.231.x
[10] TikTok point=1 web=68 up=0.6MB (<1%) <--- TikTok

TOTAL TRAFFIC: 82MB

Состоялся релиз СУБД Valkey 9.0, в прошлом году ответвившейся от СУБД Redis. Форк был образован после перевода Redis 7.4 на проприетарную лицензию. В выпуске Redis 8.0 код был возвращён на свободную лицензию AGPLv3, но это не повлияло на разработку проекта Valkey. Valkey развивается на нейтральной площадке под покровительством организации Linux Foundation при участии разработчиков из таких компаний, как Amazon, Google, Oracle, Ericsson и Snap. Код проекта написан на языке Си и распространяется под лицензией BSD. Поддерживается работа в Linux, macOS, OpenBSD, NetBSD и FreeBSD.

https://www.opennet.ru/opennews/art.shtml?num=64096

В написанной на языке Rust библиотеке [ async-tar ]( https://github.com/dignifiedquire/async-tar ) , предоставляющей функции для чтения и записи tar-архивов, [ выявлена ]( https://edera.dev/stories/tarmageddon ) уязвимость (CVE-2025-62518, кодовое имя TARmageddon), позволяющая при распаковке специально оформленного tar-архива не только извлечь размещённые в нём файлы, но и файлы, содержащиеся во вложенном tar-архиве. Уязвимость может быть использована для обхода систем верификации архивов и распаковки файлов, для которых не выполнялась проверка.

Уязвимость также проявляется в форках библиотеки [ async-tar ]( https://crates.io/crates/async-tar ) , таких как [ tokio-tar ]( https://crates.io/crates/tokio-tar ) , [ krata-tokio-tar ]( https://crates.io/crates/krata-tokio-tar ) и [ astral-tokio-tar ]( https://crates.io/crates/astral-tokio-tar ) , а также в утилитах на их основе, например, в пакетном менеджере [ uv ]( https://github.com/astral-sh/uv ) , развиваемом в качестве высокопроизводительной замены «pip» для проектов на языке Python. Из популярных проектов, использующих уязвимые библиотеки, также отмечаются инструментарий [ testcontainers ]( https://crates.io/crates/testcontainers ) для запуска docker-контейнеров и WebAssembly runtime [ wasmCloud ]( https://crates.io/crates/wasmcloud ) . В репозитории crates.is за последние 90 дней библиотека async-tar насчитывает 1.3 млн загрузок, tokio-tar - 2.2 млн, testcontainers - 2.9 млн.

Уязвимость вызвана некорректным выбором позиции при разборе разных значений размера в заголовках ustar и PAX. В tar-архивах в формате PAX для каждого файла внутри архива указываются два заголовка - классический ustar и расширенный PAX. Проблема вызвана тем, что уязвимые библиотеки при распаковке файлов вместо вычисления смещения на основе размера из расширенного заголовка PAX, брали размер из устаревшего заголовка ustar. При нулевом значении размера в заголовке ustar, идущее за ним содержимое файла обрабатывалось как корректный блок TAR-заголовков для следующего файла.

Уязвимости в библиотеках [ присвоен ]( https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-j5gw-2vrg-8fgx ) уровень опасности 8.1 из 10, так как проблема может использоваться для перезаписи распаковываемых файлов (в уязвимых реализациях будут распакованы не те файлы, что были видны в архиве). При этом уязвимость в пакетном менеджере uv [ отмечена ]( https://github.com/astral-sh/uv/security/advisories/GHSA-w476-p2h3-79g9 ) как неопасная, так как если атакующий может влиять на содержимое исходного архива, нет смысла усложнять атаку и эксплуатировать уязвимость через вложенный архив, когда можно добиться выполнения кода через сборочные сценарии в основном архиве.

Выявившие уязвимость исследователи предложили несколько гипотетических сценариев атак, позволяющих обойти проверки безопасности и добиться выполнения кода через замену файлов конфигурации или вмешательство в сборочный процесс. Подразумевается, что присланный архив сможет пройти автоматизированную проверку сканером безопасности и ручной аудит, в ходе которого проверяющий не обратит внимание на странный вложенный архив с другими файлами, после чего при распаковке при помощи Rust-библиотек из архива будет извлечено иное содержимое, чем ожидалось.

Например, атакующий может загрузить модифицированный архив в репозиторий PyPI, который пройдёт проверку на основе анализа содержимого основного архива, содержащего легитимный файл pyproject.toml. При обработке данного пакета при помощи утилиты uv легитимный pyproject.toml будет заменён на вредоносный вариант из вложенного архива, содержащий команды, которые будут выполнены при сборке на компьютере разработчика или в системе непрерывной интеграции. Аналогично, можно организовать перезапись файлов контейнера при извлечении образа контейнера при помощи инструментария testcontainers.

https://www.linux.org.ru/news/security/18118692

Состоялся выпуск дистрибутива OpenWrt 24.10.4, развиваемого для сетевых устройств, таких как маршрутизаторы, коммутаторы и точки доступа. OpenWrt поддерживает 2815 устройств и предлагает систему сборки, упрощающую кросс-компиляцию и создание собственных сборок. Подобные сборки позволяют формировать готовые прошивки с желаемым набором предустановленных пакетов, оптимизированные под конкретные задачи. Готовые сборки опубликованы для 39 целевых платформ.

https://www.opennet.ru/opennews/art.shtml?num=64097

[ Foot ]( https://codeberg.org/dnkl/foot )  — быстрый, легковесный и активно развиваемый эмулятор терминала для композиторов, использующий протокол Wayland.

Ключевые особенности:

• Минимум зависимостей. Установка foot в систему со Sway WM приводит к добавлению 3 мегабайт зависимостей.

• Ручная отрисовка. Foot не использует OpenGL или Vulkan и полагается исключительно на API, предоставляемые композитором Wayland.

( [ читать дальше... ]( https://www.linux.org.ru/news/opensource/18118664#cut ) )

British Columbia is permanently banning new cryptocurrency mining operations from connecting to its power grid to conserve electricity for industries that generate more jobs and tax revenue. The province is also capping power allocations for AI and data centers, while launching a competitive allocation process in January 2026. CoinDesk reports: The move from the government of Canada's third-most populous province is part of a broader legislative and regulatory overhaul unveiled Monday [...]. "Government will also implement several regulatory and policy changes in fall 2025 that will ... permanently ban new BC Hydro connections to the electricity grid for cryptocurrency mining to preserve the province's electricity supply and avoid the overburdening of the electricity grid," the government said in a post on its website

The province said the restrictions will help prevent grid strain and ensure industrial development is powered by clean electricity. "We're seeing unprecedented demand from traditional and emerging industries," Charlotte Mitha, the president and CEO of power utility BC Hydro, said in the web post. "The province's strategy empowers BC Hydro to manage this growth responsibly, keeping our grid reliable and our energy future clean and affordable." Crypto mining operations often consume large amounts of electricity without creating many local jobs or tax revenue, according to the statement. By contrast, projects like mines or liquefied natural gas (LNG) facilities are seen as more beneficial to the economy.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/10/21/237254/british-columbia-to-permanently-ban-new-crypto-mining-projects-from-grid?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

alternative_right shares a report from the Internet Archive: This October, the Internet Archive's Wayback Machine is projected to hit a once-in-a-generation milestone: 1 trillion web pages archived. That's one trillion memories, moments, and movements -- preserved for the public and available to access via the Wayback Machine.

We'll be commemorating this historic achievement on October 22, 2025, with a global event: a party at our San Francisco headquarters and a livestream for friends and supporters around the world. More than a celebration, it's a tribute to what we've built together: a free and open digital library of the web.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/2324239/internet-archive-celebrates-1-trillion-web-pages-archived?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

joshuark shares a report from BleepingComputer: A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. The campaign employs "ClickFix" techniques where targets are tricked into executing commands in Terminal, infecting themselves with malware. Researchers at threat hunting company Hunt.io identified more than 85 domains impersonating the three platforms in this campaign [...].

When checking some of the domains, BleepingComputer discovered that in some cases the traffic to the sites was driven via Google Ads, indicating that the threat actor promoted them to appear in Google Search results. The malicious sites feature convincing download portals for the fake apps and instruct users to copy a curl command in their Terminal to install them, the researchers say. In other cases, like for TradingView, the malicious commands are presented as a "connection security confirmation step." However, if the user clicks on the 'copy' button, a base64-encoded installation command is delivered to the clipboard instead of the displayed Cloudflare verification ID.

[ Read more of this story ]( https://it.slashdot.org/story/25/10/21/2256241/fake-homebrew-google-ads-push-malware-onto-macos?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: AI content has proliferated across the Internet over the past few years, but those early confabulations with mutated hands have evolved into synthetic images and videos that can be hard to differentiate from reality. Having helped to create this problem, Google has some responsibility to keep AI video in check on YouTube. To that end, the company has started rolling out its promised likeness detection system for creators. [...] The likeness detection tool, which is similar to the site's copyright detection system, has now expanded beyond the initial small group of testers. YouTube says the first batch of eligible creators have been notified that they can use likeness detection, but interested parties will need to hand Google even more personal information to get protection from AI fakes.

Currently, likeness detection is a beta feature in limited testing, so not all creators will see it as an option in YouTube Studio. When it does appear, it will be tucked into the existing "Content detection" menu. In YouTube's demo video, the setup flow appears to assume the channel has only a single host whose likeness needs protection. That person must verify their identity, which requires a photo of a government ID and a video of their face. It's unclear why YouTube needs this data in addition to the videos people have already posted with their oh-so stealable faces, but rules are rules.

After signing up, YouTube will flag videos from other channels that appear to have the user's face. YouTube's algorithm can't know for sure what is and is not an AI video. So some of the face match results may be false positives from channels that have used a short clip under fair use guidelines. If creators do spot an AI fake, they can add some details and submit a report in a few minutes. If the video includes content copied from the creator's channel that does not adhere to fair use guidelines, YouTube suggests also submitting a copyright removal request. However, just because a person's likeness appears in an AI video does not necessarily mean YouTube will remove it.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/21/2250229/youtubes-likeness-detection-has-arrived-to-help-stop-ai-doppelgangers?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.