Taylor Otwell, inventor and maintainer of popular PHP framework Laravel, is warning against overly complex code and the risks of bypassing the framework. From a report: Developers are sometimes drawn to building "cathedrals of complexity that aren't so easy to change," he said, speaking in a podcast for maintainable.fm, a series produced by Ruby on Rails consultancy Planet Argon.

Software, he said, should be "simple and disposable and easy to change." Some problems are genuinely complex, but in general, if a developer finds a "clever solution" which goes beyond the standard documented way in a framework such as Laravel or Ruby on Rails, "that would be like a smell."

A code smell -- for the uninitiated in the The Reg readership -- is a term developers use for code that works but may cause problems at a later date. Otwell described himself as a "pretty average programmer" but reckons many others are the same, solving basic problems as quickly and efficiently as they can.

After losing his job in 2024, Eric Thompson spearheaded a working group to push for federal legislation banning "ghost jobs" -- openings posted with no intent to hire. The proposed Truth in Job Advertising and Accountability Act would require transparency around job postings, set limits on how long ads can remain up, and fine companies that violate the rules. CNBC reports: "There's nothing illegal about posting a job, currently, and never filling it," says Thompson, a network engineering leader in Warrenton, Virginia. Not to mention, it's "really hard to prove, and so that's one of the reasons that legally, it's been kind of this gray area." As Thompson researched more into the phenomenon, he connected with former colleagues and professional connections across the country experiencing the same thing. Together, the eight of them decided to form the TJAAA working group to spearhead efforts for federal legislation to officially ban businesses from posting ghost jobs.

In May, the group drafted its first proposal: The TJAAA aims to require that all public job listings include information such as:
- The intended hire and start dates
- Whether it's a new role or backfill
- If it's being offered internally with preference to current employees
- The number of times the position has been posted in the last two years, and other factors, according to the draft language.

It also sets guidelines for how long a post is required to be up (no more than 90 calendar days) and how long the submission period can be (at least four calendar days) before applications can be reviewed. The proposed legislation applies to businesses with more than 50 employees, and violators can be fined a minimum of $2,500 for each infraction. The proposal provides a framework at the federal level, Thompson says, because state-level policies won't apply to employers who post listings across multiple states, or who use third-party platforms that operate beyond state borders.

An anonymous reader shares a report: After years of research, the Wyoming Stable Token Commission has unveiled the mainnet launch of its first official state-backed stablecoin. The so-called Frontier Stable Token (FRNT), marking the first time a U.S. state has issued a blockchain-based, fiat-pegged token meant to be used by retail and enterprises alike, according to an announcement on Tuesday.

"FRNT is designed to provide secure, transparent, and efficient digital transactions for individuals, businesses, and institutions -- worldwide," the commission wrote in a statement. "This groundbreaking initiative cements Wyoming at the forefront of digital finance and blockchain innovation."

Indeed, the Cowboy State has long been ahead of the curve when it comes to crypto regulation, including in recognizing DAOs as legal entities, creating a framework for "crypto-banks" under the Special Purpose Depository Institutions charter, and passing the state's Stable Token Act -- all meant to draw economic activity to the region.

Protected KVM (pKVM), the hypervisor powering the Android Virtualization Framework, has officially achieved SESIP Level 5 certification (in testing by cybersecurity lab Dekra against the TrustCB SESIP scheme).

Google's security blog called the certification "a watershed moment," and a "new benchmark" for both open-source security — and for the future of consumer electronics. "It provides a single, open-source, and exceptionally high-quality firmware base that all device manufacturers can build upon." This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device AI workloads that can operate on ultra-personalized data, with the highest assurances of privacy and integrity...

Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the highest level of vulnerability analysis and penetration testing under the ISO 15408 (Common Criteria) standard. A system certified to this level has been evaluated to be resistant to highly skilled, knowledgeable, well-motivated, and well-funded attackers who may have insider knowledge and access. This certification is the cornerstone of the next-generation of Android's multi-layered security strategy. Many of the TEEs (Trusted Execution Environments) used in the industry have not been formally certified or have only achieved lower levels of security assurance... Looking ahead, Android device manufacturers will be required to use isolation technology that meets this same level of security for various security operations that the device relies on. Protected KVM ensures that every user can benefit from a consistent, transparent, and verifiably secure foundation.
"This achievement represents just one important aspect of the immense, multi-year dedication from the Linux and KVM developer communities and multiple engineering teams at Google developing pKVM and AVF," the post concludes.

"We look forward to seeing the open-source community and Android ecosystem continue to build on this foundation, delivering a new era of high-assurance mobile technology for users."

Thursday saw the release of Rust 1.89.0 But this week the Rust Foundation also released its second comprehensive annual technology report.

A Rust Foundation announcement shares some highlights: - Trusted Publishing [GitHub Actions authentication using cryptographically signed tokens] fully launched on crates.io, enhancing supply chain security and streamlining workflows for maintainers.

- Major progress on crate signing infrastructure using The Update Framework (TUF), including three full repository implementations and stakeholder consensus.

- Integration of the Ferrocene Language Specification (FLS) into the Rust Project, marking a critical step toward a formal Rust language specification [and "laying the groundwork for broader safety certification and formal tooling."]

- 75% reduction in CI infrastructure costs while maintaining contributor workflow stability. ["All Rust repositories are now managed through Infrastructure-as-Code, improving maintainability and security."]

- Expansion of the Safety-Critical Rust Consortium, with multiple international meetings and advances on coding guidelines aligned with safety standards like MISRA. ["The consortium is developing practical coding guidelines, aligned tooling, and reference materials to support regulated industries — including automotive, aerospace, and medical devices — adopting Rust."]

- Direct engagement with ISO C++ standards bodies and collaborative Rust-C++ exploration... The Foundation finalized its strategic roadmap, participated in ISO WG21 meetings, and initiated cross-language tooling and documentation planning. These efforts aim to unlock Rust adoption across legacy C++ environments without sacrificing safety.
The Rust Foundation also acknowledges continued funding from OpenSSF's Alpha-Omega Project and "generous infrastructure donations from organizations like AWS, GitHub, and Mullvad VPN" to the Foundation's Security Initiative, which enabled advances like including GitHub Secret Scanning and automated incident response to "Trusted Publishing" and the integration of vulnerability-surfacing capabilities into crates.io.

There was another announcement this week. In November AWS and the Rust Foundation crowdsourced "an effort to verify the Rust standard library" — and it's now resulted in a new formal verification tool called "Efficient SMT-based Context-Bounded Model Checker" (or ESBMCESBMC) This winning contribution adds ESBMC — a state-of-the-art bounded model checker — to the suite of tools used to analyze and verify Rust's standard library. By integrating through Goto-Transcoder, they enabled ESBMC to operate seamlessly in the Rust verification workflow, significantly expanding the scope and flexibility of verification efforts...

This achievement builds on years of ongoing collaboration across the Rust and formal verification communities... The collaboration has since expanded. In addition to verifying the Rust standard library, the team is exploring the use of formal methods to validate automated C-to-Rust translations, with support from AWS. This direction, highlighted by AWS Senior Principal Scientist Baris Coskun and celebrated by the ESBMC team in a recent LinkedIn post, represents an exciting new frontier for Rust safety and verification tooling.

An anonymous reader shares a report: The Federal Communications Commission is planning a review of the US emergency alert systems. Both the Emergency Alert System (EAS) and the Wireless Emergency Alerts (WAS) will be subject to a "re-examination" by the agency. "We want to ensure that these programs deliver the results that Americans want and need," FCC Chairman Brendan Carr posted on X.

The announcement of this plan notes that the infrastructure underlying the EAS -- which includes radio, television, satellite and cable systems -- is 31 years old, while the framework underpinning the WAS mobile device alerts is 13 years old. The FCC review will also assess what entities should be able to send alerts on those systems, as well as topics such as geographic targeting and security.

The U.S. Coast Guard determined the implosion of the Titan submersible that killed five people while traveling to the wreckage of the Titanic was a preventable disaster caused by OceanGate Expeditions's inability to meet safety and engineering standards. WSJ: A 335-page report [PDF] detailing a two-year inquiry from the U.S. Coast Guard's Marine Board of Investigation found the company that owned and operated the Titan failed to follow maintenance and inspection protocols for the deep-sea submersible.

OceanGate avoided regulatory review and managed the submersible outside of standard protocols "by strategically creating and exploiting regulatory confusion and oversight challenges," the report said. The Coast Guard opened its highest-level investigation into the event in June 2023, shortly after the implosion occurred. "There is a need for stronger oversight and clear options for operators who are exploring new concepts outside of the existing regulatory framework," Jason Neubauer, the chair of the Coast Guard Marine Board of Investigation for the Titan submersible, said in a statement.

Palantir has secured a massive $10 billion contract with the U.S. Army to unify 75 contracts into a single AI-focused enterprise framework, streamlining procurement and enhancing military readiness. CNBC reports: The agreement creates a "comprehensive framework for the Army's future software and data needs" that provides the government with purchasing flexibility and removes contract-related fees and procurement timelines, according to a release. Palantir co-founder and CEO Alex Karp has been a vocal proponent of protecting U.S. interests and joining forces on AI to fend off adversaries.

Earlier this year, Palantir delivered its first two AI-powered systems in its $178 million contract with the U.S. Army. In May, the Department of Defense boosted its Maven Smart Systems contract to beef up AI capabilities by $795 million.

An anonymous reader quotes a report from Ars Technica: In a rare move, Google has confirmed it will sign the European Union's AI Code of Practice, a framework it initially opposed for being too harsh. However, Google isn't totally on board with Europe's efforts to rein in the AI explosion. The company's head of global affairs, Kent Walker, noted that the code could stifle innovation if it's not applied carefully, and that's something Google hopes to prevent. While Google was initially opposed to the Code of Practice, Walker says the input it has provided to the European Commission has been well-received, and the result is a legal framework it believes can provide Europe with access to "secure, first-rate AI tools." The company claims that the expansion of such tools on the continent could boost the economy by 8 percent (about 1.8 trillion euros) annually by 2034.

These supposed economic gains are being dangled like bait to entice business interests in the EU to align with Google on the Code of Practice. While the company is signing the agreement, it appears interested in influencing the way it is implemented. Walker says Google remains concerned that tightening copyright guidelines and forced disclosure of possible trade secrets could slow innovation. Having a seat at the table could make it easier to bend the needle of regulation than if it followed some of its competitors in eschewing voluntary compliance. [...] The AI Code of Practice aims to provide AI firms with a bit more certainty in the face of a shifting landscape. It was developed with the input of more than 1,000 citizen groups, academics, and industry experts. The EU Commission says companies that adopt the voluntary code will enjoy a lower bureaucratic burden, easing compliance with the block's AI Act, which came into force last year.

Under the terms of the code, Google will have to publish summaries of its model training data and disclose additional model features to regulators. The code also includes guidance on how firms should manage safety and security in compliance with the AI Act. Likewise, it includes paths to align a company's model development with EU copyright law as it pertains to AI, a sore spot for Google and others. Companies like Meta that don't sign the code will not escape regulation. All AI companies operating in Europe will have to abide by the AI Act, which includes the most detailed regulatory framework for generative AI systems in the world. The law bans high-risk uses of AI like intentional deception or manipulation of users, social scoring systems, and real-time biometric scanning in public spaces. Companies that violate the rules in the AI Act could be hit with fines as high as 35 million euros ($40.1 million) or up to 7 percent of the offender's global revenue.

Cisco has donated its AGNTCY initiative to the Linux Foundation, aiming to create an open-standard "Internet of Agents" to allow AI agents from different vendors to collaborate seamlessly. The project is backed by tech giants like Google Cloud, Dell, Oracle and Red Hat. "Without such an interoperable standard, companies have been rushing to build specialized AI agents," writes ZDNet's Steven Vaughan-Nichols. "These work in isolated silos that cannot work and play well with each other. This, in turn, makes them less useful for customers than they could be." From the report: AGNTCY was first open-sourced by Cisco in March 2025 and has since attracted support from over 75 companies. By moving it under the Linux Foundation's neutral governance, the hope is that everyone else will jump on the AGNTCY bandwagon, thus making it an industry-wide standard. The Linux Foundation has a long history of providing common ground for what otherwise might be contentious technology battles. The project provides a complete framework to solve the core challenges of multi-agent collaboration:

- Agent Discovery: An Open Agent Schema Framework (OASF) acts like a "DNS for agents," allowing them to find and understand the capabilities of others.
- Agent Identity: A system for cryptographically verifiable identities ensures agents can prove who they are and perform authorized actions securely across different vendors and organizations.
- Agent Messaging: A protocol named Secure Low-latency Interactive Messaging (SLIM) is designed for the complex, multi-modal communication patterns of agents, with built-in support for human-in-the-loop interaction and quantum-safe security.
- Agent Observability: A specialized monitoring framework provides visibility into complex, multi-agent workflows, which is crucial for debugging probabilistic AI systems.

You may well ask, aren't there other emerging AI agency standards? You're right. There are. These include the Agent2Agent (A2A) protocol, which was also recently contributed to the Linux Foundation, and Anthropic's Model Context Protocol (MCP). AGNTCY will help agents using these protocols discover each other and communicate securely. In more detail, it looks like this: AGNTCY enables interoperability and collaboration in three primary ways:

- Discovery: Agents using the A2A protocol and servers using MCP can be listed and found through AGNTCY's directories. This enables different agents to discover each other and understand their functions.
- Messaging: A2A and MCP communications can be transported over SLIM, AGNTCY's messaging protocol designed for secure and efficient agent interaction.
- Observability: The interactions between these different agents and protocols can be monitored using AGNTCY's observability software development kits (SDKs), which increase transparency and help with debugging complex workflows You can view AGNTCY's code and documentary on GitHub.

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts.

It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey...

OSS Rebuild helps detect several classes of supply chain compromise:

- Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact.

- Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether.

- Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review.


For enterprises and security professionals, OSS Rebuild can...

— Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem.

— Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture...

- Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions...


The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface.
"With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

An anonymous reader quotes a report from The Guardian: During his latest trip to Washington, OpenAI's chief executive, Sam Altman, painted a sweeping vision of an AI-dominated future in which entire job categories disappear, presidents follow ChatGPT's recommendations and hostile nations wield artificial intelligence as a weapon of mass destruction, all while positioning his company as the indispensable architect of humanity's technological destiny. Speaking at the Capital Framework for Large Banks conference at the Federal Reserve board of governors, Altman told the crowd that certain job categories would be completely eliminated by AI advancement. "Some areas, again, I think just like totally, totally gone," he said, singling out customer support roles. "That's a category where I just say, you know what, when you call customer support, you're on target and AI, and that's fine." The OpenAI founder described the transformation of customer service as already complete, telling the Federal Reserve vice-chair for supervision, Michelle Bowman: "Now you call one of these things and AI answers. It's like a super-smart, capable person. There's no phone tree, there's no transfers. It can do everything that any customer support agent at that company could do. It does not make mistakes. It's very quick. You call once, the thing just happens, it's done."

The OpenAI founder then turned to healthcare, making the suggestion that AI's diagnostic capabilities had surpassed human doctors, but wouldn't go so far as to accept the superior performer as the sole purveyor of healthcare. "ChatGPT today, by the way, most of the time, can give you better -- it's like, a better diagnostician than most doctors in the world," he said. "Yet people still go to doctors, and I am not, like, maybe I'm a dinosaur here, but I really do not want to, like, entrust my medical fate to ChatGPT with no human doctor in the loop." [...] At the fireside chat, he said one of his biggest worries was over AI's rapidly advancing destructive capabilities, with one scenario that kept him up at night being a hostile nation using these weapons to attack the US financial system. And despite being in awe of advances in voice cloning, Altman warned the crowd about how that same benefit could enable sophisticated fraud and identity theft, considering that "there are still some financial institutions that will accept the voiceprint as authentication".

President Trump signed the GENIUS Act into law, marking the first major U.S. regulation of stablecoins by creating a legal framework for their issuance and consumer protections, while also championing crypto innovation as a major financial revolution. The bill passed the House on Thursday with the support of 206 Republicans and 102 Democrats. From a report: Members of Congress and top executives from Robinhood, Tether, Gemini and other crypto and financial firms were in attendance for the signing ceremony. The fate of the GENIUS Act was in question earlier this week when a dozen conservatives stymied a procedural vote. A compromise was ultimately reached, and the holdouts allowed the legislation to proceed. The president on Friday suggested that he spoke to the holdouts individually on the phone to persuade them, after House Speaker Mike Johnson told him there were a dozen Republicans opposing the bill.

"The good news is, I call up, 'Hello, Jim, how are you?' 'Sir, you have my vote.' Boom. 'Sir, you have my vote.' I really just, they just want a little love," he said. "Unfortunately, it's always the same 12 people." David Sacks, the venture capitalist-turned Mr. Trump's AI and crypto czar, said the president "stepped in and saved this bill." Mr. Trump also said Vice President JD Vance had been on the phone late at night, helping push the legislation through.

The House passed a bipartisan bill regulating stablecoins which now heads to President Trump's desk as part of his push to make the U.S. the "crypto capital of the world." Two other crypto-related bills -- one defining digital asset market structure and another banning a U.S. central bank digital currency -- were also approved by the House but face uncertain futures in the Senate amid partisan tensions and concerns over Trump's personal financial ties to crypto ventures. CNBC reports: The stablecoin bill, passed on a 308-122 vote, sets initial guardrails and consumer protections for the cryptocurrency, which is tied to a stable asset, often the U.S. dollar, to reduce price volatility. It passed the Senate with bipartisan support in June. "Around the world, payment systems are undergoing a revolution," said House Financial Services Chair French Hill of Arkansas as lawmakers debated the stablecoin legislation Thursday morning. Hill said the bill will "ensure American competitiveness and strong guardrails for our consumers."

After Trump declared it "crypto week," the bills were stalled for more than a day amid disagreements among House Republicans about how to combine the legislation. In the end, GOP leaders put the three bills for a separate votes, leaving the fate of the other two bills unclear in the Senate. The internal dissent could foreshadow challenges ahead for the more sweeping crypto legislation that Trump has demanded and the industry has poured millions into advancing. The stablecoin measure is seen by lawmakers and the industry as a step toward adding legitimacy and consumer trust to a rapidly growing sector. Treasury Secretary Scott Bessent said in June that the legislation could help that currency "grow into a $3.7 trillion market by the end of the decade."

The bill outlines requirements for stablecoin issuers, including compliance with U.S. anti-money laundering and sanctions laws, and mandates that issuers hold reserves backing the cryptocurrency. Without such a framework, Republicans on the Senate Banking Committee in a statement warned, "consumers face risks like unstable reserves or unclear operations from stablecoin issuers." After the votes, House Republicans strongly urged the Senate to take up the second bill, which would create a new market structure for cryptocurrency.

Longtime Slashdot reader Qbertino writes: Heise, a German IT news publisher, reports (English version via Google Translate) that the German state of Brandenburg is getting the world's tallest wind turbine, with an overall height of 300 meters (approximately 365 meters including rotor blades), designed to capture so-called third-level winds at higher altitudes. The article also includes a short 3D animation illustrating the construction and its size relative to standard modern wind turbines. The wind turbine uses a dual-framework base instead of a traditional closed tower to access stronger high-altitude winds, aiming to match offshore energy output while keeping onshore operating costs.

According to Heise, the prototype could lead to the installation of up to 1,000 units across Germany -- fitting seamlessly between existing wind farms without needing extra land.

Bitcoin "vaulted to a fresh all-time high Friday, breaking above $118,000," reports Yahoo Finance: Year to date, the token is up roughly 21%, buoyed in part by crypto-friendly policies from the Trump administration, including the establishment of a strategic bitcoin reserve and a broader digital asset stockpile... "At the heart of this rally lies sustained structural inflows from institutional players," wrote Dilin Wu, research strategist at Pepperstone. "Corporates are also ramping up participation," he added. The analyst noted companies like Strategy and GameStop have continued to add bitcoin to their balance sheets. Trump Media & Technology Group this week also filed for approval to launch a "Crypto Blue Chip ETF", which would include about 70% of its holdings in bitcoin.

The timing of bitcoin's breakout also comes days before Congress kicks off its highly anticipated "Crypto Week" on July 14. Lawmakers will debate a series of bills that could define the industry's regulatory framework... The GENIUS Act is among the regulations the House will consider. The bill, which recently passed through the Senate, proposes a federal framework for stablecoins.
"After jumping above $118,000 on Thursday, technical analyst Katie Stockton, founder and managing partner of research firm Fairlead Strategies, believes bitcoin is on track to reach $134,500, about 14% higher than current levels," writes Business Insider . It's not just bitcoin that's jumped this week. Other cryptos are surging as well. Ethereum has rallied over 16% in the past five days, and as DOGE rose 8% in the last day alone... Additionally, over $1 billion in short positions were liquidated in the last 24 hours as the price of bitcoin surged and traders were forced to close their positions, [said Thomas Perfumo, global economist at crypto Kraken].

The UK has transformed its broadband infrastructure in five years -- with full-fiber coverage jumping from 12% of properties in January 2020 to more than 78% by 2025, according to communications regulator Ofcom and ThinkBroadband data. Northern Ireland leads with 96% of premises in postcodes served with full-fiber connections.

The rollout accelerated after Ofcom's May 2021 regulatory framework gave other providers access to BT's Openreach ducts and poles while promising the company regulatory certainty through a "fair bet" approach that avoided price caps. The framework sparked investment from alternative networks, or "altnets," which increased homes passed from 8.2 million in 2022 to 16.4 million by 2025.

The UK police plan to spend up to 75 million pounds ($102 million) to digitize their vast archive of VHS tapes, aiming to preserve evidence by converting analog media into digital files integrated with evidence management systems. The procurement includes both in-house solutions and outsourced services, with additional funding earmarked for converting other legacy formats like microfiche and DVDs. The Register reports: According to a tender notice published last week, Bluelight Commercial - a not-for-profit buyer that acts on behalf of the emergency services - says the police force requires either in-house technology or outsourced services to convert the arcane magnetic tape format to digital storage. The notice, which sets out procurement plans, says the framework agreement will help forces with the "conversion of analog media to digital records, including metadata for integration with a digital evidence management system."

In the first lot of the framework, Bluelight asks for in-house VHS media digitization software, hardware, and training to "enable a Police Force to convert VHS tapes to digital files." This chunk of the arrangement could be worth 50 million pounds ($68 million) for four years, excluding VAT. The second lot asks for outsourced VHS media digitization "for the provision of conversion services delivered completely by a third party with electronic files being returned securely to the customer force." The output is also set to be ingested by a digital evidence management solution. It could be worth up to 25 million pounds ($34 million) over the same period. In addition, Bluelight Commercial is looking for a provider to help with more niche media digitization, including converting microfiche, CD, DVDs to an electronic file format, in an arrangement which could be worth a total of up to 25 million pounds ($34 million).

A year after Right to Repair laws took effect in California and Minnesota, many product manufacturers continue to obstruct consumer repairs, according to a new study from advocacy group US PIRG. The organization's "Leaders and Laggards II" report evaluated 25 products across five categories and found 40% received failing grades of D or F.

Apple delivered the study's biggest surprise, earning a B+ for its latest iPad and B for the M3 MacBook Pro after releasing repair manuals for the iPad in May. The Framework Laptop 13 and Valve's Steam Deck topped the rankings with A+ scores. Dishwashers from Beko, Bosch, Frigidaire, GE, and LG performed worst alongside gaming consoles from MSI, Atari, and Sony. Researchers could not access repair manuals for 48% of products and found no available spare parts for 44%.

The goal isn't to stop generative music, but to make it traceable, reports the Verge — "to identify it early, tag it with metadata, and govern how it moves through the system...."

"Detection systems are being embedded across the entire music pipeline: in the tools used to train models, the platforms where songs are uploaded, the databases that license rights, and the algorithms that shape discovery." Platforms like YouTube and [French music streaming service] Deezer have developed internal systems to flag synthetic audio as it's uploaded and shape how it surfaces in search and recommendations. Other music companies — including Audible Magic, Pex, Rightsify, and SoundCloud — are expanding detection, moderation, and attribution features across everything from training datasets to distribution... Vermillio and Musical AI are developing systems to scan finished tracks for synthetic elements and automatically tag them in the metadata. Vermillio's TraceID framework goes deeper by breaking songs into stems — like vocal tone, melodic phrasing, and lyrical patterns — and flagging the specific AI-generated segments, allowing rights holders to detect mimicry at the stem level, even if a new track only borrows parts of an original. The company says its focus isn't takedowns, but proactive licensing and authenticated release... A rights holder or platform can run a finished track through [Vermillo's] TraceID to see if it contains protected elements — and if it does, have the system flag it for licensing before release.

Some companies are going even further upstream to the training data itself. By analyzing what goes into a model, their aim is to estimate how much a generated track borrows from specific artists or songs. That kind of attribution could enable more precise licensing, with royalties based on creative influence instead of post-release disputes...

Deezer has developed internal tools to flag fully AI-generated tracks at upload and reduce their visibility in both algorithmic and editorial recommendations, especially when the content appears spammy. Chief Innovation Officer Aurélien Hérault says that, as of April, those tools were detecting roughly 20 percent of new uploads each day as fully AI-generated — more than double what they saw in January. Tracks identified by the system remain accessible on the platform but are not promoted... Spawning AI's DNTP (Do Not Train Protocol) is pushing detection even earlier — at the dataset level. The opt-out protocol lets artists and rights holders label their work as off-limits for model training.
Thanks to long-time Slashdot reader SonicSpike for sharing the article.