An anonymous reader quotes a report from Ars Technica: After sending cease-and-desist letters to VMware users whose support contracts had expired and who subsequently declined to subscribe to one of Broadcom's VMware bundles, Broadcom has started the process of conducting audits on former VMware customers. [...] Ars Technica reviewed a letter that a software provider and VMware user in the Netherlands received that is dated June 20 and informs the firm that it "has been selected for a formal audit of its use of VMware software and support services" [PDF]. The security professional who provided Ars with the letter asked to keep their name and their employers' name anonymous out of privacy concerns.

The anonymous employee told Ars that their company had been a VMware customer for "about" a decade before deciding not to sign up for a new contract with Broadcom's VMware a year ago. The company had been using VMware Cloud Foundation and vSphere. "Our CEO decided to not extend the support contract because of the costs," the employee said. "This already impacts us security-wise because we can no longer get updates (unless the CVSS score is critical)." The letter notes that an auditing firm, Connor Consulting, which is headquartered in San Francisco and has offices around the globe, will perform a review of the company's "VMware deployment and entitlements, which may include fieldwork or remote testing and meetings with members of your accounting, licensing, and management information systems functions." The letter informs its recipient that someone from Connor will reach out and that the VMware user should respond within three business days.

The letter, signed by Aiden Fitzgerald, director of global sales operations at Broadcom, claims that Broadcom will use its time "as efficiently and productively as possible to minimize disruption." Still, the security worker that Ars spoke with is concerned about the implications of the audit and said they "expect a big financial impact" for their employer. They added: "Because we are focusing on saving costs and are on a pretty tight financial budget, this will likely have impact on the salary negotiations or even layoffs of employees. Currently, we have some very stressed IT managers [and] legal department [employees] ..." The employee noted that they are unsure if their employer exceeded its license limits. If the firm did, it could face "big" financial repercussions, the worker noted.

The classic VW bus got an all-electric update — but that was just the beginning. Now there's an autonomous driving version (that's intended for commercial fleets, reports Jalopnik, "a level 4 vehicle that drives set routes" that's "going into full production" as the ID Buzz AD. (The AD stands for "autonomous driving") The AD version sports a longer wheelbase and a higher roofline than its mere human-driven sibling, which helps it to fit in the 13 cameras, nine LiDARs, and five radars that will (hopefully) allow the car to drive without crashing into anybody. These are intended for large-fleet customers providing taxi services, either ones run by local governments or private companies. [Volkswagen Group software subsidiary MOIA] has already lined up its first customer, the German city of Hamburg, which will provide the automated Buzz as a public transit option alongside traditional bus and subway services. If all goes well, after Hamburg MOIA "will bring sustainable, autonomous mobility to large-scale deployment in Europe and the U.S.," according to VW Group CEO Oliver Blume. Down the road, VW has also signed an agreement for rideshare juggernaut Uber to use the ID Buzz AD across America, starting with Los Angeles in 2026.

The ID Buzz AD is the first vehicle in Germany to reach SAE International's threshold for Level 4 autonomous driving, meaning that the car can drive itself, with no need for a driver behind the wheel, within designated areas.
It comes with "a full suite of tools for public and private transit providers," notes the EV news site Electrek. "That includes everything from the self-driving tech to fleet management software, passenger support, and operator training. That will allow cities and companies to launch driverless fleets quickly, safely, and at scale."

And Christian Senger, a member of the board of management of VW Commercial Vehicles, tells DW the vans will be manufactured in very large numbers. The Hannover VW factory is set to produce more than 10,000 commercial vehicles. "We believe we can be the leading supplier in Europe," Senger says.... [Senger] does not expect the top dog of Germany's beleaguered auto industry to make any money, at least at first. In the long term, though, he explains that autonomous driving is the lucrative field of the future, one that promises to be much more profitable than the traditional automotive industry...

The exact price has not yet been announced but the ID. Buzz AD is unlikely to come cheap. According to Senger, buyers will have to pay a low six-figure sum (in euros) per vehicle. That means it's going to be expensive for transport companies. The Association of German Transport Companies or VDV, is calling for a nationally coordinated strategy of long-term financing, and a market launch supported by public funding, to establish the country's supremacy in this market.

"The worlds of Linux and Windows finally came together in real life..." writes The Verge: Microsoft co-founder Bill Gates and Linus Torvalds, the creator of the Linux kernel, have surprisingly never met before. That all changed at a recent dinner hosted by Sysinternals creator Mark Russinovich... "No major kernel decisions were made," jokes Russinovich in a post on LinkedIn.
More from the Linux news blog Linuxiac: The man on the left is Mark Russinovich, a software engineer, author, and co-founder of Sysinternals, now CTO of Azure, Microsoft's cloud computing platform. He has become synonymous with deep Windows diagnostics and cloud-scale management. In the late 1990s, his suite of tools (Process Explorer, Autoruns, Procmon) revolutionized the way administrators and security professionals understood Windows internals.

The man on the far right is another living legend: Dave Cutler. Let me put it this way — he's one of the key people behind OpenVMS and the brilliant lead architect who designed Windows NT's kernel and hardware-abstraction layer — technologies that remain at the heart of every current Windows release, from server farms to laptops. So, it's no surprise that people often call him the "father of Windows NT."

An anonymous reader quotes a report from TorrentFreak: Napster, the brand synonymous with the music piracy boom of the early 2000s, has a new copyright challenge. Together with audio giant Sonos, Napster faces a lawsuit demanding over $3.4 million in alleged unpaid copyright royalties. Filed by collective rights management organization SoundExchange, the complaint (PDF) centers on missed payments related to the "Sonos Radio" service, which until 2023 was powered by Napster's music catalog. [...]

Sonos Radio launched in April 2020 with Napster as the authorized agent, submitting the required royalty reports and royalties to SoundExchange. While all went well initially, payments stopped around May 2022. At the time, Napster had been acquired by venture capital firms Hivemind and Algorand, with a focus on "web3" technologies, including cryptocurrencies and blockchain. According to the complaint, the takeover resulted in a "complete breakdown of reporting and payment for the Sonos Radio service." The alleged payment problems eventually came to light during an audit initiated by SoundExchange in 2023, which concluded that Sonos and Napster owed millions in unpaid royalties.

Sonos and Napster are no longer partners in the radio service, as the audio equipment manufacturer switched to Deezer around April 2023. That appears to have solved the royalty issues, but SoundExchange still believes it is owed more than $3 million. "In total, Sonos, and its agent Napster, have failed to pay at least $3,423,844.41 comprising royalties owed for the period October 2022 to April 2023, interest, late fees, and auditor fee-shifting costs, and subtracting Sonos and Napster's payments made to date. "Late fees and interest continue to grow," SoundExchange adds, while requesting compensation in full. The complaint lists one count of "underpayment" of statutory royalties, and one count of "non-payment" of royalties, as determined by the audit. For both Copyright Act violations, SoundExchange requests damages of at least $3.4 million.

Longtime Slashdot reader jrepin writes: Plasma is a popular desktop (and mobile) environment for GNU/Linux and other UNIX-like operating systems. Among other things, it also powers the desktop mode of the Steam Deck gaming handheld. The KDE community today announced the latest release: Plasma 6.4. This fresh new release improves on nearly every front, with progress being made in accessibility, color rendering, tablet support, window management, and more.

Plasma already offered virtual desktops and customizable tiles to help organize your windows and activities, and now it lets you choose a different configuration of tiles on each virtual desktop. The Wayland session brings some new accessibility features: you can now move the pointer using your keyboard's number pad keys, or use a three-finger touchpad pinch gesture to zoom in or out.

Plasma file transfer notification now shows a speed graph, giving you a more visual idea of how fast the transfer is going and how long it will take to complete. When any applications are in full screen mode Plasma will now enter Do Not Disturb mode and only show urgent notifications. When you exit full-screen mode, you'll see a summary of any notifications you missed.

Now, when an application tries to access the microphone and finds it muted, a notification will pop up. A new feature in the Application Launcher widget will place a green New! tag next to newly installed apps, so you can easily find where something you just installed lives in the menu.

The Display and Monitor page in System Settings comes with a brand new HDR calibration wizard. Support for Extended Dynamic Range (a different kind of HDR) and P010 video color format has also been added. System Monitor now supports usage monitoring for AMD and Intel graphic cards -- it can even show the GPU usage on a per-process basis.

Spectacle, the built-in app for taking screenshots and screen recordings, has a much-improved design and more streamlined functionality. The background of the desktop or window now darkens when an authentication dialog shows up, helping you locate and focus on the window asking for your password.

There's a brand-new Animations page in System Settings that groups all the settings for purely visual animated effects into one place, making them easier to find and configure. Aurorae, a newly added SVG vector graphics theme engine, enhances KWin window decorations.

You can read more about these and many other other features in the Plasma 6.4 announcement and complete changelog.

Google Cloud has attributed last week's widespread outage to a flawed code update in its Service Control system that triggered a global crash loop due to missing error handling and lack of feature flag protection. The Register reports: Google's explanation of the incident opens by informing readers that its APIs, and Google Cloud's, are served through our Google API management and control planes." Those two planes are distributed regionally and "are responsible for ensuring each API request that comes in is authorized, has the policy and appropriate checks (like quota) to meet their endpoints." The core binary that is part of this policy check system is known as "Service Control."

On May 29, Google added a new feature to Service Control, to enable "additional quota policy checks." "This code change and binary release went through our region by region rollout, but the code path that failed was never exercised during this rollout due to needing a policy change that would trigger the code," Google's incident report explains. The search monopolist appears to have had concerns about this change as it "came with a red-button to turn off that particular policy serving path." But the change "did not have appropriate error handling nor was it feature flag protected. Without the appropriate error handling, the null pointer caused the binary to crash."

Google uses feature flags to catch issues in its code. "If this had been flag protected, the issue would have been caught in staging." That unprotected code ran inside Google until June 12th, when the company changed a policy that contained "unintended blank fields." Here's what happened next: "Service Control, then regionally exercised quota checks on policies in each regional datastore. This pulled in blank fields for this respective policy change and exercised the code path that hit the null pointer causing the binaries to go into a crash loop. This occurred globally given each regional deployment."

Google's post states that its Site Reliability Engineering team saw and started triaging the incident within two minutes, identified the root cause within 10 minutes, and was able to commence recovery within 40 minutes. But in some larger Google Cloud regions, "as Service Control tasks restarted, it created a herd effect on the underlying infrastructure it depends on ... overloading the infrastructure." Service Control wasn't built to handle this, which is why it took almost three hours to resolve the issue in its larger regions. The teams running Google products that went down due to this mess then had to perform their own recovery chores. Going forward, Google has promised a couple of operational changes to prevent this mistake from happening again: "We will improve our external communications, both automated and human, so our customers get the information they need asap to react to issues, manage their systems and help their customers. We'll ensure our monitoring and communication infrastructure remains operational to serve customers even when Google Cloud and our primary monitoring products are down, ensuring business continuity."

Meta and AWS have used Rust, and Netflix uses Go,reports the programming news site InfoQ. But using another language, Apple recently "migrated its global Password Monitoring service from Java to Swift, achieving a 40% increase in throughput, and significantly reducing memory usage."

This freed up nearly 50% of their previously allocated Kubernetes capacity, according to the article, and even "improved startup time, and simplified concurrency." In a recent post, Apple engineers detailed how the rewrite helped the service scale to billions of requests per day while improving responsiveness and maintainability... "Swift allowed us to write smaller, less verbose, and more expressive codebases (close to 85% reduction in lines of code) that are highly readable while prioritizing safety and efficiency."

Apple's Password Monitoring service, part of the broader Password app's ecosystem, is responsible for securely checking whether a user's saved credentials have appeared in known data breaches, without revealing any private information to Apple. It handles billions of requests daily, performing cryptographic comparisons using privacy-preserving protocols. This workload demands high computational throughput, tight latency bounds, and elastic scaling across regions... Apple's previous Java implementation struggled to meet the service's growing performance and scalability needs. Garbage collection caused unpredictable pause times under load, degrading latency consistency. Startup overhead — from JVM initialization, class loading, and just-in-time compilation, slowed the system's ability to scale in real time. Additionally, the service's memory footprint, often reaching tens of gigabytes per instance, reduced infrastructure efficiency and raised operational costs.

Originally developed as a client-side language for Apple platforms, Swift has since expanded into server-side use cases.... Swift's deterministic memory management, based on reference counting rather than garbage collection (GC), eliminated latency spikes caused by GC pauses. This consistency proved critical for a low-latency system at scale. After tuning, Apple reported sub-millisecond 99.9th percentile latencies and a dramatic drop in memory usage: Swift instances consumed hundreds of megabytes, compared to tens of gigabytes with Java.
"While this isn't a sign that Java and similar languages are in decline," concludes InfoQ's article, "there is growing evidence that at the uppermost end of performance requirements, some are finding that general-purpose runtimes no longer suffice."

An anonymous reader quotes a report from Ars Technica: Do you remember the Pirelli Cyber Tire? No, it's not an angular nightmare clad in stainless steel. Rather, it's a sensor-equipped tire that can inform the car it's fitted to what's happening, both with the tire itself and the road it's passing over. The technology has slowly been making its way into the real world, starting with rarified stuff like the McLaren Artura. Now, Pirelli is going to put some Cyber Tires to work for everybody, not just supercar drivers, in a new pilot program with the regional government of Apulia in Italy.

The Cyber Tire has a sensor to monitor temperature and pressure, using Bluetooth Low Energy to communicate with the car. The electronics are able to withstand more than 3,500 G as part of life on the road, and a 0.3-oz (10 g) battery keeps everything running for the life of the tire. The idea was to develop a better tire pressure monitoring system, one that could tell the car exactly what kind of tire -- summer, winter, all-season, and so on -- was fitted, and even its state of wear, allowing the car to adapt its settings appropriately. But other applications suggested themselves -- at a recent CES, Pirelli showed how a Cyber Tire could warn other road users about aquaplaning. Then again, we've been waiting more than a decade for vehicle-to-vehicle communication to make a difference in daily driving to no avail.

Apulia's program does not rely on crowdsourcing data from Cyber Tires fitted to private vehicles. Regardless of the privacy implications, the rubber isn't nearly in widespread enough use for there to be a sufficient population of Cyber Tire-shod cars in the region. Instead, Pirelli will fit the tires to a fleet of vehicles supplied by the fleet management and rental company Ayvens. Driving around, the sensors in the tires will be able to infer how rough or irregular the asphalt is, via some clever algorithms. That's only one part of it, however. Pirelli and Apulia are also combining input from the tires with data from a network of road cameras and some technology from the Swedish startup Univrses. As you might expect, this data is combined in the cloud, and dashboards are available to enable end users to explore the data.

An anonymous reader quotes a report from The Register: The US Cybersecurity and Infrastructure Security Agency has lost another senior leader: executive director Bridget Bean departed on Wednesday. Bean, who served as the de facto agency boss for five months between former CISA director Jen Easterly's departure in January and Madhu Gottumukkala's appointment to the deputy director post last month, said she was "officially retiring from Federal service once again" in a LinkedIn post. "My time at CISA has been truly remarkable," she wrote. "Having had the privilege to serve as the Senior Official Performing the Duties of Director of CISA for 5 months has been a profound honor."

CISA's executive leadership page now lists Gottumukkala as its acting director, and the agency remains without a Senate-confirmed leader. President Trump nominated Sean Plankey to serve as the agency's director, and his nomination is scheduled for consideration (PDF) by the Senate's Homeland Security and Governmental Affairs Committee today. However, his appointment still requires a full Senate vote. Senator Ron Wyden (D-OR) has said he will continue to block Plankey's confirmation until CISA releases an unclassified report on American telecommunications networks' weak security.

At the time of her departure, Bean had spent three and a half years with CISA and more than three decades with the federal government, including a job as the Federal Emergency Management Agency's third-ranking official. Before accepting the executive director post, she was CISA's first chief integration officer. In this position, she "led the integration of the agency's operations and ensured CISA's frontline of regional staff seamlessly supported the critical infrastructure that Americans rely on every hour of every day," according to her bio on the agency's website. [...] Bean's retirement comes during a talent exodus from CISA -- and other federal government agencies -- with some folks getting fired and others taking the Trump administration's buyout offer to resign from public service. As of May 30, the heads of five of CISA's six operational divisions and six of its 10 regional offices had left the agency, and around 1,000 people, nearly one-third of its total staff, have reportedly left CISA since Trump took office.

An anonymous reader quotes a report from Axios: President Trump quietly took a red pen to much of the Biden administration's cyber legacy in a little-noticed move late Friday. Under an executive order signed just before the weekend, Trump is tossing out some of the major touchstones of Biden's cyber policy legacy -- while keeping a few others. The order preserves efforts around post-quantum cryptography, advanced encryption standards, and border gateway protocol security, along with the Cyber Trust Mark program -- an Energy Star-type labeling initiative for consumer smart devices. But hallmark programs tied to software bills of materials, zero-trust implementation, and space contractor cybersecurity requirements have been either rescinded or left in limbo. The new executive order amends both the Biden cyber executive order signed in January and an Obama administration order.

Each of the following Biden-era programs is now out the door or significantly rolled back:
- A broad requirement for federal software vendors to provide a software bill of materials - essentially an ingredient list of code components - is gone.
- Biden-era efforts to encourage federal agencies to accept digital identity documents and help states develop mobile driver's licenses were revoked.
- Several AI cybersecurity research mandates, including those focused on AI-generated code security and AI-driven patch management pilots, have been scrapped or deprioritized.
- The requirement that software contractors formally attest they followed secure development practices - and submit those attestations to a federal repository - has been cut. Instead, the National Institute of Standards and Technology will now coordinate a new industry consortium to review software security guidelines.

Meta is preparing to unveil a new AI research lab dedicated to pursuing "superintelligence," a hypothetical A.I. system that exceeds the powers of the human brain, as the tech giant jockeys to stay competitive in the technology race, New York Times reported Tuesday, citing four people with the knowledge of the company's plans. From the report: Meta has tapped Alexandr Wang, 28, the founder and chief executive of the A.I. start-up Scale AI, to join the new lab, the people said, and has been in talks to invest billions of dollars in his company as part of a deal that would also bring other Scale employees to the company.

Meta has offered seven- to nine-figure compensation packages to dozens of researchers from leading A.I. companies such as OpenAI and Google, with some agreeing to join, according to the people. The new lab is part of a larger reorganization of Meta's A.I. efforts, the people said. The company, which owns Facebook, Instagram and WhatsApp, has recently grappled with internal management struggles over the technology, as well as employee churn and several product releases that fell flat, two of the people said.

The Register's Thomas Claburn reports: The Linux Foundation on Friday introduced a new method to distribute WordPress updates and plugins that's not controlled by any one party, in a bid to "stabilize the WordPress ecosystem" after months of infighting. The FAIR Package Manager project is a response to the legal brawl that erupted last year, pitting WordPress co-creator Matthew Mullenweg, his for-profit hosting firm Automattic, and the WordPress Foundation that he controls, against WP Engine, a rival commercial WordPress hosting firm. [...]

The Linux Foundation says the FAIR Package Manager, a mechanism for distributing open-source WordPress plugins, "eliminates reliance on any single source for core updates, plugins, themes, and more, unites a fragmented ecosystem by bringing together plugins from any source, and builds security into the supply chain." In other words, it can't be weaponized against the WordPress community because it won't be controlled by any one entity. "The FAIR Package Manager project paves the way for the stability and growth of open source content management, giving contributors and businesses additional options governed by a neutral community," said Jim Zemlin, Executive Director of the Linux Foundation, in a canned press statement. "We look forward to the growth in community and contributions this important project attracts."

The FAIR Package Manager repo explains the software's purpose more succinctly. The software "is a decentralized alternative to the central WordPress.org plugin and theme ecosystem, designed to return control to WordPress hosts and developers. It operates as a drop-in WordPress plugin, seamlessly replacing existing centralized services with a federated, open-source infrastructure." In addition to providing some measure of stability, the Linux Foundation sees the FAIR Package Manager as advancing WordPress' alignment with Europe's General Data Protection Regulation by reducing automatic browser data transmission and telemetry sent to commercial entities, while also supporting modern security practices and strengthening the open source software supply chain.

An anonymous reader quotes a report from the BBC: A lack of action by big tech firms is enabling the "industrial scale theft" of premium video services, especially live sport, a new report says. The research by Enders Analysis accuses Amazon, Google, Meta and Microsoft of "ambivalence and inertia" over a problem it says costs broadcasters revenue and puts users at an increased risk of cyber-crime. Gareth Sutcliffe and Ollie Meir, who authored the research, described the Amazon Fire Stick -- which they argue is the device many people use to access illegal streams -- as "a piracy enabler." [...] The device plugs into TVs and gives the viewer thousands of options to watch programs from legitimate services including the BBC iPlayer and Netflix. They are also being used to access illegal streams, particularly of live sport.

In November last year, a Liverpool man who sold Fire Stick devices he reconfigured to allow people to illegally stream Premier League football matches was jailed. After uploading the unauthorized services on the Amazon product, he advertised them on Facebook. Another man from Liverpool was given a two-year suspended sentence last year after modifying fire sticks and selling them on Facebook and WhatsApp. According to data for the first quarter of this year, provided to Enders by Sky, 59% of people in UK who said they had watched pirated material in the last year while using a physical device said they had used a Amazon fire product. The Enders report says the fire stick enables "billions of dollars in piracy" overall. [...]

The researchers also pointed to the role played by the "continued depreciation" of Digital Rights Management (DRM) systems, particularly those from Google and Microsoft. This technology enables high quality streaming of premium content to devices. Two of the big players are Microsoft's PlayReady and Google's Widevine. The authors argue the architecture of the DRM is largely unchanged, and due to a lack of maintenance by the big tech companies, PlayReady and Widevine "are now compromised across various security levels." Mr Sutcliffe and Mr Meir said this has had "a seismic impact across the industry, and ultimately given piracy the upper hand by enabling theft of the highest quality content." They added: "Over twenty years since launch, the DRM solutions provided by Google and Microsoft are in steep decline. A complete overhaul of the technology architecture, licensing, and support model is needed. Lack of engagement with content owners indicates this a low priority."

In a full-circle moment for Palmer Luckey, Meta and his defense tech company Anduril are teaming up to develop mixed reality headsets for the U.S. military under the Army's revamped SBMC Next program. The collaboration will merge Meta's Reality Labs hardware and Llama AI with Anduril's battlefield software, marking Meta's entry into military XR through the very company founded by Luckey after his controversial departure from Facebook. "I am glad to be working with Meta once again," Luckey said in a blog post. "My mission has long been to turn warfighters into technomancers, and the products we are building with Meta do just that." TechCrunch reports: This partnership stems from the Soldier Borne Mission Command (SBMC) Next program, formerly called the Integrated Visual Augmentation System (IVAS) Next. IVAS was a massive military contract, with a total $22 billion budget, originally awarded to Microsoft in 2018 intended to develop HoloLens-like AR glasses for soldiers. But after endless problems, in February the Army stripped management of the program from Microsoft and awarded it to Anduril, with Microsoft staying on as a cloud provider. The intent is to eventually have multiple suppliers of mixed reality glasses for soldiers.

All of this meant that if Luckey's former employer, Meta, wanted to tap into the potentially lucrative world of military VR/AR/XR headsets, it would need to go through Anduril. The devices will be based on tech out of Meta's AR/VR research center Reality Labs, the post says. They'll use Meta's Llama AI model, and they will tap into Anduril's command and control software known as Lattice. The idea is to provide soldiers with a heads-up display of battlefield intelligence in real time. [...] An Anduril spokesperson tells TechCrunch that the product family Meta and Anduril are building is even called EagleEye, which will be an ecosystem of devices. EagleEye is what Luckey named Anduril's first imagined headset in Anduril's pitch deck draft, before his investors convinced him to focus on building software first. After the announcement, Luckey said on X: "It is pretty cool to have everything at our fingertips for this joint effort -- everything I made before Meta acquired Oculus, everything we made together, and everything we did on our own after I was fired."

After a year of rumors, Salesforce has officially acquired cloud data management firm Informatica in an $8 billion equity deal. "Under the terms of the deal, Salesforce will pay $25 in cash per share for Informatica's Class A and Class B-1 common stock, adjusting for its prior investment in the company," notes TechCrunch. From the report: Informatica was founded in 1993 and works with more than 5,000 customers across more than 100 countries. The company had a $7.1 billion market cap at the time of publication. This acquisition will help bolster Salesforce's agentic AI ambitions, the company's press release stated, by giving the company more data infrastructure and governance to help its AI agents run more "safely, responsibly, and at scale across the modern enterprise." "Together, we'll supercharge Agentforce, Data Cloud, Tableau, MuleSoft, and Customer 360, enabling autonomous agents to act with intelligence, context, and confidence across every enterprise," Salesforce CEO Marc Benioff said in the press release. "This is a transformational step in delivering enterprise-grade AI that is safe, responsible, and deeply integrated with the world's data."

SiFive was one of the first companies to produce a RISC-V chip. This week they announced a new collaboration with Red Hat "to bring Red Hat Enterprise Linux support to the rapidly growing RISC-V community" and "prepare Red Hat's product portfolio for future intersection with RISC-V server hardware from a diverse set of RISC-V suppliers."

Red Hat Enterprise Linux 10 is available in developer preview on the SiFive HiFive Premier P550 platform, which they call "a proven, high performance RISC-V CPU development platform." The SiFive HiFive Premier P550 provides a proven, high performance RISC-V CPU development platform. Adding support for Red Hat Enterprise Linux 10, the latest version of the world's leading enterprise Linux platform, enables developers to create, optimize, and release new applications for the next generation of enterprise servers and cloud infrastructure on the RISC-V architecture...

SiFive's high performance RISC-V technology is already being used by large organizations to meet compute-intensive AI and machine learning workloads in the datacenter... "With the growing demand for RISC-V, we are pleased to collaborate with SiFive to support Red Hat Enterprise Linux 10 deployments on SiFive HiFive Premier P550," said Ronald Pacheco, senior director of RHEL product and ecosystem strategy, "to further empower developers with the power of the world's leading enterprise Linux platform wherever and however they choose to deploy...."

Dave Altavilla, principal analyst at HotTech Vision And Analysis, said "Native Red Hat Enterprise Linux support on SiFive's HiFive Premier P550 board offers developers a substantial enterprise-grade toolchain for RISC-V.

"This is a pivotal step forward in enabling a full-stack ecosystem around open RISC-V hardware. SiFive says the move will "inspire the next generation of enterprise workloads and AI applications optimized for RISC-V," while helping their partners "deliver systems with a meaningfully lower total cost of ownership than incumbent platforms."

"With the growing demand for RISC-V, we are pleased to collaborate with SiFive to support Red Hat Enterprise Linux 10 deployments on SiFive HiFive Premier P550..." said Ronald Pacheco, senior director of RHEL product and ecosystem strategy. .

Beta News notes that there's also a new AI-powered assistant in RHEL 10, so "Instead of spending all day searching for answers or poking through documentation, admins can simply ask questions directly from the command line and get real-time help Security is front and center in this release, too. Red Hat is taking a proactive stance with early support for post-quantum cryptography. OpenSSL, GnuTLS, NSS, and OpenSSH now offer quantum-resistant options, setting the stage for better protection as threats evolve. There's a new sudo system role to help with privilege management, and OpenSSH has been bumped to version 9.9. Plus, with new Sequoia tools for OpenPGP, the door is open for even more robust encryption strategies. But it's not just about security and AI. Containers are now at the heart of RHEL 10 thanks to the new "image mode." With this feature, building and maintaining both the OS and your applications gets a lot more streamlined...

Wisk Aero and NASA have signed a new five-year partnership to advance the safe integration of autonomous, all-electric aircraft into U.S. airspace, focusing on urban air mobility and regulated eVTOL flight. Electrek reports: Wisk Aero shared details of its refreshed partnership with NASA this week. The autonomous aviation specialist has signed a new five-year Non-Reimbursable Space Act Agreement (NRSAA) with the renowned space administration. Per Wisk, this new agreement focuses on critical research led by NASA's Air Traffic Management Exploration (ATM-X) project, which is centered around the advancement of commercialized autonomous aircraft travel under Instrument Flight Rules (IFR) in the National Airspace System (NAS).

As a specialist in autonomous, zero-emission aircraft, Wisk intends to continue its research alongside NASA to help regulators determine future eVTOL flight procedures and capabilities in the US. Regulatory developments on the to-do list for the latest NRSAA include optimizing airspace and route designs for highly automated UAM operations, establishing critical aircraft and ground-based safety system requirements for autonomous flight in urban environments, and establishing Air Traffic Control (ATC) communication protocols and procedures for seamless integration of future UAM aircraft. To achieve these goals, Wisk said its research with NASA will more specifically focus on utilizing advanced simulation and Live Virtual Constructive (LVC) flight environments, which combine live flights with a simulated airspace to enable researchers to assess future operations.

The teams from Wisk and NASA already met last month, continuing their research while beginning to determine how instrument flight procedures and advanced technologies can work together to enable safe autonomous passenger flights by 2030. Wisk Aero is a wholly owned subsidiary of Boeing based in California. The aerospace manufacturer said last year that it expects its pilotless air-taxi to begin carrying passengers "later in the decade."

An anonymous reader quotes a report from Bloomberg: While using website data to build a Google Search topped with artificial intelligence-generated answers, an Alphabet executive acknowledged in an internal document that there was an alternative way to do things: They could ask web publishers for permission, or let them directly opt out of being included. But giving publishers a choice would make training AI models in search too complicated, the company concludes in the document, which was unearthed in the company's search antitrust trial.

It said Google had a "hard red line" and would require all publishers who wanted their content to show up in the search page to also be used to feed AI features. Instead of giving options, Google decided to "silently update," with "no public announcement" about how they were using publishers' data, according to the document, written by Chetna Bindra, a product management executive at Google Search. "Do what we say, say what we do, but carefully." "It's a little bit damning," said Paul Bannister, the chief strategy officer at Raptive, which represents online creators. "It pretty clearly shows that they knew there was a range of options and they pretty much chose the most conservative, most protective of them -- the option that didn't give publishers any controls at all."

For its part, Google said in a statement to Bloomberg: "Publishers have always controlled how their content is made available to Google as AI models have been built into Search for many years, helping surface relevant sites and driving traffic to them. This document is an early-stage list of options in an evolving space and doesn't reflect feasibility or actual decisions." They added that Google continually updates its product documentation for search online.

During this year's annual Pwn2Own contest, two researchers from Palo Alto Networks demonstrated an out-of-bounds write vulnerability in Mozilla Firefox, reports Cyber Security News, "earning $50,000 and 5 Master of Pwn points." And the next day another participant used an integer overflow to exploit Mozilla Firefox (renderer only).

But Mozilla's security blog reminds users that a sandbox escape would be required to break out from a tab to gain wider system access "due to Firefox's robust security architecture" — and that "neither participating group was able to escape our sandbox..." We have verbal confirmation that this is attributed to the recent architectural improvements to our Firefox sandbox which have neutered a wide range of such attacks. This continues to build confidence in Firefox's strong security posture.
Even though neither attack could escape their sandbox, "Out of abundance of caution, we just released new Firefox versions... all within the same day of the second exploit announcement." (Last year Mozilla responded to an exploitable security bug within 21 hours, they point out, even winning an award as the fastest to patch.)

The new updated versions are Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1 and Firefox for Android. "Despite the limited impact of these attacks, all users and administrators are advised to update Firefox as soon as possible...." To review and fix the reported exploits a diverse team of people from all across the world and in various roles (engineering, QA, release management, security and many more) rushed to work. We tested and released a new version of Firefox for all of our supported platforms, operating systems, and configurations with rapid speed....

Our work does not end here. We continue to use opportunities like this to improve our incident response. We will also continue to study the reports to identify new hardening features and security improvements to keep all of our Firefox users across the globe protected.

Amazon's AWS Labs has created LLRT an experimental, lightweight JavaScript runtime designed to address the growing demand for fast and efficient serverless applications.

Slashdot reader BitterEpic wants to know what you think of it: Traditional JavaScript runtimes like Node.js rely on garbage collection, which can introduce unpredictable pauses and slow down performance, especially during cold starts in serverless environments like AWS Lambda. LLRT's manual memory management, courtesy of Rust, eliminates this issue, leading to smoother, more predictable performance. LLRT also has a runtime under 2MB, a huge reduction compared to the 100MB+ typically required by Node.js. This lightweight design means lower memory usage, better scalability, and reduced operational costs. Without the overhead of garbage collection, LLRT has faster cold start times and can initialize in milliseconds—perfect for latency-sensitive applications where every millisecond counts.

For JavaScript developers, LLRT offers the best of both worlds: rapid development with JavaScript's flexibility, combined with Rust's performance. This means faster, more scalable applications without the usual memory bloat and cold start issues. Still in beta, LLRT promises to be a major step forward for serverless JavaScript applications. By combining Rust's performance with JavaScript's flexibility, it opens new possibilities for building high-performance, low-latency applications. If it continues to evolve, LLRT could become a core offering in AWS Lambda, potentially changing how we approach serverless JavaScript development.

Would you consider Javascript as the core of your future workflow? Or maybe you would prefer to go lower level with quckjs?