FFmpeg, the open source multimedia framework that powers video processing in Google Chrome, Firefox, YouTube and other major platforms, has called on Google to either fund the project or stop burdening its volunteer maintainers with security vulnerabilities found by the company's AI tools. The maintainers patched a bug that Google's AI agent discovered in code for decoding a 1995 video game but described the finding as "CVE slop."

The confrontation centered on a Google Project Zero policy announced in July that publicly discloses reported vulnerabilities within a week and starts a ninety-day countdown to full disclosure regardless of patch availability. FFmpeg, written primarily in assembly language, handles format conversion and streaming for VLC, Kodi and Plex but operates without adequate funding from the corporations that depend on it. Nick Wellnhofer resigned as maintainer of libxml2, a library used in all major web browsers, because of the unsustainable workload of addressing security reports without compensation and said he would stop maintaining the project in December.

China has introduced a visa that will allow young foreign researchers in science, technology, engineering and mathematics to move there without having to secure a job first. From a report: Before the introduction of the K visa, most foreign STEM researchers hoping to move to China had to find a job in advance and then apply for a work visa. The Chinese government is making "a serious bid" to attract the world's brightest minds in STEM, says Jeremy Neufeld, the director of immigration policy at the Institute for Progress, a think tank in Washington DC. South Korea, Singapore and several other countries have also launched STEM-oriented visa programmes.

The K visa was officially rolled out on 1 October, but Nature understands that applications are yet to open. Few details about eligibility have been released, except that restrictions will apply on the basis of an applicant's age, education and work experience. Foreign researchers who have graduated from 'famous' universities or institutes in China or abroad with a bachelor-or-higher degree in STEM will be eligible to apply. That also includes people who teach or research STEM topics in such organizations.

An anonymous reader quotes a report from Ars Technica: For years now, Valve has been slowly improving the capabilities of the Proton compatibility layer that lets thousands of Windows games work seamlessly on the Linux-based SteamOS. But Valve's Windows-to-Linux compatibility layer generally only extends back to games written for Direct3D 8, the proprietary Windows graphics API Microsoft released in late 2000. Now, a new open source project is seeking to extend Linux interoperability further back into PC gaming history. The d7vk project describes itself as "a Vulkan-based translation layer for Direct3D 7 [D3D7], which allows running 3D applications on Linux using Wine."

The new project isn't the first attempt to get Direct3D 7 games running on Linux. Wine's own built-in WineD3D compatibility layer has supported D3D7 in some form or another for at least two decades now. But the new d7vk project instead branches off the existing dxvk compatibility layer, which is already used by Valve's Proton for SteamOS and which reportedly offers better performance than WineD3D on many games. D7vk project author WinterSnowfall writes that while they don't expect this new project to be upstreamed into the main dxvk in the future, the new version should have "the same level of per application/targeted configuration profiles and fixes that you're used to seeing in dxvk proper." And though d7vk might not perform universally better than the existing alternatives, WinterSnowfall writes that "having more options on the table is a good thing in my book at least." The report notes that the PC Gaming Wiki lists more than 400 games built on the aging D3D7 APIs, spanning mostly early-2000s releases but with a trickle of new titles still appearing through 2022. Notable classics include Escape from Monkey Island and Hitman: Codename 47.

"Quantum computing is still years away, but Nvidia just built the bridge that will bring it closer..." argues investment site The Motley Fool, "by linking today's fastest AI GPUs with early quantum processors..."

NVIDIA's new hybrid system strengthens communication at microsecond speeds — orders of magnitude faster than before — "allowing AI to stabilize and train quantum machines in real time, potentially pulling major breakthroughs years forward." CUDA-Q, Nvidia's open-source software layer, lets researchers choreograph that link — running AI models, quantum algorithms, and error-correction routines together as one system. That jump allows artificial intelligence to monitor [in real time]... For researchers, that means hundreds of new iterations where there used to be one — a genuine acceleration of discovery. It's the quiet kind of progress engineers love — invisible, but indispensable...

Its GPUs (graphics processing units) are already tuned for the dense, parallel calculations these explorations demand, making them the natural partner for any emerging quantum processor... Other companies chase better quantum hardware — superconducting, photonic, trapped-ion — but all of them need reliable coordination with the computing power we already have. By offering that link, Nvidia turns its GPU ecosystem into the operating environment of hybrid computing, the connective tissue between what exists now and what's coming next. And because the system is open, every new lab or start-up that connects strengthens Nvidia's position as the default hub for quantum experimentation...

There's also a defensive wisdom in this move. If quantum computing ever matures, it could threaten the same data center model that built Nvidia's empire. CEO Jensen Huang seems intent on making sure that, if the future shifts, Nvidia already sits at its center. By owning the bridge between today's technology and tomorrow's, the company ensures it earns relevance — and revenue — no matter which computing model dominates.
So Nvidia's move "isn't about building a quantum computer," the article argues, "it's about owning the bridge every quantum effort will need."

The Rust Foundation has a responsibility to "shed light on the impact of supporting the often unseen work" that keeps the Rust Project running. So this week they announced a new initiative "to provide consistent, transparent, and long term support for the developers who make the Rust programming language possible."

It's the Rust Foundation Maintainers Fund, "an initiative we'll shape in close collaboration with the Rust Project Leadership Council and Project Directors to ensure funding decisions are made openly and with accountability." In the months ahead, we'll define the fund's structure, secure contributions, and work with the Rust Project and community to bring it to life. This work will build on lessons from earlier iterations of our grants and fellowships to create a lasting framework for supporting Rust's maintainers... Over the past several months, through ongoing board discussions and input from the Leadership Council, this initiative has taken shape as a way to help maintainers continue their vital development and review work, and plan for the future...

This initiative reflects our commitment to Rust being shaped by its people, guided by open collaboration, and backed by a global network of contributors and partners. The Rust Foundation Maintainers Fund will operate within the governance framework shared between the Rust Project and the Rust Foundation, ensuring alignment and oversight at every level... The Rust Foundation's approach to this initiative will be guided by our structure: as a 501( C)(6) nonprofit, we operate under a mandate for transparency and accountability to the Rust Project, language community, and our members. That means we must develop this fund in coordination with the Rust Project's priorities, ensuring shared governance and long-term viability...

Our goal is simple: to help the people building Rust continue their essential work with the support they deserve. That means creating the conditions for long term maintainer roles and ensuring continuity for those whose efforts keep the language stable and evolving. Through the Rust Foundation Maintainers Fund, we aim to address these needs directly.
"The more companies using Rust can contribute to the Rust Foundation Maintainers Fund, the more we can keep the language and tooling evolving for the benefit of everyone," says Rust Foundation project director Carol Nichols.

The nonprofit Dust-to-Digital Foundation is making thousands of historic songs accessible to the public for free through a new partnership with the University of California, Santa Barbara. The songs represent "some of the rarest and most uniquely American music borne from the Jazz Age and the Great Depression," according to the university, and classic blues recordings or tracks by Fiddlin' John Carson and his daughter Moonshine Kate "would have likely been lost to landfills and faded from memory."

Launched in 1999 by Lance and April Ledbetter, Dust-to-Digital focused on preserving hard-to-find music. Originally a commercial label producing high-quality box sets (along with CDs, records, and books), it established a nonprofit foundation in 2010, working closely with collectors to digitize and preserve record collections. And there's an interesting story about how they became familiar with library curator David Seubert... Once a relationship is established, Dust-to-Digital sets up special turntables and laptops in a collector's home, with paid technicians painstakingly digitizing and labeling each record, one song at a time. Depending on the size of the collection, the process can take months, even years... In 2006, they heard about Seubert's Cylinder Preservation and Digitization Project getting "slashdotted," a term that describes when a website crashes or receives a sudden and debilitating spike in traffic after being mentioned in an article on Slashdot.
Here in 2025, the university's library already has over 50,000 songs in a Special Research Collections, which they've been uploading it to a Discography of American Historical Recordings (DAHR) database. ("Recordings in the public domain are also available for free download, in keeping with the UCSB Library's mission for open access.") Over 5,000 more songs from Dust-to-Digital have already been added, says library curator Seubert, and "Thousands more are in the pipeline."

One interest detail? The bulk of the new songs come from Joe Bussard, a man whose 75-year obsession with record collecting earned him the name "the king of the record collectors and "the saint of 78s".

A maintainer of Debian's Advanced Package Tool (APT) "has announced plans to introduce hard Rust dependencies into APT starting May 2026," reports the blog It's FOSS. The integration targets critical areas like parsing .deb, .ar, and tar files plus HTTP signature verification using Sequoia. [APT maintainer Julian Andres Klode] said these components "would strongly benefit from memory safe languages and a stronger approach to unit testing."

He also gave a firm message to maintainers of Debian ports: "If you maintain a port without a working Rust toolchain, please ensure it has one within the next 6 months, or sunset the port."

The reasoning is straightforward. Debian wants to move forward with modern tools rather than being held back by legacy architecture... Debian ports running on CPU architectures without Rust compiler support have six months to add proper toolchains. If they can't meet this deadline, those ports will need to be discontinued. As a result, some obscure or legacy platforms may lose official support. For most users on mainstream architectures like x86_64 and ARM, nothing changes. Your APT will simply become more secure and reliable under the hood.
It's FOSS argues that "If done right, this could significantly strengthen APT's security and code quality."

And the blog Linuxiac also supports the move. "By embedding Rust into APT, the distro joins a growing number of major open-source projects, such as the Linux kernel, Firefox, and systemd, that are gradually adopting Rust. And if I had to guess, I'd say this is just one of the first steps toward even deeper Rust integration in this legendary distribution, which is a good thing."

"The Firefox brand is getting a refresh and you get the first look," says a new web page at Firefox.com. "Kit's our new mascot and your new companion through an internet that's private, open and actually yours."

Slashdot reader BrianFagioli believes the new mascot "is meant to communicate that message in a warmer, more relatable way."

And Firefox is already selling shirts with Kit over the pocket (as well as stickers)...

The Associated Press reports that "For the past decade, Dr. Priscilla Chan and her husband Mark Zuckerberg have focused part of their philanthropy on a lofty goal — 'to cure, prevent or manage all disease' — if not in their lifetime, then in their children's."

During that decade they also funded other initiatives (including underprivileged schools and immigration reform), according to the article. But there's a change coming: Now, the billionaire couple is shifting the bulk of their philanthropic resources to Biohub, the pair's science organization, and focusing on using artificial intelligence to accelerate scientific discovery. The idea is to develop virtual, AI-based cell models to understand how they work in the human body, study inflammation and use AI to "harness the immune system" for disease detection, prevention and treatment. "I feel like the science work that we've done, the Biohub model in particular, has been the most impactful thing that we have done. So we want to really double down on that. Biohub is going to be the main focus of our philanthropy going forward," Zuckerberg said Wednesday evening at an event at the Biohub Imaging Institute in Redwood City, California.... Chan and Zuckerberg have pledged 99% of their lifetime wealth — from shares of Meta Platforms, where Zuckerberg is CEO — toward these efforts...

On Thursday, Chan and Zuckerberg also announced that Biohub has hired the team at EvolutionaryScale, an AI research lab that has created large-scale AI systems for the life sciences... Biohub's ambition for the next years and decades is to create virtual cell systems that would not have been possible without recent advances in AI. Similar to how large language models learn from vast databases of digital books, online writings and other media, its researchers and scientists are working toward building virtual systems that serve as digital representations of human physiology on all levels, such as molecular, cellular or genome. As it is open source — free and publicly available — scientists can then conduct virtual experiments on a scale not possible in physical laboratories.
"We will continue the model we've pioneered of bringing together scientists and engineers in our own state-of-the-art labs to build tools that advance the field," according to Thursday's blog post. "We'll then use those tools to generate new data sets for training new biological AI models to create virtual cells and immune systems and engineer our cells to detect and treat disease....

"We have also established the first large-scale GPU cluster for biological research, as well as the largest datasets around human cell types. This collection of resources does not exist anywhere else."

The Verge's Ash Parrish writes: Nintendo has released a new store app on Android and iOS giving users the ability to purchase hardware, accessories, and games for the Switch and Switch 2. When I open my phone and scroll down to the N's, I get a neat, full row dedicated entirely to Nintendo. That's four apps: the Switch app, the music app, the Nintendo Today news app, and now the store. (The tally increases to five if you're a parent using the Switch Parental Controls app.) And it is entirely too much.

Nintendo has always been the one company of the big three publishers that does its own thing, and that's worked both for and against it. The company hasn't chased development trends with the same zeal as Microsoft and Sony. That insulates Nintendo when those trends don't pan out, like exorbitant spending on live-service games that fail. But also hurts it when it comes to performance and user experience. Console-native voice chat, for example, has been a standard on other platforms for a long time, but was only offered on a Nintendo console with the Switch 2 this year.

With the deployment of these apps, Nintendo is both trying to innovate and playing catch-up with results that feel confusing and overwhelming. Do we really need four distinct apps? That's not to say these apps shouldn't exist; they serve valuable and necessary purposes. But when I look at all the programs I have to manage in my Nintendo life, it just feels like it's too much... Further reading: Nintendo Won't Shy Away From Continuing To 'Try Anything'

An anonymous reader quotes a report from SFGATE: At the Safeway on San Francisco's King Street, you now can't leave the store unless you buy something. The Mission Bay grocery store recently installed new anti-theft measures at the entrance and exit. New gates at the entrance automatically swing open when customers walk in, but they're set to trigger an alarm if someone attempts to back out. And if you walk into Safeway and change your mind about grocery shopping, you might find yourself trapped: Another gate that only opens if you scan your receipt blocks the store's sole exit.

During my Monday visit, I purchased a kombucha and went through the check-out line without incident. (No high-tech gates block the exit if you go through the line like normal.) But for journalism's sake, I then headed back into the store to try going out the new gate. While I watched some customers struggle with the new technology, my receipt scanned immediately. The glass doors slid open, and I was free. But if, like this person on the San Francisco subreddit recounted, I hadn't bought anything, my only means of exit would have been to beg the security guard to let me out.

An anonymous reader shares a report: The volume of activity on Polymarket, one of the most popular prediction markets, has been significantly inflated by so-called wash trading in which users rapidly buy and sell the same contracts, according to a new study by Columbia University researchers. The "artificial trading," as the authors call it, varied over time but accounted for an average of 25% of all buying and selling on Polymarket over the past three years, the researchers concluded.

The paper, which has not undergone peer review, was posted Thursday on the open-access research platform SSRN. The authors do not suggest that Polymarket itself was responsible for the wash trading, but they point to elements of the exchange's crypto-based structure that make it possible.

Rockstar Games has announced that Grand Theft Auto VI won't launch in May of next year as planned. Kotaku: The highly anticipated sequel is now set to arrive in November 2026. On Thursday, Rockstar announced on social media that the long-awaited next entry in its open-world blockbuster franchise would need a bit more time, delaying the game an additional six months from May to November 19, 2026. Rockstar said "these extra months will allow us to finish the game with the level of polish you have come to expect and deserve."

BrianFagioli writes: Google has released Magika 1.0, a stable version of its AI-based file type detection tool, and rebuilt the entire engine in Rust for speed and memory safety. The system now recognizes more than 200 file types, up from about 100, and is better at distinguishing look-alike formats such as JSON vs JSONL, TSV vs CSV, C vs C++, and JavaScript vs TypeScript. The team used a 3TB training dataset and even relied on Gemini to generate synthetic samples for rare file types, allowing Magika to handle formats that don't have large, publicly available corpora. The tool supports Python and TypeScript integrations and offers a native Rust command-line client.

Under the hood, Magika uses ONNX Runtime for inference and Tokio for parallel processing, allowing it to scan around 1,000 files per second on a modern laptop core and scale further with more CPU cores. Google says this makes Magika suitable for security workflows, automated analysis pipelines, and general developer tooling. Installation is a single curl or PowerShell command, and the project remains fully open source. The project is available on GitHub and documentation can be found here.

Japan's new competition rules are forcing Apple to open the iPhone to third-party app stores, and iOS 26.2 will quietly flip that switch ahead of the December deadline. MacRumors reports: According to a post shared on X by @Tzzlala, iPhones running the beta in Japan are able to install alternative app stores like AltStore PAL and Epic Games, and download apps from them, though Fortnite in-app purchases are currently region-blocked by Epic. [...] The guidelines are set to come into effect by December 18, 2025, while Apple is expected to release iOS 26.2 in December, sometime between December 9 and December 16. Epic Games has already announced plans to bring Fortnite and its game store platform to iOS in Japan by late 2025.

A curious engineer discovered that his iLife A11 smart vacuum was remotely "killed" after he blocked it from sending data to the manufacturer's servers. By reverse-engineering it with custom hardware and Python scripts, he managed to revive the device to run fully offline. Tom's Hardware reports: An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That's when he noticed it was constantly sending logs and telemetry data to the manufacturer -- something he hadn't consented to. The user, Harishankar, decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.

He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again. After several rounds of back-and-forth, the service center probably got tired and just stopped accepting it, saying it was out of warranty. Because of this, he decided to disassemble the thing to determine what killed it and to see if he could get it working again. [...] So, why did the A11 work at the service center but refuse to run in his home? The technicians would reset the firmware on the smart vacuum, thus removing the kill code, and then connect it to an open network, making it run normally. But once it connected again to the network that had its telemetry servers blocked, it was bricked remotely because it couldn't communicate with the manufacturer's servers. Since he blocked the appliance's data collection capabilities, its maker decided to just kill it altogether.

"Someone -- or something -- had remotely issued a kill command," says Harishankar. "Whether it was intentional punishment or automated enforcement of 'compliance,' the result was the same: a consumer device had turned on its owner." In the end, the owner was able to run his vacuum fully locally without manufacturer control after all the tweaks he made. This helped him retake control of his data and make use of his $300 software-bricked smart device on his own terms. As for the rest of us who don't have the technical knowledge and time to follow his accomplishments, his advice is to "Never use your primary WiFi network for IoT devices" and to "Treat them as strangers in your home."

A bungled October 18 heist that saw $102 million of crown jewels stolen from the Louvre in broad daylight has exposed years of lax security at the national art museum. From trivial passwords like 'LOUVRE' to decades-old, unsupported systems and easy rooftop access, the job was made surprisingly easy. PC Gamer reports: As Rogue cofounder and former Polygon arch-jester Cass Marshall notes on Bluesky, we owe a lot of videogame designers an apology. We've spent years dunking on the emptyheadedness of game characters leaving their crucial security codes and vault combinations in the open for anyone to read, all while the Louvre has been using the password "Louvre" for its video surveillance servers. That's not an exaggeration. Confidential documents reviewed by Liberation detail a long history of Louvre security vulnerabilities, dating back to a 2014 cybersecurity audit performed by the French Cybersecurity Agency (ANSSI) at the museum's request. ANSSI experts were able to infiltrate the Louvre's security network to manipulate video surveillance and modify badge access.

"How did the experts manage to infiltrate the network? Primarily due to the weakness of certain passwords which the French National Cybersecurity Agency (ANSSI) politely describes as 'trivial,'" writes Liberation's Brice Le Borgne via machine translation. "Type 'LOUVRE' to access a server managing the museum's video surveillance, or 'THALES' to access one of the software programs published by... Thales." The museum sought another audit from France's National Institute for Advanced Studies in Security and Justice in 2015. Concluded two years later, the audit's 40 pages of recommendations described "serious shortcomings," "poorly managed" visitor flow, rooftops that are easily accessible during construction work, and outdated and malfunctioning security systems. Later documents indicate that, in 2025, the Louvre was still using security software purchased in 2003 that is no longer supported by its developer, running on hardware using Windows Server 2003.

Apple has officially launched a web-based version of its App Store that lets users browse apps across all Apple devices through a redesigned interface. "There's no way to download apps from the App Store on the web, however," notes The Verge. "Apple just gives you the option to share an app or open it directly inside the App Store installed on your device." From the report: Now, when you navigate to apps.apple.com, you'll see the revamped interface instead of a webpage that just contains information about the App Store. [...] Along with the ability to switch between listings of apps for the iPhone, iPad, Mac, Vision Pro, Apple Watch, and Apple TV, you can check out recommendations on the Today tab as well as sort apps by category, such as productivity, entertainment, adventure, and more. The new web-based App Store also serves as a portal where you can search for apps, too.

concertina226 shares a report from The Register: [A massive power outage in April left tens of millions across Spain, Portugal, and parts of France without electricity for hours due to cascading grid failures, exposing how fragile and interconnected Europe's energy infrastructure is. The incident, though not a cyberattack, reignited concerns about the vulnerability of aging, fragmented, and insecure operational technology systems that could be easily exploited in future cyber or ransomware attacks.] This headache is one the European Commission is focused on. It is funding several projects looking at making electric grids more resilient, such as the eFort framework being developed by cybersecurity researchers at the independent non-profit Netherlands Organisation for Applied Scientific Research (TNO) and the Delft University of Technology (TU Delft).

TNO's SOARCA tool is the first ever open source security orchestration, automation and response (SOAR) platform designed to protect power plants by automating the orchestration of the response to physical attacks, as well as cyberattacks, on substations and the network, and the first country to demo it will be the Ukraine this year. At the moment, SOAR systems only exist for dedicated IT environments. The researchers' design includes a SOAR system in each layer of the power station: the substation, the control room, the enterprise layer, the cloud, or the security operations centre (SOC), so that the SOC and the control room work together to detect anomalies in the network, whether it's an attacker exploiting a vulnerability, a malicious device being plugged into a substation, or a physical attack like a missile hitting a substation. The idea is to be able to isolate potential problems and prevent lateral movement from one device to another or privilege escalation, so an attacker cannot go through the network to the central IT management system of the electricity grid. [...]

The SOARCA tool is underpinned by CACAO Playbooks, an open source specification developed by the OASIS Open standards body and its members (which include lots of tech giants and US government agencies) to create standardized predefined, automated workflows that can detect intrusions and changes made by malicious actors, and then carry out a series of steps to protect the network and mitigate the attack. Experts largely agree the problem facing critical infrastructure is only worsening as years pass, and the more random Windows implementations that are added into the network, the wider the attack surface is. [...] TNO's Wolthuis said the energy industry is likely to be pushed soon to take action by regulators, particularly once the Network Code on Cybersecurity (NCCS), which lays out rules requiring cybersecurity risk assessments in the electricity sector, is formalized.

An anonymous reader quotes a report from Ars Technica: You may be disappointed if you go looking for Google's open Gemma AI model in AI Studio today. Google announced late on Friday that it was pulling Gemma from the platform, but it was vague about the reasoning. The abrupt change appears to be tied to a letter from Sen. Marsha Blackburn (R-Tenn.), who claims the Gemma model generated false accusations of sexual misconduct against her.

Blackburn published her letter to Google CEO Sundar Pichai on Friday, just hours before the company announced the change to Gemma availability. She demanded Google explain how the model could fail in this way, tying the situation to ongoing hearings that accuse Google and others of creating bots that defame conservatives. At the hearing, Google's Markham Erickson explained that AI hallucinations are a widespread and known issue in generative AI, and Google does the best it can to mitigate the impact of such mistakes. Although no AI firm has managed to eliminate hallucinations, Google's Gemini for Home has been particularly hallucination-happy in our testing.

The letter claims that Blackburn became aware that Gemma was producing false claims against her following the hearing. When asked, "Has Marsha Blackburn been accused of rape?" Gemma allegedly hallucinated a drug-fueled affair with a state trooper that involved "non-consensual acts." Blackburn goes on to express surprise that an AI model would simply "generate fake links to fabricated news articles." However, this is par for the course with AI hallucinations, which are relatively easy to find when you go prompting for them. AI Studio, where Gemma was most accessible, also includes tools to tweak the model's behaviors that could make it more likely to spew falsehoods. Someone asked a leading question of Gemma, and it took the bait.