Longtime Slashdot reader frank_adrian314159 writes: According to an article in Wired, Elon Musk has appointed a team of technologists from DOGE to "rewrite the code that runs the SSA in months." This codebase has over 60 million lines of COBOL and handles record keeping for all American workers and payments for all Social Security recipients. Given that the code has to track the byzantine regulations dealing with Social Security, it's no wonder that the codebase is this large. What is in question though is whether a small team can rewrite this code "in months." After all, what could possibly go wrong? "The project is being organized by Elon Musk lieutenant Steve Davis ... and aims to migrate all SSA systems off COBOL ... and onto a more modern replacement like Java within a scheduled tight timeframe of a few months," notes Wired.

"Under any circumstances, a migration of this size and scale would be a massive undertaking, experts tell WIRED, but the expedited deadline runs the risk of obstructing payments to the more than 65 million people in the US currently receiving Social Security benefits."

In 2017, SSA announced a plan to modernize its core systems with a timeline of around five years. However, the work was "pivoted away" because of the pandemic.

wiredmikey shares a report from SecurityWeek: Google late Tuesday rushed out a patch for a sandbox escape vulnerability in its flagship Chrome browser after researchers at Kaspersky caught a professional hacking operation launching drive-by download exploits. The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in what appears to be a nation-state sponsored cyberespionage campaign [dubbed Operation ForumTroll] targeting organizations in Russia.

Kaspersky said it detected a series of infections triggered by phishing emails in the middle of March and traced the incidents to a zero-day that fired when victims simply clicked on a booby-trapped website from a Chrome browser. The Russian anti-malware vendor said victims merely had to click on a personalized, short-lived link, and their systems were compromised when the malicious website was opened in Chrome. Kaspersky said its exploit detection tools picked up on the zero-day, and after reverse-engineering the code, the team reported the bug to Google and coordinated the fix released on Tuesday.

Y Combinator CEO Garry Tan said startups are reaching $1-10 million annual revenue with fewer than 10 employees due to "vibe coding," a term coined by OpenAI cofounder Andrej Karpathy in February.

"You can just talk to the large language models and they will code entire apps," Tan told CNBC (video). "You don't have to hire someone to do it, you just talk directly to the large language model that wrote it and it'll fix it for you." What would've once taken "50 or 100" engineers to build, he believes can now be accomplished by a team of 10, "when they are fully vibe coders." He adds: "When they are actually really, really good at using the cutting edge tools for code gen today, like Cursor or Windsurf, they will literally do the work of 10 or 100 engineers in the course of a single day."

According to Tan, 81% of Y Combinator's current startup batch consists of AI companies, with 25% having 95% of their code written by large language models. Despite limitations in debugging capabilities, Tan said the technology enables small teams to perform work previously requiring dozens of engineers and makes previously overlooked niche markets viable for software businesses.

Tuesday Microsoft "surprised everyone," writes Neowin, "by announcing a new change that will radically improve TypeScript performance" — porting TypeScript to Go.

InfoWorld writes that "The initiative promises dramatic improvements in editor startup speed, build times, and memory usage, making it easier to scale TypeScript to large code bases, Microsoft said." Microsoft's TypeScript team expects to be able to preview command-line type-checking in Go-based tsc by mid-2025, and to deliver a feature-complete Go implementation of TypeScript by the end of the year. [You can build and run the Go code now from Microsoft's new working repository.] Developers who use Go-based TypeScript in the Visual Studio Code editor will feel the increased speed in the editor, Microsoft said. The company promises an 8x improvement in project load times, instant comprehensive error listings across entire projects, and greater responsiveness for all language service operations including completion lists, quick information, go to definition, and find all references. The new TypeScript will also support more advanced refactoring and deeper insights that were previously too expensive to compute, the company said.
Microsoft believes native Go implementations reduce build times by up to 10x, notes Neowin. But "Developers can expect TypeScript 6.0 to have some deprecations and breaking changes to support the upcoming Go-based version." Later this year, Microsoft will be releasing this new native Go implementation as TypeScript 7.0. The current JS-based TypeScript codebase will continue development into the 6.x series until TypeScript 7+ reaches sufficient maturity and adoption, since some projects may depend on certain API features, legacy configurations, or other things that are not supported by TypeScript 7+.
TypeScript's original creator Anders Hejlsberg recorded an announcement video — and also shared his thoughts in a GitHub discussion titled simply... "Why Go?" The TypeScript compiler's move to Go was influenced by specific technical requirements, such as the need for structural compatibility with the existing JavaScript-based codebase, ease of memory management, and the ability to handle complex graph processing efficiently. After evaluating numerous languages and making multiple prototypes — including in C# — Go emerged as the optimal choice...

Let's be real. Microsoft using Go to write a compiler for TypeScript wouldn't have been possible or conceivable in years past. However, over the last few decades, we've seen Microsoft's strong and ongoing commitment to open-source software, prioritizing developer productivity and community collaboration above all. Our goal is to empower developers with the best tools available, unencumbered by internal politics or narrow constraints. This freedom to choose the right tool for each specific job ultimately benefits the entire developer community, driving innovation, efficiency, and improved outcomes. And you can't argue with a 10x outcome!
Hejlsberg also addressed their choice of Go in an online interview with the Michigan TypeScript meetup.

Using the Summit supercomputer at the Department of Energy's Oak Ridge National Laboratory, researchers have modeled a key component of nucleotide excision repair (NER) called the pre-incision complex (PInC), which plays a crucial role in DNA damage repair. Their study, published in Nature Communications, provides new insights into how the PInC machinery orchestrates precise DNA excision, potentially leading to advancements in treating genetic disorders, preventing premature aging, and understanding conditions like xeroderma pigmentosum and Cockayne syndrome. Phys.Org reports: "Computationally, once you assemble the PInC, molecular dynamics simulations of the complex become relatively straightforward, especially on large supercomputers like Summit," [said lead investigator Ivaylo Ivanov, a chemistry professor at Georgia State University]. Nanoscale Molecular Dynamics, or NAMD, is a molecular dynamics code specifically designed for supercomputers and is used to simulate the movements and interactions of large biomolecular systems that contain millions of atoms. Using NAMD, the research team ran extensive simulations. The number-crunching power of the 200-petaflop Summit supercomputer -- capable of performing 200,000 trillion calculations per second -- was essential in unraveling the functional dynamics of the PInC complex on a timescale of microseconds. "The simulations showed us a lot about the complex nature of the PInC machinery. It showed us how these different components move together as modules and the subdivision of this complex into dynamic communities, which form the moving parts of this machine," Ivanov said.

The findings are significant in that mutations in XPF and XPG can lead to severe human genetic disorders. They include xeroderma pigmentosum, which is a condition that makes people more susceptible to skin cancer, and Cockayne syndrome, which can affect human growth and development, lead to impaired hearing and vision, and speed up the aging process. "Simulations allow us to zero in on these important regions because mutations that interfere with the function of the NER complex often occur at community interfaces, which are the most dynamic regions of the machine," Ivanov said. "Now we have a much better understanding of how and from where these disorders manifest."

The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. Tom's Hardware reports: According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.

Ballista's most recent exploitation attempt was February 17, 2025 and Cato CTRL first detected it on January 10, 2025. Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico.

An anonymous reader quotes a report from Ars Technica: HP, along with other printer brands, is infamous for issuing firmware updates that brick already-purchased printers that have tried to use third-party ink. In a new form of frustration, HP is now being accused of issuing a firmware update that broke customers' laser printers -- even though the devices are loaded with HP-brand toner. The firmware update in question is version 20250209, which HP issued on March 4 for its LaserJet MFP M232-M237 models. Per HP, the update includes "security updates," a "regulatory requirement update," "general improvements and bug fixes," and fixes for IPP Everywhere. Looking back to older updates' fixes and changes, which the new update includes, doesn't reveal anything out of the ordinary. The older updates mention things like "fixed print quality to ensure borders are not cropped for certain document types," and "improved firmware update and cartridge rejection experiences." But there's no mention of changes to how the printers use or read toner.

However, users have been reporting sudden problems using HP-brand toner in their M232-M237 series printers since their devices updated to 20250209. Users on HP's support forum say they see Error Code 11 and the hardware's toner light flashing when trying to print. Some said they've cleaned the contacts and reinstalled their toner but still can't print. "Insanely frustrating because it's my small business printer and just stopped working out of nowhere[,] and I even replaced the tone[r,] which was a $60 expense," a forum user wrote on March 8. HP said in a statement: "We are aware of a firmware issue affecting a limited number of HP LaserJet 200 Series devices and our team is actively working on a solution. For assistance, affected customers can contact our support team at: https://support.hp.com." It's unclear how widespread the problems are.

Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves. From a report: Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms. "These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub" according to Microsoft's threat research team.

GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths. Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."

OpenAI's ChatGPT app for macOS now directly edits code in tools like Xcode, VS Code, and JetBrains. "Users can optionally turn on an 'auto-apply' mode so ChatGPT can make edits without the need for additional clicks," adds TechCrunch. The feature is available now for ChatGPT Plus, Pro, and Team users, and will expand to Enterprise, Edu, and free users next week. Windows support is coming "soon." From the report: Direct code editing builds on OpenAI's "work with apps" ChatGPT capability, which the company launched in beta in November 2024. "Work with apps" allows the ChatGPT app for macOS to read code in a handful of dev-focused coding environments, minimizing the need to copy and paste code into ChatGPT. With the ability to directly edit code, ChatGPT now competes more directly with popular AI coding tools like Cursor and GitHub Copilot. OpenAI reportedly has ambitions to launch a dedicated product to support software engineering in the months ahead.

CISA has warned U.S. federal agencies about active exploitation of vulnerabilities in Cisco VPN routers and Windows systems. "While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it," adds Bleeping Computer. From the report: The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges. Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.

The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices. According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.

Today, CISA added the two vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security bugs the agency has tagged as exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until March 23, to secure their networks against ongoing exploitation.

Magnus Carlsen "announced this week that he is auctioning off the Italian luxury brand jeans that started a dress code dispute at December's World Rapid and Blitz Chess Championships," reports the Associated Press. ("Condition: Pre-owned," says the listing on eBay, where by Friday night bidding on the charitable auction was up to $14,100.)

But Carlsen drew more attention on The Joe Rogan Experience last week — partly by saying "I have no chance against my phone." (Although he'd also described beating a fan's computer program, according to Firstpost, by playing "some kind of anti-computer chess, where I just closed up the position as much as possible and gave it as few possibilities as possible to out-calculate me.") Carlsen admitted that he rarely plays against chess engines due to their overwhelming strength, but acknowledged their value as training tools. "I rarely play against engines at all because they just make me feel so stupid and useless. So, I think of them more as a tool than anything else."
And this led Carlsen to add "If I started cheating, you would never know," reports Indian Express: It's not just a throwaway line about cheating either. On a two-hour-long podcast, where he touches on mostly everything under the sun, Carlsen fixates on cheating in chess. He also details how a player of his calibre would need very little to cheat in chess. "I would just get a move here and there (from an aide). Or maybe if I am playing in a tournament I just find a system where I get somebody to signal to me when there's a critical moment: a certain moment where a certain move is much better than the others. That's really all I would need to go from being the best to being practically unbeatable. There's so little you need in chess (to cheat). It really is a scary situation," Carlsen said before pointing out how in 2010 the captain of the French chess team was helping a teammate decide his next move at the Olympiad just by standing in specific spots around the table...

"If you're not cheating in a dumb way, there rarely is going to be a smoking gun. And without that smoking gun it is going to be really hard to catch people," Carlsen admits on the podcast... "As long as there are monetary incentives for people to cheat, there will be cheating in chess," says Carlsen on the podcast.
The article adds that Carlsen does not believe Hans Niemann used anal beads to cheat — and that he thinks Niemann has become a much better chess player since the incident. But... "Top level chess has been based on trust a lot. I don't trust Niemann. Other top players still don't trust him and he doesn't trust me," says Carlsen. "There is still something off about him now. We played an over-the-board tournament in Paris last year where there was increased security and he didn't play at nearly the same level there."

This year's "State of Rust" survey was completed by 7,310 Rust developers. DevClass note some key findings: When asked about their biggest worries for Rust's future, 45.5 percent cited "not enough usage in the tech industry," up from 42.5 percent last year, just ahead of the 45.2 percent who cited complexity as a concern... Only 18.6 percent declared themselves "not worried," though this is a slight improvement on 17.8 percent in 2023...

Another question asks whether respondents are using Rust at work. 38.2 percent claimed to use it for most of their coding [up from 34% in 2023], and 13.4 percent a few times a week, accounting for just over half of responses. At the organization level there is a similar pattern. 45.5 percent of organizations represented by respondents make "non-trivial use of Rust," up from 38.7 percent last year.
More details from I Programmer: On the up are "Using Rust helps us achieve or goals", now 82% compared to 72% in 2022; "We're likely to use Rust again in the future", up 3% to 78%; and "Using Rust has been worth the cost of Adoption". Going down are "Adopting Rust has been challenging", now 34.5% compared to 38.5% in 2022; and "Overall adopting Rust has slowed down our team" down by over 2% to 7%.
"According to the survey, organizations primarily choose Rust for building correct and bug-free software (87.1%), performance characteristics (84.5%), security and safety properties (74.8%), and development enjoyment (71.2%)," writes The New Stack: Rust seems to be especially popular for creating server backends (53.4%), web and networking services, cloud technologies and WebAssembly, the report said. It also seems to be gaining more traction for embedded use cases... Regarding the preferred development environment, Linux remains the dominant development platform (73.7%).

However, although VS Code remains the leading editor, its usage dropped five percentage points, from 61.7% to 56.7%, but the Zed editor gained notable traction, from 0.7% to 8.9%. Also, "nine out of 10 Rust developers use the current stable version, suggesting strong confidence in the language's stability," the report said...

Overall, 82% of respondents report that Rust helped their company achieve its goals, and daily Rust usage increased to 53% (up four percentage points from 2023). When asked why they use Rust at work, 47% of respondents cited a need for precise control over their software, which is up from 37% when the question was asked two years ago.

Google's Threat Intelligence Group notes "the growing threat to secure messaging applications." While specifically acknowledging "wide ranging efforts to compromise Signal accounts," they add that the threat "also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques.

"In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats."

Computer Weekly reports: Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram. Dan Black, principal analyst at Google Threat Intelligence Group, said he would be "absolutely shocked" if he did not see attacks against Signal expand beyond the war in Ukraine and to other encrypted messaging platforms...

Russia-backed hackers are attempting to compromise Signal's "linked devices" capability, which allows Signal users to link their messaging account to multiple devices, including phones and laptops, using a quick response (QR) code. Google threat analysts report that Russia-linked threat actors have developed malicious QR codes that, when scanned, will give the threat actor real-time access to the victim's messages without having to compromise the victim's phone or computer. In one case, according to Black, a compromised Signal account led Russia to launch an artillery strike against a Ukrainian army brigade, resulting in a number of casualties... Google also warned that multiple threat actors have been observed using exploits to steal Signal database files from compromised Android and Windows devices.
The article notes that the attacks "are difficult to detect and when successful there is a high risk that compromised Signal accounts can go unnoticed for a long time." And it adds that "The warning follows disclosures that Russian intelligence created a spoof website for the Davos World Economic Forum in January 2025 to surreptitiously attempt to gain access to WhatsApp accounts used by Ukrainian government officials, diplomats and a former investigative journalist at Bellingcat."

Google's Threat Intelligence Group notes there's a variety of attack methods, though the "linked devices" technique is the most widely used. "We are grateful to the team at Signal for their close partnership in investigating this activity," Google's group says in their blog post, adding that "the latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features."

AI coding assistants are reshaping software development, but they're unlikely to replace human programmers entirely, according to industry experts and developers. GitHub CEO Thomas Dohmke projects AI could soon generate 80-90% of corporate code, transforming developers into "conductors of an AI-empowered orchestra" who guide and direct these systems.

Current AI coding tools, including Microsoft's GitHub Copilot, are delivering 10-30% productivity gains in business environments. At KPMG, developers report saving 4.5 hours weekly using Copilot, while venture investment in AI coding assistants tripled to $1.6 billion in 2024. The tools are particularly effective at automating routine tasks like documentation generation and legacy code translation, according to KPMG AI expert Swami Chandrasekaran.

They're also accelerating onboarding for new team members. Demand for junior developers remains soft, however, though analysts say it's premature to attribute this directly to AI adoption. Training programs like Per Scholas are already adapting, incorporating AI fundamentals alongside traditional programming basics to prepare developers for an increasingly AI-augmented workplace.

Valve has made Team Fortress 2's full client and server code public, allowing fans to modify, extend, or rewrite the game as long as their projects remain non-commercial. Game Rant reports: Valve has made Team Fortress 2's server and client code fully public, with the studio encouraging fans to explore the game's files and make it what they want. The game's code is now available thanks to a new update to the Source SDK, which dropped earlier this week. Fans have already been creating TF2 mods for years, but what this essentially means is that fans can make brand-new games. However, there's one catch: any and all TF2 mods must be released for free. "The majority of items in the game now are thanks to the hard work of the TF2 community." Valve wrote. "To respect that, we're asking TF2 mod makers to continue to respect that connection and not to make mods that have the purpose of trying to profit off Workshop contributors' efforts."

"TF2 mods may be published on the Steam Store, and after publication will appear as new games in the Steam game list," Valve continued. The new SDK update also includes new 64-bit binary support and fixes for multiplayer Source games like Half-Life 2: Deathmatch, Counter-Strike: Source, and Day of Defeat: Source. Time will only tell what fans come up with as they dig deep into the inner workings of the game, but given how passionate and talented the Team Fortress 2 community has proven to be, players can expect to see some incredible creations.

Leading AI models can fix broken code, but they're nowhere near ready to replace human software engineers, according to extensive testing [PDF] by OpenAI researchers. The company's latest study put AI models and systems through their paces on real-world programming tasks, with even the most advanced models solving only a quarter of typical engineering challenges.

The research team created a test called SWE-Lancer, drawing from 1,488 actual software fixes made to Expensify's codebase, representing $1 million worth of freelance engineering work. When faced with these everyday programming tasks, the best AI model â" Claude 3.5 Sonnet -- managed to complete just 26.2% of hands-on coding tasks and 44.9% of technical management decisions.

Though the AI systems proved adept at quickly finding relevant code sections, they stumbled when it came to understanding how different parts of software interact. The models often suggested surface-level fixes without grasping the deeper implications of their changes.

The research, to be sure, used a set of complex methodologies to test the AI coding abilities. Instead of relying on simplified programming puzzles, OpenAI's benchmark uses complete software engineering tasks that range from quick $50 bug fixes to complex $32,000 feature implementations. Each solution was verified through rigorous end-to-end testing that simulated real user interactions, the researchers said.

PAjamian writes: Two years ago Red Hat announced an end to its public source code availability. This caused a great deal of outcry from the Enterprise Linux community at large. Since then many have waited for a statement from the Free Software Foundation concerning their stance on the matter. Now, nearly two years later the FSF has finally responded to questions regarding their stance on the issue with the following statement:

When asked if the FSF would be willing to intervene on behalf of the community they had this to say:

Following is the full text of my original email to them and their response:

Subject: Statement about recent changes in source code distribution for Red Hat Enterprise Linux
Date: 2023-07-16 00:39:51

> Hi,
>
> I'm a user of Red Hat Enterprise Linux, Rocky Linux and other Linux
> distributions in the RHEL ecosystem. I am also involved in the EL
> (Enterprise Linux) community which is being affected by the statements
> and changes in policy made by Red Hat at
> https://www.redhat.com/en/blog/furthering-evolution-centos-stream and
> https://www.redhat.com/en/blog/red-hats-commitment-open-source-
> response-gitcentosorg-changes
> (note there are many many more links and posts about this issue which
> I
> believe you are likely already aware of). While a few of these
> questions are answered more directly by the license FAQ some of them
> are
> not and there are a not insignificant number of people who would very
> much appreciate a public statement from the FSF that answers these
> questions directly.
>
> Can you please comment or release a statement about the Free Software
> Foundation's position on this issue? Specifically:
>

Thank you for writing in with your questions. My apologies for the delay, but we are a small team with limited resources and can be challenging keeping up with all the emails we receive.

Generally, we don't agree with what Red Hat is doing. Whether it constitutes a violation of the GPL would require legal analysis and the FSF does not give legal advice. However, as the stewards of the GNU GPL we can speak how it is intended to be applied and Red Hat's approach is certainly contrary to the spirit of the GPL. This is unfortunate, because we would expect such flagship organizations to drive the movement forward.

> Is Red Hat's removal of sources from git.centos.org a violation of the
> GPL and various other Free Software licenses for the various programs
> distributed under RHEL?
>
> Is Red Hat's distribution of source RPMs to their customers under
> their
> subscriber agreement sufficient to satisfy the above mentioned
> licenses?
>
> Is it a violation if Red Hat terminates a subscription early because
> their customer exercised their rights under the GPL and other Free
> Software licenses to redistribute the RHEL sources or create
> derivative
> works from them?
>
> Is it a violation if Red Hat refuses to renew a subscription that has
> expired because a customer exercised their rights to redistribute or
> create derivative works?
>
> A number of the programs distributed with RHEL are copyrighted by the
> FSF, some examples being bash, emacs, GNU core utilities, gcc, gnupg
> and
> glibc. Given that the FSF has standing to act in this matter would
> the
> FSF be willing to intervene on behalf of the community in order to get
> Red Hat to correct any of the above issues?
>

As of today, we are not aware of any issue with Red Hat's new policy that we could pursue on legal grounds. However, if you do find a violation, please [follow these instructions][0] and send a report to <license-violation@gnu.org>.

[0]: https://www.gnu.org/licenses/gpl-violation.html

If you are interested in something more specific on this, the Software Freedom Conservancy [published an article about the RHEL][1] situation and hosted a [panel at their conference in 2023][2]. These cover the situation fairly thoroughly.

[1]: https://sfconservancy.org/blog/2023/jun/23/rhel-gpl-analysis/
[2]: https://sfconservancy.org/blog/2023/jul/19/rhel-panel-fossy-2023/

Keynotes at this year's FOSDEM included free AI models and systemd, reports Heise.de — and also a progress report from Miguel Ojeda, supervisor of the Rust integration in the Linux kernel. Only eight people remain in the core team around Rust for Linux... Miguel Ojeda therefore launched a survey among kernel developers, including those outside the Rust community, and presented some of the more important voices in his FOSDEM talk. The overall mood towards Rust remains favorable, especially as Linus Torvalds and Greg Kroah-Hartman are convinced of the necessity of Rust integration. This is less about rapid progress and more about finding new talent for kernel development in the future.
The reaction was mostly positive, judging by Ojeda's slides:

- "2025 will be the year of Rust GPU drivers..." — Daniel Almedia

- "I think the introduction of Rust in the kernel is one of the most exciting development experiments we've seen in a long time." — Andrea Righi

- "[T]he project faces unique challenges. Rust's biggest weakness, as a language, is that relatively few people speak it. Indeed, Rust is not a language for beginners, and systems-level development complicates things even more. That said, the Linux kernel project has historically attracted developers who love challenging software — if there's an open source group willing to put the extra effort for a better OS, it's the kernel devs." — Carlos Bilbao

- "I played a little with [Rust] in user space, and I just absolutely hate the cargo concept... I hate having to pull down other code that I do not trust. At least with shared libraries, I can trust a third party to have done the build and all that... [While Rust should continue to grow in the kernel], if a subset of C becomes as safe as Rust, it may make Rust obsolete..." Steven Rostedt

Rostedt wasn't sure if Rust would attract more kernel contributors, but did venture this opinion. "I feel Rust is more of a language that younger developers want to learn, and C is their dad's language."

But still "contention exists within the kernel development community between those pro-Rust and -C camps," argues The New Stack, citing the latest remarks from kernel maintainer Christoph Hellwig (who had earlier likened the mixing of Rust and C to cancer). Three days later Hellwig reiterated his position again on the Linux kernel mailing list: "Every additional bit that another language creeps in drastically reduces the maintainability of the kernel as an integrated project. The only reason Linux managed to survive so long is by not having internal boundaries, and adding another language completely breaks this. You might not like my answer, but I will do everything I can do to stop this. This is NOT because I hate Rust. While not my favourite language it's definitively one of the best new ones and I encourage people to use it for new projects where it fits. I do not want it anywhere near a huge C code base that I need to maintain."
But the article also notes that Google "has been a staunch supporter of adding Rust to the kernel for Linux running in its Android phones." The use of Rust in the kernel is seen as a way to avoid memory vulnerabilities associated with C and C++ code and to add more stability to the Android OS. "Google's wanting to replace C code with Rust represents a small piece of the kernel but it would have a huge impact since we are talking about billions of phones," Ojeda told me after his talk.

In addition to Google, Rust adoption and enthusiasm for it is increasing as Rust gets more architectural support and as "maintainers become more comfortable with it," Ojeda told me. "Maintainers have already told me that if they could, then they would start writing Rust now," Ojeda said. "If they could drop C, they would do it...."

Amid the controversy, there has been a steady stream of vocal support for Ojeda. Much of his discussion also covered statements given by advocates for Rust in the kernel, ranging from lead developers of the kernel and including Linux creator Linus Torvalds himself to technology leads from Red Hat, Samsung, Google, Microsoft and others.

The Register's Thomas Claburn reports: Google's overhaul of Chrome's extension architecture continues to pose problems for developers of ad blockers, content filters, and privacy tools. [...] While Google's desire to improve the security, privacy, and performance of the Chrome extension platform is reasonable, its approach -- which focuses on code and permissions more than human oversight -- remains a work-in-progress that has left extension developers frustrated.

Alexei Miagkov, senior staff technology at the Electronic Frontier Foundation, who oversees the organization's Privacy Badger extension, told The Register, "Making extensions under MV3 is much harder than making extensions under MV2. That's just a fact. They made things harder to build and more confusing." Miagkov said with Privacy Badger the problem has been the slowness with which Google addresses gaps in the MV3 platform. "It feels like MV3 is here and the web extensions team at Google is in no rush to fix the frayed ends, to fix what's missing or what's broken still." According to Google's documentation, "There are currently no open issues considered a critical platform gap," and various issues have been addressed through the addition of new API capabilities.

Miagkov described an unresolved problem that means Privacy Badger is unable to strip Google tracking redirects on Google sites. "We can't do it the correct way because when Google engineers design the [chrome.declarativeNetRequest API], they fail to think of this scenario," he said. "We can do a redirect to get rid of the tracking, but it ends up being a broken redirect for a lot of URLs. Basically, if the URL has any kind of query string parameters -- the question mark and anything beyond that -- we will break the link." Miagkov said a Chrome developer relations engineer had helped identify a workaround, but it's not great. Miagkov thinks these problems are of Google's own making -- the company changed the rules and has been slow to write the new ones. "It was completely predictable because they moved the ability to fix things from extensions to themselves," he said. "And now they need to fix things and they're not doing it."

An anonymous reader quotes a report from Ars Technica: On Tuesday, Hugging Face researchers released an open source AI research agent called "Open Deep Research," created by an in-house team as a challenge 24 hours after the launch of OpenAI's Deep Research feature, which can autonomously browse the web and create research reports. The project seeks to match Deep Research's performance while making the technology freely available to developers. "While powerful LLMs are now freely available in open-source, OpenAI didn't disclose much about the agentic framework underlying Deep Research," writes Hugging Face on its announcement page. "So we decided to embark on a 24-hour mission to reproduce their results and open-source the needed framework along the way!"

Similar to both OpenAI's Deep Research and Google's implementation of its own "Deep Research" using Gemini (first introduced in December -- before OpenAI), Hugging Face's solution adds an "agent" framework to an existing AI model to allow it to perform multi-step tasks, such as collecting information and building the report as it goes along that it presents to the user at the end. The open source clone is already racking up comparable benchmark results. After only a day's work, Hugging Face's Open Deep Research has reached 55.15 percent accuracy on the General AI Assistants (GAIA) benchmark, which tests an AI model's ability to gather and synthesize information from multiple sources. OpenAI's Deep Research scored 67.36 percent accuracy on the same benchmark with a single-pass response (OpenAI's score went up to 72.57 percent when 64 responses were combined using a consensus mechanism).

As Hugging Face points out in its post, GAIA includes complex multi-step questions such as this one: "Which of the fruits shown in the 2008 painting 'Embroidery from Uzbekistan' were served as part of the October 1949 breakfast menu for the ocean liner that was later used as a floating prop for the film 'The Last Voyage'? Give the items as a comma-separated list, ordering them in clockwise order based on their arrangement in the painting starting from the 12 o'clock position. Use the plural form of each fruit." To correctly answer that type of question, the AI agent must seek out multiple disparate sources and assemble them into a coherent answer. Many of the questions in GAIA represent no easy task, even for a human, so they test agentic AI's mettle quite well. Open Deep Research "builds on OpenAI's large language models (such as GPT-4o) or simulated reasoning models (such as o1 and o3-mini) through an API," notes Ars. "But it can also be adapted to open-weights AI models. The novel part here is the agentic structure that holds it all together and allows an AI language model to autonomously complete a research task."

The code has been made public on GitHub.