Since 2023 the Python Software Foundation has had a Security Developer-in-Residence (sponsored by the Open Source Security Foundation's vulnerability-finding "Alpha-Omega" project). And he's just published a new 11-page white paper about open source's "phantom dependencies" problem — suggesting a way to solve it.

"Phantom" dependencies aren't tracked with packaging metadata, manifests, or lock files, which makes them "not discoverable" by tools like vulnerability scanners or compliance and policy tools. So Python security developer-in-residence Seth Larson authored a recently-accepted Python Enhancement Proposal offering an easy way for packages to provide metadata through Software Bill-of-Materials (SBOMs). From the whitepaper:

Python Enhancement Proposal 770 is backwards compatible and can be enabled by default by tools, meaning most projects won't need to manually opt in to begin generating valid PEP 770 SBOM metadata. Python is not the only software package ecosystem affected by the "Phantom Dependency" problem. The approach using SBOMs for metadata can be remixed and adopted by other packaging ecosystems looking to record ecosystem-agnostic software metadata...

Within Endor Labs' [2023 dependencies] report, Python is named as one of the most affected packaging ecosystems by the "Phantom Dependency" problem. There are multiple reasons that Python is particularly affected:

- There are many methods for interfacing Python with non-Python software, such
as through the C-API or FFI. Python can "wrap" and expose an easy-to-use
Python API for software written in other languages like C, C++, Rust, Fortran,
Web Assembly, and more.
- Python is the premier language for scientific computing and artificial
intelligence, meaning many high-performance libraries written in system
languages need to be accessed from Python code.

- Finally, Python packages have a distribution type called a "wheel", which is
essentially a zip file that is "installed" by being unzipped into a directory,
meaning there is no compilation step allowed during installation. This is great
for being able to inspect a package before installation, but it means that all
compiled languages need to be pre-compiled into binaries before installation...

When designing a new package metadata standard, one of the top concerns is reducing the amount of effort required from the mostly volunteer maintainers of packaging tools and the thousands of projects being published to the Python Package Index... By defining PEP 770 SBOM metadata as using a directory of files, rather than a new metadata field, we were able to side-step all the implementation pain...
We'll be working to submit issues on popular open source SBOM and vulnerability scanning tools, and gradually, Phantom Dependencies will become less of an issue for the Python package ecosystem.

The white paper "details the approach, challenges, and insights into the creation and acceptance of PEP 770 and adopting Software Bill-of-Materials (SBOMs) to improve the measurability of Python packages," explains an announcement from the Python Software Foundation. And the white paper ends with a helpful note.

"Having spoken to other open source packaging ecosystem maintainers, we have come to learn that other ecosystems have similar issues with Phantom Dependencies. We welcome other packaging ecosystems to adopt Python's approach with PEP 770 and are willing to provide guidance on the implementation."

[ Read more of this story ]( https://developers.slashdot.org/story/25/08/11/025214/how-python-is-fighting-open-sources-phantom-dependencies-problem?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Last week saw the 80th anniversary of a turning point in World War II: the day America dropped an atomic bomb on Hiroshima.

"Twelve men were on that flight..." remembers the online magazine Mental Floss, adding "Almost all had something to say after the war."

The group was segregated from the rest of the military and trained in secret. Even those in the group only knew as much as they needed to know in order to perform their duties. The group deployed to Tinian in 1945 with 15 B-29 bombers, flight crews, ground crews, and other personnel, a total of about 1770 men. The mission to drop the atomic bomb on Hiroshima, Japan (special mission 13) involved seven planes, but the one we remember was the Enola Gay.
Air Force captain Theodore "Dutch" Van Kirk did not know the destructive force of the nuclear bomb before Hiroshima. He was 24 years old at that time, a veteran of 58 missions in North Africa. Paul Tibbets told him this mission would shorten or end the war, but Van Kirk had heard that line before. Hiroshima made him a believer. Van Kirk felt the bombing of Hiroshima was worth the price in that it ended the war before the invasion of Japan, which promised to be devastating to both sides. " I honestly believe the use of the atomic bomb saved lives in the long run. There were a lot of lives saved. Most of the lives saved were Japanese."
In 2005, Van Kirk came as close as he ever got to regret. "I pray no man will have to witness that sight again. Such a terrible waste, such a loss of life..."
Many of the other crewmembers also felt the bomb ultimately saved lives.
The Washington Post has also published a new oral history of the flight after it took off from Tinian Island. The oral history was assembled for a new book published this week titled The Devil Reached Toward the Sky: An Oral History of the Making and Unleashing of the Atomic Bomb..

Col. Paul W. Tibbets, lead pilot of the Enola Gay: We were only eight minutes off the ground when Capt. William S. "Deak" Parsons and Lt. Morris R. Jeppson lowered themselves into the bomb bay to insert a slug of uranium and the conventional explosive charge into the core of the strange-looking weapon. I wondered why we were calling it ''Little Boy." Little Boy was 28 inches in diameter and 12 feet long. Its weight was a little more than 9,000 pounds. With its coat of dull gunmetal paint, it was an ugly monster...

Lt. Morris R. Jeppson, crew member of the Enola Gay: Parsons was second-in-command of the military in the Manhattan Project. The Little Boy weapon was Parsons's design. He was greatly concerned that B-29s loaded with conventional bombs were crashing at the ends of runways on Tinian during takeoff and that such an event could cause the U-235 projectile in the gun of Little Boy to fly down the barrel and into the U-235 target. This could have caused a low-level nuclear explosion on Tinian...
Jeppson: On his own, Parsons decided that he would go on the Hiroshima mission and that he would load the gun after the Enola Gay was well away from Tinian.
Tibbets: That way, if we crashed, we would lose only the airplane and crew, himself included... Jeppson held the flashlight while Parsons struggled with the mechanism of the bomb, inserting the explosive charge that would send one block of uranium flying into the other to set off the instant chain reaction that would create the atomic explosion.

The navigator on one of the other six planes on the mission remember that watching the mushroom cloud, "There was almost complete silence on the flight deck. It was evident the city of Hiroshima was destroyed."

And the Enola Gay's copilot later remembered thinking: "My God, what have we done?"

[ Read more of this story ]( https://tech.slashdot.org/story/25/08/11/0518238/how-12-enola-gay-crew-members-remember-dropping-the-atomic-bomb?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Wedneday Beyond Meat "missed Wall Street estimates for second-quarter revenue," reports Reuters.
"Consumers' growing concerns about processed foods are severely diminishing the appeal of Beyond Meat's product line, causing retailers and quick service restaurants to pull back sharply on orders," Rachel Wolff, analyst at Emarketer, said.
Retail sales of refrigerated plant-based meat alternative products in the U.S. have fallen 17.2% so far this year, and frozen plant-based meat alternatives have fallen 8.1%, according to data from SPINS... [Beyond's] revenue for the quarter ended June 28 fell nearly 20% to $75 million, compared with analysts' average estimate of $82 million, according to data compiled by LSEG.

While the company arguably invented a new market for plant-based meat substitutes, it also "owns no real intellectual property," argues The Street. "And every company in the meat and grocery business (more or less) now sells a take-off of a product that already had limited appeal..."

Beyond Meat has admitted it's in trouble by hiring corporate restructuring expert John Boken from consultancy AlixPartners as interim chief transformation officer [with a focus that includes "operating expense reduction" and "broader operational efficiency"]. It has also let go of 44 employees in North America (6% of its global workforce) as it seeks to cut operating expenses amid disappointing sales... Beyond Meat also has a significant cash problem. As of June 28, 2025, Beyond Meat's cash and cash equivalents balance was $117.3 million, and total outstanding debt was $1.2 billion. The company does have time to fend off a Chapter 11 bankruptcy filing, but it also has limited, if any, prospects to meet its impending cash needs.

[ Read more of this story ]( https://science.slashdot.org/story/25/08/11/068247/as-demand-for-plant-based-meat-weakens-in-the-us-beyond-disappoints-wall-street?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

In 2020 a YouTube video used video footage of Steve Wozniak in a scam to steal bitcoin. "Some people said they lost their life savings," Wozniak tells CBS News, explaining why he sued YouTube in 2020 — and where his case stands now:

Wozniak's lawsuit against YouTube has been tied up in court now for five years, stalled by federal legislation known as Section 230. Attorney Brian Danitz said, "Section 230 is a very broad statute that limits, if not totally, the ability to bring any kind of case against these social media platforms."

"It says that anything gets posted, they have no liability at all," said Wozniak. "It's totally absolute."

Google responded to our inquiry about Wozniak's lawsuit with a statement from José Castañeda, of Google Policy Communications: "We take abuse of our platform seriously and take action quickly when we detect violations ... we have tools for users to report channels that are impersonating their likeness or business." [Steve's wife] Janet Wozniak, however, says YouTube did nothing, even though she reported the scam video multiple times: "You know, 'Please take this down. This is an obvious mistake. This is fraud. You're YouTube, you're helping dupe people out of their money,'" she said.

"They wouldn't," said Steve...

Today is Steve Wozniak's 75th birthday. (You can watch the interview here.) And the article includes this interesting detail about Woz's life today:

Wozniak sold most of his Apple stock in the mid-1980s when he left the company. Today, though, he still gets a small paycheck from Apple for making speeches and representing the company. He says he's proud to see Apple become a trillion-dollar company. "Apple is still the best," he said. "And when Apple does things I don't like, and some of the closeness I wish it were more open, I'll speak out about it. Nobody buys my voice!"

I asked, "Apple listen to you when you speak out?"

"No," Wozniak smiled. "Oh, no. Oh, no."

[ Read more of this story ]( https://yro.slashdot.org/story/25/08/10/1938248/its-steve-wozniaks-75th-birthday-whatever-happened-to-his-youtube-lawsuit?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.