Google is delaying the end of third-party cookies in Chrome -- again. This marks the third time Google pushed back its original deadline set in January 2020, when the company said it would phase out third-party cookies "within two years" to improve internet security. Digiday reports: The announcement was made on Tuesday ahead of quarterly reports from Google and the ever-watchful U.K. Competition and Markets Authority (CMA), keeping tabs on how this whole situation unfolds.

"We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem," according to a statement Google posted on its website for the Privacy Sandbox. "It's also critical that the CMA has sufficient time to review all evidence including results from industry tests, which the CMA has asked market participants to provide by the end of June. Given both of these significant considerations, we will not complete third-party cookie deprecation during the second half of Q4."

Google did not outline a more specific timetable beyond hoping for 2025. [...] "We remain committed to engaging closely with the CMA and ICO and we hope to conclude that process this year," Google's statement read. "Assuming we can reach an agreement, we envision proceeding with third-party cookie deprecation starting early next year." "We welcome Google's announcement clarifying the timing of third-party cookie deprecation. This will allow time to assess the results of industry tests and resolve remaining issues," said a spokesperson from the CMA. "Under the commitments, Google has agreed to resolve our remaining competition concerns before going ahead with third-party cookie deprecation. Working closely with the ICO we expect to conclude this process by the end of 2024."

At the start of the year, Google started purging third-party cookies for one percent of browser traffic.

Oracle Chairman Larry Ellison said Tuesday that the company is moving its world headquarters to Nashville, Tennessee, to be closer to a major health-care epicenter. CNBC reports: In a wide-ranging conversation with Bill Frist, a former U.S. Senate Majority Leader, Ellison said Oracle is moving a "huge campus" to Nashville, "which will ultimately be our world headquarters." He said Nashville is an established health center and a "fabulous place to live," one that Oracle employees are excited about. "It's the center of the industry we're most concerned about, which is the health-care industry," Ellison said. The announcement was seemingly spur-of-the-moment. "I shouldn't have said that," Ellison told Frist, a longtime health-care industry veteran who represented Tennessee in the Senate. The pair spoke during a fireside chat at the Oracle Health Summit in Nashville.

Nashville has been a major player in the health-care scene for decades, and the city is now home to a vibrant network of health systems, startups and investment firms. The city's reputation as a health-care hub was catalyzed when HCA Healthcare, one of the first for-profit hospital companies in the U.S., was founded there in 1968. HCA helped attract troves of health-care professionals to Nashville, and other organizations quickly followed suit. Oracle has been developing its new $1.2 billion campus in the city for about three years, according to The Tennessean. "Our people love it here, and we think it's the center of our future," Ellison said.

An anonymous reader quotes a report from Ars Technica: Home Assistant, until recently, has been a wide-ranging and hard-to-define project. The open smart home platform is an open source OS you can run anywhere that aims to connect all your devices together. But it's also bespoke Raspberry Pi hardware, in Yellow and Green. It's entirely free, but it also receives funding through a private cloud services company, Nabu Casa. It contains tiny board project ESPHome and other inter-connected bits. It has wide-ranging voice assistant ambitions, but it doesn't want to be Alexa or Google Assistant. Home Assistant is a lot.

After an announcement this weekend, however, Home Assistant's shape is a bit easier to draw out. All of the project's ambitions now fall under the Open Home Foundation, a non-profit organization that now contains Home Assistant and more than 240 related bits. Its mission statement is refreshing, and refreshingly honest about the state of modern open source projects. "We've done this to create a bulwark against surveillance capitalism, the risk of buyout, and open-source projects becoming abandonware," the Open Home Foundation states in a press release. "To an extent, this protection extends even against our future selves -- so that smart home users can continue to benefit for years, if not decades. No matter what comes." Along with keeping Home Assistant funded and secure from buy-outs or mission creep, the foundation intends to help fund and collaborate with external projects crucial to Home Assistant, like Z-Wave JS and Zigbee2MQTT.

Home Assistant's ambitions don't stop with money and board seats, though. They aim to "be an active political advocate" in the smart home field, toward three primary principles:

- Data privacy, which means devices with local-only options, and cloud services with explicit permissions
- Choice in using devices with one another through open standards and local APIs
- Sustainability by repurposing old devices and appliances beyond company-defined lifetimes

Notably, individuals cannot contribute modest-size donations to the Open Home Foundation. Instead, the foundation asks supporters to purchase a Nabu Casa subscription or contribute code or other help to its open source projects. Further reading: The Verge's interview with Home Assistant founder Paulus Schoutsen

SiliconANGLE reports that to help organizations detect vulnerabilities earlier, Red Hat has "announced updates to its Trusted Software Supply Chain that enable organizations to shift security 'left' in the software supply chain." Red Hat announced Trusted Software Supply Chain in May 2023, pitching it as a way to address the rising threat of software supply chain attacks. The service secures software pipelines by verifying software origins, automating security processes and providing a secure catalog of verified open-source software packages. [Thursday's updates] are aimed at advancing the ability for customers to embed security into the software development life cycle, thereby increasing software integrity earlier in the supply chain while also adhering to industry regulations and compliance standards.

They start with a new tool called Red Hat Trust Artifact Signer. Based on the open-source Sigstore project [founded at Red Hat and now part of the Open Source Security Foundation], Trust Artifact Signer allows developers to sign and verify software artifacts cryptographically without managing centralized keys, to enhance trust in the software supply chain. The second new release, Red Hat Trusted Profile Analyzer, provides a central source for security documentation such as Software Bill of Materials and Vulnerability Exploitability Exchange. The tool simplifies vulnerability management by enabling proactive identification and minimization of security threats.

The final new release, Red Hat Trusted Application Pipeline, combines the capabilities of the Trusted Profile Analyzer and Trusted Artifact Signer with Red Hat's internal developer platform to provide integrated security-focused development templates. The feature aims to standardize and accelerate the adoption of secure development practices within organizations.
Specifically, Red Hat's announcement says organizations can use their new Trust Application Pipeline feature "to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations."

An anonymous reader shares a report: The Biden administration is designating two "forever chemicals," man-made compounds that are linked to serious health risks, as hazardous substances under the Superfund law, shifting responsibility for their cleanup to polluters from taxpayers. The new rule announced on Friday empowers the government to force the many companies that manufacture or use perfluorooctanoic acid, also known as PFOA, and perfluorooctanesulfonic acid, known as PFOS, to monitor any releases into the environment and be responsible for cleaning them up. Those companies could face billions of dollars in liabilities.

[...] The announcement follows an extraordinary move last week from the E.P.A. mandating that water utilities reduce the PFAS in drinking water to near-zero levels. The agency has also proposed to designate seven additional PFAS chemicals as hazardous waste. "President Biden understands the threat that forever chemicals pose to the health of families across the country," Michael S. Regan, the administrator of the E.P.A., said. "Designating these chemicals under our Superfund authority will allow E.P.A. to address more contaminated sites, take earlier action, and expedite cleanups, all while ensuring polluters pay for the costs to clean up pollution threatening the health of communities."

The US Consumer Financial Protection Bureau (CFPB) has slapped coding boot camp BloomTech -- formerly known as Lambda School -- with several punishments for alleged deceptive business practices. From a report: The business, which claims on its site it will help students land their "dream job" in tech at companies like Amazon, Cisco, and Google, accepted the consent order without admitting or denying any wrongdoing. In an announcement yesterday, the CFPB said it had taken action against BloomTech and its CEO Austen Allred for allegedly not disclosing the true cost of its loans to students and allegedly claiming overoptimistic hiring rates for BloomTech graduates. BloomTech, formerly Lambda School, has operated since 2017 and offers six- to nine-month vocational programs in science and engineering, with a focus on computer technology.

"BloomTech and its CEO sought to drive students toward income share loans that were marketed as risk-free, but in fact carried significant finance charges and many of the same risks as other credit products," said Rohit Chopra, director of the CFPB. With income share loans or income share agreements, BloomTech allowed students to pay tuition later but in exchange had to pay a percentage of their future income, CFPB claimed. The agency alleged that BloomTech explicitly told students that its income share loans (which cost an average of $4k "finance charge" to use) weren't actually loans at all. The CFPB claimed in the settlement order a "significant majority" of students used these loans to finance their education, and alleged each student could end up paying up to $30k of their income to BloomTech to settle the loans. From the CFPB's press release: BloomTech advertised on its website that 71 to 86 percent of students were placed in jobs within six months of graduation, when its non-public reporting to investors consistently showed placement rates closer to 50 percent. Allred tweeted that the school achieved a 100 percent job-placement rate in one of its cohorts, and later acknowledged in a private message that the sample size was just one student.

An anonymous reader quotes a report from the Washington Post: The Biden administration marked the close of tax season Monday by announcing it had met a modest goal of getting at least 100,000 taxpayers to file through the Internal Revenue Service's new tax software, Direct File -- an alternative to commercial tax preparers. Although the government had billed Direct File as a small-scale pilot, it still represents one of the most significant experiments in tax filing in decades -- a free platform letting Americans file online directly to the government. Monday's announcement aside, though, Direct File's success has proven highly subjective.

By and large, people who tried the Direct File software -- which looks a lot like TurboTax or other commercial tax software, with its question-and-answer format -- gave it rave reviews. "Against all odds, the government has created an actually good piece of technology," a writer for the Atlantic marveled, describing himself as "giddy" as he used the website to chat live with a helpful IRS employee. The Post's Tech Friend columnist Shira Ovide called it "visible proof that government websites don't have to stink." Online, people tweeted praise after filing their taxes, like the user who called it the "easiest tax experience of my life."

While the users might be a happy group, however, there weren't many of them compared to other tax filing options -- and their positive reviews likely won't budge the opposition that Direct File has faced from tax software companies and Republicans from the outset. These headwinds will likely continue if the IRS wants to renew it for another tax season. The program opened to the public midway through tax season, when many low-income filers had already claimed their refunds -- and was restricted to taxpayers in 12 states, with only four types of income (wages, interest, Social Security and unemployment). But it gained popularity as tax season went on: The Treasury Department said more than half of the total users of Direct File completed their returns during the last week.

Intel, Nvidia, AMD, and Arm are among Canonical's "silicon partners," a program that "ensures maximum Ubuntu compatibility and long-term support with certified hardware," according to Web Pro News.

And now Qualcomm is set to be Canonical's next silicon partner, "giving Qualcomm access to optimized versions of Ubuntu for its processors." Companies looking to use Ubuntu on Qualcomm chips will benefit from an OS that provides 10 years of support and security updates.

The collaboration is expected to be a boon for AI, edge computing, and IoT applications. "The combination of Qualcomm Technologies' processors with the popularity of Ubuntu among AI and IoT developers is a game changer for the industry," commented Dev Singh, Vice President, Business Development and Head of Building, Enterprise & Industrial Automation, Qualcomm Technologies, Inc...
"Optimised Ubuntu and Ubuntu Core images will be available for Qualcomm SoCs," according to the announcement, "enabling enterprises to meet their regulatory, compliance and security demands for AI at the edge and the broader IoT market with a secure operating system that is supported for 10 years." Qualcomm Technologies chose to partner with Canonical to create an optimised Ubuntu for Qualcomm IoT chipsets, giving developers an easy path to create safe, compliant, security-focused, and high-performing applications for multiple industries including industrial, robotics and edge automation...

Developers and enterprises can benefit from the Ubuntu Certified Hardware program, which features a growing list of certified ODM boards and devices based on Qualcomm SoCs. These certified devices deliver an optimised Ubuntu experience out-of-the-box, enabling developers to focus on developing applications and bringing products to market.

Popular Science reports that early last week, researchers at the U.S. Energy Department's Princeton Plasma Physics Laboratory revealed their new "MUSE" stellarator — "a unique fusion reactor that uses off-the-shelf and 3D-printed materials to contain its superheated plasma."

The researchers' announcement says the technique suggests "a simple way to build future devices for less cost and allow researchers to test new concepts for future fusion power plants." Stellarators typically rely on complicated electromagnets that have complex shapes and create their magnetic fields through the flow of electricity. Those electromagnets must be built precisely with very little room for error, increasing their cost. However, permanent magnets, like the magnets that hold art to refrigerator doors, do not need electric currents to create their fields. They can also be ordered off the shelf from industrial suppliers and then embedded in a 3D-printed shell around the device's vacuum vessel, which holds the plasma.

"MUSE is largely constructed with commercially available parts," said Michael Zarnstorff, a senior research physicist at PPPL. "By working with 3D-printing companies and magnet suppliers, we can shop around and buy the precision we need instead of making it ourselves." The original insight that permanent magnets could be the foundation for a new, more affordable stellarator variety came to Zarnstorff in 2014. "I realized that even if they were situated alongside other magnets, rare-earth permanent magnets could generate and maintain the magnetic fields necessary to confine the plasma so fusion reactions can occur," Zarnstorff said, "and that's the property that makes this technique work." [...]

In addition to being an engineering breakthrough, MUSE also exhibits a theoretical property known as quasisymmetry to a higher degree than any other stellarator has before. It is also the first device completed anywhere in the world that was designed specifically to have a type of quasisymmetry known as quasiaxisymmetry. Conceived by physicist Allen Boozer at PPPL in the early 1980s, quasisymmetry means that although the shape of the magnetic field inside the stellarator may not be the same around the physical shape of the stellarator, the magnetic field's strength is uniform around the device, leading to good plasma confinement and higher likelihood that fusion reactions will occur. "In fact, MUSE's quasisymmetry optimization is at least 100 times better than any existing stellarator," Zarnstorff said.

"The fact that we were able to design and build this stellarator is a real achievement," said Tony Qian, a graduate student in the Princeton Program in Plasma Physics, which is based at PPPL.
Also covered by Gizmodo. Thanks to Slashdot reader christoban for sharing the news.

An anonymous reader shared this report from BleepingComputer: Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. Spectre V2 is a new variant of the original Spectre attack discovered by a team of researchers at the VUSec group from VU Amsterdam. The researchers also released a tool that uses symbolic execution to identify exploitable code segments within the Linux kernel to help with mitigation.

The new finding underscores the challenges in balancing performance optimization with security, which makes addressing fundamental CPU flaws complicated even six years after the discovery of the original Spectre....

As the CERT Coordination Center (CERT/CC) disclosed yesterday, the new flaw, tracked as CVE-2024-2201, allows unauthenticated attackers to read arbitrary memory data by leveraging speculative execution, bypassing present security mechanisms designed to isolate privilege levels. "An unauthenticated attacker can exploit this vulnerability to leak privileged memory from the CPU by speculatively jumping to a chosen gadget," reads the CERT/CC announcement. "Current research shows that existing mitigation techniques of disabling privileged eBPF and enabling (Fine)IBT are insufficient in stopping BHI exploitation against the kernel/hypervisor."
"For a complete list of impacted Intel processors to the various speculative execution side-channel flaws, check this page updated by the vendor."

Under a new agreement between the U.S. and Japan, the first non-American on the Moon as part of the Artemis lunar exploration campaign will be a Japanese astronaut. SpaceNews reports: At an event in Washington, NASA Administrator Bill Nelson and Japanese Minister of Education, Culture, Sports, Science and Technology (MEXT) Masahito Moriyama signed an agreement regarding an additional Japanese contribution to Artemis, a pressurized lunar rover called Lunar Cruiser. NASA will deliver the rover to the moon, which the agencies said should take place ahead of the Artemis 7 mission scheduled for no earlier than 2031. NASA will also provide two seats on future Artemis lunar landing missions to astronauts from the Japanese space agency JAXA, the first agency other than NASA to secure spots on landing missions.

The Japanese rover will support extended expeditions from Artemis landing sites that are beyond the range of the Lunar Terrain Vehicle that three American companies are developing for NASA under contracts announced April 3. The rover is designed to accommodate two astronauts for up to 30 days, with an overall lifetime of 10 years. The announcement, though, offered no details about when the Japanese astronauts would fly to the moon. "It depends," Nelson said at an April 10 briefing when asked about schedules, noting that the two countries "announced a shared goal for a Japanese national to land on the moon on a future NASA mission assuming benchmarks are achieved."

"No mission has been currently assigned to a Japanese astronaut," added Lara Kearney, manager of NASA's extravehicular activity and human surface mobility program, at the briefing. The implementing agreement (PDF) said several factors will go into crew assignments, including progress on the pressurized rover, or PR: "The timing of the flight opportunities will be determined by NASA in line with existing flight manifesting and crew assignment processes and will take into account program progress and constraints, MEXT's request for the earliest possible assignment of the Japanese astronauts to lunar surface missions, and major PR milestones such as when the PR is first deployed on the lunar surface." The assumption among many in the industry, though, is that at least one of the astronauts will fly before the rover is delivered, and possibly as soon as the Artemis 4 mission, the second crewed landing, in the late 2020s.

An anonymous reader shares a report: Last week South Korea's SK Hynix announced it would partner with Purdue University on a $3.9 billion semiconductor complex here, the largest single corporate investment in state history. Now comes the hard part. SK Hynix must not only build the fabrication plant, or fab, which will package high-bandwidth memory chips used in artificial intelligence, and a connected research-and-development center. It also has to staff them. "We need several hundred engineers to operate our advanced-packaging manufacturing fab -- in physics, chemistry, material science, electronics engineering," Kwak Noh-Jung, chief executive of SK Hynix, said in an interview following last week's announcement.

Staffing a fab is harder in the U.S. than in South Korea, where SK Hynix has contracts with local universities and its own in-house university. Nonetheless, Kwak said, "the final goal is very clear. We need to have very good engineers for our success in U.S." The U.S. is trying to do something unprecedented: reverse a shrinking share in a key manufacturing sector. Between 1990 and 2020, the U.S. share of world chip making shrank to 12% from 37%, while the combined share of Taiwan, South Korea and China grew to 58%. The federal CHIPS program has showered billions of dollars on Intel for fabs in several states, Taiwan Semiconductor Manufacturing Co.in Arizona and GlobalFoundries in New York and Vermont. SK Hynix hopes for support as well.

Subsidies alone won't guarantee a sustainable industry. Fabs need customers, a supply chain and, above all, a skilled, specialized workforce. From 2000 to 2017, U.S. employment in semiconductor manufacturing shrank to 181,000 from 287,000. It has since recovered to about 200,000. Why did the U.S. share of semiconductor production shrink? As in other industries, the U.S. became an expensive place to manufacture. Susan Houseman of the Upjohn Institute, who has studied outsourcing, said this wasn't "primarily a story about offshoring." U.S. companies still lead in chip design: Nvidia in artificial intelligence, Qualcomm in communications and Apple in smartphones. Over time they mostly contracted out fabrication of their chips to foundries such as TSMC who benefited from generous domestic subsidies. The theory behind CHIPS is that, by matching Asia's subsidies, the U.S. can again be competitive in chip making. Nonetheless, there is a chicken-egg problem. Fabs need a ready supply of skilled workers. But without fabs, America's best and brightest have little incentive to pursue careers in the sector.

Liam Proven reports via The Register: Bad news for those who want to play with OpenVMS in non-production use. Older versions are disappearing, and the terms are getting much more restrictive. The corporation behind the continued development of OpenVMS, VMS Software, Inc. -- or VSI to its friends, if it has any left after this -- has announced the latest Updates to the Community Program. The news does not look good: you can't get the Alpha and Itanium versions any more, only a limited x86-64 edition.

OpenVMS is one of the granddaddies of big serious OSes. A direct descendant of the OSes that inspired DOS, CP/M, OS/2, and Windows, as well as the native OS of the hardware on which Unix first went 32-bit, VMS has been around for nearly half a century. For decades, its various owners have offered various flavors of "hobbyist program" under which you could get licenses to install and run it for free, as long as it wasn't in production use. Since Compaq acquired DEC, then HP acquired Compaq, its prospects looked checkered. HP officially killed it off in 2013, then in 2014 granted it a reprieve and sold it off instead. New owner VSI ported it to x86-64, releasing that new version 9.2 in 2022. Around this time last year, we covered VSI adding AMD support and opening a hobbyist program of its own. It seems from the latest announcement that it has been disappointed by the reception: "Despite our initial aspirations for robust community engagement, the reality has fallen short of our expectations. The level of participation in activities such as contributing open source software, creating wiki articles, and providing assistance on forums has not matched the scale of the program. As a result, we find ourselves at a crossroads, compelled to reassess and recalibrate our approach."

Although HPE stopped offering hobbyist licenses for the original VAX versions of OpenVMS in 2020, VSI continued to maintain OpenVMS 8 (in other words, the Alpha and Itanium editions) while it worked on version 9 for x86-64. VSI even offered a Student Edition, which included a freeware Alpha emulator and a copy of OpenVMS 8.4 to run inside it. Those licenses run out in 2025, and they won't be renewed. If you have vintage DEC Alpha or HP Integrity boxes with Itanic chips, you won't be able to get a legal licensed copy of OpenVMS for them, or renew the license of any existing installations -- unless you pay, of course. There will still be a Community license edition, but from now on it's x86-64 only. Although OpenVMS 9 mainly targets hypervisors anyway, it does support bare-metal operations on a single model of HPE server, the ProLiant DL380 Gen10. If you have one of them to play with -- well, tough. Now Community users only get a VM image, supplied as a VMWare .vmdk file. It contains a ready-to-go "OpenVMS system disk with OpenVMS, compilers and development tools installed." Its license runs for a year, after which you will get a fresh copy. This means you won't be able to configure your own system and keep it alive -- you'll have to recreate it, from scratch, annually. The only alternative for those with older systems is to apply to be an OpenVMS Ambassador.

It's the world's most widely used vulnerability database, reports SC Magazine, offering standards-based data on CVSS severity scores, impacted software and platforms, contributing weaknesses, and links to patches and additional resources.

But "there is a growing backlog of vulnerabilities" submitted to America's National Vulnerability Database and "requiring analysis", according to a new announcement from the U.S. Commerce Department's National Institute of Standards. "This is based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support." From SC Magazine: According to NIST's website, the institute analyzed only 199 of 3370 CVEs it received last month. [And this month another 677 came in — of which 24 have been analyzed.]

Other than a short notice advising it was working to establish a new consortium to improve the NVD, NIST had not provided a public explanation for the problems prior to a statement published [April 2]... "Currently, we are prioritizing analysis of the most significant vulnerabilities. In addition, we are working with our agency partners to bring on more support for analyzing vulnerabilities and have reassigned additional NIST staff to this task as well."

NIST, which had its budget cut by almost 12% this year by lawmakers, said it was committed to continuing to support and manage the NVD, which it described as "a key piece of the nation's cybersecurity infrastructure... We are also looking into longer-term solutions to this challenge, including the establishment of a consortium of industry, government and other stakeholder organizations that can collaborate on research to improve the NVD," the statement said. "We will provide more information as these plans develop..."

A group of cybersecurity professionals have signed an open letter to Congress and Commerce Secretary Gina Raimondo in which they say the enrichment issue is the result of a recent 20% cut in NVD funding.
The article also cites remarks from NVD program manager Tanya Brewer (reported by Infosecurity Magazine) from last week's VulnCon conference on plans to establish a NVD consortium. "We're not going to shut down the NVD; we're in the process of fixing the current problem. And then, we're going to make the NVD robust again and we'll make it grow."

Thanks to Slashdot reader spatwei for sharing the article.

CNN revisits 2003's disastrous landing of the Space Shuttle Columbia tonight with two "immersive" specials co-produced by BBC and Mindhouse Productions "featuring exclusive interviews and revealing never-before-broadcast footage," according to an announcement — with two more specials airing next week.

You can watch a trailer here. Across four episodes, the story of the ticking-clock of Columbia's final mission is told in dramatic detail, beginning months before the troubled launch, unfolding across the sixteen days in orbit, and concluding with the investigation into the tragic loss of the seven astronauts' lives. Weaving together intimate footage shot by the astronauts themselves inside the orbiter, exclusive first-hand testimony from family members of the Shuttle's crew, key players at NASA — some of whom have never spoken before — and journalists who covered the story on the ground, the series paints an intimate portrait of the women and men onboard and uncovers in forensic detail the trail of events and missed opportunities that ultimately led to disaster.
CNN says the first two episodes will livestream tonight at 9 p.m. EST (time-delayed on the west coast until 9 p.m.PST) — and then be available on-demand starting Monday — "for pay TV subscribers via CNN.com, CNN connected TV and mobile apps." CNN's web site offers a "preview" of its live TV offerings here.

They're promising "the inside story of one America's most iconic institutions, uncovering how financial pressures and a culture of complacency may have contributed to the events of February 1, 2003. The series also reflects on the legacy of the Space Shuttle era, serving as a timely exploration of the challenges and inherent dangers that remain relevant to space travel today."

On its web site CNN has also published two companion articles — one by Rice history professor Douglas Brinkley arguing that NASA "was America's crown jewel. After the Columbia disaster it was never quite the same." Because other shuttle missions had returned safely with "shredded" surface tiles — and because the stalwart Columbia had brought astronauts home from 27 previous flights — many NASA officials were lulled into complacency. They went so far as to assure the pilot and commander via email that "there is no concern ... We have seen the same phenomenon on several other flights and there is absolutely no concern for entry."

NASA officials also decided against enlisting spy satellite photography to examine the shuttle damage more thoroughly. If they had, it's possible that the astronauts could have repaired the spaceplane or at least abandoned it for refuge on the International Space Station...

As the Columbia Accident Investigation Board (CAIB) noted in its final report, "the NASA organizational culture had as much to do with this accident as the foam." All of NASA's launches were suspended for two years. While the shuttles eventually flew again, post-Columbia, the program was stunted and curtailed.
The article notes that since then SpaceX, Blue Origin, and the United Launch Alliance (Lockheed Martin and Boeing) "are thriving today in the space industry," along with Virgin Galactic and Axiom Space. "NASA, far from feeling threatened, has encouraged many of the private companies with massive contracts. The agency already had a long history of dealing with sub-contractors, using its pocketbook to steer aerospace development; that tradition has adjusted seamlessly to the current space economy."

In the other article CNN Space & Science writer Jackie Wattles notes that when America later retired its Space Shuttle program in 2011, "no U.S. astronaut would travel to space on an American-made rocket for nearly a decade."

The foundations behind Rust, Python, Apache, Eclipse, PHP, OpenSSL, and Blender announced plans to create "common specifications for secure software development," based on "existing open source best practices."

From the Eclipse Foundation: This collaborative effort will be hosted at the Brussels-based Eclipse Foundation [an international non-profit association] under the auspices of the Eclipse Foundation Specification Process and a new working group... Other code-hosting open source foundations, SMEs, industry players, and researchers are invited to join in as well.

The starting point for this highly technical standardisation effort will be today's existing security policies and procedures of the respective open source foundations, and similar documents describing best practices.

The governance of the working group will follow the Eclipse Foundation's usual member-led model but will be augmented by explicit representation from the open source community to ensure diversity and balance in decision-making. The deliverables will consist of one or more process specifications made available under a liberal specification copyright licence and a royalty-free patent licence... While open source communities and foundations generally adhere to and have historically established industry best practices around security, their approaches often lack alignment and comprehensive documentation.

The open source community and the broader software industry now share a common challenge: legislation has introduced an urgent need for cybersecurity process standards.
The Apache Foundation notes the working group is forming partly "to demonstrate our commitment to cooperation with and implementation of" the EU's Cyber Resilience Act. But the Eclipse Foundation adds that even before it goes into effect in 2027, they're recognizing open source software's "increasingly vital role in modern society" and an increasing need for reliability, safety, and security, so new regulations like the CRA "underscore the urgency for secure by design and robust supply chain security standards."

Their announcement adds that "It is also important to note that it is similarly necessary that these standards be developed in a manner that also includes the requirements of proprietary software development, large enterprises, vertical industries, and small and medium enterprises." But at the same time, "Today's global software infrastructure is over 80% open source... [W]hen we discuss the 'software supply chain,' we are primarily, but not exclusively, referring to open source."

"We invite you to join our collaborative effort to create specifications for secure open source development," their announcement concludes," promising initiative updates on a new mailing list. "Contribute your ideas and participate in the magic that unfolds when open source foundations, SMEs, industry leaders, and researchers combine forces to tackle big challenges."

The Python Foundation's announcement calls it a "community-driven initiative" that will have "a lasting impact on the future of cybersecurity and our shared open source communities."

The San Francisco Chronicle reports that Tesla "is poised to roll out its version of a robotaxi later this year, according to CEO Elon Musk." ("Musk made the announcement on social media saying 'Tesla Robotaxi unveil on 8/8.' His cryptic post contained no other details about the forthcoming line of autonomous vehicles.")

Electrek thinks they know what it'll look like. "Through Walter Issacson's approved biography of Musk, we learned that Tesla Robotaxi will be 'Cybertruck-like'."

8/8 (of the year 2024) would be a Thursday — although CNBC adds one additional clarification: At Tesla, "unveil" dates do not predict a near-future date for a commercial release of a new product. For example, Tesla unveiled its fully electric heavy-duty truck, the Semi, in 2017 and did not begin deliveries until December 2022. It still produces and sells very few Semis to this day.
"Tesla shares rose over 3% in extended trading after Musk's tweet."

Slashdot reader Mononymous writes: The latest release of OpenBSD, the FOSS Unix-like operating system focused on correctness and security over features and performance, has been released. This version includes newer driver support, performance improvements, stability fixes, and lots of package updates. One highlight is a complete port of KDE Plasma 5.

You can view the announcement and get the bits at OpenBSD.org.
Phoronix reports that with OpenBSD 7.5 "there is a number of improvements for ARM (AArch64) hardware, never-ending kernel optimizations and other tuning work, countless package updates, and other adjustments to this popular BSD platform."

An anonymous reader quotes a report from the Daily Hive: It is now the third consecutive day a major housing funding announcement has been made by Prime Minister Justin Trudeau. Friday's announcement entails over $600 million in investments targeted to help lower the construction cost of homes and speed up building timelines, with a new focus on creating new building innovation technologies. This includes a new $50 million Homebuilding Technology and Innovation Fund, which the federal government aims to leverage an additional $150 million from the private sector and other levels of government. Another $50 million will be invested in ideas and technology such as prefabricated housing factories, mass timber production, panelization, 3D printing, and pre-approved home design catalogues -- specifically projects already funded.

As well, $11.6 million will go towards the federal government's previously announced Housing Design Catalogue to create a standardized home structure design for simplicity as well as construction and cost efficiencies. The vast majority of today's announced funding will go into the federal Apartment Construction Loan Program, which provides low-cost financing to support new rental housing projects using innovative construction techniques from prefabricated and modular housing manufacturers as well as other homebuilders. Prime Minister Justin Trudeau said in a statement: "We're changing the way we build homes in Canada. In Budget 2024, we're supporting a new approach to construction, with a focus on innovation and technology. This will make it easier and more cost-effective to build more homes, faster. You should be able to live in the community you love, at a price you can afford."

AMD plans to document and open source its Micro Engine Scheduler (MES) firmware for GPUs, giving users more control over Radeon graphics cards. From a report: It's part of a larger effort AMD confirmed earlier this week about making its GPUs more open source at both a software level in respect to the ROCm stack for GPU programming and a hardware level. Details were scarce with this initial announcement, and the only concrete thing it introduced was a GitHub tracker.

However, yesterday AMD divulged more details, specifying that one of the things it would be making open source was the MES firmware for Radeon GPUs. AMD says it will be publishing documentation for MES around the end of May, and will then release the source code some time afterward. For one George Hotz and his startup, Tiny Corp, this is great news. Throughout March, Hotz had agitated for AMD to make MES open source in order to fix issues he was experiencing with his RX 7900 XTX-powered AI server box. He had talked several times to AMD representatives, and even the company's CEO, Lisa Su.