В ядре Linux выявлена уязвимость, по аналогии с уязвимостями Copy Fail, Dirty Frag и Fragnesia позволяющая непривилегированному пользователю получить права root, перезаписав данные в страничном кэше. Уязвимости присвоено кодовое имя DirtyDecrypt (проблема также упоминается под именем DirtyCBC). Доступен прототип эксплоита.

https://www.opennet.ru/opennews/art.shtml?num=65473

Nintendo is trying to secure a touchscreen-specific monster-catching patent that could be relevant to Palworld Mobile. Japan's patent office has initially rejected the application for lacking an inventive step over prior art, but the company could appeal or amend the claims. Games Fray reports: The Japan Patent Office (JPO) has now made a new monster-catching patent application by Nintendo public. Patent Application No. 2026-019762 covers monster-catching of the kind already asserted against the PC and console versions of Palworld and is from the same patent family as two of the three patents Nintendo is already asserting against Palworld, but with a touchscreen focus. Potential targets are the upcoming Palworld Mobile game and Tencent's Roco Kingdom: World, which is presently available only in China but likely to expand internationally. Nintendo filed the application this year with a request for a fast-tracked review. The JPO has indeed been quick, and the response is that Nintendo's application lacks an inventive step over the prior art.

Nintendo already amended the claims in February and can try to amend them again. It can try to persuade the examiner and potentially appeal the decision. But the initial rejection suggests that Nintendo will not obtain the desired touchscreen monster-catching patent quickly. The rejection was communicated on April 24, 2026. Nintendo could abandon the application now, but Nintendo being Nintendo, they are more likely to try to persuade the examiner to arrive at a different conclusion, even though the reasons for the rejection are strong. In many patent examination processes, the initial rejection is essentially just an invitation to present one's best arguments. Here, however, the rejection notice is so well-reasoned that it will be an uphill battle for Nintendo. Nintendo's application would cover a touchscreen-controlled game in which a player moves through "a field in a virtual space," uses "a capture item for capturing a field character," and can summon "a battle character" to fight that creature. During combat, the game would display "a plurality of commands including at least an attack command and an item command," selected through "an operation input using the touch panel."

The key claim is that when the capture item is used "during a battle" or "in a non-battle state," the game performs "a capture success determination," and, if successful, "the field character is captured and set to a state owned by the player."

[ Read more of this story ]( https://yro.slashdot.org/story/26/05/18/196230/nintendo-tries-to-obtain-touchscreen-specific-patent-on-monster-capturing?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Meta is expected to begin cutting about 8,000 jobs this week as it pours more money into AI infrastructure and looks to "offset" other investments, with additional layoffs reportedly possible later this year. According to CNBC, the morale has worsened inside the company. "Internally, there's an emerging sense of dread across wide swaths of the company," the report says, citing current and former Meta employees. "That's in part because more cuts are expected this year, including a potential round of layoffs in August, followed by another round later in the year, some of the sources said." From the report: [...] Whatever anxiety investors are experiencing, the feelings inside the company are more intense, with some longtime staffers questioning Meta's AI pursuits under AI chief Alexandr Wang, while also weighing if now is the time to leave for opportunities at other companies in the AI race, according to current and former employees. Data aggregated by Blind, an anonymous professional network that requires users to verify their employment with a work email address, reveals some of the internal malaise. Meta's overall rating by employees on Blind has declined 25% from a peak in the second quarter of 2024 to the current period, with a 39% drop in its culture rating. In every category other than compensation, Meta has seen a ratings decline and dramatically underperforms rivals Amazon, Google and Netflix, the Blind data reveals.

The company's full-court press with AI included the recent debut of an employee tracking tool intended to collect data from staffers' actions, such as mouse movements and keystrokes on their work computers. The Model Capability Initiative, or MCI, as it's called, is part of Meta's efforts to train AI models to power digital agents that can perform various coding and white-collar tasks. Employees have characterized the data tracking tool as "dystopian," according to messages viewed by CNBC, with some workers expressing fear that personal information could be leaked. Some Meta workers have noted that their workplace computers appear slower since the company initiated the project, adding to their frustration, sources said.

Meta workers responded by creating an online petition that urges Zuckerberg and leadership to shutter the project. "Collecting and repurposing this kind of data raises serious concerns around privacy, consent, and trust in the workplace," the petition says. "It should not be the norm that companies of any size are permitted to exploit their employees by nonconsensually extracting their data for the purposes of AI training." Further reading: NYT: 'Meta's Embrace of AI Is Making Its Employees Miserable'

[ Read more of this story ]( https://tech.slashdot.org/story/26/05/18/179232/meta-layoffs-stress-harsh-ai-reality-inside-zuckerbergs-company?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

13 мая была исправлена уязвимость в популярном для нагруженных систем веб-сервере nginx: [ CVE-2026-42945 ]( https://www.cve.org/CVERecord?id=CVE-2026-42945 ) , потенциально могущая привести к RCE. Уязвимость появилась 18 лет (2008 год) назад в версии 0.6.27.

( [ читать дальше... ]( https://www.linux.org.ru/news/security/18295901#cut0 ) )

Информация об уязвимости была предоставлена Zhenpeng (Leo) Lin из DepthFirst. Кроме того, он же сообщил о следующих проблемах, которые тоже исправлены:

• [ CVE-2026-40701 ]( https://www.cve.org/CVERecord?id=CVE-2026-40701 ) ( [ коммит ]( https://github.com/nginx/nginx/commit/71841dcedfdf46048ef5e25413fdf97a66957913 ) ) use-after-free при использовании ssl_verify_client+ssl_ocsp (вроде бы без RCE)

• [ CVE-2026-42934 ]( https://www.cve.org/CVERecord?id=CVE-2026-42934 ) ( [ коммит ]( https://github.com/nginx/nginx/commit/696a7f1b9198d576e6a59c1655b746fbf06561cf ) ) чтение за пределами буфера в utf-8 парсере при специфических обстоятельствах, может привести к небольшой утечке данных или крашу рабочего процесса

• [ CVE-2026-42946 ]( https://www.cve.org/CVERecord?id=CVE-2026-42946 ) ( [ коммит ]( https://github.com/nginx/nginx/commit/f79c286b34d3b708bd4856a56e27529e11386098 ) ) чрезмерное выделение памяти и чтение за пределами буфера при использовании модулей scgi/uwsgi, проблема проявляется при наличии злонамеренного бекэнда (upstream) через указанные протоколы, либо при mitm канала общения с бекэндом, может привести к чтению памяти nginx или крашу рабочего процесса

After three weeks of testimony, which was covered extensively here on Slashdot, a U.S. jury on Monday ruled against Elon Musk in his lawsuit against OpenAI, finding that he waited too long to bring his claims that the company betrayed its nonprofit mission. Reuters reports: The trial had widely been seen as a critical moment for the future of OpenAI and artificial intelligence generally, both in how it should be used and who should benefit from it. Following the verdict, Musk's lawyer said he reserved the right to appeal, but the judge suggested he may have an uphill battle because whether the statute of limitations ran out before Musk sued was a factual issue. "There's a substantial amount of evidence to support the jury's finding, which is why I was prepared to dismiss on the spot," U.S. District Judge Yvonne Gonzalez Rogers said.

In his 2024 lawsuit, Musk accused OpenAI, its Chief Executive Sam Altman and its President Greg Brockman of manipulating him into giving $38 million, then going behind his back by attaching a for-profit business to its original nonprofit and accepting tens of billions of dollars from Microsoft and other investors. Musk called the OpenAI defendants' conduct "stealing a charity." OpenAI was founded by Altman, Musk and several others in 2015. Musk left its board in 2018, and OpenAI set up a for-profit business the next year. OpenAI countered that it was Musk who saw dollar signs, and that he waited too long to claim OpenAI breached its founding agreement to build safe artificial intelligence to benefit humanity. "Mr. Musk may have the Midas touch in some areas, but not in AI," William Savitt, a lawyer for OpenAI, said in his closing argument.

The verdict followed 11 days of testimony and arguments where Musk's and Altman's credibility came under repeated attack. Lawyers for OpenAI embraced each other after the verdict was announced. Microsoft faced an aiding and abetting claim. In a statement, a Microsoft spokesperson said, "The facts and the timeline in this case have long been clear and we welcome the jury's decision to dismiss these claims as untimely."
Recap:

Musk Accused of 'Selective Amnesia', Altman of Lying As OpenAI Trial Nears End (Day Twelve)
OpenAI Trial Wraps Up With 'Jackass' Trophy For Challenging Musk (Day Eleven)
Sam Altman Testifies That Elon Musk Wanted Control of OpenAI (Day Ten)
Microsoft CEO Satya Nadella Testifies In OpenAI Trial (Day Nine)
Sam Altman Had a Bad Day In Court (Day Eight)
Sam Altman's Management Style Comes Under the Microscope At OpenAI Trial (Day Seven)
Brockman Rebuts Musk's Take On Startup's History, Recounts Secret Work For Tesla (Day Six)
OpenAI President Discloses His Stake In the Company Is Worth $30 Billion (Day Five)
Musk Concludes Testimony At OpenAI Trial (Day Four)
Elon Musk Says OpenAI Betrayed Him, Clashes With Company's Attorney (Day Three)
Musk Testifies OpenAI Was Created As Nonprofit To Counter Google (Day Two)
Elon Musk and OpenAI CEO Sam Altman Head To Court (Day One)

[ Read more of this story ]( https://yro.slashdot.org/story/26/05/18/1845222/elon-musk-loses-lawsuit-against-openai?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from the Wall Street Journal: Going back to grad school has long been the Plan B of young professionals who aspire to climb higher in their careers or struggle to get promoted in a tough job market. New data show that getting a master's degree isn't the guarantee it used to be. The unemployment rate for workers under 35 with a master's degree has rarely been higher in the past 20 years, according to the Burning Glass Institute, a labor-market think tank focused on the future of work, which analyzed data collected by the U.S. Bureau of Labor Statistics going back to 2003.

At the same time, the unemployment rate for workers under 35 with a Ph.D., law degree or medical degree has rarely been lower. "For most of the past two decades, these lines moved together -- not anymore," said Gad Levanon, chief economist of Burning Glass. Levanon has a theory about why the payoffs for advanced degrees have uncoupled: "More degrees chasing fewer of the positions those degrees were meant to unlock." [...] While degrees from law school and medical school amount to a license to practice, master's degrees are more of a signal, Levanon said. And a signal loses value when so many people have one, he added: "It's hardly a sure bet to securing a good job."

Now master's-degree holders under 35 are at the 77th percentile of unemployment, where the 50th percentile is normal, according to the Burning Glass analysis. Even associate-degree holders have had a higher employment level for the past year. Unemployment among master's-degree holders has been worse only about a quarter of the time in the past 20-plus years. There was a stint during the Covid-19 pandemic when this cohort was out of work at higher rates, and a more prolonged stretch as the U.S. climbed out of the recession in 2008 and 2009. "Every indication is hiring managers now are more receptive than ever to the idea that a person doesn't need a graduate degree to be competitive," said Johnny C. Taylor Jr., president of SHRM, the chief lobbying group for human-resource professionals.

"We are seeing that, hands down, especially in the last two or three years with AI," he said of job readiness. Employers just want to know, "Can you do it?"

[ Read more of this story ]( https://news.slashdot.org/story/26/05/18/1656217/a-masters-degree-isnt-the-job-guarantee-it-used-to-be?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft is testing long-requested Windows 11 customization options, including a resizable taskbar, smaller taskbar buttons, and a more configurable Start menu that lets users reduce recommended content. BleepingComputer reports: Starting with Windows 11 Insider Preview Build 26300.8493, the taskbar can now be configured to use smaller buttons and moved to the bottom, top, left, or right side of the screen. "The ability to move the taskbar to the top or sides of the screen has been one of the most requested features, and we are bringing it to Windows 11," said Diego Baca, partner director of Microsoft Design. "With this update, when small taskbar is enabled, you get smaller icons, a shorter taskbar, and more vertical space for your apps (see video below). No restart or sign-out is required."

[...] Microsoft is also rolling out changes to give Windows users more control over the Start menu, allowing them to toggle off recommended content and customize its size. "These controls are designed to work together. If you want a Start menu with just your pinned apps, you can turn off Recommended and All," Boca added. "If you want a full Start that shows everything, you can leave it all on. The goal is simple: it is your choice, and it should be easy to make." However, Microsoft will maintain a list of recently installed apps, as it is a key way for users to discover new applications alongside the Microsoft Store.

Furthermore, Microsoft is improving file relevance by adjusting how files are displayed and ordered to prioritize the most relevant items, and will also allow users to hide their name and profile picture from the Start menu. [...] In addition to taskbar and Start menu improvements, the company plans to reduce notifications, simplify Windows settings, and ensure that device setup on new Windows PCs requires fewer reboots. Microsoft is also working on improving Windows search, aiming for a more consistent experience across the Start menu, taskbar, File Explorer, and Settings.

[ Read more of this story ]( https://tech.slashdot.org/story/26/05/18/1644248/microsoft-testing-adjustable-taskbar-start-menu-in-windows-11?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликовано: Mon, 18 May 2026 17:26:47 GMT
Канал: Все статьи подряд / Системное программирование / Хабр

15 мая Vercel Labs релизнули Zero. Экспериментальный системный язык, который сами авторы называют "the programming language for agents". Версия 0.1.1, Apache 2.0, расширение .0, бинарники меньше 10 килобайт, без LLVM. На GitHub лежит компилятор, стандартная библиотека и примеры — можно ставить и щупать прямо сейчас.Я прочитал доки, поставил себе, погонял пару примеров. Сижу с этой мыслью: серьёзно или очередной хайповый проект под волну агентного кодинга?Если коротко — наверное серьёзно, но мне сейчас не нужно. Тебе, скорее всего, тоже. Сейчас расскажу, что там и почему я так думаю. Читать далее]]>

https://habr.com/ru/articles/1036570/

The CFTC says it is ramping up efforts to catch insider trading and market manipulation in prediction markets, using AI tools, blockchain tracing, and other surveillance systems to flag suspicious bets. It's also monitoring activity by U.S. traders accessing offshore platforms like Polymarket through VPNs. Wired reports: [T]he Commodity Futures Trading Commission, which oversees prediction markets, wants you to know that it's watching very, very closely. The agency is searching for suspicious behavior from traders within the United States who have been sneaking onto offshore markets, including Polymarket's crypto platform -- which is blocked stateside -- by using virtual private networks. "We're going to find them, and we're going to bring actions," agency chairman Michael Selig told WIRED this week, speaking from the CFTC's headquarters in Washington, DC. Selig says the agency, which is especially lean right now, is staffing up. Like so many other AI-pilled workplaces, the CFTC is also leaning into automation to handle the growing workload, including tools that analyze trading patterns and flag potential manipulation. "You've got so much data," Selig says. "When we feed it into AI, we get really great information. It can help us understand things, like where we might want to investigate, or when we might need to send a subpoena to a trader."

In addition to proprietary surveillance systems developed in-house, the agency's arsenal includes third-party blockchain tracing tools like Chainalysis for crypto platforms, and market abuse detection software including Nasdaq Smarts for centralized markets. (Beyond Nasdaq Smarts, the agency did not specify which AI tools it uses and declined to share more specific examples.) [...] Selig recently told Congress that the company is pursuing "hundreds, if not thousands" of insider trading tips. Investigations are not limited to federally regulated exchanges. "We're surveilling the markets on a global basis," he tells WIRED.

Selig says that the agency will exert extraterritorial jurisdiction -- its legal ability to enforce its laws beyond traditional boundaries -- when it finds suspicious activity on offshore platforms like Polymarket, though he says it's a case-by-case approach. "We use it in extreme circumstances," he says, with an eye towards whether charges have a strong chance of sticking in court. "In any extraterritorial litigation, there's going to be challenges to our authority, and that could also impair our ability to bring cases in the future." According to Selig, the 2010 Dodd-Frank Act allows the CFTC more leeway to pursue this kind of enforcement action, by giving it more authority over foreign swap activities that impact the US. When appropriate, the agency works with regulators from other countries, too. "For cases where we're not sure we'll win, or it's less in our wheelhouse and more of a foreign matter, we would relay it to a foreign regulator," he says. "We're constantly referring cases." [...] Selig is insistent that the CFTC is only just getting started. The agency will identify wrongdoers, he says -- no matter "how large or how small."

[ Read more of this story ]( https://yro.slashdot.org/story/26/05/18/0347213/the-us-is-betting-on-ai-to-catch-insider-trading-in-prediction-markets?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликован релиз MyCompany 6.2 - свободной ERP-системы для малого и среднего бизнеса, построенной на платформе lsFusion. Решение покрывает задачи складского и финансового учёта, управления закупками и продажами, производством, розничной торговлей и услугами и т.д. Типовое решение MyCompany распространяется под лицензией Apache 2.0 и развивается как открытый проект на GitHub. Для начала работы доступны демо-стенд и документация по установке и настройке.

https://www.opennet.ru/opennews/art.shtml?num=65472

An anonymous reader quotes a report from the New York Times: The World Health Organization declared on Saturday that the spread of the Ebola virus in the Democratic Republic of Congo and Uganda was a global health emergency. The announcement was made a day after Africa's leading public health authority reported that an outbreak in a province in the northeast of the country was linked to dozens of suspected deaths. By Saturday, cases had also been confirmed in Kampala, the capital of Uganda, the W.H.O. said.

In Congo's Ituri province, where the outbreak was first identified, 246 suspected cases and 80 deaths attributed to the virus had been reported, although only eight cases had been definitively linked to the virus through laboratory testing. There is no approved vaccine and no therapeutics for the Bundibugyo species of Ebola behind the outbreak, according to the W.H.O. The scale of the outbreak could be far larger than has been detected and reported, the W.H.O. said in declaring a "public health emergency of international concern." It added that there were "significant uncertainties" about the precise number of people infected and the "geographic spread."

The W.H.O.'s declaration signals a public health risk requiring a coordinated international response, and is intended to prompt member countries to prepare for the virus to spread and to share vaccines, treatments and other resources needed to contain the outbreak. [...] The risk of the outbreak spreading is exacerbated by a humanitarian crisis, high population mobility and a large network of informal health care facilities in the area, the agency said. Containing an Ebola outbreak depends on the speed and scale of the public health response. The virus is transmitted through direct contact with the bodily fluids of an infected person, putting family members and caregivers at particular risk. Tracing people who may have come into contact with sufferers, isolating and treating victims promptly and safely, and burying the dead properly are all viewed as critical steps.

[ Read more of this story ]( https://science.slashdot.org/story/26/05/18/0336208/who-declares-ebola-outbreak-a-global-health-emergency?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликовано: Mon, 18 May 2026 13:29:42 GMT
Канал: Все статьи подряд / Программирование микроконтроллеров / Хабр

3-й этап программы раннего доступа к архитектуре RISC-V DEVBOARDS на базе отладочной платы Base (EVU-BA-2.1) на основе микроконтроллера Baikal-U (BE-U1000) стал одним из самых насыщенных по составу и содержанию проектов. Более 100 заявок, 32 отобранные команды и широкий отраслевой охват показали устойчивый интерес к этой платформе со стороны разработчиков, университетских команд и инженерных коллективов, работающих в прикладных направлениях. В центре внимания оказались проекты, связанные с промышленной автоматизацией, системами ЧПУ, интерфейсными модулями, контроллерами производственных линий и модульными беспилотными платформами.В статье разбираем, какие именно задачи участники решали на базе Baikal-U, как использовали многоядерную архитектуру, периферию и доступный стек разработки, а также какие практические выводы можно сделать по итогам этапа. Отдельно рассматриваем несколько показательных кейсов, чтобы понять, в каких сценариях платформа уже показала себя как рабочий инструмент, а где разработчики столкнулись с задачами следующего уровня - тепловым режимом, питанием, компоновкой, развитием библиотек и переходом от макета к более зрелому устройству. Читать далее]]>

https://habr.com/ru/companies/riscvalliance/articles/1036486/

John Lennon's last interview — just hours before he was shot on December 8, 1980 — has become a documentary directed by Steven Soderbergh, debuting Saturday at the Cannes Film Festival.

In a new interview with the Associated Press, Soderbergh defends the film's limited use of AI to visualize concepts from that two-hour interview with John Lennon and Yoko Ono:

Soderbergh was resolved to let the audio play. He could finds ways to visualize much of the film, but that still left a large gap where the conversation grows more philosophical. "I worked on everything that could be solved except that for as long as I could," Soderbergh says. "Then there was the inevitable moment of: OK, but really what are we going to do? We just started playing and ran out of time and money. That's where the Meta piece came in." Soderbergh accepted an offer to use Meta's artificial intelligence software to conjure surreal imagery for those sections, which make up about 10% of the film.

When Soderbergh let the news out earlier this year, it prompted an uproar. One of America's leading filmmakers was using AI? In a film about a Beatle, no less? The AI parts (overwhelmingly slammed by critics in Cannes) are fairly banal and don't differ greatly from special effects — there are no deepfakes of Lennon. But they put Soderberg at the forefront of an industrywide debate about the uses of AI in moviemaking. It's a conversation the director, who has made movies on iPhones, is eager to have.

While the film follows John and Yoko's conversation, "I needed a way to follow them in flight visually," Soderbergh says, "or I'm not doing my job." Though when asked about the strong negative reaction, Soderbergh acknowleges that "I knew what was coming. I take it very seriously, and I understand why people have an emotional response to this subject. As I've said before, I feel like I owe people the best version of whatever art I'm trying to make and total transparency about how I'm doing it."
AP: Some fear generative AI will tear apart the film industry. You don't see it as a bogeyman, though.
SODERBERGH: I think most jobs that matter when you're making a movie cannot be performed by this tech and never will be performed by this tech. As it becomes possible for anybody to create something that meets a certain standard of technical perfection, then imperfection becomes more valuable and more interesting. We haven't seen yet someone with a certain amount of creative credibility go full-metal AI on something, and see how people react. I think it's necessary. How do you know where the line is until somebody crosses it?
"I don't think what I'm doing crosses it. Some people may disagree. I don't know where my line is yet. I'm waiting to see...

[ Read more of this story ]( https://entertainment.slashdot.org/story/26/05/18/0215200/steven-soderbergh-defends-ai-use-in-his-new-documentary-about-john-lennon?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Компания Grafana Labs, развивающая одноимённую открытую платформу мониторинга и визуализации данных, раскрыла сведения о попадании в руки атакующих токена доступа к GitHub-окружению. Атакующие воспользовались токеном для загрузки кода проприетарных продуктов компании из приватных репозиториев и попытались вымогать деньги, угрожая раскрытием полученной кодовой базы. Представители Grafana Labs отказались платить. По заявлению компании атакующие не получили доступ к персональной информации и данным пользователей.

https://www.opennet.ru/opennews/art.shtml?num=65471

Опубликовано: Mon, 18 May 2026 11:29:13 GMT
Канал: Все статьи подряд / Робототехника / Хабр

Привет, я Иван из НИИ Крокодил. Это небольшая команда внутри ИЖ-РЭСТ, завода штампов и пресс-форм. Если коротко, мы пришли на завод из IT и теперь пытаемся понять, где можем быть полезны.Но началось всё, конечно, не с робота.Первую работу я получил лет в пятнадцать: продавал двери. Потом успел поработать в строительной теме, делал сайты, ушел в IT, занимался разработкой, продуктами, клиентами, процессами. В какой-то момент за плечами оказалось 11 лет в IT, куча проектов, привычка всё раскладывать на процессы и странное ощущение, что хочется делать что-то более физическое.Так я оказался на заводе. Мы не пришли учить завод жить. Скорее наоборот: сначала сами учимся понимать, как здесь всё устроено, а потом пробуем аккуратно добавлять то, что хорошо работает в IT.На этом фоне у нас и появилась задача со сварочным роботом.Точнее, робот уже был. Большая промышленная рука стояла в цехе и ждала, когда кто-нибудь превратит её из дорогого оборудования в рабочий инструмент. Задача звучала просто: научить робота наплавлять металл на несерийные детали.Давайте к делу. Читать далее]]>

https://habr.com/ru/articles/1036410/

Исследователи из массачусетского технологического института развивают проект GenCAD, предоставляющий модель машинного обучения для генерации 3D-моделей на основе двумерного изображения или эскиза детали. GenCAD выдаёт на выходе не просто 3D-модель, а полную параметрическую CAD-программу с историей команд построения модели, пригодную для импортирования в параметрические САПР.

https://www.opennet.ru/opennews/art.shtml?num=65470

Опубликовано: Mon, 18 May 2026 09:47:23 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

Всем добра! Речь пойдет о ресивере Yamaha RX-V575 и телевизоре Samsung UE50F6800AB. Оба устройства не первой свежести, более того, телевизор имеет устаревший и не развиваемый более интерфейс. Однако, полученные результаты могут оказаться полезными для владельцев множества других устройств Yamaha и Samsung. Не все ведь меняют технику ежегодно :) Статья является логическим продолжением материала об универсальном голосовом шлюзе в том смысле, что показывает куда может двигаться мысль в части улучшения комфорта. Т.е., как и раньше, идея состоит не в том, чтобы разбирать детали, а в том чтобы показать ход мысли. Для деталей есть репозиторий с комментариями.Сразу оговорюсь, что не стоит дальше читать, если вы: Читать далее]]>

https://habr.com/ru/articles/1036350/

Iran's government "wants to charge the world's largest tech companies for using the subsea internet cables laid under the Strait of Hormuz," reports CNN. Their article also notes that Iran's state-linked media outlets "have vaguely threatened that traffic could be disrupted if firms don't pay."

Lawmakers in Tehran discussed a plan last week which could target submarine cables linking Arab countries to Europe and Asia. "We will impose fees on internet cables," Iranian military spokesperson Ebrahim Zolfaghari declared on X last week. Iran's Revolutionary Guards-linked media said Tehran's plan to extract revenue from the strait would require companies like Google, Microsoft, Meta, and Amazon to comply with Iranian law while submarine cable companies would be required to pay licensing fees for cable passage, with repair and maintenance rights given exclusively to Iranian firms. Some of these companies have invested in the cables running through the Strait of Hormuz and the Persian Gulf, but it's unclear if those cables traverse Iranian waters.

It's also unclear how the regime could force tech giants to comply, as they are barred from making payments to Iran due to strict US sanctions; as a result, the companies themselves may view Iran's statements as posturing rather than serious policy. Still, state-affiliated media outlets have issued veiled threats warning of damage to cables that could impact some of the trillions of dollars in global data transmission and affect worldwide internet connectivity... Iran's threats are part of a strategy to demonstrate its leverage over the Strait of Hormuz and ensure the survival of the regime, a core objective for the Islamic Republic in this war, said Dina Esfandiary, Middle East lead at Bloomberg Economics. "It aims to impose such a hefty cost on the global economy that no-one will dare attack Iran again," she said.

The article notes that subsea cables "carry vast internet and financial traffic between Europe, Asia and the Persian Gulf," and that targetting them "would affect far more than internet speeds, threatening everything from banking systems, military communications and AI cloud infrastructure to remote work, online gaming and streaming services."

CNN spoke to Mostafa Ahmed, "a senior researcher at the United Arab Emirates-based Habtoor Research Center, who published a paper on the effects of a large-scale attack on submarine communications infrastructure in the Gulf."

Armed with combat divers, small submarines, and underwater drones, the Islamic Revolutionary Guard Corps (IRGC) poses a risk to underwater cables, Ahmed said, adding that any attack could trigger a cascading "digital catastrophe" across several continents. Iran's neighbors across the Persian Gulf could face severe disruptions to internet connection, potentially impacting critical oil and gas exports as well as banking.

Beyond the region, India could see a large proportion of its internet traffic affected, threatening its huge outsourcing industry with losses amounting to billions, according to Ahmed... Any disruption could also slow financial trading and cross-border transactions between Europe and Asia, while parts of East Africa could face internet blackouts. And if Iran's proxies decide to employ similar tactics in the Red Sea, the damage could be far worse.

[ Read more of this story ]( https://tech.slashdot.org/story/26/05/18/0613223/iran-now-threatens-fees-for-subsea-internet-cables-in-the-strait-of-hormuz?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликован релиз Phosh 0.55, экранной оболочки для мобильных устройств, основанной на технологиях GNOME и библиотеке GTK. Окружение изначально развивалось компанией Purism в качестве аналога GNOME Shell для смартфона Librem 5, но затем вошло в число неофициальных проектов GNOME и используется в postmarketOS, Mobian, ALT Mobile, Droidian, некоторых прошивках для устройств Pine64 и редакции Fedora для смартфонов. Phosh использует композитный сервер Phoc, работающий поверх Wayland, а также собственную экранную клавиатуру. Наработки проекта распространяются под лицензией GPLv3+.

https://www.opennet.ru/opennews/art.shtml?num=65469

Опубликовано: Mon, 18 May 2026 09:10:17 GMT
Канал: Все статьи подряд / Робототехника / Хабр

Погрузившись в тему робототехники, мы все больше нового узнаем о человеке. Видимо, Бог проектировал нас тем же путем Объясняем на роботах...]]>

https://habr.com/ru/companies/speclab/articles/1036330/

[ FluidX3D 3.7 ]( https://github.com/ProjectPhysX/FluidX3D ) – пакет для вычислительной гидродинамики, использующий метод решёточных уравнений Больцмана (LBM) и OpenCL. Проект позиционируется как высокопроизводительный и экономный по памяти CFD-пакет, способный работать на GPU и CPU разных производителей через OpenCL.

Главным изменением версии 3.7 стала оптимизация ядра отрисовки изоповерхности Q-критерия (graphics_q()), используемой для визуализации вихревых структур в потоке. В прежней реализации ядро загружало из видеопамяти тяжёлый шаблон из 32 трёхмерных скоростей для каждой ячейки сетки. Теперь рабочая группа потоков размером 8×8×8 загружает блок 11×11×11 скоростей в 16 КБ локальной памяти первого уровня, после чего соседние потоки переиспользуют эти данные. По оценке автора, это сокращает число загрузок из VRAM примерно в 12 раз — до 2,6 скоростей на ячейку — и переводит ядро из режима, ограниченного пропускной способностью памяти, в режим, ограниченный вычислениями.

( [ читать дальше... ]( https://www.linux.org.ru/news/opensource/18295551#cut ) )

Корнелиус Шумахер (Cornelius Schumacher), президент организации KDE e.V., проанализировал статистику о размере кодовой базы KDE. Суммартный размер кода библиотек KDE Frameworks, среды рабочего стола KDE Plasma и базового набор приложений KDE Gear составил 8 173 148 строк. Объём кода удвоился по сравнению с 2009 годом (было 4 273 291 строк). Общее число добавленных в репозиторий строк кода, с учётом изменённых и удалённых строк, оценивается в 55 млн.

https://www.opennet.ru/opennews/art.shtml?num=65468

Опубликовано: Mon, 18 May 2026 08:05:33 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

Привет, Хабр! Глядя на то, как из-за кризиса производства оперативной памяти цены на одноплатные компьютеры улетают в космос, чувствуешь острую необходимость искать для своих проектов более бюджетные и порой нестандартные решения. Одним из таких решений, которое случайно попалось мне на глаза, стал вычислительный модуль Luckfox Core 1106. В данной статье мы посмотрим его характеристики, соберем операционную систему и запустим I2S-интерфейс для передачи цифрового аудио. Если стало интересно, то добро пожаловать под кат! Читать далее]]>

https://habr.com/ru/companies/timeweb/articles/1030976/

В дереве разработки FFmpeg появилась серия изменений, связанных с поддержкой аппаратно ускоренного декодирования Apple ProRes RAW. Речь идёт не об отдельном релизе, а о свежих коммитах в Git-ветке проекта, которые должны попасть в один из следующих выпусков мультимедийного фреймворка. FFmpeg — это набор библиотек и утилит для обработки аудио, видео, субтитров и сопутствующих метаданных; в его состав входят, в частности, libavcodec, libavformat, libavfilter, ffmpeg, ffplay и ffprobe.

Главное изменение — декодер ProRes RAW теперь доведён до состояния, которое разработчик Lynne описал как завершение обратной разработки декодера. [ В коммите ]( https://github.com/FFmpeg/FFmpeg/commit/9c4055296525f69f5c5a2666cfd0cddd70110649 ) prores_raw: synchronize decoder with reference implementation прямо указано, что он синхронизирует реализацию с эталонным поведением и применяет кривую линеаризации, добавленную предыдущим патчем. В коде также отражено, что декодер выдаёт линейные 16-битные данные, а коэффициенты и iDCT остаются 12-битными до применения кривой линеаризации.

Для пользователей Linux особенно важна связка с Vulkan: FFmpeg использует не только классические аппаратные видеоблоки, но и вычислительные шейдеры Vulkan Compute. Такой подход позволяет ускорять профессиональные кодеки на обычных GPU без привязки к специализированному блоку декодирования конкретного формата. [ В блоге Khronos Lynne ]( https://www.khronos.org/blog/video-encoding-and-decoding-with-vulkan-compute-shaders-in-ffmpeg ) объяснял, что Vulkan Compute в FFmpeg дополняет Vulkan Video и закрывает случаи, где фиксированные аппаратные кодеки не помогают.

ProRes RAW — это формат Apple для записи «сырых» данных с сенсора камеры с сохранением высокого качества и цветовой информации. [ По данным Phoronix ]( https://www.phoronix.com/news/FFmpeg-ProRes-RAW-Vulkan ) , с ним работают некоторые камеры Sony, LUMIX и Nikon, а также новые iPhone. Ранее FFmpeg уже получил ускорение ProRes через Vulkan-шейдеры, а теперь эта работа распространена и на ProRes RAW.

Технически реализация продолжает линию развития Vulkan-инфраструктуры FFmpeg. Ещё в 2025 году в проект был добавлен ProRes RAW Vulkan hwaccel: патч поддерживал потоки версии 0 и 1, а обработка была распараллелена с запуском 512 вычислительных инвокаций на тайл. В [ опубликованном тогда тесте ]( https://www.phoronix.com/news/FFmpeg-Vulkan-ProRes-RAW ) для 5,8K RAW HQ файла приводились результаты: Radeon RX 6900 XT — 63 кадра/с, Radeon RX 7900 XTX — 84 кадра/с, RTX 6000 Ada — 120 кадра/с, Intel GPU — 9 кадра/с.

Свежая серия изменений показывает, что разработчики не просто добавили быстрый путь декодирования, а продолжают приводить реализацию к корректному поведению. В частности, синхронизация с эталонной реализацией затронула сам декодер, парсер, DSP-код ProRes и Vulkan-часть. Это важно для формата RAW, где ошибка в трактовке кривых, битности или цветопередачи может привести не только к артефактам, но и к ошибкам на этапе цветокоррекции.

Отдельно в FFmpeg добавлена поддержка ProRes RAW VideoToolbox hwaccel для платформ Apple. Соответствующий [ коммит вносит запись ]( https://github.com/FFmpeg/FFmpeg/commit/239c679c546900c94fbc325361e6965f1a94a648 ) в Changelog, добавляет зависимости в configure и регистрирует новый аппаратный ускоритель рядом с уже существующим ProRes RAW Vulkan hwaccel.

Итог для пользователей: FFmpeg постепенно получает более полноценную поддержку ProRes RAW сразу по двум направлениям — через Vulkan для переносимого GPU-ускорения и через VideoToolbox для экосистемы Apple. Для Linux это особенно заметный шаг, поскольку работа с профессиональными RAW-материалами традиционно была областью дорогих проприетарных решений и тяжёлой CPU-обработки.

https://www.linux.org.ru/news/opensource/18295552

В анонсе очередного предварительного выпуска ядра 7.1-rc4 Линус Торвальдс призвал исследователей безопасности, использующих AI, не отправлять отчёты о найденных уязвимостях в приватный список рассылки "security@kernel.org" и следовать принятым на днях правилам и модели угроз при отправке информации об уязвимостях. Отмечается, что использование типовых AI-инструментов приводит к выявлению одних и тех же уязвимостей и отправке большого числа дублирующихся отчётов, разбор которых создаёт огромную дополнительную нагрузку на сопровождающих и делает процесс работы через список рассылки почти полностью неуправляемым.

https://www.opennet.ru/opennews/art.shtml?num=65467

TOP20 VISITORS:

[1] Amazon point=0 web=413 up=7.5MB (30%)
[2] 216.244.66.x point=0 web=124 up=4.7MB (19%)
[3] 37.252.14.x point=144 web=0 up=2.4MB (9%) <--- ake (6/hr)
[4] Google point=0 web=326 up=1.5MB (6%)
[5] TikTok point=1 web=139 up=1.4MB (5%) <--- TikTok
[6] 217.114.158.x point=25 web=0 up=1.1MB (4%) <--- fox (1/hr)
[7] 134.101.195.x point=0 web=9 up=0.7MB (2%)
[8] 147.135.213.x point=0 web=8 up=0.6MB (2%)
[9] 82.135.83.x point=0 web=7 up=0.6MB (2%)
[10] 54.37.252.x point=0 web=6 up=0.5MB (1%)
[11] 104.250.53.x point=0 web=46 up=0.3MB (1%)
[12] 88.88.156.x point=0 web=2 up=0.2MB (<1%)
[13] PetalBot point=1 web=36 up=0.2MB (<1%) <--- PetalBot
[14] 93.158.213.x point=0 web=2 up=0.1MB (<1%)
[15] 47.82.10.x point=0 web=29 up=0.1MB (<1%)
[16] 149.224.171.x point=0 web=4 up=0.1MB (<1%)
[17] 62.84.185.x point=0 web=4 up=0.1MB (<1%)
[18] Facebook point=0 web=10 up=88KB
[19] 65.108.125.x point=1 web=1 up=67KB <--- 65.108.125.x
[20] 94.154.239.x point=0 web=2 up=65KB

TOTAL TRAFFIC: 24MB

Today Linus Torvalds announced another Linux release candidate on the kernel mailing list. But he also highlighted "documentation updates" to address a new problem.

"The continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools." (The new documentation says the security team has found "bugs discovered this way systematically surface simultaneously across multiple researchers, often on the same day.")

TORVALDS: People spend all their time just forwarding things to the right people or saying "that was already fixed a week/month ago" and pointing to the public discussion.
Which is all entirely pointless churn, and we're making it clear that AI-detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved — and only makes that duplication worse because the reporters can't even see each other's reports.

AI tools are great, but only if they actually help, rather than cause
unnecessary pain and pointless make-believe work. Feel free to use
them, but use them in a way that is productive and makes for a better
experience.

The documentation may be a bit less blunt than I am, but that's the
core gist of it.

The new documentation offers this overview. "It turns out that the majority of the bugs reported via the security team are just regular bugs that have been improperly qualified as security bugs due to a lack of awareness of the Linux kernel's threat model."

"So just to make it really clear," Torvalds said at the end of his post. "If you found a bug using AI tools, the chances are somebody else found it too.

"If you actually want to add value, read the documentation, create a patch
too, and add some real value on *top* of what the AI did. Don't be the
drive-by 'send a random report with no real understanding' kind of
person. Ok?"

[ Read more of this story ]( https://linux.slashdot.org/story/26/05/18/0238214/linus-torvalds-ai-detected-bug-reports-make-kernel-security-list-almost-entirely-unmanageable?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

America's Library of Congress "is preserving a little piece of Hell," jokes Engadget, "by inducting the soundtrack to the original Doom into the National Recording Registry."

The album of demon-slaying tracks is joined by several other notable 2026 additions to the registry, like Weezer's self-titled debut album (colloquially known as "The Blue Album"), Taylor Swift's "1989," Beyonce's "Single Ladies (Put a Ring On It) and the original "Mambo No. 5."

"Doom" was created by Bobby Prince, a freelance composer who worked on lots of id Software games, and also scored Doom's '90s rival Duke Nukem 3D. The soundtrack draws clear inspiration from metal bands, but also touches on techno and ambient music throughout its track list, making for an eclectic soundscape for tearing through enemies. That it all fits together is also impressive in its own right: All of the music for Doom was written before the game had completed levels to play through, according to Prince.

The official announcement from the Library of Congress says Doom "brought a heavy metal energy to MS-DOS systems across the globe," while also pioneering first-person shooter videogames.

"Key to Doom's popularity was the adrenaline-fueled soundtrack created by freelance video game music composer Bobby Prince. Prince, a lifelong musician and practicing lawyer, was fascinated by the MIDI technology that rose in prominence in the mid-1980s as a means for instrument control and composition... For "Doom," Prince took inspiration from a pile of CDs loaned by the game's chief designer, John Romero, including seminal works by Alice in Chains, Pantera and Metallica.

Despite the limitations of the 1993-era sound card drivers, Prince composed the perfect riff-shredding accompaniment for the game's demon-slaying journey to hell and back. Taking advantage of his knowledge of MIDI, Prince even worked to ensure that the sound effects he created could cut through the music by assigning them to different MIDI frequencies.

[ Read more of this story ]( https://games.slashdot.org/story/26/05/18/0130213/americas-library-of-congress-officially-inducts-the-soundtrack-for-the-videogame-doom?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Today former Google CEO Eric Schmidt "was booed multiple times," reports NBC News, "while discussing AI during a commencement speech at the University of Arizona."

Schmidt had started by remembering how computer platforms "gave everyone a voice" but also "degraded the public square... They rewarded outrage. They amplified our worst instincts. They coarsen the way we speak to each other, and that way, and in the way that we treat each other, is in the essence of a society." But then Schmidt "drew a parallel between artificial intelligence and the transformative impact of the computer — and was immediately met with boos."
"I know what many of you are feeling about that. I can hear you," Schmidt said, addressing the crowd as many continued to boo him. "There is a fear ... there is a fear in your generation that the future has already been written, that the machines are coming, that the jobs are evaporating, that the climate is breaking, that politics is fractured, and that you are inheriting a mess that you did not create, and I understand that fear."
He went on to argue that the future remains unwritten and that the graduating class of 2026 has real power to shape how AI develops — a claim that drew further disapproval from parts of the audience...
He closed by congratulating the class and offering them closing words. "The future is not yet finished. It is now your turn to shape it."

404 Media shared a video on YouTube of the crowd's booing — and what Schmidt said that provoked them:

SCHMIDT: "If you don't care about science that's okay because AI is going to touch everything else as well. [Very loud booing] Whatever path you choose, AI will become part of how work is done..."
"You can now assemble a team of AI agents to help you with the parts that you could never accomplish on your own. [Loud booing] When someone offers you a seat on the rocket ship, you do not ask which seat. You just get on... The rocket ship is here."

[ Read more of this story ]( https://slashdot.org/story/26/05/17/2343248/former-google-ceo-eric-schmidt-booed-during-graduation-speech-about-ai?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

160 miles north of New York City, a man was convicted of manslaughter "with the help of license plate reader technology," reports a local news station. In the small town of Troy (population: 51,000), the mayor described the cameras as "a critical tool" in that investigation. But locals and city officials "have raised concerns about who can access the data collected locally, along with data security, privacy invasions and use by federal authorities, including U.S. Immigration and Customs Enforcement, reports WNYT:

When Troy's contract came up for renewal, Mayor Carmella Mantello wanted to keep paying Flock and the council paused payments. The mayor then issued a public safety emergency declaration to keep the license plate readers active. The council has filed a lawsuit to overturn that..."If this illegal emergency order is left unchallenged, we give this mayor and any future mayor regardless of their political party or ideology, unchecked authority to issue an emergency declaration whenever they disagree with the council on any issue," [said Troy council president Sue Steele].

"The technology that's in place today is not the technology of six years ago," council president Steele told another local news station. "We have AI, we have rapidly changing and advancing technology. So that begs the need for regulations to protect certain data." The American Civil Liberties Union warns that Flock will use AI to let law enforcement search its trove of videos.

But "Listen, if it was infringing on people's rights, people's liberties, we'd be the first to get rid of it. We have safeguards in place," [mayor] Mantello responded. Mantello noted that data captured by Troy's Flock cameras is only being shared with other local municipalities.
Steele said the data had been shared nationally until she and other elected officials raised concerns. "As far as sharing with local law enforcement, that's necessary in the normal course of investigations. The concern is what Flock does with this data: sharing it with ICE, for instance, and other nefarious outlets," Steele said.
As the debate continues over the small city's 26 Flock cameras, a columnist in Albany wrote that "it's a good thing. We should be asking questions about the growing surveillance state. We should be debating whether this is the future we want."

As the American Civil Liberties Union noted, [Flock] has quietly built a broad mass-surveillance infrastructure, with cameras installed in 5,000 communities around the country, and is continually expanding how that network is used. Did we ask for that? Did we vote for it? Not really. The cameras have been installed in municipality after municipality, mostly with little discussion or controversy, which makes us like the proverbial frogs who didn't notice the water getting warmer until it was boiling. Suddenly, surveillance cameras are everywhere; we're always being watched...

[T]he City Council's Democratic majority is considering legislation that, among other steps, would require that data collected by the cameras be generally deleted after 48 hours and that the city be more transparent about how the cameras are used.
The controversy and pushback continues to draw local coverage. The mayor complains the proposed rules restricts the cameras "almost exclusively to cases involving individuals with outstanding felony arrest warrants or situations where officers can determine in advance that an incident will result in a felony charge... This is beyond reckless."

But the Albany columnist still argues many of America's Flock cameras are unnecessary and are "being installed just because... It's worth considering where this might lead and whether the future we're installing is the future we want."

[ Read more of this story ]( https://yro.slashdot.org/story/26/05/17/2236232/small-town-fights-over-flocks-ai-enhanced-network-of-license-plate-reading-cameras?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Forbes describes it as "definitely already out there, and under active exploitation according to the U.S. Cybersecurity and Infrastructure Security Agency, urging all organizations to prioritize timely remediation as the attack vector poses a significant risk."

"We have issued CVE-2026-42897 to address a spoofing vulnerability affecting Exchange Outlook Web Access (OWA)," Microsoft told SecurityWeek. "We recommend customers enable EEMS to be better protected, and to follow our guidance available here."

Microsoft this week patched 137 vulnerabilities with its Patch Tuesday updates and the cybersecurity industry was surprised to see that the latest updates did not address any zero-days. However, a zero-day was disclosed just 48 hours later, on May 14... described as a spoofing and XSS issue affecting Exchange Server Subscription Edition, 2016, and 2019. "Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network," Microsoft said in its advisory.
The company noted that the vulnerability affects Exchange Outlook Web Access (OWA) and an attacker can exploit it by sending a specially crafted email to the targeted user. "If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context," Microsoft explained.

CSO Online shares more details. "Admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service."

- OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client.
- Inline images might not display correctly in the recipient's OWA reading pane. As a workaround, send images as email attachments or use Outlook Desktop client...

- Admins may get a message saying "Mitigation invalid for this Exchange version." in mitigation details. This issue is cosmetic and the mitigation does apply successfully if the status is shown as "Applied". Microsoft is investigating how to address this glitch.

Forbes notes "It's been something of a rough few days for Microsoft Exchange on the security vulnerability front," since this week also saw a zero-day demonstrated at the Pwn2Own Berlin hacking event, "which has been responsibly disclosed and not released into the wild."

The Berlin event got off to a flying start on May 14 as Windows 11 was hit by no less than three zero-day exploits. On day two, hacking teams were no less successful, chaining together three new vulnerabilities in Microsoft Exchange in order to achieve the holy grail of SYSTEM-level remote code execution. Such was the level of this achievement that Orange Tsai from the DEVCORE Research Team was rewarded with a $200,000 bounty payment in return for immediately handing over all the technical details to the event organizers.

"This is, in fact, good news," Forbes writes, since "full details of the vulnerabilities underlying the exploits, along with the technical nature of the exploit code itself, will be handed over to Microsoft, which will then have 90 days to provide a fix before any details are made public."

[ Read more of this story ]( https://it.slashdot.org/story/26/05/17/2053257/microsoft-exchange-server-vulnerability-actively-exploited-in-a-bad-week-for-microsoft?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликовано: Sun, 17 May 2026 21:00:15 GMT
Канал: Все статьи подряд / Робототехника / Хабр

Продолжаем приближать ИИ доступный для всех (ну или восстание машин, как повезет). Продвигаем нейропанк, короче.На этот раз будем пробовать обучить компактную открытую языковую модель на 270 млн параметров от Google управлять гусеничным роботом с робо-рукой, пока чисто в симуляции. Читать далее]]>

https://habr.com/ru/articles/1034902/

"We may have accidentally detected dark matter back in 2019," writes ScienceAlert.

"What if instead of trying to see dark matter, scientists attempted to hear it instead?" asks Space.com:
New research suggests dark matter could leave a tiny but discernible imprint in the cacophony of ripples in spacetime called "gravitational waves" that ring through the cosmos when two black holes slam together and merge... Fortunately, when it comes to detecting gravitational waves from colliding black holes, humanity's instruments, such as LIGO (Laser Interferometer Gravitational-Wave Observatory), are getting more and more sensitive all the time...

Vicente and colleagues searched through data gathered by LIGO and its fellow gravitational wave detectors, KAGRA (Kamioka Gravitational Wave Detector) and Virgo, focusing on 28 of the clearest signals from merging black holes. Of these, 27 appeared to have come from mergers that occurred in the relative vacuum of space. One signal, however, GW190728, first heard on July 19, 2019, and the result of merging binary black holes with a combined mass of 20 times that of the sun and located an estimated 8 billion light-years away, seemed to carry the telltale trace of this merger occurring in a region of dense, "buttery" dark matter.

The team behind this research is quick to point out that this can't be considered a positive detection of dark matter, but does say it gives us a hint at what to look for and thus where to direct follow-up investigations... "We know that dark matter is around us. It just has to be dense enough for us to see its effects," said team leader Josu Aurrekoetxea, of the Massachusetts Institute of Technology (MIT) Department of Physics. "Black holes provide a mechanism to enhance this density, which we can now search for by analyzing the gravitational waves emitted when they merge."

They published their results this week in the journal Physical Review Letters.

[ Read more of this story ]( https://science.slashdot.org/story/26/05/17/198215/we-still-cant-see-dark-matter-but-what-if-we-can-hear-it?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Джаспер Нюйенс (Jasper Nuyens), основатель организации Linux Belgium, создавший надстройку для использования Linux в информационной системе автомобилей Tesla, предложил простой способ снизить поверхность атаки на ядро Linux для снижения вероятности компрометации на фоне всплеска выявления опасных уязвимостей при помощи AI. Так как многие уязвимости, как правило, находят в специфичных модулях ядра, доступных для автозагрузки, но обычно не применяемых большинством пользователей, Джаспер предложил по умолчанию блокировать неиспользуемые в текущей системе или в общем виде редко используемые модули.

https://www.opennet.ru/opennews/art.shtml?num=65466

Test scores "are lower than they were a decade ago in school districts across the U.S.," reports Times magazine, citing new data released Wednesday by Stanford researchers. "Reading scores were down roughly 0.6 grades in 2025 compared to 2015, and math scores were down about 0.4 grades. This means that students were 60% of one school year behind where their peers were in reading a decade earlier and 40% of one school year behind in math."

But Stanford's announcement notes that America's schools "were in a 'learning recession' for seven years before the COVID-19 pandemic, with student test scores in math and reading on a steady decline since 2013."

This reversal ended two decades of progress, according to Sean Reardon, the Professor of Poverty and Inequality at Stanford Graduate School of Education, whose data forms the backbone of the new research... The study reframes the narrative of pandemic-era learning loss, arguing that the crisis of the last few years was an acceleration of a problem that was already underway. "The pandemic was the mudslide that followed seven years of erosion in student achievement," said Professor Tom Kane, faculty director of the Center for Education Policy Research at Harvard University, and a lead author of the report...

The study found that the slowdown in learning coincided with two major shifts in American childhood and education policy: the widespread dismantling of test-based accountability systems that defined the No Child Left Behind era and the rise of social media use among young people. Reading scores, in particular, suffered consistently, with the average annual loss in the years just before the pandemic being just as large as the loss during it... Today, 8th-grade reading scores on national assessments are at their lowest point since 1990.

Compounding the problem, chronic student absenteeism remains a major obstacle to improving learning. Though down from its pandemic peak, 23 percent of students were chronically absent in the 2024-25 school year, far above the pre-pandemic rate of 15 percent.

More context from Time magazine:

Reading scores were down roughly 0.6 grades in 2025 compared to 2015, and math scores were down about 0.4 grades. This means that students were 60% of one school year behind where their peers were in reading a decade earlier and 40% of one school year behind in math...
"The decline started around the time that social media's use among teens was exploding, and this was also occurring in a number of other countries," says Thomas Kane, one of the authors of the Educational Scorecard report and a professor at Harvard University... [H]e maintains that it is at the core of the decline in reading achievement. He points out that social media use was shown to be heaviest among the lowest achieving students.
"Some states and school districts are making progress," notes the Associated Press, "largely by shifting toward phonics-based instruction and providing extra support for struggling readers."

And "The picture is also brighter in math. Almost every state in the analysis saw improvements in math test scores from 2022 to 2025."

[ Read more of this story ]( https://news.slashdot.org/story/26/05/17/1729245/us-mathreading-scores-continue-13-year-decline-researchers-blame-reduced-testing-and-social-media?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shared this report from Electrek:
When Fisker Inc. filed for Chapter 11 bankruptcy in June 2024, it left roughly 11,000 Ocean SUV owners holding the keys to vehicles that cost them anywhere from $40,000 to $70,000 — and that were rapidly losing the software brains that made them work. No more over-the-air updates. No more connected services. No more warranty. The manufacturer was dead.

What happened next is one of the most remarkable stories in the history of the electric vehicle industry. Instead of accepting that their cars would become rolling paperweights, Fisker Ocean owners organized, reverse-engineered their vehicles' proprietary software, hacked into CAN bus networks, built open-source tools on GitHub, and effectively stood up a volunteer-run open-sourced car company from the ashes of Fisker...

Within months of the bankruptcy filing, thousands of Ocean owners formed the Fisker Owners Association (FOA) — a nonprofit that quickly grew to 4,000 members and began operating as something between a car club, a tech startup, and an independent automaker. The FOA hired independent tech experts who began reverse-engineering Fisker's proprietary software patches. Members taught each other how to flash firmware. They organized bulk purchases of replacement parts — negotiating the price of key fobs down from roughly $1,000 each to a fraction of that through coordinated group buys. They hosted free global key fob pairing events, saving each owner $100 to $250...

What started as desperate troubleshooting has evolved into a genuine open-source ecosystem around the Fisker Ocean. On GitHub, a developer named MichaelOE reverse-engineered the API behind Fisker's official "My Fisker" mobile app and built a Home Assistant integration that exposes every cloud API value as a sensor — with all the app's buttons available as Home Assistant controls... [Community members have also been systematically mapping CAN bus files.]

The article noes this "is not an isolated incident. Nikola also filed for bankruptcy, leaving its owners in a similar bind. Canoo and Arrival are headed for liquidation auctions..."

Consumer advocates are now pushing for structural changes: mandatory software escrow funds that would keep vehicle software running even if the manufacturer disappears, open-source mandates in bankruptcy proceedings, and shared repair data requirements... European automakers, meanwhile, are moving in a different direction entirely — Volkswagen, BMW, Mercedes-Benz, and eight suppliers signed a memorandum in 2025 to develop a shared open-source automotive software platform....

The Fisker Owners Association has proven that a dedicated community can keep orphaned EVs on the road. But they shouldn't have had to... [O]wners shouldn't need to become hackers and parts brokers and quasi-manufacturers just to keep driving the cars they already paid for.

[ Read more of this story ]( https://tech.slashdot.org/story/26/05/16/2318249/how-owners-of-evs-from-bankrupt-fisker-saved-their-cars-with-an-open-source-nonprofit?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликовано: Sun, 17 May 2026 17:32:38 GMT
Канал: Все статьи подряд / Робототехника / Хабр

Теперь, когда в вашей клиентской библиотеке появились сообщения, можно перейти к созданию ROS2 ноды и связанных с ней элементов (издателей, сервисов и т.п.). На самом деле процесс добавления этих элементов мало отличается от создания обёртки для таймера, описанный в первой части, поскольку всё сводится к надстройке над функциями библиотеки rcl. Поэтому я не буду рассматривать их подробно, а остановлюсь только на отдельных особенностях. Читать далее]]>

https://habr.com/ru/articles/1036138/

Состоялся выпуск Memtest86+ 8.10, свободной автономной программы для проверки оперативной памяти, распространяемой под лицензией GNU GPLv2. Проект подчёркивает, что Memtest86+ не является редакцией закрытого freemium-продукта MemTest86 от PassMark, а развивается как отдельная свободная ветка.

[ Memtest86+ ]( https://github.com/memtest86plus/memtest86plus/ ) запускается отдельно от установленной операционной системы — напрямую через BIOS/UEFI или через загрузчик, поддерживающий протоколы загрузки Linux. Такой режим позволяет тестировать почти всю доступную память, не завися от ядра, драйверов и пользовательского окружения основной системы. Проект поддерживает x86, x86-64 и LoongArch64.

( [ читать дальше... ]( https://www.linux.org.ru/news/opensource/18295253#cut ) )

Long-time Slashdot reader internet-redstar shares an interestging response to "the recent wave of Linux kernel privilege escalation vulnerabilities like 'Copy Fail' and 'Dirty Frag'":

Belgian Linux sysadmin and Tesla Hacker "Jasper Nuyens" got tired of the idea of manually blacklisting dozens or even hundreds of obscure kernel modules across large fleets of Linux systems in the near future.
So he wrote ModuleJail, a GPLv3 shell script that scans a running Linux system and automatically blacklists currently unused kernel modules, reducing kernel attack surface without requiring a reboot. The idea is simple: many modern Linux privilege escalation bugs target obscure or rarely used kernel functionality that is still enabled by default on servers that do not actually need it. ModuleJail works across major distributions including Debian, Ubuntu, RHEL, Fedora, AlmaLinux and Arch Linux, generating 1 modprobe blacklist rules file while preserving commonly-used modules.

Nuyens argues that the increasing speed of AI-assisted vulnerability discovery will likely turn kernel hardening and attack surface reduction into a much bigger operational priority for sysadmins over the next few weeks and months.

[ Read more of this story ]( https://news.slashdot.org/story/26/05/16/2110220/sysadmin-creates-modulejail-to-automatically-blacklist-unused-kernel-modules?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Are statistical programmers coalescing around a handful of popular languages? That's the question asked by the CEO of software assessment site TIOBE, which every month estimates the popularity of programming languages based on their frequency in search results:

This month, the programming language R matched its all-time high by reaching position #8 in the TIOBE index once again. This is not a coincidence. The statistical programming language market is clearly undergoing a major consolidation. The biggest winners are Python and R, while many long-established alternatives continue to lose momentum. The era in which the statistical computing landscape was fragmented across many niche languages and platforms appears to be coming to an end.
Several established players are steadily declining:
— MATLAB is close to dropping out of the TIOBE top 20.
— SAS is about to leave the top 30 for the first time since the TIOBE index began.
— Wolfram/Mathematica remains well below its historical peak and is losing further ground.

— SPSS dropped out of the top 100 last month....

Elsewhere in the index, Java and C++ swapped positions this month. Java gained momentum following the successful release of Java 26. Another notable riser is Zig, which is approaching the TIOBE top 30 for the first time. Zig's growing popularity appears to be driven by its rare combination of low-level performance, straightforward tooling, and relative ease of use compared to traditional systems programming languages.
Their estimate for the most popular programming languages in May:

PythonCJavaC++C#JavaScriptVisual BasicRSQLDelphi/Object Pascal
The five next most popular languages on their rankings are Fortran, Scratch, Perl, PHP, and then Rust at #15. Rust is up for positions from May of 2025 — while Go has dropped to #16, seven ranks lower than its May 2025 position of #7.

[ Read more of this story ]( https://developers.slashdot.org/story/26/05/17/0252216/python-stays-1-r-rises-in-popularity-says-tiobe?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"Most of the plastic waste in California is about to lose the recycling symbol," writes the Washington Post's "climate coach."

The "chasing arrows" symbol, created in 1970 by a college student inspired by the burgeoning environmental movement, has been stamped indiscriminately on plastic bottles, clamshell takeout containers, chip bags and more for decades. The majority of the items emblazoned with the mark have been virtually impossible to recycle for most people. California lawmakers say they want to end the charade: Under what's known as the Truth in Recycling law, plastics cannot use the symbol if they aren't collected by curbside programs serving 60% of Californians and sorted by facilities serving 60% of the state's recycling programs (with some additional requirements). If the law goes into effect as scheduled on October 4, more than half of the types of plastic packaging and products sold in the state can no longer carry the chasing arrows logo. That will affect plastic films, foam, PVC and mixed plastics...

Food and packaging groups have sued the state of California, calling the law a form of censorship whose vague restrictions violate the First Amendment and due process rights.... Advocates of the law counter that corporations deliberately misled the public by turning the recycling symbol into a marketing device that masks the fact that only a small fraction of plastic packaging is ultimately recycled... The mark was originally intended to informwaste processors what polymers a plastic item was made from. But the public reasonably assumed anything stamped with the symbol was recyclable. Millions of tons of worthless plastic trash have since poured into recycling facilities unable to process it....

States are now taking action. Seven have passed laws shifting the cost of recycling onto packaging makers. Oregon and Washington have lifted requirements that plastic containers carry the chasing arrows symbol.

The article notes that
Norway already recovers 97% of beverage bottles, while Slovakia recycles 60% of plastic packaging. "But the U.S. only recovers about a third of its PET and HDPE bottles, and just 13% of plastic packaging, according to U.S. Plastics Pact, an industry-led forum.

"It won't be easy for the U.S. to reach higher levels of recycling: The necessary infrastructure and incentives are chronically underfunded, no federal mandate exists for minimum-recycled-content that would create demand and a mix of mostly unrecyclable hydrocarbons still dominates the waste stream."

[ Read more of this story ]( https://news.slashdot.org/story/26/05/16/0544201/california-law-limits-recycling-logo-in-new-attack-on-plastic-waste?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

C использованием AI-ассистента подготовлен набор патчей, настроек, скриптов и DLL-библиотек с реализацией заглушек недостающих функций, позволяющих запустить программу обработки фотографий Adobe Lightroom CC (не путать с Lightroom Classic) в Linux при помощи Wine 11.8 и DXVK. Также возможен запуск приложения Creative Cloud для подключения к облаку Adobe, отображения панели приложений и установки Adobe Lightroom CC и других программ Adobe.

https://www.opennet.ru/opennews/art.shtml?num=65465

Опубликовано: Sun, 17 May 2026 14:05:05 GMT
Канал: Все статьи подряд / Робототехника / Хабр

Привет, Хабр! Сегодня поговорим о том, как роботы работают с предметами в реальной жизни. Современные роботы умеют выполнять множество простых операций, но терпят катастрофический провал в задачах, требующих понимания трехмерных пространственных отношений и физической осуществимости действий. Попробуем разобраться, как с помощью vision-language models (VLM) роботы учатся работать с предметами в пространстве. Читать далее]]>

https://habr.com/ru/companies/ru_mts/articles/1035508/

Опубликовано: Sun, 17 May 2026 14:21:58 GMT
Канал: Все статьи подряд / DIY или Сделай сам / Хабр

TL;DR. Мы выкатили открытый бенчмарк MELT-1 — он меряет не сколько модель знает в идеальных условиях (MMLU & co), а сколько она проживёт под дрифтом распределения и сколько стоит держать её живой. Три оси: $/1M успешных решений, часы до деградации без ретрейна, p99-латентность сенсор→актуатор под 40 °C. 30 суток непрерывного инференса, 5 сидов, два температурных профиля, sensitivity-анализ. На closed-loop manipulation наш агент (Metabolic AI, non-transformer) против Llama-class 7B INT8 показал 9.4× по стоимости, 8.5× по выживанию под дрифтом, ~1600× композитно. Архитектура закрыта — патент на стадии экспертизы. Бенч открытый: харнесс, сцены, оракул, sensitivity-скрипты, опубликованный VAE-энкодер дрифта. Прогоните своих агентов и положите рядом. PDF с полной методологией и threats to validity — в конце статьи. Посмотреть]]>

https://habr.com/ru/articles/1036098/

Опубликовано: Sun, 17 May 2026 13:32:25 GMT
Канал: Все статьи подряд / Assembler / Хабр

SectorOS - это небольшая операционная система (далее для удобства я буду писать "ось"), написанная на ассемблере x8086, умеющая запускать пользовательские программы, и предоставляющая для этих программ минимальный интерфейс взаимодействия со своей собственной файловой системой - SFS. Да ну, не верю, покажи]]>

https://habr.com/ru/articles/1033370/

Опубликовано: Sun, 17 May 2026 13:32:25 GMT
Канал: Все статьи подряд / Assembler / Хабр

SectorOS - это небольшая операционная система (далее для удобства я буду писать "ось"), написанная на ассемблере x8086, умеющая запускать пользовательские программы, и предоставляющая для этих программ минимальный интерфейс взаимодействия со своей собственной файловой системой - SFS. Да ну, не верю, покажи]]>

https://habr.com/ru/articles/1033370/

xAI has launched Grok Build, "a coding agent of its own to serve as competitor to its rivals' products, such as Anthropic's Claude Code," reports Engadget:

As Bloomberg notes, xAI has been trying to catch up to its rival companies like Anthropic and OpenAI. Elon Musk, the company's founder and CEO, previously admitted that it has fallen behind its competitors when it comes to coding. A couple of months ago, Musk said he was rebuilding xAI "from the foundations up" after several co-founders had left the company. One of the company's executives reportedly told staffers to work on getting Grok to match Claude's performance across various tasks.

More details from PCMag:

Grok Build is currently available in beta to those with a SuperGrok Heavy subscription, which starts at $300 per month. Just download it from the xAI website and log in. It's described as "a powerful new coding agent and CLI for professional software engineering and complex coding work." In its early version, xAI is seeking feedback and looking to fix any bugs... Only a few features have been highlighted, including a plan mode that lets you review, edit, and approve a plan before execution, and support for existing plug-ins and workflows.

[ Read more of this story ]( https://developers.slashdot.org/story/26/05/17/0214254/elon-musks-xai-launches-grok-build-its-first-ai-coding-agent?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Вышла 29 версия функционального языка программирования Erlang, применяемого для разработки распределённых приложений, обеспечивающих высокую надежность и параллельную обработку в режиме реального времени. Язык широко используется в таких областях, как телеком, банкинг, электронная коммерция, компьютерная телефония и мессенджеры (WhatsApp).

Вместе с языком до версии 29 обновилась платформа OTP (Open Telecom Platform) – сопутствующий набор библиотек и компонентов.

Некоторые новшества:

• В JIT-компиляторе улучшена генерация машинного кода для сопоставления и создания бинарных данных с несколькими little-endian сегментами.

• В библиотеке SSL в конфигурации по умолчанию выставлен наиболее приоритетным гибридный алгоритм обмена ключами «x25519mlkem768», стойкий к подбору на квантовом компьютере и представляющий собой комбинацию из X25519 ECDH и алгоритма ML-KEM (CRYSTALS-Kyber).

• Добавлен атрибут «-unsafe» для пометки функций небезопасными (unsafe). В библиотеке Erlang/OTP подобные функции помечены и для них компилятор теперь выдаёт предупреждение. Добавлена возможность отслеживания через xref вызова unsafe-функций и функций без документации.

<p class="tags"> подробности

https://www.linux.org.ru/news/development/18295035

Computer Weekly reports on "the long-awaited reform of Britain's outdated Computer Misuse Act of 1990 — which has hamstrung the work of the nation's cyber security professionals and researchers for years."

The Computer Misuse Act was passed 35 years ago in response to a high-profile hacking incident involving no less than the King's father, the late Duke of Edinburgh. It defined the offence of unauthorised access to a computer — which has been used successfully in countless cyber crime prosecutions over the years. However, as the cyber security landscape has developed into its current form, this language has become increasingly vague and for some years now, a growing number of bona fide security professionals have been arguing that it potentially criminalises their work because from time to time, they may need to gain covert access to IT systems in the course of legitimate research.
Speaking to Computer Weekly in 2025, Belfast-based security consultant Simon Whittaker described how the police showed up at his front door after his research was erroneously implicated in the infamous WannaCry incident of 2017... Sabeen Malik, vice-president for global government affairs and public policy at Rapid7, added: "As AI-driven vulnerability discovery scales, defenders need to run automated scanning, agentic red-teaming, and large-scale vuln research at machine speed — activities the 1990 Computer Misuse Act's broad unauthorised-access provisions were never designed to accommodate, leaving UK researchers exposed to criminal risk for work their adversaries face no equivalent friction performing."

The reforms are part of a new bill that's "enhancing the powers available to law enforcement and the security services," according to the article. It points out that the U.K. government also intends "to create a Cyber Crime Risk Order that can be applied to control the behaviour of cyber criminals, and new abilities to search people believed to be concealing evidence on behalf of suspected offenders."

It's all part of a proposed bill "designed to make the UK a harder target for hostile foreign states and other dangerous groups to attack."

[ Read more of this story ]( https://news.slashdot.org/story/26/05/16/1854222/the-uk-finally-starts-reforming-its-computer-misuse-act?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

TOP20 VISITORS:

[1] Amazon point=0 web=623 up=7.3MB (27%)
[2] PetalBot point=7 web=1061 up=5.8MB (21%) <--- PetalBot
[3] 37.252.14.x point=144 web=0 up=2.4MB (9%) <--- ake (6/hr)
[4] TikTok point=0 web=135 up=1.6MB (6%)
[5] 217.114.158.x point=25 web=0 up=1.1MB (4%) <--- fox (1/hr)
[6] Google point=0 web=159 up=1.0MB (3%)
[7] 216.244.66.x point=0 web=44 up=0.9MB (3%)
[8] 104.250.53.x point=0 web=137 up=0.9MB (3%)
[9] 147.135.215.x point=0 web=1 up=0.5MB (1%)
[10] 135.181.213.x point=0 web=1 up=0.4MB (1%)
[11] 42.200.231.x point=0 web=1 up=0.3MB (1%)
[12] 88.134.110.x point=0 web=1 up=0.3MB (1%)
[13] 51.195.103.x point=0 web=2 up=0.2MB (<1%)
[14] 38.242.239.x point=0 web=1 up=0.2MB (<1%)
[15] 95.217.109.x point=0 web=1 up=0.2MB (<1%)
[16] 65.108.125.x point=0 web=1 up=0.2MB (<1%)
[17] 217.182.194.x point=0 web=1 up=0.2MB (<1%)
[18] 104.250.52.x point=0 web=25 up=0.1MB (<1%)
[19] Facebook point=0 web=16 up=0.1MB (<1%)
[20] 54.37.252.x point=0 web=1 up=0.1MB (<1%)

TOTAL TRAFFIC: 26MB