В написанной на языке Rust библиотеке [ async-tar ]( https://github.com/dignifiedquire/async-tar ) , предоставляющей функции для чтения и записи tar-архивов, [ выявлена ]( https://edera.dev/stories/tarmageddon ) уязвимость (CVE-2025-62518, кодовое имя TARmageddon), позволяющая при распаковке специально оформленного tar-архива не только извлечь размещённые в нём файлы, но и файлы, содержащиеся во вложенном tar-архиве. Уязвимость может быть использована для обхода систем верификации архивов и распаковки файлов, для которых не выполнялась проверка.

Уязвимость также проявляется в форках библиотеки [ async-tar ]( https://crates.io/crates/async-tar ) , таких как [ tokio-tar ]( https://crates.io/crates/tokio-tar ) , [ krata-tokio-tar ]( https://crates.io/crates/krata-tokio-tar ) и [ astral-tokio-tar ]( https://crates.io/crates/astral-tokio-tar ) , а также в утилитах на их основе, например, в пакетном менеджере [ uv ]( https://github.com/astral-sh/uv ) , развиваемом в качестве высокопроизводительной замены «pip» для проектов на языке Python. Из популярных проектов, использующих уязвимые библиотеки, также отмечаются инструментарий [ testcontainers ]( https://crates.io/crates/testcontainers ) для запуска docker-контейнеров и WebAssembly runtime [ wasmCloud ]( https://crates.io/crates/wasmcloud ) . В репозитории crates.is за последние 90 дней библиотека async-tar насчитывает 1.3 млн загрузок, tokio-tar - 2.2 млн, testcontainers - 2.9 млн.

Уязвимость вызвана некорректным выбором позиции при разборе разных значений размера в заголовках ustar и PAX. В tar-архивах в формате PAX для каждого файла внутри архива указываются два заголовка - классический ustar и расширенный PAX. Проблема вызвана тем, что уязвимые библиотеки при распаковке файлов вместо вычисления смещения на основе размера из расширенного заголовка PAX, брали размер из устаревшего заголовка ustar. При нулевом значении размера в заголовке ustar, идущее за ним содержимое файла обрабатывалось как корректный блок TAR-заголовков для следующего файла.

Уязвимости в библиотеках [ присвоен ]( https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-j5gw-2vrg-8fgx ) уровень опасности 8.1 из 10, так как проблема может использоваться для перезаписи распаковываемых файлов (в уязвимых реализациях будут распакованы не те файлы, что были видны в архиве). При этом уязвимость в пакетном менеджере uv [ отмечена ]( https://github.com/astral-sh/uv/security/advisories/GHSA-w476-p2h3-79g9 ) как неопасная, так как если атакующий может влиять на содержимое исходного архива, нет смысла усложнять атаку и эксплуатировать уязвимость через вложенный архив, когда можно добиться выполнения кода через сборочные сценарии в основном архиве.

Выявившие уязвимость исследователи предложили несколько гипотетических сценариев атак, позволяющих обойти проверки безопасности и добиться выполнения кода через замену файлов конфигурации или вмешательство в сборочный процесс. Подразумевается, что присланный архив сможет пройти автоматизированную проверку сканером безопасности и ручной аудит, в ходе которого проверяющий не обратит внимание на странный вложенный архив с другими файлами, после чего при распаковке при помощи Rust-библиотек из архива будет извлечено иное содержимое, чем ожидалось.

Например, атакующий может загрузить модифицированный архив в репозиторий PyPI, который пройдёт проверку на основе анализа содержимого основного архива, содержащего легитимный файл pyproject.toml. При обработке данного пакета при помощи утилиты uv легитимный pyproject.toml будет заменён на вредоносный вариант из вложенного архива, содержащий команды, которые будут выполнены при сборке на компьютере разработчика или в системе непрерывной интеграции. Аналогично, можно организовать перезапись файлов контейнера при извлечении образа контейнера при помощи инструментария testcontainers.

https://www.linux.org.ru/news/security/18118692

Состоялся выпуск дистрибутива OpenWrt 24.10.4, развиваемого для сетевых устройств, таких как маршрутизаторы, коммутаторы и точки доступа. OpenWrt поддерживает 2815 устройств и предлагает систему сборки, упрощающую кросс-компиляцию и создание собственных сборок. Подобные сборки позволяют формировать готовые прошивки с желаемым набором предустановленных пакетов, оптимизированные под конкретные задачи. Готовые сборки опубликованы для 39 целевых платформ.

https://www.opennet.ru/opennews/art.shtml?num=64097

[ Foot ]( https://codeberg.org/dnkl/foot )  — быстрый, легковесный и активно развиваемый эмулятор терминала для композиторов, использующий протокол Wayland.

Ключевые особенности:

• Минимум зависимостей. Установка foot в систему со Sway WM приводит к добавлению 3 мегабайт зависимостей.

• Ручная отрисовка. Foot не использует OpenGL или Vulkan и полагается исключительно на API, предоставляемые композитором Wayland.

( [ читать дальше... ]( https://www.linux.org.ru/news/opensource/18118664#cut ) )

British Columbia is permanently banning new cryptocurrency mining operations from connecting to its power grid to conserve electricity for industries that generate more jobs and tax revenue. The province is also capping power allocations for AI and data centers, while launching a competitive allocation process in January 2026. CoinDesk reports: The move from the government of Canada's third-most populous province is part of a broader legislative and regulatory overhaul unveiled Monday [...]. "Government will also implement several regulatory and policy changes in fall 2025 that will ... permanently ban new BC Hydro connections to the electricity grid for cryptocurrency mining to preserve the province's electricity supply and avoid the overburdening of the electricity grid," the government said in a post on its website

The province said the restrictions will help prevent grid strain and ensure industrial development is powered by clean electricity. "We're seeing unprecedented demand from traditional and emerging industries," Charlotte Mitha, the president and CEO of power utility BC Hydro, said in the web post. "The province's strategy empowers BC Hydro to manage this growth responsibly, keeping our grid reliable and our energy future clean and affordable." Crypto mining operations often consume large amounts of electricity without creating many local jobs or tax revenue, according to the statement. By contrast, projects like mines or liquefied natural gas (LNG) facilities are seen as more beneficial to the economy.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/10/21/237254/british-columbia-to-permanently-ban-new-crypto-mining-projects-from-grid?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

alternative_right shares a report from the Internet Archive: This October, the Internet Archive's Wayback Machine is projected to hit a once-in-a-generation milestone: 1 trillion web pages archived. That's one trillion memories, moments, and movements -- preserved for the public and available to access via the Wayback Machine.

We'll be commemorating this historic achievement on October 22, 2025, with a global event: a party at our San Francisco headquarters and a livestream for friends and supporters around the world. More than a celebration, it's a tribute to what we've built together: a free and open digital library of the web.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/2324239/internet-archive-celebrates-1-trillion-web-pages-archived?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

joshuark shares a report from BleepingComputer: A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. The campaign employs "ClickFix" techniques where targets are tricked into executing commands in Terminal, infecting themselves with malware. Researchers at threat hunting company Hunt.io identified more than 85 domains impersonating the three platforms in this campaign [...].

When checking some of the domains, BleepingComputer discovered that in some cases the traffic to the sites was driven via Google Ads, indicating that the threat actor promoted them to appear in Google Search results. The malicious sites feature convincing download portals for the fake apps and instruct users to copy a curl command in their Terminal to install them, the researchers say. In other cases, like for TradingView, the malicious commands are presented as a "connection security confirmation step." However, if the user clicks on the 'copy' button, a base64-encoded installation command is delivered to the clipboard instead of the displayed Cloudflare verification ID.

[ Read more of this story ]( https://it.slashdot.org/story/25/10/21/2256241/fake-homebrew-google-ads-push-malware-onto-macos?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: AI content has proliferated across the Internet over the past few years, but those early confabulations with mutated hands have evolved into synthetic images and videos that can be hard to differentiate from reality. Having helped to create this problem, Google has some responsibility to keep AI video in check on YouTube. To that end, the company has started rolling out its promised likeness detection system for creators. [...] The likeness detection tool, which is similar to the site's copyright detection system, has now expanded beyond the initial small group of testers. YouTube says the first batch of eligible creators have been notified that they can use likeness detection, but interested parties will need to hand Google even more personal information to get protection from AI fakes.

Currently, likeness detection is a beta feature in limited testing, so not all creators will see it as an option in YouTube Studio. When it does appear, it will be tucked into the existing "Content detection" menu. In YouTube's demo video, the setup flow appears to assume the channel has only a single host whose likeness needs protection. That person must verify their identity, which requires a photo of a government ID and a video of their face. It's unclear why YouTube needs this data in addition to the videos people have already posted with their oh-so stealable faces, but rules are rules.

After signing up, YouTube will flag videos from other channels that appear to have the user's face. YouTube's algorithm can't know for sure what is and is not an AI video. So some of the face match results may be false positives from channels that have used a short clip under fair use guidelines. If creators do spot an AI fake, they can add some details and submit a report in a few minutes. If the video includes content copied from the creator's channel that does not adhere to fair use guidelines, YouTube suggests also submitting a copyright removal request. However, just because a person's likeness appears in an AI video does not necessarily mean YouTube will remove it.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/21/2250229/youtubes-likeness-detection-has-arrived-to-help-stop-ai-doppelgangers?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

U.S. regulators have opened a new investigation into about 2,000 Waymo self-driving cars after reports that one of the company's robotaxis illegally passed a stopped school bus with flashing lights and children disembarking.

Waymo says it's "already developed and implemented improvements related to stopping for school buses and will land additional software updates in our next software release." The company added "driving safely around children has always been one of Waymo's highest priorities. ... [Waymo] approached the school bus from an angle where the flashing lights and stop sign were not visible and drove slowly around the front of the bus before driving past it, keeping a safe distance from children." Reuters reports: NHTSA opened the investigation after a recent media report aired video of an incident in Georgia in which a Waymo did not remain stationary when approaching a school bus with its red lights flashing and stop arm deployed.
The report said the Waymo vehicle initially stopped then maneuvered around the bus, passing the extended stop arm while students were disembarking.
Waymo's automated driving system surpassed 100 million miles of driving in July and is logging 2 million miles per week, the agency said. "Based on NHTSA's engagement with Waymo on this incident and the accumulation of operational miles, the likelihood of other prior similar incidents is high," the agency said. NHTSA said the vehicle involved was equipped with Waymo's fifth-generation Automated Driving System and was operating without a human safety driver at the time of the incident.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/2244249/us-investigates-waymo-robotaxis-over-safety-around-school-buses?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The German Koblenz Regional Court has banned the internet service provider 1&1 from marketing its fiber-to-the-curb service as fiber-optic DSL. The court found that the company misled customers because its network uses copper cables for the final stage of connections, sometimes extending up to a mile from the distribution box to subscribers' homes.

Customers who visited the ISP's website and checked connection availability received a notification stating that a "1&1 fiber optic DSL connection" was available, even though fiber optic cables terminate at street-level distribution boxes or building service rooms. The company pairs the copper lines with vectoring technology to boost DSL speeds to 100 megabits per second. The Federation of German Consumer Organizations filed the lawsuit. Ramona Pop, the organization's chairperson, said that anyone who promises fiber optics but delivers only DSL is deceiving customers.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/2138208/isp-deceived-customers-about-fiber-internet-german-court-finds?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

JetBrains released its annual State of the Developer Ecosystem survey in late October, drawing more than twenty-four thousand responses from programmers worldwide. The survey declared that PHP and Ruby are in "long term decline" based on usage trends tracked over five years. Shortly after publication, JetBrains posted a separate statement asserting that "PHP remains a stable, professional, and evolving ecosystem." The company offered no explanation for the apparent contradiction, The Register reports.

The survey's methodology involves weighting responses to account for bias toward JetBrains users and regional distribution factors. The company acknowledges some bias likely remains since its own customers are more inclined to respond. The survey also found that 85% of developers now use AI coding tools.

[ Read more of this story ]( https://developers.slashdot.org/story/25/10/21/2132259/jetbrains-survey-declares-php-declining-then-says-it-isnt?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

TikTok changed its policies earlier this year on sharing user data with governments as the company negotiated with the Trump Administration to continue operating in the United States. The company added language allowing data sharing with "regulatory authorities, where relevant" beyond law enforcement. Until April 25, 2025, TikTok's website stated the company would notify users before disclosing their data to law enforcement. The policy now says TikTok will inform users only where required by law and changed the timing from before disclosure to if disclosure occurs. The company also softened its language from stating it "rejects data requests from law enforcement authorities" to saying it "may reject" such requests. TikTok declined to answer repeated questions from Forbes about whether it has shared or is sharing private user information with the Department of Homeland Security or Immigration and Customs Enforcement. The timing difference prevents users from challenging subpoenas before their data is handed over.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/2125252/tiktoks-new-policies-remove-promise-to-notify-users-before-government-data-disclosure?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Apple's effort to reinvent the iPad by adding a giant foldable screen has hit development hurdles, potentially delaying the planned launch. Bloomberg: The company has been working on the device -- projected to cost around $3,000 -- for several years and had most recently aimed for a 2028 release. But engineering challenges tied to weight, features and display technology have pushed its potential debut to 2029 or later, according to people familiar with the matter.

Apple is working with Samsung Display Co. to develop the roughly 18-inch panel for the device, said the people, who asked not to be identified because the work isn't public. The screen minimizes the crease seen on foldable displays, matching an approach that Apple is also using with its upcoming foldable iPhone. The iPad project is part of a broader push to bring more innovative devices to market. Apple just introduced its first new iPhone design in years -- the ultrathin $999 Air model -- and is working on everything from smart glasses to a tabletop robot device.

[ Read more of this story ]( https://apple.slashdot.org/story/25/10/21/2047227/apples-planned-foldable-ipad-with-18-inch-screen-hits-development-snags?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"Plasma is a popular desktop (and mobile) environment for GNU/Linux and other UNIX-like operating systems," writes longtime Slashdot reader jrepin. "Among other things, it also powers the desktop mode of the Steam Deck gaming handheld. The KDE community today announced the latest release: Plasma 6.5." From the announcement: This fresh new release is all about fine-tuning, fresh features, and a making everything smooth and sleek for everyone. The new version brings automatic light-to-dark theme switching based on the time of day. You can configure which global themes it switches between. You can also configure whether you want the wallpaper to switch between its light and dark versions based on the color scheme, the time of day, or be always light or dark.

Next up is a "Pinned clipboard items" feature, which lets you save text you use regularly into the clipboard. Breeze-themed windows will now have the same level of roundness in all four corners, even the bottom one. Flatpak Permissions page has been transformed into a general Application Permissions page, where you can configure applications' ability to do things like take screenshots and accept remote control requests. The utility that reads the level of ink or toner from your printer now informs you when it's running low or empty.

For the gamers out there, you can now see more relevant info about game controllers on System Settings' Game Controller page. Artists among you can now configure any rotary dials and touch rings on your drawing tablet. Users sensitive to color can now make use of a grayscale color filter, which desaturates or removes color systemwide.

Plasma 6.5 implements support for an experimental version of the Wayland picture-in-picture protocol that promises to allow apps like Firefox to eventually display proper PiP windows that stay above others automatically. Support for "overlay planes" was added, which can reduce CPU usage and power draw when displaying full-screen content using a compatible GPU. You can read more about these and many other new features in the Plasma 6.5 release announcement and complete changelog.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/1948244/kde-plasma-65-released?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

В написанной на языке Rust библиотеке async-tar, предоставляющей функции для чтения и записи tar-архивов, выявлена уязвимость (CVE-2025-62518, кодовое имя TARmageddon), позволяющая при распаковке специально оформленного tar-архива не только извлечь размещённые в нём файлы, но и файлы, содержащиеся во вложенном tar-архиве. Уязвимость может быть использована для обхода систем верификации архивов и распаковки файлов, для которых не выполнялась проверка.

https://www.opennet.ru/opennews/art.shtml?num=64093

An anonymous reader quotes a report from Ars Technica: On Monday afternoon, Amazon confirmed that an outage affecting Amazon Web Services' cloud hosting, which had impacted millions across the Internet, had been resolved. Considered the worst outage since last year's CrowdStrike chaos, Amazon's outage caused "global turmoil," Reuters reported. AWS is the world's largest cloud provider and, therefore, the "backbone of much of the Internet," ZDNet noted. Ultimately, more than 28 AWS services were disrupted, causing perhaps billions in damages, one analyst estimated for CNN.

[...] Amazon's problems originated at a US site that is its "oldest and largest for web services" and often "the default region for many AWS services," Reuters noted. The same site has experienced two outages before in 2020 and 2021, but while the tech giant had confirmed that those prior issues had been "fully mitigated," apparently the fixes did not ensure stability into 2025. ZDNet noted that Amazon's first sign of the outage was "increased error rates and latency across numerous key services" tied to its cloud database technology. Although "engineers later identified a Domain Name System (DNS) resolution problem" as the root of these issues and quickly fixed it, "other AWS services began to fail in its wake, leaving the platform still impaired" as more than two dozen AWS services shut down. At the peak of the outage on Monday, Down Detector tracked more than 8 million reports globally from users panicked by the outage, ZDNet reported. Ken Birman, a computer science professor at Cornell University, told Reuters that "software developers need to build better fault tolerance."

"When people cut costs and cut corners to try to get an application up, and then forget that they skipped that last step and didn't really protect against an outage, those companies are the ones who really ought to be scrutinized later."

[ Read more of this story ]( https://slashdot.org/story/25/10/21/1942240/amazons-dns-problem-knocked-out-half-the-web-likely-costing-billions?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

В кодовую базу ядра Linux, на основе которой формируется релиз 6.18, принята реализация механизма межпроцессного взаимодействия Binder, написанная на языке Rust.

https://www.opennet.ru/opennews/art.shtml?num=64092

France and Spain are calling on the European Union to stick with plans to ban combustion engine cars in the bloc after 2035, at odds with German Chancellor Friedrich Merz ahead of a meeting of leaders in Brussels this week. From a report: The European Commission, the bloc's executive branch, is currently reviewing rules designed to accelerate the automotive sector's green transition. Merz has called on the bloc to give up its 2035 deadline to help Germany's troubled car industry.

France and Spain "hope that the upcoming review will preserve the 2035 cap and the environmental ambition of the CO2 emissions trajectory that underpins it," a paper presented to climate ministers in Luxembourg on Tuesday, and seen by Bloomberg says. "This revision should in no way call into question the zero emissions exhaust target in 2035."

[ Read more of this story ]( https://news.slashdot.org/story/25/10/21/1759230/france-and-spain-call-on-eu-to-uphold-2035-combustion-engine-ban?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

OpenAI released ChatGPT Atlas on Tuesday, an AI-powered web browser that CEO Sam Altman described as "smooth" and "quick" during a livestream announcement. The browser is available globally on macOS while versions for Windows, iOS, and Android are expected soon. Atlas includes memory features that personalize the browsing experience and an agent mode that allows ChatGPT to perform tasks such as booking reservations and flights or editing documents.

Users can manage these stored memories through the browser's settings and can open incognito windows. The browser displays a split-screen view by default when users click links from search results. The view shows both the webpage and the ChatGPT transcript simultaneously. Atlas also offers webpage summarization and a feature called "cursor chat" that allows users to select text and have ChatGPT revise it inline.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/1725235/openai-debuts-ai-powered-browser-with-memory-and-agent-features?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Компания Oracle опубликовала корректирующий релиз системы виртуализации VirtualBox 7.2.4, в котором устранено 8 уязвимостей, подробности о которых пока не раскрываются. Указано только, что наиболее серьёзная проблема имеет уровень опасности 8.2 из 10. Кроме уязвимостей в новой версии представлено 6 изменений.

https://www.opennet.ru/opennews/art.shtml?num=64094

Apple lashed out at the European Union's attempts to tame the power of Silicon Valley in the most far-reaching legal challenge of the bloc's Big Tech antitrust rules. From a report: The iPhone maker's lawyer Daniel Beard told the General Court in Luxembourg on Tuesday that the Digital Markets Act "imposes hugely onerous and intrusive burdens" at odds with Apple's rights in the EU marketplace.

The DMA came onto the EU's books in 2023 and is designed to clip the wings of the world's largest technology platforms with a slew of dos and don'ts. But over recent months, the law has also drawn the ire of US President Donald Trump and plagued EU-US trade talks. Apple -- seen as the biggest renegade against the EU's crackdown -- challenged the law on three fronts: EU obligations to make rival hardware work with its iPhone, the regulator's decision to drag the hugely profitable App Store under the rules, and a decision to probe whether iMessage should have faced the rules, which it later escaped.

[ Read more of this story ]( https://apple.slashdot.org/story/25/10/21/1634248/apple-attacks-eu-crackdown-in-digital-laws-biggest-court-test?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

London police finally understand why 80,000 phones disappeared from the city's streets last year. The answer involves budget cuts [non-paywalled source] that hollowed out British policing in the 2010s, the arrival of electric bikes that made theft easy, and a lucrative black market in China where stolen British phones retain full functionality. The Metropolitan Police discovered an industrial-scale operation in December when officers traced a woman's iPhone to a Heathrow warehouse on Christmas Eve. Boxes labeled as batteries and bound for Hong Kong contained almost 1,000 stolen iPhones. The police arrested two men in their thirties in September as suspected ringleaders of a group that sent up to 40,000 stolen phones to China.

The epidemic took root after Conservative-led austerity measures reduced police numbers and budgets. In 2017 the Metropolitan Police announced it would stop investigating low-level crimes to focus resources on serious violence and sexual offenses. Thieves on rented electric bikes began mounting sidewalks to snatch phones at high speed while wearing balaclavas and hoods. Police data shows only 495 people were charged out of 106,000 phones reported stolen between March 2024 and February 2025. Thieves earn up to $401 per device. The phones sell for up to $5,000 in China because Chinese network providers do not subscribe to the international blacklist for stolen devices.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/21/1557254/london-became-a-global-hub-for-phone-theft-now-we-know-why?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

President Trump's $100,000 H-1B visa fee will apply only to new visa applicants outside the country, the government confirmed in new guidance on Monday. From a report: That means that under the new policy, employers won't need to pay the fee for anyone already living in the U.S., such as international students. The new guidance: Under the new guidance published on Monday, U.S. Citizenship and Immigration Services said the $100,000 fee will apply only to new applicants living outside the country. Employers will need to pay the fee after their prospective employee's visa is approved, allowing them to move to the U.S.

Previously, the White House had said the fee would apply to all new visa applicants, except those who work for companies or industries that have secured a special waiver. In 2024, roughly 54% of the 141,000 new H-1B visas issued went to immigrants who were already in the U.S. on a different visa type, according to government statistics. If that trend holds, the new fee wouldn't apply to over half of the applicants.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/21/1524225/us-narrows-who-pays-100000-h-1b-visa-fee?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Filipino workers in Manila are remotely operating robots that restock convenience store shelves across Tokyo. The partnership represents a new economic model where physical labor can be offshored through telepresence. Around 60 workers at Astro Robotics monitor the machines and intervene when problems occur about 4% of the time. They earn between $250 and $315 per month. Japan faces severe labor shortages but has resisted expanding immigration. Offshoring the work through robots solves this while dramatically reducing costs.

Filipino workers are also training the AI systems designed to eliminate the need for human operators entirely. Tokyo-based Telexistence has collected extensive data from its workers and is providing it to a San Francisco startup building fully autonomous robots. The combination of automation and offshoring creates what one University of Michigan professor called a "double whammy" for workers in developed nations. It also exploits workers in developing countries who build the tools meant to replace them. The market for AI agents is expected to grow eightfold to $43 billion by 2030. Human-only work is forecast to drop 27% over the next five years.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/10/21/1328234/japanese-convenience-stores-are-hiring-robots-run-by-workers-in-the-philippines?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Amazon executives believe the company can avoid hiring more than 160,000 workers in the United States by 2027 through robotic automation. Internal documents viewed by The New York Times show the automation would save approximately 30 cents on each item the company picks, packs and delivers. The documents reveal that executives told Amazon's board last year they hoped automation would allow the company to flatten its U.S. workforce growth over the next decade.

Amazon expects to sell twice as many products by 2033. That projection translates to more than 600,000 positions Amazon would not need to fill. Amazon opened its most advanced warehouse in Shreveport, Louisiana last year as a template for future facilities. The site uses a thousand robots and employed a quarter fewer workers than it would have without automation. The company plans to replicate this design in approximately 40 facilities by the end of 2027. A facility in Stone Mountain, Georgia currently employs roughly 4,000 workers. After a planned robotic retrofit, internal analyses project it will process 10% more items but need as many as 1,200 fewer employees. The documents show Amazon's robotics team has set a goal to automate 75% of its operations.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/10/21/1316207/amazon-plans-to-avoid-hiring-600000-workers-through-automation-by-2033-leaked-documents-show?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from The Register: Lloyds Banking Group claims employees save 46 minutes daily using Microsoft 365 Copilot, based on a survey of 1,000 users among nearly 30,000 deployed licenses. According to Lloyds Banking Group (LBG), the rollout is "helping teams summarize documents, prepare for meetings, and reduce administrative tasks." Almost 5,000 engineers are also using GitHub Copilot. Vic Weigler, chief technology officer at the finance corp, said in a statement: "We converted 11,000 lines of code across 83 files in half the expected time."

An insider at the bank, a self-professed fan of the technology, listed some of the ways it was being used in their business area. These ranged from the mundane -- drafting and summarizing emails, transcribing meetings, and comparing documents to group standards -- to the eyebrow-raising, such as drafting legal clauses, undertaking due diligence, and creating complex Excel formulas. They told us the next step is creating bots and agents to perform repetitive data-based tasks and rolling out the technology to customer-facing processes. That said, they also noted the AI tools occasionally make mistakes. The "golden rule," is to "never use the output without checking it."

[ Read more of this story ]( https://slashdot.org/story/25/10/20/223252/lloyds-banking-group-claims-microsoft-copilot-saves-staff-46-minutes-a-day?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

После четырёх месяцев разработки опубликован релиз среды рабочего стола KDE Plasma 6.5. Для оценки работы новых выпусков KDE можно воспользоваться сборками от проектов KDE Neon и openSUSE (Argon, основанный на openSUSE Leap, и Krypton, основанный на openSUSE Tumbleweed).

https://www.opennet.ru/opennews/art.shtml?num=64089

27 лет назад, в октябре 1998 года, был зарегистрирован домен Linux.org.ru.

По традиции просьба написать в комментариях, что бы вы хотели изменить на сайте, чего не хватает и какие функции стоит дальше развивать. Интересны и идеи по развитию, и мелочи, которые хотелось бы поменять, например, мешающие проблемы юзабилити и баги.

https://www.linux.org.ru/news/linux-org-ru/18117921

Alibaba Cloud claims its new Aegaeon GPU pooling system cuts Nvidia GPU use by 82%, letting 213 H20 accelerators handle workloads that previously required 1,192. The advancements have been detailed in a paper (PDF) at the 2025 ACM Symposium on Operating Systems (SOSP) in Seoul. Tom's Hardware reports: Unlike training-time breakthroughs that chase model quality or speed, Aegaeon is an inference-time scheduler designed to maximize GPU utilization across many models with bursty or unpredictable demand. Instead of pinning one accelerator to one model, Aegaeon virtualizes GPU access at the token level, allowing it to schedule tiny slices of work across a shared pool. This means one H20 could serve several different models simultaneously, with system-wide "goodput" -- a measure of effective output -- rising by as much as nine times compared to older serverless systems.

The system was tested in production over several months, according to the paper, which lists authors from both Peking University and Alibaba's infrastructure division, including CTO Jingren Zhou. During that window, the number of GPUs needed to support dozens of different LLMs -- ranging in size up to 72 billion parameters -- fell from 1,192 to just 213. While the paper does not break down which models contributed most to the savings, reporting by the South China Morning Post says the tests were conducted using Nvidia's H20, one of the few accelerators still legally available to Chinese buyers under current U.S. export controls.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/10/21/005243/alibaba-cloud-says-it-cut-nvidia-ai-gpu-use-by-82-with-new-pooling-system?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликовано: Tue, 21 Oct 2025 10:20:54 GMT
Канал: Все статьи подряд / Робототехника / Хабр

Привет, Хабр! Одна из задач при управлении роботами-манипуляторами – расчет обратной кинематики. Данный вид кинематики позволяет вычислить углы наклона суставов робота (joints) таким образом, чтобы захват (grip) робота пришел в заданные трехмерные координаты с правильным углом наклона. Для многих роботов уже есть алгоритмы и формулы вычисления обратной кинематики, мы (команда Zebrains) столкнулись с отсутствием готового решения для робота xArm 2.0. В статье мы подробно опишем с какими сложностями столкнулись при управлении данным роботом, как получили формулы для расчета двух видов кинематики для данного робота и поделимся кодом на C++. В проекте использовался ROS2, ноды которого были написаны на C++. Читать далее]]>

https://habr.com/ru/articles/958194/

Компании Intel и AMD совместно развивают расширенный набор инструкций ChkTag (x86 Memory Tagging), который будет стандартизирован для унифицированной реализации в x86-процессорах различных производителей. По своим возможностям ChkTag напоминает расширение MTE (MemTag), уже поставляемое в процессорах ARM, и также позволяет блокировать эксплуатацию уязвимостей, вызванных обращением к уже освобождённым блокам памяти, переполнением буфера или обращением к памяти до инициализации.

https://www.opennet.ru/opennews/art.shtml?num=64091

Опубликовано: Tue, 21 Oct 2025 07:01:01 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

Чаще всего мы приезжаем на новые объекты, где умный дом только что установили. Мы видим аккуратно собранный щит — десятки модулей, контроллер, кабели, автоматы — но не видим, как с этим живут люди.Эта поездка оказалась другой. Мы побывали в двухуровневой квартире, где система автоматизации работает с 2020 года, и хозяин не просто использует ее, а пишет сценарии в Node-RED. Система автоматизации квартиры управляет климатом, освещением и шторами. Мы получили от Константина, ее владельца, обратную связь после нескольких лет эксплуатации. И ею мы хотим поделиться.Но главная особенность этого проекта в другом: умный дом здесь можно выключить. Обычным переключателем система переводится в «ручной» режим — автоматика отключается, и свет работает как в обычной квартире, через стандартные выключатели и фазу.Нам подобное резервирование кажется избыточным. А вот хозяину нравится. Кто прав — решать вам. Читать далее]]>

https://habr.com/ru/companies/wirenboard/articles/958434/

Опубликовано: Tue, 21 Oct 2025 07:07:03 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

Привет, Хабра. Я — Вадим. Когда-то здесь рассказывал, как делал WhammyD — педальки-контроллеры для Digitech Whammy. Это была весёлая история, но закончилась она остановкой проекта, потому что устройства были, прямо скажем, мало кому нужны.В этой статье расскажу про новый проект — Neko. Это гаджет, чтобы каждый человек мог кайфануть от игры на гитаре, реализовать свои музыкальные идеи и почувствовать себя музыкантом, даже если на это остаётся 15 минут после рабочего дня. Читать далее]]>

https://habr.com/ru/articles/957736/

После почти трёх лет разработки опубликован релиз Supertuxkart 1.5, свободной гоночной игры с большим количеством картов, трасс и возможностей. Код игры распространяется под лицензией GPLv3. Бинарные сборки доступны для Linux, Android, Windows и macOS.

https://www.opennet.ru/opennews/art.shtml?num=64090

SpaceX surpassed the 10,000-satellite milestone for its Starlink constellation after two Falcon 9 launches on Oct. 19 added 56 more satellites to orbit. The company now operates about two-thirds of all active satellites worldwide and continues to break reuse records. Space.com reports: A Falcon 9 rocket carrying 28 Starlink internet satellites lifted off from California's Vandenberg Space Force Base today at 3:24 p.m. EDT (1924 GMT; 12:24 p.m. local California time). Those 28 included the 10,000th Starlink spacecraft ever to reach orbit, which a SpaceX employee noted on the company's launch webcast: "From Tintin to 10,000! Go Starlink, go Falcon, go SpaceX!"

It was also the 132nd Falcon 9 liftoff of the year, equaling the mark set by the rocket last year -- and there are still nearly 2.5 months to go in 2025. [...] This launch was the second of the day for SpaceX; less than two hours earlier, another Falcon 9 sent 28 more Starlink satellites up from Florida's Space Coast. That earlier liftoff was the 31st for that Falcon 9's first stage, setting a new reuse record.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/21/000208/spacex-launches-10000th-starlink-satellite?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

TOP10 VISITORS:

[1] 37.252.14.x point=144 web=0 up=27.0MB (37%) <--- ake (6/hr)
[2] 45.135.180.x point=240 web=0 up=20.8MB (28%) <--- yesterlink (10/hr)
[3] PetalBot point=4 web=1025 up=6.0MB (8%) <--- PetalBot
[4] Amazon point=0 web=110 up=3.0MB (4%)
[5] Google point=1 web=174 up=1.3MB (1%) <--- Google
[6] 217.114.158.x point=25 web=0 up=0.9MB (1%) <--- fox (1/hr)
[7] 148.113.128.x point=0 web=89 up=0.5MB (<1%)
[8] 167.114.139.x point=0 web=85 up=0.5MB (<1%)
[9] 54.39.6.x point=0 web=79 up=0.5MB (<1%)
[10] 15.235.27.x point=0 web=74 up=0.5MB (<1%)

TOTAL TRAFFIC: 72MB

В кодовую базу, на основе которой формируется выпуск Mesa 25.3, приняты изменения, существенно увеличивающих скорость работы движка выполнения больших языковых моделей Llama.cpp при использовании Vulkan-бэкенда на системах с GPU AMD и Mesa-драйвером RADV. Оптимизированный драйвер RADV в некоторых тестах llama-bench стал быстрее проприетарного драйвера AMDVLK и стека ROCm на 31% при обработке запросов (тесты "pp" - prompt processing) и на 4% при генерации токенов (тесты "tg" - token generation). Оптимизацию выполнил Рис Перри (Rhys Perry) из компании Valve, участвующий в разработке драйвера Vulkan RADV и компилятора шейдеров ACO.

https://www.opennet.ru/opennews/art.shtml?num=64086

Опубликовано: Tue, 21 Oct 2025 06:12:02 GMT
Канал: Все статьи подряд / Робототехника / Хабр

Отборочный этап "TrueTechChamp" завершился и можно поговорить о подходах к задачам. Здесь будут описаны наивные решения программиста, почти незнакомого с робототехникой, впрочем, зато по всем трем задачам - из чего автор делает вывод что узкоспециальные познания тут не требуются - это развлечение доступное, в общем-то, всем :) Задачи были такие: 1) проехать по известному "лабиринту" из двух комнат с фиксированными препятствиями, т.е. запрограммировать фиксированный маршрут - кое-кто бился над этим неделю и больше - но всё же решений около сотни; 2) проехать неизвестный лабиринт из стенок под прямыми углами - с этим справились вчетверо меньше команд; 3) проехать по змеевидной платформе, используя камеру глубины, и не упасть за край - мне известно примерно о двух с половиной решениях её.Сейчас подробно рассмотрим какие были сложности и как с ними можно справиться. И да, организационные проблемы преследовали мероприятие до последнего дня, но об этом уже немало сказано, в том числе в сильных выражениях :) В любом это вне "фокуса" данной статьи. Сосредоточимся на задачах! Погнали!]]>

https://habr.com/ru/articles/958518/

Опубликовано: Tue, 21 Oct 2025 05:18:40 GMT
Канал: Все статьи подряд / Системное программирование / Хабр

Давно прошло то время, когда люди стояли в длинных очередях для покупки билетов на концерты, авиарейсы, фильмы, матчи и другие события.Технологические компании наподобие Ticketmaster, BookMyShow, Airbnb, Delta Airlines и так далее сделали бронирование делом одного клика, позволившим покупать билеты из дома.Эта простота стала возможной благодаря технологическим платформам и сервисам, которые прячут от пользователей всю сложность и решают неординарные инженерные задачи. Одна из таких задач — предотвращение бронирования одного места несколькими пользователями.Представьте, в каком положении окажутся два пользователя, купивших одно и то же место на мероприятие и осознавших это только перед его началом. Из-за этого организатор теряет доверие покупателей, а пользователи дважды задумаются, прежде чем покупать билеты на следующее мероприятие.Поэтому важно создать надёжное решение классической задачи — двойного букинга.Из этой статьи вы узнаете, как эту задачу решают разные технологические компании. У каждой компании свои особенности, поэтому единого универсального решения нет.Мы рассмотрим различные архитектурные паттерны и разберёмся в их плюсах и минусах. Статья поможет вам обрести глубокое понимание и наработать знания в системном мышлении. Читать далее]]>

https://habr.com/ru/articles/957954/

An anonymous reader quotes a report from Wired: The National Transportation Safety Board confirmed Sunday that it is investigating an airliner that was struck by an object in its windscreen, mid-flight, over Utah. "NTSB gathering radar, weather, flight recorder data," the federal agency said on the social media site X. "Windscreen being sent to NTSB laboratories for examination." The strike occurred Thursday, during a United Airlines flight from Denver to Los Angeles. Images shared on social media showed that one of the two large windows at the front of a 737 MAX aircraft was significantly cracked. Related images also reveal a pilot's arm that has been cut multiple times by what appear to be small shards of glass.

The captain of the flight reportedly described the object that hit the plane as "space debris." This has not been confirmed, however. After the impact, the aircraft safely landed at Salt Lake City International Airport after being diverted. Images of the strike showed that an object made a forceful impact near the upper-right part of the window, showing damage to the metal frame. Because aircraft windows are multiple layers thick, with laminate in between, the window pane did not shatter completely. The aircraft was flying above 30,000 feet -- likely around 36,000 feet -- and the cockpit apparently maintained its cabin pressure.

[ Read more of this story ]( https://science.slashdot.org/story/25/10/21/0015212/mystery-object-from-space-strikes-united-airlines-flight-over-utah?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Investigators recovered the OceanGate Titan sub's underwater camera nearly intact, discovering a SanDisk SD card that survived the 2023 implosion and still contained 12 images and 9 videos. TechSpot reports: Scott Manley, the science communication YouTuber, gamer, astrophysicist, and programmer, posted about the latest find: a hardened SubC-branded Rayfin Mk2 Benthic Camera containing the undamaged SD card. The titanium and synthetic sapphire crystal camera is rated to withstand depths of up to 6,000 meters (19,685 feet) -- the Titan imploded at around 3,300 meters (10,827 feet). The casing is intact, though the lens is shattered and the PCBs are slightly damaged.

Incredibly the SD card inside the camera was undamaged. Tom's Hardware reports that it's almost certainly a SanDisk Extreme Pro 512GB, which costs around $62 on Amazon. The camera's SD card was found to be fully encrypted, divided into a small partition for operating system updates and a larger one for user data. Due to impact damage from the accident, several components of the system-on-module (SOM) board -- including connectors and the microcontroller -- were broken, complicating the data extraction process. [...] After determining the data wasn't encrypted beyond the file system level, they successfully accessed the SD card contents using the manufacturer's proprietary equipment and procedures.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/10/20/2155249/62-sandisk-memory-card-found-intact-at-titan-wreck-site?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Foreign hackers breached the National Nuclear Security Administration's Kansas City National Security Campus (KCNSC) by exploiting unpatched Microsoft SharePoint vulnerabilities. The intrusion happened in August and is possibly linked to either Chinese state actors or Russian cybercriminals. CSO Online notes that "roughly 80% of the non-nuclear parts in the nation's nuclear stockpile originate from KCNSC," making it "one of the most sensitive facilities in the federal weapons complex." From the report: The breach targeted a plant that produces the vast majority of critical non-nuclear components for US nuclear weapons under the NNSA, a semi-autonomous agency within the Department of Energy (DOE) that oversees the design, production, and maintenance of the nation's nuclear weapons. Honeywell Federal Manufacturing & Technologies (FM&T) manages the Kansas City campus under contract to the NNSA. [...] The attackers exploited two recently disclosed Microsoft SharePoint vulnerabilities -- CVE-2025-53770, a spoofing flaw, and CVE-2025-49704, a remote code execution (RCE) bug -- both affecting on-premises servers. Microsoft issued fixes for the vulnerabilities on July 19.

On July 22, the NNSA confirmed it was one of the organizations hit by attacks enabled by the SharePoint flaws. "On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy," a DOE spokesperson said. However, the DOE contended at the time, "The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored." By early August, federal responders, including personnel from the NSA, were on-site at the Kansas City facility, the source tells CSO.

[ Read more of this story ]( https://it.slashdot.org/story/25/10/20/2139236/foreign-hackers-breached-a-us-nuclear-weapons-plant-via-sharepoint-flaws?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from MacRumors: With the fourth betas of iOS 26.1, iPadOS 26.1, and macOS 26.1, Apple has introduced a new setting that's designed to allow users to customize the look of Liquid Glass. The toggle lets users select from a clear look for Liquid Glass, or a tinted look. Clear is the current Liquid Glass design, which is more transparent and shows the background underneath buttons, bars, and menus, while tinted increases the opacity of Liquid Glass and adds more contrast.

Apple says that the new toggle was added because during the beta testing period over the summer, user feedback suggested that some people would prefer to have a more opaque option for Liquid Glass. The added setting provides additional customization in iOS 26.1, iPadOS 26.1, and macOS Tahoe 26.1. Increasing opacity and adding contrast applies to Liquid Glass throughout the operating system, including in apps and Lock Screen notifications.

[ Read more of this story ]( https://apple.slashdot.org/story/25/10/20/2113254/ios-261-beta-4-lets-users-control-liquid-glass-transparency-with-new-toggle?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

U.S. Grandmaster and beloved chess commentator Daniel Naroditsky has tragically passed away at the age of 29. "The news has sent shockwaves around the chess community, which is grieving the loss of one of the most beloved and influential voices," reports Chess.com. From the report: The devastating news was first shared by Naroditsky's club, Charlotte Chess Center, on Monday, and confirmed by Chess.com with multiple sources: "It is with great sadness that we share the unexpected passing of Daniel Naroditsky. Daniel was a talented chess player, educator, and cherished member of the chess community. He was also a loving son, brother, and loyal friend. We ask for privacy for Daniel's family during this extremely difficult time. Let us honor Daniel by remembering his passion for chess and the inspiration he brought to us all."

Naroditsky, who was three weeks away from turning 30, has long been known as one of United States' most talented players. He achieved his grandmaster title at the age of 18 in 2013, and placed fifth among the highest-ranked juniors in 2015. His last FIDE-rating is 2619, which places him among the top 150 in the world, or the 17th highest-ranked in the United States. He has a peak rating of 2647 from 2017. He leaves a legacy that spans strong over-the-board competition and highly popular chess instruction and commentary on streaming platforms.

[ Read more of this story ]( https://games.slashdot.org/story/25/10/20/2126230/chess-influencer-and-grandmaster-daniel-naroditsky-dies-at-29?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Florida Attorney General James Uthmeier has issued criminal subpoenas to Roblox, calling it a "breeding ground for predators" and accusing the platform of profiting while failing to protect children. NBC News reports: The subpoenas will allow prosecutors to gather more information about the alleged criminal activity on the platform, including evidence related to suspected predators and victims, according to Uthmeier. The concerns prompted Roblox to invest heavily in protecting younger users on its platform by tightening messaging rules for children under 13, intensive content moderation and AI-powered monitoring.

In an emailed statement to Reuters, Roblox said it prohibits sharing images and videos in chat, uses filters designed to block the exchange of personal information, and is working to implement age estimation for all users accessing chat features. "While no system is perfect, our trained teams and automated tools continuously monitor communications to detect and remove harmful content," a Roblox spokesperson said.

[ Read more of this story ]( https://games.slashdot.org/story/25/10/20/219228/florida-issues-criminal-subpoenas-to-roblox-over-child-safety?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Kohler has launched the Dekoda, a $599 smart toilet camera that analyzes users' waste to track hydration, gut health, and detect potential issues like blood. "It also comes with a rechargeable battery, a USB connection, and a fingerprint sensor to identify who's using the toilet," reports TechCrunch. From the report: The Dekoda is currently available for preorder, with shipments scheduled to begin on October 21. In addition to the hardware purchase fee, customers will need to pay between $70 and $156 per year for a subscription. If you're uneasy about the privacy implications of putting a camera right below your private parts, the company says, "Dekoda's sensors see down into your toilet and nowhere else." It also notes that the resulting data is secured via end-to-end encryption.

[ Read more of this story ]( https://mobile.slashdot.org/story/25/10/20/212258/kohler-unveils-a-camera-for-your-toilet?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: Anthropic has added web and mobile interfaces for Claude Code, its immensely popular command-line interface (CLI) agentic AI coding tool. The web interface appears to be well-baked at launch, but the mobile version is limited to iOS and is in an earlier stage of development. The web version of Claude Code can be given access to a GitHub repository. Once that's done, developers can give it general marching orders like "add real-time inventory tracking to the dashboard."

As with the CLI version, it gets to work, with updates along the way approximating where it's at and what it's doing. The web interface supports the recently implemented Claude Code capability to take suggestions or requested changes while it's in the middle of working on a task. (Previously, if you saw it doing something wrong or missing something, you often had to cancel and start over.) Developers can run multiple sessions at once and switch between them as needed; they're listed in a left-side panel in the interface.

Alongside this web and mobile rollout, Anthropic has also introduced a new sandboxing runtime to Claude Code that, along with other things, aims to make the experience both more secure and lower friction. In the past, Claude Code worked by asking permission before making most changes and steps along the way. Now, it can instead be given permissions for specific file system folders and network servers. That means fewer approval steps, but it's also more secure overall against prompt injection and other risks. You can learn more about "Claude Code on the web" through the company's blog and official YouTube channel.

Note: the new features are available in beta as a research preview, and they are available to Claude users with Pro or Max subscriptions.

[ Read more of this story ]( https://slashdot.org/story/25/10/20/2059211/claude-code-gets-a-web-version?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shares a report: A hacking group that recently doxed hundreds of government officials, including from the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE), has now built dossiers on tens of thousands of U.S. government officials, including NSA employees, a member of the group told 404 Media. The member said the group did this by digging through its caches of stolen Salesforce customer data. The person provided 404 Media with samples of this information, which 404 Media was able to corroborate.

As well as NSA officials, the person sent 404 Media personal data on officials from the Defense Intelligence Agency (DIA), the Federal Trade Commission (FTC), Federal Aviation Administration (FAA), Centers for Disease Control and Prevention (CDC), the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), members of the Air Force, and several other agencies.

[ Read more of this story ]( https://news.slashdot.org/story/25/10/20/204219/hackers-say-they-have-personal-data-of-thousands-of-nsa-and-other-government-officials?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

A Court of Accounts report written before Sunday's theft of crown jewels from the Louvre revealed the museum's security systems were outdated and inadequate [non-paywalled source]. The report noted a lack of basic CCTV equipment across multiple wings. Cameras had mainly been installed only when rooms were refurbished due to repeated postponements of scheduled modernization. In the Denon wing where the Apollo Gallery was targeted, a third of rooms had no CCTV cameras. Three-quarters of rooms in the Richelieu wing and nearly two-thirds in the Sully wing lacked cameras.

The thieves were caught on camera at one point but were masked and impossible to identify, according to Paris public prosecutor Laure Beccuau. The alarm system activated when thieves cut open display cases, but they threatened staff who left the area. Culture minister Rachida Dati confirmed new CCTV cameras would be installed. President Macron had earmarked $186.30 million to upgrade the Louvre's security systems under a renaissance plan launched in June.

[ Read more of this story ]( https://it.slashdot.org/story/25/10/20/1957202/louvre-museum-security-outdated-and-inadequate-at-time-of-heist?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Свершилось! Разработчики языка программирования Rust переименовали главную ветку проекта с master на гендерно-нейтральное main.

https://www.linux.org.ru/news/development/18117281

Nvidia CEO Jensen Huang says his company has lost all access to China's market after U.S. export restrictions eliminated what was once a 95% share. Speaking in an interview with Citadel Securities, Huang questioned the wisdom of policies that cost America one of the world's largest markets.

The Biden Administration imposed rules in 2022 to restrict exports of Nvidia's most advanced AI chips to China. The Trump Administration blocked additional chip sales in April and later granted export licenses for certain Nvidia and AMD chips in exchange for 15% of revenues. Chinese regulators responded by telling domestic tech companies to avoid Nvidia chips designed to meet U.S. export requirements. Beijing also placed strict limits on exports of rare earths. Huang noted that about half the world's AI researchers are in China and called it a mistake not to have them build AI on American technology.

[ Read more of this story ]( https://tech.slashdot.org/story/25/10/20/1934203/nvidia-ceo-says-company-went-from-95-to-0-market-share-in-china?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.