N e w s - F e e d s

[ Reuters | Slashdot | BBC News ]
[ Image Archive ]

Slashdot

    - FSF Shares Update on 'LibrePhone' and New Automated Site Monitoring Tool
    At the end of 2025, the FSF launched LibrePhone project, which is working to "better understand and reverse-engineer the nonfree blobs used by a great majority of (if not all) system on a chip designs available today." The FSF's summer newsletter shares this update: We started with researching the proprietary files in Android phones supported by the Lineage project, an Android-based volunteer-led mobile phone operating system with much free software already in it. Our current, primary focus is on the radio blobs that control WiFi, Bluetooth, NFC, and cellular communications. The software freedom issues with mobile computing have been around for a long time, with the most challenging issue being the baseband/modem firmware that relies heavily on proprietary software. This creates a technical and legal maze that is nearly impossible to break free from, but that doesn't mean we should ever stop working to create free systems. It certainly doesn't mean we shouldn't liberate the software that we know can be free software. Now, half a year into this project, lead developer Rob Savoye has extracted firmware from over 200 Lineage install packages, processed 85GB of files, and imported the results of these analyses into a PostgreSQL database for cross-device comparison... [M]uch of the software and blobs we need to work through are shared across multiple devices; this means even greater strides for mobile phone freedom... As insurmountable as it may seem at times, every blob we manage to free up will be progress. The FSF has proven time and time again that it can bring the free software philosophy to life, not just by advocating for it, but by making it so. The bulletin also describes how waves of botnets from "aggressive LLM scrapers, vulnerability scanners, poorly optimized CI/CD servers" inspired the FSF to create a new free-as-in-freedom automated monitoring tool: In our efforts to combat the botnets, we optimized several detection rules to ban abusive behavior. We found the upper limit of fail2ban and replaced it with reaction, an efficient alternative with our configuration that uses ipset. We also split several monolithic machines into many separate machines so that when a web service is overwhelmed the other functions of the service do not go down with it... We found quite a few ways to respond to and prevent botnet attacks, but still faced a significant related challenge: communicating when a website or service is down... Uptime Kuma is a human-readable, automated monitoring addition to our systems... You can check out our recently-launched self-hosted Uptime Kuma instance at https://status.fsf.org/. When you see the page, you will also likely say, "Wow! The FSF and GNU sure do run a ton of services!" and you would be right... If you maintain websites and services, and are looking for a simple way to communicate publicly with your users, consider using Uptime Kuma or another free software solution instead of choosing a proprietary monitoring solution." There's also an article on the state of free-as-in-freedom videogame console emulators.

    Read more of this story at Slashdot.



    - AOL's Owner Bending Spoons Hits Wall Street with $1.7 billion IPO
    "The owner of AOL and other tech businesses hit Wall Street with a $1.7 billion initial public offering Wednesday," reports the Associated Press: The company is getting $1 billion in proceeds, while the rest is going to shareholders. The stock surged 39.7% in its first day of trading under the symbol "BSP" on the Nasdaq, giving it a market value of $25.2 billion. Among the company's well-known holdings are the event creation and ticketing company Eventbrite, and the video hosting service Vimeo... AOL itself went public in 1992 and was a vanguard of technology and communication. It reached a market value of $164 billion in 2000 shortly before merging with Time Warner. It then crashed along with the rest of the industry following the bursting of the dot-com bubble. It has been bought and sold several times over the last two decades... [Italy-based Bending Spoons] was founded by three friends in 2013 following the failure of their first attempt at building a technology startup. It has since grown by buying more than 50 companies. The acquired companies are reorganized, and AI technology is often a key tool in the redesign. The focus remains on subscription-based revenue from the portfolio of businesses. The company said it had net income of $27.5 million on revenue of $601 million during the first three months of 2026. It had more than 500 million monthly active users and 9 million monthly paying customers as of March. The company has debt of just under $4.4 billion. It plans to use proceeds from the offering to invest in new acquisitions. The article notes that in the company's prospectus, it says they chose the name Bending Spoons because "We were about to attempt to create a world-class company with $40,000, a team of five, and a track record that read 0 for 1. A touch of irony seemed appropriate."

    Read more of this story at Slashdot.



    - EchoStar's US Satellite Pay-TV Provider Dish DBS Files for Bankruptcy
    EchoStar's satellite pay-TV unit Dish DBS has filed for Chapter 11 bankruptcy protection, reports Reuters. The move also applies to its wireless subsidiaries, according to the article, and "facilitates the wind-down of Dish Wireless's 5G network operations following an unexpected delay in a spectrum license sale to AT&T... under which EchoStar agreed to sell about 50 megahertz of its nationwide spectrum for $23 billion." Some context from Deadline.com: Charlie Ergen, who co-founded EchoStar and Dish, recently returned as chairman and CEO to steer the company through its recent challenges... Even prior to the merger, Ergen had been working to pivot from the pay-TV business, where Dish now has just 5 million subscribers and streaming sibling Sling TV has another 2 million, toward wireless telecom. With wireless spectrum hitting the market due to the Sprint-T-Mobile merger and then Elon Musk's Starlink looking to ramp up in the sector, it seemed more attractive than the cord-cutting-ravaged pay-TV business. But it is still entails plenty of risk, especially given how tightly regulated the spectrum is due to security concerns. Thanks to long-time Slashdot reader schwit1 for sharing the news.

    Read more of this story at Slashdot.



    - Decades-Old Bash Tricks Expose AI Coding Agents To Supply Chain Attacks
    Slashdot reader wiredmikey writes: AI security researchers have uncovered a structural security flaw dubbed GuardFall that allows decades-old Bash shell tricks to bypass safeguards in most open source AI coding agents. By exploiting shell behaviors such as quote removal and variable expansion, attackers can hide malicious commands in repositories, README files, Makefiles, or other content consumed by AI agents. If executed — particularly in auto-approve or CI environments—the commands can steal credentials, compromise developer systems, or enable software supply chain attacks. According to researchers at Adversa AI, the 11 popular open source AI coding agents tested, only one successfully blocked all of the Bash trick techniques.

    Read more of this story at Slashdot.



    - What Is a Quantum Computer Good For? Absolutely Nothing - Yet
    The Verge argues that researchers "have made genuine progress in quantum computing — it's just been largely incremental and too esoteric to immediately capture the public's imagination." And there are predictions that quantum computers will finally do something useful as soon as 2028: The drama can overshadow the real progress in quantum computing... Researchers have improved the qubits themselves, so they hold onto information longer. When they hold onto information longer, you can fit in more operations and do more complicated algorithms. Last November, Andrew Houck of Princeton University and his colleagues reported that they'd made a superconducting qubit that can hold onto information three times longer than the previous record holder... And in the last two years, researchers have made substantial strides in what's known as quantum error correction... In addition, researchers have developed algorithms to correct errors while the quantum computer operates... Microsoft claimed, which experts dispute, that it made an object made of electrons known as a Majorana particle [which should make fewer errors and be easier to scale up]... "We 100 percent stand behind our results. We stand by our roadmap," Microsoft's quantum lead, Chetan Nayak, responded in an interview with The Verge. In an email statement, he added that Microsoft's "papers do show that we are creating and controlling Majorana [particles]... Microsoft's supporting evidence is unconvincing [according to [Henry Legg, a physicist from the University of St. Andrews and a longtime Microsoft critic]Rnqyq. What it claimed as evidence of a Majorana particle, he says, could actually be due to quantum dots forming in its device. Quantum dots are electron-containing objects that are not useful for Microsoft's quantum computer. It also bases its claim on data from a single device, says Legg. He wants to see Microsoft replicate the results in multiple chips. "If you repeatedly try and find Jesus in your toast, eventually you'll find Jesus in your toast," he says. "But that one piece of toast doesn't mean you had some kind of epiphany." "While we appreciate the religious fervor, our data maintains the strength and consistency of our roadmap, as we have for the past several years across previous milestones. We look forward to delivering the world's first quantum machine and sharing the energy of our achievements with the world," wrote Nayak in response. Past spurious work from Microsoft-affiliated researchers adds to the doubt. In 2021, the journal Nature retracted an article from Microsoft-affiliated researchers in which they'd claimed strong experimental evidence that they'd created a Majorana particle. "Even hopeful experts have varying opinions about when a quantum computer will demonstrate something useful," the article acknowledges. But quantum computing lecturer Eleanor Crane of King's College London predicts researchers will have demonstrated a useful scientific simulation on a quantum computer by 2028. Thanks to Slashdot reader joshuark for sharing the article.

    Read more of this story at Slashdot.



    - Startup Targets Datacenters With 3D-Printed Nuclear Reactor Module
    Startup Ampera has unveiled what it calls the first 3D-printed nuclear reactor module, built around a silicon-carbide core and pressure vessel designed for a thorium-based microreactor. The company says future systems could deliver 15 or 30 megawatts for up to 30 years without refueling. When The Register asked about availability, their spokesperson said: "We expect the power generation portion of the system to be available as early as 2027, with the nuclear module being available to customers about 2030 based on regulatory approval." From the report: Founder and CEO Brian Matthews revealed the prototype microreactor, which features a fully 3D-printed silicon carbide reactor core and pressure vessel. "This next-generation nuclear core and pressure vessel sets the foundation for factory-built, mass-produced nuclear energy," Matthews said. "The advanced technology and additive manufacturing used demonstrate a clear commercial path for new nuclear technology coming to market in an accelerated manner." His company is developing a subcritical, solid-state, factory-built thorium-based nuclear reactor. Subcritical means the fuel cannot sustain a nuclear chain reaction on its own, which prevents a runaway power excursion. Ampera uses "solid-state" to describe a design with solid rather than liquid fuel. The proposed fuel uses tristructural isotropic, or TRISO, particles, consisting of a fuel kernel containing thorium, surrounded by multiple ceramic and carbon layers. [...] "Thorium is the future for ultra-safe, clean power production," Matthews said at the time. "By producing TRISO thorium kernels in the United States, we can ensure ample access to the needed fuel supply as we scale up and also minimize price volatility risk." Ampera also describes the heart of the reactor as as a spherical monolithic gyroid core. A gyroid, as far as we can fathom, is a complex shape that provides a massive surface area relative to its volume, making it well-suited for heat transfer. Its complexity makes it difficult to produce using conventional manufacturing methods, which is where additive manufacturing comes in. The core is 3D-printed using silicon carbide and designed to operate for up to 30 years without refueling, the firm claims. Ampera says its planned systems will provide 15 or 30 MWe, depending on the configuration, enough to supply a typical datacenter. Larger configurations are planned. Matthews said that his company expects to be the first to industrialize factory-built nuclear power with near-term deployment timelines.

    Read more of this story at Slashdot.



    - Video Game History Foundation Says Piracy Remains the Only Viable Preservation Method
    An anonymous reader quotes a report from TechSpot: Video Game History Foundation founder Frank Cifaldi recently supported claims that piracy is the only effective way to preserve video games. The comments lay the blame squarely on game companies' refusal to keep legacy content available or allow archivists to build legal repositories. Sony's announcement that all PlayStation games will be digital-only from 2028 onward has sparked concern that titles will become harder to preserve and more easily vanish, since the company's servers will become the sole point of distribution. In an official statement, Cifaldi noted that the end of physical PlayStation games has surprisingly little impact on the Foundation's efforts because the majority of games from the last two decades are already digital-only. According to the Foundation, most games nowadays are not released for consoles, let alone on physical discs. Furthermore, many discs for major titles require downloading updates before they are playable, although the DoesItPlay database reveals that, even today, most are playable offline out of the box. Cifaldi claimed that the true reason piracy remains the best option for preservation is that the Entertainment Software Association, which lobbies for game publishers, has closed off other routes. For example, in 2018, the Association opposed efforts to grant copyright exemptions for museums, libraries, and archives to retain copies of abandoned online games for research. This is the same organization that recently helped defeat a proposed California bill to preserve premium-priced online-only games by falsely claiming that community servers are illegal. The Foundation accused the ESA of repeatedly blocking attempts by cultural heritage institutions to reform DRM legislation. Cifaldi also described the Library of Congress' outdated software preservation process, which currently only requires tiny snippets of source code. For example, Capcom once asked the Foundation to provide the LoC with "the first and last ten pages of code" for a Mega Man game. Unable to discern where digital records began and ended, the group simply chose random segments. Platform holders' habit of closing online storefronts and removing media from users' accounts is also unhelpful. "What continues to baffle us is what the industry expects institutions like ours to do about it," the Video Game History Foundation said. "If platform owners are deciding to eliminate physical media and older digital storefronts, then we'd also like to see trade groups like the Entertainment Software Association offer meaningful solutions for archives and museums to legally preserve digital-only content and make it accessible for research.

    Read more of this story at Slashdot.



    - Alibaba To Ban Claude Code In Workplace Over Alleged Backdoor Risks
    Alibaba has reportedly banned employees from using Anthropic's Claude Code and directed them to its own Qoder platform amid a growing dispute over features that can help identify China-linked users. Reuters reports: The ban is part of a deepening spat between the two companies after Anthropic accused Alibaba of illicitly extracting its Claude AI model capabilities -- a dispute that highlights the frantic race between the U.S. and China to take the lead in artificial intelligence. [...] Anthropic said last month that it had suffered a strike by Alibaba, which it described as a "distillation" effort that involves training a less capable model on the outputs of a stronger one. The distillation helps accelerate China's ability to reach Anthropic's advanced Mythos Preview capabilities, it said in a letter seen by Reuters that was sent to two U.S. senators. Alibaba's ban comes just days after developers said Claude Code contained mechanisms that inspected user environments, including timezone and proxy-related information, and inserted subtle markers into prompts sent to Anthropic's servers. An Anthropic employee wrote on Tuesday on X that the feature was "an experiment we launched in March" intended to prevent account abuse by unauthorized resellers and protect against model distillation. The person who spoke to Reuters about Alibaba's ban said that Anthropic's restrictions targeting China were difficult to enforce on individual users who can deploy servers in the United States and make traffic appear as if it originated there. But companies were more aware of legal and compliance risks, the person added.

    Read more of this story at Slashdot.



    - Valve Open-Sources Steam Machine's E-Ink Display
    Valve has open-sourced the design for a customizable e-ink front panel for the Steam Machine, dubbed the "Inkterface." "All of it is available on their GitLab under the MIT license, which goes over everything you need to make your own and stick it on the front of your fancy new Steam Machine," reports GamingOnLinux. From the report: They're now calling it the "Inkterface" and there's a good few things you'll need to make it including: 1 x Adafruit ESP32 Feather with 2MB PSRAM. 1 x Adafruit eInk Breakout Friend. 1 x Adafruit 5.83" Monochrome eInk Panel. 13 x M2.5 x 5mm Pan Head Machine Screws. 4 x 1/4" x 1/4" x 3/16" Stepped Magnet SB443-OUT. Valve even provided a video on the GitLab showing it being put together [...].

    Read more of this story at Slashdot.



    - New PamStealer macOS Malware Uses Clever Tradecraft To Remain Stealthy
    An anonymous reader quotes a report from Ars Technica: Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It's compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target's login password before sending it to an attacker-controlled server. [...] PamStealer shows a native password prompt designed to resemble a system authorization request. Text that appears with the prompt says: "Maccy wants to make changes. Enter your password to allow this." As noted earlier, once a target complies, the malware validates it locally through the PAM API. "This check is done entirely through PAM: there is no call out to dscl, security, osascript or any spawned process to verify the password, as many commodity macOS stealers do," [said Jamf, a security firm for macOS users]. "The result is a quieter routine that keeps only a verified password, and one fewer process chain for defenders to detect on." If the validation fails, PamStealer displays the prompts again until it receives the correct one. Once the target enters the correct password, PamStealer displays a message stating that the file is damaged and can't be installed. This is designed to be a decoy to prevent the target from suspecting anything is amiss. The malware uses tactics to maximize the information it can steal. One tactic is to request the target grant full disk access to the fake Maccy app. It also contains code designed to access ethereum accounts. The various techniques -- particularly the Script Editor lure, a self-contained JXA dropper, a Rust-based second stage, and local validation of credentials through PAM are all noteworthy.

    Read more of this story at Slashdot.



    - US Life Expectancy On Track To Reach Record High
    The US age-adjusted death rate fell to a record low in 2025, likely pushing life expectancy to a record high as overdose deaths declined and mortality improved across all age groups. CNN reports: There were about 689 deaths for every 100,000 people in the US in 2025, according to a new report from the US Centers for Disease Control and Prevention -- the lowest rate recorded in more than a century of tracking. The age-adjusted rate has fallen 22% since 2021, landing about 4% lower than it was just before the pandemic in 2019. [...] The top causes of death in the US in 2025 followed longstanding patterns: Heart disease led with nearly 695,000 deaths, followed by cancer with nearly 623,000 deaths. Unintentional injuries, which includes drug overdoses, were the third leading cause of death. Overdose deaths are still high -- about 70,000 people died from an overdose in 2025, preliminary CDC data shows -- but experts say that sharp declines probably played a large role in bringing the age-adjusted death rate down in the US.

    Read more of this story at Slashdot.



    - Amazon Has Enough Satellites To Launch Its Starlink Competitor
    Amazon says its Leo satellite network now has enough spacecraft in orbit to begin limited commercial internet service, with 396 satellites providing "continuous service across initial latitudes." Early performance will likely be uneven, however, and well behind Starlink. "It'll be years before Amazon can boast similar performance numbers as it continues to launch a planned 3,232 Leo satellites," reports The Verge. From the report: SpaceX went live with its "Better than nothing beta" back in 2020 when it had almost 900 satellites operating in low-Earth orbit. It initially served a narrow band of users in the upper US and Canada, who complained about frequent service interruptions and high sensitivity to obstructions, with speeds between 50Mbps and 150Mbps, and latency from 20ms to 40ms. By 2022, the service and coverage areas had already dramatically improved. [...] SpaceX currently has over 10,000 Starlink satellites in operation, providing robust internet connectivity on land, sea, and air in over 160 countries. Performance varies by the dish, service level paid for, time of day, and location of the user, but we're now talking 200Mbps median download speeds, 10Mbps to 40Mbps uploads, and latency hovering around 25ms.

    Read more of this story at Slashdot.



    - Sitting For More Than 30 Minutes At a Time Linked To Higher Risk of Cancer Death
    An anonymous reader quotes a report from The Guardian: Researchers who tracked more than 90,000 people over a decade found that sitting or lying down while awake for more than 30 minutes in one period each day was associated with an increased risk of cancer death. The risk increases for every additional hour of continuous inactivity, the findings suggest. However, the researchers also found breaking up periods of sedentary behavior longer than 30 minutes with bursts of physical activity could help reduce the risk. Getting up every half-hour, even for a short walk around the office, could do wonders for your health, they said. [...] The findings, published in Plos Medicine, focused on the health effects of prolonged sedentary behavior on a daily basis. [...] The team analyzed data from wearable devices worn by more than 91,000 UK Biobank participants, who were followed for an average of 12 years. The findings suggest prolonged inactivity lasting more than 30 minutes was associated with cancer risks. Each additional hour of prolonged inactivity every day was associated with a 10% increase in risk of cancer death. However, replacing long spells of inactivity with movement appeared to reduce that risk. Substituting one hour of sedentary behavior each day with light physical activity, such as ironing or washing up, was associated with a 12% lower risk of cancer death. Replacing 30 minutes of inactivity each day with 30 minutes of moderate physical activity, such as walking at an average pace, was associated with an 8% lower risk. The risk was 22% lower when five minutes of inactivity was replaced with five minutes of vigorous physical activity each day, the study suggested. There were limitations to the research, including the fact that the researchers performed a statistical analysis of an observational study, so could not prove causation.

    Read more of this story at Slashdot.



    - Labor Force Participation Rate Falls To Lowest In 50 years
    The US unemployment rate fell to 4.2% in June largely because 720,000 people left the labor force, pushing participation to 61.5%. Excluding the Covid-era jobs market, that's the lowest participation rate since June 1976. CNBC reports: The decline in the labor force marks a "massive exodus" driven by multiple factors, said Mike Reid, head of U.S. economics at RBC. "The unemployment rate fell to 4.2% as both the number of unemployed workers and the size of the labor force pulled back," Reid wrote in a post-report commentary. "This may well be a story of retirements but could also be a story of prior job seekers dropping out of the labor force." [...] [T]he rolls of those counted as not in the labor force, a group that includes the unemployed and those not looking for work, jumped by 832,000. And while the establishment survey, which counts jobs filled, showed growth for the month of 57,000, the survey of households, which counts the actual level of those working, tumbled by 507,000. On a year-over-year basis, the labor force is down by just over 1 million, while the level of the employed also has fallen by 1.06 million and the ranks of the unemployed have risen by 40,000. The employment-to-population ratio slipped to 59% in June, the lowest since October 2021. All that has happened while the unemployment rate has risen by just one-tenth of a percentage point to 4.2%. The drop in participation is sometimes attributed to a shrinking immigrant population and retiring baby boomers and Gen Xers. However, in June the biggest plunge came from what is defined as "prime age" workers, or those between the ages of 25 and 54. That rate fell 0.6 percentage point to 83.3%, its lowest since December 2023. "Looking at the statistics now, that argument doesn't hold up so well," North said of the retirement and immigration rationale. "I hate to use the word 'alarming,'" he added, but said the numbers are cause for concern.

    Read more of this story at Slashdot.



    - AI Agent Executes 'First' End-To-End Ransomware Attack
    Sysdig says it has documented the first ransomware attack carried out end to end by an AI agent, which autonomously exploited exposed systems, stole credentials, established persistence, compromised a production database, and destroyed data. The research team named the attacker "JadePuffer" and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248. "The most striking characteristic, however, was the LLM's behavior," Sysdig director of threat research Michael Clark said in a blog post. An anonymous reader quotes an excerpt from The Register: JadePuffer's "self-narrating" payloads "contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don't often write but LLM-generated code produces reflexively," Clark added. "The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds." After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials "with explicit coverage of Chinese providers" including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials. The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker's infrastructure every 30 minutes. JadePuffer's intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we're told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider's microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn't know how the attacker obtained them. These credentials weren't stolen from the victim's environment. JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can't recover the encrypted data, even if they paid the ransom demand, because the agent escalated "from row-level deletion to dropping entire database schemas, narrating its own targeting rationale," without backing up any of the encrypted data.

    Read more of this story at Slashdot.





Old Board