Hackers are hiding malware inside DNS records, allowing malicious code to bypass security defenses that typically monitor web and email traffic. DomainTools researchers discovered the technique being used to host Joke Screenmate malware, with binary files converted to hexadecimal format and broken into chunks stored in TXT records across subdomains of whitetreecollective[.]com.

Attackers retrieve the chunks through DNS requests and reassemble them into executable malware. The method exploits a blind spot in security monitoring, as DNS traffic often goes unscrutinized compared to other network activity.

[ Read more of this story ]( https://it.slashdot.org/story/25/07/21/1739207/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Eric Schmidt, Google's former CEO, has a simple suggestion for young workers struggling to focus at work or relax: turn off your phone. Schmidt told the "Moonshots" podcast that researchers "can't think deeply" when their phones keep buzzing with notifications.

The tech veteran, who spent 10 years running Google and helped build Android's notification system, admitted the industry has worked to "monetize your attention" through constant ads and alerts.

[ Read more of this story ]( https://it.slashdot.org/story/25/07/21/1811221/former-google-ceo-tells-workers-turn-off-your-phone-to-focus?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликован выпуск библиотеки OpenAPV, предоставляющей эталонную реализацию видеокодека APV (Advanced Professional Video), предназначенного для профессиональной записи и обработки видео без потери качества. Код библиотеки написан на языке С и распространяется под лицензией BSD. Проект развивает организация Academy Software Foundation, учреждённая Академией кинематографических искусств (США) и организацией Linux Foundation с целью продвижение использования открытого ПО в процессе создания фильмов.

https://www.opennet.ru/opennews/art.shtml?num=63612

An anonymous reader shares a blog post: The International Mathematical Olympiad is the world's most prestigious competition for young mathematicians, and has been held annually since 1959. Each country taking part is represented by six elite, pre-university mathematicians who compete to solve six exceptionally difficult problems in algebra, combinatorics, geometry, and number theory. Medals are awarded to the top half of contestants, with approximately 8% receiving a prestigious gold medal.

Recently, the IMO has also become an aspirational challenge for AI systems as a test of their advanced mathematical problem-solving and reasoning capabilities. Last year, Google DeepMind's combined AlphaProof and AlphaGeometry 2 systems achieved the silver-medal standard, solving four out of the six problems and scoring 28 points. Making use of specialist formal languages, this breakthrough demonstrated that AI was beginning to approach elite human mathematical reasoning.

This year, we were amongst an inaugural cohort to have our model results officially graded and certified by IMO coordinators using the same criteria as for student solutions. Recognizing the significant accomplishments of this year's student-participants, we're now excited to share the news of Gemini's breakthrough performance. An advanced version of Gemini Deep Think solved five out of the six IMO problems perfectly, earning 35 total points, and achieving gold-medal level performance.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/21/198231/advanced-version-of-gemini-with-deep-think-officially-achieves-gold-medal-standard-at-the-international-mathematical-olympiad?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from the BBC: One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP -- a Northamptonshire transport company -- is just one of tens of thousands of UK businesses that have been hit by such attacks. Big names such as M&S, Co-op and Harrods have all been attacked in recent months. The chief executive of Co-op confirmed last week that all 6.5 million of its members had had their data stolen. In KNP's case, it's thought the hackers managed to gain entry to the computer system by guessing an employee's password, after which they encrypted the company's data and locked its internal systems. KNP director Paul Abbott says he hasn't told the employee that their compromised password most likely led to the destruction of the company. "Would you want to know if it was you?" he asks. "We need organizations to take steps to secure their systems, to secure their businesses," says Richard Horne CEO of the National Cyber Security Centre (NCSC) -- where Panorama has been given exclusive access to the team battling international ransomware gangs. A gang of hackers, known as Akira, broke into the company's system and demanded a payment to restore the data. "The hackers didn't name a price, but a specialist ransomware negotiation firm estimated the sum could be as much as 5 million pounds," reports the BBC. "KNP didn't have that kind of money. In the end all the data was lost, and the company went under."

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/21/1957210/weak-password-allowed-hackers-to-sink-a-158-year-old-company?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft is rolling out updates to the Xbox PC app and consoles that sync your cloud gaming history and progress across devices, making it easier to resume cloud-playable titles on PCs, handhelds, and other Xbox hardware. The Verge reports: Cloud-playable games are now starting to show inside play history or the library on the Xbox PC app. "This includes all cloud playable titles, even console exclusives spanning from the original Xbox to Xbox Series X|S, whether you own the title or access it through Game Pass," explains Lily Wang, product manager of Xbox experiences. Your recent games, including cloud ones, will soon follow you across devices -- complete with cloud-powered game saves. So if you played an Xbox game on your console that's not natively available on PC, it will still show up in your recent games list and be playable through Xbox Cloud Gaming on Windows.

Cloud-playable games on the Xbox PC app can be found from a new filter in the library section, and a new "play history" section will appear at the end of the "jump back in" list on the home screen of the Xbox PC app. "While the large tiles highlight games you've recently played on your current device, the play history tile shows games you've played across any Xbox device, making it easy to pick up where you left off," says Wang. This same play history section will appear on the main Xbox console interface, too -- which could mean we'll eventually see PC games listed here and playable through Xbox Cloud Gaming.

[ Read more of this story ]( https://games.slashdot.org/story/25/07/21/201226/xbox-cloud-games-will-soon-follow-you-across-xbox-pc-and-windows-handhelds?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

NVIDIA has released additional open-source header files for its Blackwell and Hopper GPU architectures, continuing its effort to support open-source drivers like Nouveau/NVK and the NOVA Rust driver. Phoronix reports: Last week NVIDIA open-sourced 12k lines of C header files for Blackwell GPUs to help in the open-source driver efforts, namely for Nouveau / NVK and the in-development NOVA Rust driver. On Friday they made public some additional header files for helping in the Blackwell and Hopper open-source driver enablement.

Following the previously-covered open-source header activity, on Friday this commit was pushed to their open-source documentation repository that provides Hopper and Blackwell DMA-copy class header files. [...] In turn the code has already been imported into Mesa Git.

[ Read more of this story ]( https://news.slashdot.org/story/25/07/21/207245/nvidia-makes-more-hopper-blackwell-header-files-open-source?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Reuters: Figma is targeting a fully-diluted valuation of up to $16.4 billion in its initial public offering, as the cloud-based design software firm prepares for a debut on the NYSE that could inject fresh momentum into a resurgent market for tech listings. The San Francisco-based company, along with some investors, is eyeing proceeds of up to $1.03 billion by selling nearly 37 million shares priced between $25 and $28 each, it said on Monday. The listing could be a major milestone for Figma, coming more than a year after its $20 billion sale to Adobe failed due to regulatory hurdles in Europe and the UK. Figma's IPO is expected to occur the week of July 28th, offering shares priced between $25 and $28. It'll trade under the symbol "FIG".

[ Read more of this story ]( https://slashdot.org/story/25/07/21/2016251/figma-aims-at-164-billion-valuation-as-tech-ipos-bounce-back?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Alaska Airlines and Horizon Air grounded all flights Sunday night due to a major IT outage, prompting a system-wide FAA ground stop that lasted until early Monday. Although operations have since resumed, passengers are still facing delays and residual disruptions. Gizmodo reports: The airline requested a system-wide ground stop from federal aviation authorities at about 11 p.m. ET on Sunday night. That stop remained in effect until around 2 a.m. ET Monday, when the Federal Aviation Administration confirmed it had been lifted. But disruptions didn't end there. Alaska warned passengers to brace for likely delays throughout the day. [...] The FAA's website listed the stop as applying to all Alaska Airlines aircraft. Gizmodo notes that the incident comes nearly a year after the massive 2024 CrowdStrike crash, which has become known as the largest IT outage in history. "The July 2024 outage brought down an estimated 8.5 million Microsoft Windows systems running CrowdStrike's Falcon Sensor software, disrupting everything from hospitals and airports to broadcast networks."

"There's no word yet from Alaska on whether the outage ties into a broader software problem, but the timing, almost exactly a year after the CrowdStrike crash, isn't going unnoticed on social media, with users wondering if the events are related."

[ Read more of this story ]( https://it.slashdot.org/story/25/07/21/2025255/alaska-airlines-resumes-operations-after-system-glitch-grounds-all-flights?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Spotify was found publishing AI-generated songs on the official pages of deceased artists like Blaze Foley and Guy Clark -- without permission from their estates or labels. The tracks, flagged for deceptive content and now removed, were uploaded via TikTok's SoundOn distribution platform. "We've flagged the issue to SoundOn, the distributor of the content in question, and it has been removed for violating our Deceptive Content policy," a Spotify spokesperson told 404 Media. From the report: McDonald, who decided to originally upload Foley's music to Spotify in order to share it with more people, told me he never thought that an AI-generated track could appear on Foley's page without his permission. "It's harmful to Blaze's standing that this happened," he said. "It's kind of surprising that Spotify doesn't have a security fix for this type of action, and I think the responsibility is all on Spotify. They could fix this problem. One of their talented software engineers could stop this fraudulent practice in its tracks, if they had the will to do so. And I think they should take that responsibility and do something quickly."

McDonald's suggested fix is not allowing any track to appear on an artist's official Spotify page without allowing the page owner to sign off on it first. "Any real Blaze fan would know, I think, pretty instantly, that this is not Blaze or a Blaze recording," he said. "Then the harm is that the people who don't know Blaze go to the site thinking, maybe this is part of Blaze, when clearly it's not. So again, I think Spotify could easily change some practices. I'm not an engineer, but I think it's pretty easy to stop this from happening in the future."

[ Read more of this story ]( https://entertainment.slashdot.org/story/25/07/21/2037254/spotify-publishes-ai-generated-songs-from-dead-artists-without-permission?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

FCC Chairman Brendan Carr is proposing (PDF) to roll back key Biden-era broadband policies, scrapping the long-term gigabit speed goal, halting analysis of broadband affordability, and reinterpreting deployment standards in a way that favors industry metrics over consumer access. The proposal, which is scheduled for a vote on August 7, narrows the scope of Section 706 evaluations to focus on whether broadband is being deployed rather than whether it's affordable or universally accessible. Ars Technica reports: The changes will make it easier for the FCC to give the broadband industry a passing grade in an annual progress report. FCC Chairman Brendan Carr's proposal would give the industry a thumbs-up even if it falls short of 100 percent deployment, eliminate a long-term goal of gigabit broadband speeds, and abandon a new effort to track the affordability of broadband.

Section 706 of the Telecommunications Act requires the FCC to determine whether broadband is being deployed "on a reasonable and timely basis" to all Americans. If the answer is no, the US law says the FCC must "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market."

Generally, Democratic-led commissions have found that the industry isn't doing enough to make broadband universally available, while Republican-led commissions have found the opposite. Democratic-led commissions have also periodically increased the speeds used to determine whether advanced telecommunications capabilities are widely available, while Republican-led commissioners have kept the speed standards the same.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/21/2044200/fcc-to-eliminate-gigabit-speed-goal-scrap-analysis-of-broadband-prices?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Главное

• WebGPU включён по умолчанию (пока только Windows). Реализация построена на Rust‑библиотеке WGPU; поддержку Linux и macOS обещают «в ближайшие месяцы».

• Снижено потребление ОЗУ в Linux и устранено требование «жёсткого» перезапуска после пакетного обновления.

• «Умные» группы вкладок: встроенный on‑device‑ИИ автоматически объединяет вкладки и придумывает название каждой группы (функция разворачивается постепенно).

( [ читать дальше... ]( https://www.linux.org.ru/news/mozilla/18033363#cut ) )

The $500 billion Stargate AI project announced by SoftBank and OpenAI at the White House six months ago has failed to complete a single data center deal and sharply scaled back its near-term plans. The venture, which originally pledged to invest $100 billion "immediately," now aims to build one small data center by year-end, likely in Ohio, according to WSJ. SoftBank and OpenAI have disagreed over crucial partnership terms, including site locations.

OpenAI has proceeded independently, signing a deal with Oracle worth more than $30 billion annually starting within three years. That agreement totals 4.5 gigawatts of capacity and would consume power equivalent to more than two Hoover Dams. Combined with a smaller CoreWeave deal, OpenAI has secured nearly as much data center capacity as Stargate promised for this year. SoftBank invested $30 billion in OpenAI earlier this year as part of the infrastructure partnership plans.

[ Read more of this story ]( https://slashdot.org/story/25/07/21/220229/softbank-and-open-ais-500-billion-ai-project-struggles-to-get-off-ground?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Компания Google представила проект OSS Rebuild, предназначенный для выявления скрытых изменений в готовых пакетах, публикуемых в репозиториях. Работа OSS Rebuild основана на концепции воспроизводимых сборок и сводится к проверке соответствия размещённого в репозитории пакета с пакетом полученным на основе пересборки из эталонного исходного кода, соответствующего заявленной версии пакета. Код инструментария написан на языке Go и распространяется под лицензией Apache 2.0.

https://www.opennet.ru/opennews/art.shtml?num=63613

alternative_right shares a report from The Conversation: Greek philosophers may not have known about 21st-century technology, but their ideas about intellect and thinking can help us understand what's at stake with AI today. Although the English words "intellect" and "thinking" do not have direct counterparts in the ancient Greek, looking at ancient texts offers useful comparisons. In "Republic," for example, Plato uses the analogy of a "divided line" separating higher and lower forms of understanding. Plato, who taught in the fourth century BCE, argued that each person has an intuitive capacity to recognize the truth. He called this the highest form of understanding: "noesis." Noesis enables apprehension beyond reason, belief or sensory perception. It's one form of "knowing" something -- but in Plato's view, it's also a property of the soul.

Lower down, but still above his "dividing line," is "dianoia," or reason, which relies on argumentation. Below the line, his lower forms of understanding are "pistis," or belief, and "eikasia," imagination. Pistis is belief influenced by experience and sensory perception: input that someone can critically examine and reason about. Plato defines eikasia, meanwhile, as baseless opinion rooted in false perception. In Plato's hierarchy of mental capacities, direct, intuitive understanding is at the top, and moment-to-moment physical input toward the bottom. The top of the hierarchy leads to true and absolute knowledge, while the bottom lends itself to false impressions and beliefs. But intuition, according to Plato, is part of the soul, and embodied in human form. Perceiving reality transcends the body -- but still needs one. So, while Plato does not differentiate "intelligence" and "thinking," I would argue that his distinctions can help us think about AI. Without being embodied, AI may not "think" or "understand" the way humans do. Eikasia -- the lowest form of comprehension, based on false perceptions -- may be similar to AI's frequent "hallucinations," when it makes up information that seems plausible but is actually inaccurate.

Aristotle, Plato's student, sheds more light on intelligence and thinking. In "On the Soul," Aristotle distinguishes "active" from "passive" intellect. Active intellect, which he called "nous," is immaterial. It makes meaning from experience, but transcends bodily perception. Passive intellect is bodily, receiving sensory impressions without reasoning. We could say that these active and passive processes, put together, constitute "thinking." Today, the word "intelligence" holds a logical quality that AI's calculations may conceivably replicate. Aristotle, however, like Plato, suggests that to "think" requires an embodied form and goes beyond reason alone. Aristotle's views on rhetoric also show that deliberation and judgment require a body, feeling and experience. We might think of rhetoric as persuasion, but it is actually more about observation: observing and evaluating how evidence, emotion and character shape people's thinking and decisions. Facts matter, but emotions and people move us -- and it seems questionable whether AI utilizes rhetoric in this way.

Finally, Aristotle's concept of "phronesis" sheds further light on AI's capacity to think. In "Nicomachean Ethics," he defines phronesis as "practical wisdom" or "prudence." "Phronesis" involves lived experience that determines not only right thought, but also how to apply those thoughts to "good ends," or virtuous actions. AI may analyze large datasets to reach its conclusions, but "phronesis" goes beyond information to consult wisdom and moral insight.

[ Read more of this story ]( https://slashdot.org/story/25/07/21/2052216/can-ai-think---and-should-it-what-it-means-to-think-from-plato-to-chatgpt?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

At least 759 US hospitals experienced network disruptions during the CrowdStrike outage on July 19, 2024, with more than 200 suffering outages that directly affected patient care services, according to a study published in JAMA Network Open by UC San Diego researchers. The researchers detected disruptions across 34% of the 2,232 hospital networks they scanned, finding outages in health records systems, fetal monitoring equipment, medical imaging storage, and patient transfer platforms.

Most services recovered within six hours, though some remained offline for more than 48 hours. CrowdStrike dismissed the study as "junk science," arguing the researchers failed to verify whether affected networks actually ran CrowdStrike software. The researchers defended their methodology, noting they could scan only about one-third of America's hospitals, suggesting the actual impact may have been significantly larger.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/21/228202/at-least-750-us-hospitals-faced-disruptions-during-last-years-crowdstrike-outage-study-finds?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shares a report: In 2023 and 2024, the hottest years on record, more than 78 million acres of forests burned around the globe. The fires sent veils of smoke and several billion tons of carbon dioxide into the atmosphere, subjecting millions of people to poor air quality. Extreme forest-fire years are becoming more common because of climate change, new research suggests.

"Climate change is loading the dice for extreme fire seasons like we've seen," said John Abatzoglou, a climate scientist at the University of California Merced. "There are going to be more fires like this." The area of forest canopy lost to fire during 2023 and 2024 was at least two times greater than the annual average of the previous nearly two decades, according to a new study published Monday in the journal Proceedings of the National Academy of Sciences.

The researchers used imagery from the LANDSAT satellite network to determine how tree cover had changed from 2002 to 2024, and compared that with satellite detections of fire activity to see how much canopy loss was because of fire. Globally, the area of land burned by wildfires has decreased in recent decades, mostly because humans are transforming savannas and grasslands into less flammable landscapes. But the area of forests burned has gone up.

[ Read more of this story ]( https://news.slashdot.org/story/25/07/21/2218208/climate-change-is-making-fire-weather-worse-for-worlds-forests?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

ChatGPT now handles 2.5 billion prompts daily, with 330 million from U.S. users. This surge marks a doubling in usage since December when OpenAI CEO Sam Altman said that users send over 1 billion queries to ChatGPT each day. TechCrunch reports: These numbers show just how ubiquitous OpenAI's flagship product is becoming. Google's parent company, Alphabet, does not release daily search data, but recently revealed that Google receives 5 trillion queries per year, which averages to just under 14 billion daily searches. Independent researchers have found similar trends. Neil Patel of NP Digital estimates that Google receives 13.7 billion searches daily, while research from SparkToro and Datos -- two digital marketing companies -- estimates that the figure is around 16.4 billion per day.

[ Read more of this story ]( https://news.slashdot.org/story/25/07/22/0645255/chatgpt-users-send-25-billion-prompts-a-day?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The US Department of Homeland Security (DHS) and the US Citizenship and Immigration Services (USCIS) intend to reevaluate how H-1B visas are issued, according to a regulatory filing. From a report: The notice, filed on Thursday with the US Office of Management and Budget's Office of Information and Regulatory Affairs (OIRA), seeks the statutory review of a proposed rule titled "Weighted Selection Process for Registrants and Petitioners Seeking To File Cap-Subject H-1B Petitions."

Once the review is complete, which could be a matter of days or weeks, the text of the rule is expected to be published in the US Federal Register. Based on the rule title, it appears the government intends to change the system for allocating H-1B visas the current lottery to some system that will favor applicants who meet specified criteria, possibly related to skills.

The H-1B visa program, which reached its Fiscal 2026 cap on Friday, allows skilled guest workers to come work in the US. As of 2019, there were about 600,000 H-1B workers in the US, according to USCIS. The foreign worker program is beloved by technology companies, ostensibly to hire talent not readily available from American workers. But H-1B -- along with the Optional Practical Training (OPT) program -- has long been criticized for making it easier to undercut US worker wages, limiting labor rights for immigrants, and for persistent abuse of the rules by outsourcing companies.

[ Read more of this story ]( https://news.slashdot.org/story/25/07/21/2226250/us-signals-intention-to-rethink-job-h-1b-lottery?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Phys.org: The mission team of NASA's Jupiter-orbiting Juno spacecraft executed a deep-space move in December 2023 to repair its JunoCam imager to capture photos of the Jovian moon Io. Results from the long-distance save were presented during a technical session on July 16 at the Institute of Electrical and Electronics Engineers Nuclear & Space Radiation Effects Conference in Nashville. JunoCam is a color, visible-light camera. The optical unit for the camera is located outside a titanium-walled radiation vault, which protects sensitive electronic components for many of Juno's engineering and science instruments. This is a challenging location because Juno's travels carry it through the most intense planetary radiation fields in the solar system. While mission designers were confident JunoCam could operate through the first eight orbits of Jupiter, no one knew how long the instrument would last after that. Throughout Juno's first 34 orbits (its prime mission), JunoCam operated normally, returning images the team routinely incorporated into the mission's science papers. Then, during its 47th orbit, the imager began showing hints of radiation damage. By orbit 56, nearly all the images were corrupted.

While the team knew the issue might be tied to radiation, pinpointing what was specifically damaged within JunoCam was difficult from hundreds of millions of miles away. Clues pointed to a damaged voltage regulator that was vital to JunoCam's power supply. With few options for recovery, the team turned to a process called annealing, where a material is heated for a specified period before slowly cooling. Although the process is not well understood, the idea is that heating can reduce defects in the material. Soon after the annealing process finished, JunoCam began cranking out crisp images for the next several orbits. But Juno was flying deeper and deeper into the heart of Jupiter's radiation fields with each pass. By orbit 55, the imagery had again begun showing problems.

"After orbit 55, our images were full of streaks and noise," said JunoCam instrument lead Michael Ravine of Malin Space Science Systems. "We tried different schemes for processing the images to improve the quality, but nothing worked. With the close encounter of Io bearing down on us in a few weeks, it was Hail Mary time: The only thing left we hadn't tried was to crank JunoCam's heater all the way up and see if more extreme annealing would save us." Test images sent back to Earth during the annealing showed little improvement in the first week. Then, with the close approach of Io only days away, the images began to improve dramatically. By the time Juno came within 930 miles (1,500 kilometers) of the volcanic moon's surface on Dec. 30, 2023, the images were almost as good as the day the camera launched, capturing detailed views of Io's north polar region that revealed mountain blocks covered in sulfur dioxide frosts rising sharply from the plains and previously uncharted volcanoes with extensive flow fields of lava. To date, the solar-powered spacecraft has orbited Jupiter 74 times. Recently, the image noise returned during Juno's 74th orbit.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/22/0642211/how-nasa-saved-a-camera-from-370-million-miles-away?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google has announced OSS Rebuild, a new project designed to detect supply chain attacks in open source software by independently reproducing and verifying package builds across major repositories. The initiative, unveiled by the company's Open Source Security Team, targets PyPI (Python), npm (JavaScript/TypeScript), and Crates.io (Rust) packages.

The system, the company said, automatically creates standardized build environments to rebuild packages and compare them against published versions. OSS Rebuild generates SLSA Provenance attestations for thousands of packages, meeting SLSA Build Level 3 requirements without requiring publisher intervention. The project can identify three classes of compromise: unsubmitted source code not present in public repositories, build environment tampering, and sophisticated backdoors that exhibit unusual execution patterns during builds.

Google cited recent real-world attacks including solana/webjs (2024), tj-actions/changed-files (2025), and xz-utils (2024) as examples of threats the system addresses. Open source components now account for 77% of modern applications with an estimated value exceeding $12 trillion. The project builds on Google's hosted infrastructure model previously used for OSS Fuzz memory issue detection.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/22/144239/google-launches-oss-rebuild?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The estate of Mike Lynch, who died a year ago when his superyacht sank off the coast of Sicily, and his business partner owe Hewlett-Packard more than $944 million, a court has ruled. From a report: The US technology company has been seeking damages of up to $4.55 billion from the estate of the late tycoon, once hailed as the UK's answer to Microsoft founder Bill Gates, over its disastrous takeover of his British software company Autonomy.

Lynch's estate has been estimated to be worth about $674 million and paying its share of the $944 million damages could leave it bankrupt. He and six others, including his 18-year-old daughter Hannah, died last August on a trip celebrating his acquittal on US fraud charges relating to HP's $11 billion takeover of Autonomy in 2011. However, HP won a separate six-year civil fraud case against Lynch and his former finance director Sushovan Hussain in the English high court in 2022, with Mr Justice Hildyard ruling that the US company had been induced into overpaying for the business.

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/22/140208/mike-lynchs-estate-and-business-partner-owe-hp-944m-court-rules?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Banks are treating "buy now, pay later" services with suspicion and warn that heavy usage could hurt customers' chances of getting approved for mortgages or credit cards. FICO will begin factoring some BNPL loans from companies like Affirm and Klarna into credit scores later this year through its new scoring model. JPMorgan Chase and Capital One have banned customers from using credit cards to pay down BNPL installment loans, while one credit union actively calls members who use BNPL to counsel them against it. BNPL transaction volume is expected to reach $116.67 billion in 2025, up from $13.88 billion in 2020, according to Emarketer.

[ Read more of this story ]( https://slashdot.org/story/25/07/22/1451201/banks-view-heavy-buy-now-pay-later-use-as-red-flag-for-loan-approvals?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Roughly 10 to 25% of lung cancers worldwide now occur in people who have never smoked, according to researchers at the National Cancer Institute. Among certain groups of Asian and Asian American women, that share reaches 50% or more. Scientists studying 871 nonsmokers with lung cancer from around the world found that certain DNA mutations were significantly more common in people living in areas with high air pollution levels, including Hong Kong, Taiwan and Uzbekistan.

The research, published in Nature this month, revealed that pollution both directly damages DNA and causes cells to divide more rapidly. The biology of cancer in nonsmokers differs from smoking-related cases and may require different prevention and detection strategies. Nonsmokers with lung cancer are more likely to have specific "driver" mutations that can cause cancer, while smokers tend to accumulate many mutations over time.

Current U.S. screening guidelines recommend routine testing only for people ages 50 to 80 who smoked at least one pack daily for 20 years. Taiwan now offers screening for nonsmokers with family history after a nationwide trial detected cancer in 2.6% of participants.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/22/163219/many-lung-cancers-are-now-in-nonsmokers-scientists-want-to-know-why?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google users click on fewer website links when the search engine displays AI-generated summaries at the top of results pages, according to new research from the Pew Research Center. The study analyzed browsing data from 900 U.S. adults and found users clicked on traditional search result links during 8% of visits when an AI summary appeared, compared to 15% of visits without summaries.

Users also rarely clicked on sources cited within the AI summaries themselves, doing so in just 1% of visits. The research found that 58% of respondents conducted at least one Google search in March 2025 that produced an AI summary, and users were more likely to end their browsing session entirely after encountering pages with AI summaries compared to traditional search results.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/22/1629240/google-users-are-less-likely-to-click-on-links-when-an-ai-summary-appears-in-the-results-pew-research-finds?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Состоялся релиз web-браузера Firefox 141 и сформированы обновления прошлых веток с длительным сроком поддержки - 140.1.0, 115.26.0 и 128.13.0. На стадию бета-тестирования переведена ветка Firefox 142, релиз которой намечен на 19 августа.

https://www.opennet.ru/opennews/art.shtml?num=63615

Microsoft has recruited more than 20 AI employees from Google's DeepMind research division, the newest front in a talent war being waged by Silicon Valley's tech giants as they jostle to gain an edge in the nascent technology. From a report: Amar Subramanya, the former head of engineering for Google's Gemini chatbot, is the latest to move to Microsoft from its rival, according to a post on his LinkedIn profile on Tuesday. "The culture here is refreshingly low ego yet bursting with ambition," he wrote, confirming his appointment as corporate vice-president of AI.

Subramanya will join other DeepMind staff including engineering lead Sonal Gupta, software engineer Adam Sadovsky and product manager Tim Frank, according to people familiar with Microsoft's recruiting. The Seattle-based company has persuaded at least 24 staff to join in the past six months, they added.

[ Read more of this story ]( https://slashdot.org/story/25/07/22/1727252/microsoft-poaches-top-google-deepmind-staff-in-ai-talent-war?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Surge CEO Edwin Chen says AI is creating "100x engineers" who can outperform traditional software developers by orders of magnitude. Chen argued that AI coding tools multiply the productivity gains already seen in Silicon Valley's "10x engineers," who can produce ten times the work of their colleagues through faster coding, harder work, and fewer distractions.

Chen said AI efficiencies compound these factors to reach 100x productivity levels. The CEO, whose company reached $1 billion in revenue without venture capital funding, believes this could enable billion-dollar single-person companies, extending beyond the $10 million single-person startups that already exist.

[ Read more of this story ]( https://developers.slashdot.org/story/25/07/22/190242/surge-ceo-says-100x-engineers-are-here?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: A California lawmaker halted an effort to pass a law that would force Internet service providers to offer $15 monthly plans to people with low incomes. Assemblymember Tasha Boerner proposed the state law a few months ago, modeling the bill on a law enforced by New York. It seemed that other states were free to impose cheap-broadband mandates because the Supreme Court rejected broadband industry challenges to the New York law twice.

Boerner, a Democrat who is chair of the Communications and Conveyance Committee, faced pressure from Internet service providers to change or drop the bill. She made some changes, for example lowering the $15 plan's required download speeds from 100Mbps to 50Mbps and the required upload speeds from 20Mbps to 10Mbps. But the bill was still working its way through the legislature when, according to Boerner, Trump administration officials told her office that California could lose access to $1.86 billion in Broadband Equity, Access, and Deployment (BEAD) funds if it forces ISPs to offer low-cost service to people with low incomes.

That amount is California's share of a $42.45 billion fund created by Congress to expand access to broadband service. The Trump administration has overhauled program rules, delaying the grants. One change is that states can't tell ISPs what to charge for a low-cost plan. The US law that created BEAD requires Internet providers receiving federal funds to offer at least one "low-cost broadband service option for eligible subscribers." But in new guidance from the National Telecommunications and Information Administration (NTIA), the agency said it prohibits states "from explicitly or implicitly setting the LCSO [low-cost service option] rate a subgrantee must offer." "All they would have to do to get exempted from AB 353 [the $15 broadband bill] would be to apply to the BEAD program," said Boerner. "Doesn't matter if their application was valid, appropriate, granted, or they got public money at the end of the day and built the projects -- the mere application for the BEAD program would exempt them from 353, if it didn't jeopardize from $1.86 billion to begin with. And that was a tradeoff I was unwilling to make."

Another California bill in the Senate would encourage, not require, ISPs to offer cheap broadband by making them eligible for Lifeline subsidies if they sell 100/20Mbps service for $30 or less.

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/22/2013209/california-wont-force-isps-to-offer-15-broadband?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Apple is expected to avoid hefty daily fines from the EU by modifying its App Store policies -- allowing developers to direct users to external payment options and adjusting its fee structure. Reuters reports: The company last month said developers will pay a 20% processing fee for purchases made via the App Store, though the fees could go as low as 13% for Apple's small-business program. Developers who send customers outside the App Store for payment will pay a fee between 5% and 15%. They will also be able to use as many links as they wish to send users to outside forms of payment.

Apple made the changes after the EU antitrust enforcer handed it a 500 million euro ($586.7 million) fine in April, saying its technical and commercial restrictions prevented app developers from steering users to cheaper deals outside the App Store in breach of the Digital Markets Act. The company was given 60 days to scrap the restraints to comply with the DMA aimed at reining in Big Tech and giving rivals more room to compete. The European Commission is expected to approve the changes in the coming weeks, although the timing could still change, the people said. "All options remain on the table. We are still assessing Apple's proposed changes," the EU watchdog said.

[ Read more of this story ]( https://apple.slashdot.org/story/25/07/22/2016222/apple-set-to-stave-off-daily-fines-eu-to-accept-app-store-changes?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

A six-month international study found that a four-day workweek with no reduction in pay significantly improved employee well-being, job satisfaction, and sleep quality, with burnout dropping most among those who reduced their hours by eight or more. "The results indicate that income-preserving four-day workweeks are an effective organizational intervention for enhancing workers' well-being," the researchers said. The Register reports: The study, reported in Nature Human Behaviour, was designed to test the effects of the four-day workweek with no reduction in pay. It relied on a six-month trial involving 2,896 employees in 141 organizations in Australia, Canada, New Zealand, the UK, Ireland, and the US. The researchers compared work and health-related indicators -- including burnout, job satisfaction, and mental and physical health -- before and after the intervention using survey data. A further 285 employees at 12 companies did not participate in the trial and acted as a control.

The researchers noted that the study was limited in that companies volunteered to participate, and the sample consisted of smaller companies from English-speaking countries. More extensive government-sponsored trials might help provide a clearer picture, they said. While several factors may explain the effect, one possibility is "increased intrinsic motivation at work," the study said. "Unfortunately, [we] cannot assess [this] due to data limitations." "Despite its limitations, this study has important implications for understanding the future of work, with 4-day workweeks probably being a key component. Scientific advances from this work will inform the development of interventions promoting better organization of paid work and worker well-being. This task has become increasingly important with the rapid expansion of new digital, automation, and artificial general intelligence technologies."

[ Read more of this story ]( https://slashdot.org/story/25/07/22/2027203/science-confirms-what-we-all-suspected-four-day-weeks-rule?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The Brave Browser now blocks Microsoft Recall by default for Windows 11+ users, preventing the controversial screenshot-logging feature from capturing any Brave tabs -- regardless of whether users are in private mode. Brave cites persistent privacy concerns and potential abuse scenarios as justification. From a blog post: Microsoft has, to their credit, made several security and privacy-positive changes to Recall in response to concerns. Still, the feature is in preview, and Microsoft plans to roll it out more widely soon. What exactly the feature will look like when it's fully released to all Windows 11 users is still up in the air, but the initial tone-deaf announcement does not inspire confidence.

Given Brave's focus on privacy-maximizing defaults and what is at stake here (your entire browsing history), we have proactively disabled Recall for all Brave tabs. We think it's vital that your browsing activity on Brave does not accidentally end up in a persistent database, which is especially ripe for abuse in highly-privacy-sensitive cases such as intimate partner violence.

Microsoft has said that private browsing windows on browsers will not be saved as snapshots. We've extended that logic to apply to all Brave browser windows. We tell the operating system that every Brave tab is 'private', so Recall never captures it. This is yet another example of how Brave engineers are able to quickly tweak Chromium's privacy functionality to make Brave safer for our users (inexhaustive list here). For more technical details, see the pull request implementing this feature. Brave is the only major Web browser that disables Microsoft Recall by default in all tabs.

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/22/2033221/brave-browser-blocks-microsoft-recall-by-default?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.