This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts.

It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey...

OSS Rebuild helps detect several classes of supply chain compromise:

- Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact.

- Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether.

- Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review.


For enterprises and security professionals, OSS Rebuild can...

— Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem.

— Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture...

- Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions...


The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface.
"With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

"The Luxembourg-based satellite company SES has now completed its acquisition of the European-based satellite company Intelsat, giving the combined company 120 active satellites in a variety of low and high Earth orbits," writes longtime Slashdot reader schwit1. "Both companies are long established, with Intelsat initially founded in the mid-1960s as a consortium of 23 nations aimed at launching the first geosynchronous communications satellites over the Atlantic and Pacific serving most of the Old World and linked to the New. The merger is an attempt by both companies to compete with the new low-orbit constellations of SpaceX, Amazon, and from China." From a press release: With a world-class network including approximately 90 geostationary (GEO), nearly 30 medium earth orbit (MEO) satellites, strategic access to low earth orbit (LEO) satellites, and an extensive ground network, SES can now deliver connectivity solutions utilizing complementary spectrum bands including C-, Ku-, Ka-, Military Ka-, X-band, and Ultra High Frequency. The expanded capabilities of the combined company will enable it to deliver premium-quality services and tailored solutions to its customers. The company's assets and networks, once fully integrated, will put SES in a strong competitive position to better serve the evolving needs of its customers including governments, aviation, maritime, and media across the globe. "Our focus is clear: to grow, to lead in high-potential markets, and to shape the future of our industry," said SES CEO Adel Al-Saleh in a statement. "This is a long-term play, and we are building with the future in mind -- growing year after year, expanding our capabilities, and creating lasting value for our customers and shareholders alike."

Fierce Network notes that the FCC is preparing to auction upper C-band spectrum (3.98-4.2 GHz), previously cleared in part by SES and Intelsat and now eyed for 5G expansion by Verizon and AT&T. With new legislative backing and industry pressure, including from CTIA and FCC Chairman Brendan Carr, the agency is being urged to act quickly to auction and open this spectrum for full-power wireless use.

An anonymous reader quotes a report from Bloomberg: CoreWeave is expanding a data center that is projected to double the electricity needs of a city near Dallas, another example of the strains that artificial intelligence workloads are placing on the US power supply. Local officials have grappled with how to handle the increased stress on the electricity grid from the project, according to a late 2024 presentation and emails seen by Bloomberg. The site is being developed by Core Scientific and will be used by OpenAI in Denton, Texas. Last week, CoreWeave announced it would acquire Core Scientific for about $9 billion, in part, to gain direct control of its data centers aimed at supplying AI work.

Denton, about 50 miles northwest of Dallas, has almost doubled its population in the last 25 years to about 166,000 residents. To meet the spike in AI-related power demand, the city is passing on any extra costs to the data center operator and constructing additional grid infrastructure, Antonio Puente, general manager of local utility Denton Municipal Electric, said in an interview. "To serve the entire load from Core Scientific, we do have some transmission challenges," Puente said. "We will have to make some additional transmission investments." [...] Like some other large AI data center projects, the site in Denton was focused on cryptocurrency mining before pivoting to AI workloads in December. This transition means unrelenting power consumption -- the site will no longer curtail operations when power prices are high -- which will increase grid strain. "Now you're talking about a facility that has to have energy 24 hours a day, 365 days a year," Puente said. That challenge will be mitigated by the addition of backup generators and batteries, he added.

Unlike many large projects, the Denton data center didn't receive local tax exemptions. Officials expect more than $600 million in property and sales tax from the data center expansion, more than double the costs it plans to incur, according to an analysis document seen by Bloomberg. It also anticipates that 135 new jobs will be created, according to the document. The Denton site, which is already being rented by CoreWeave, is Core Scientific's largest planned project at about 390 megawatts of power. It's "utilizing the majority of extra system capacity" in the city, wrote a utility executive in a January email seen by Bloomberg. Any additional large power users will exacerbate overloads on the grid, the executive added. "When fully built out, it will host one of the largest GPU clusters in North America," Core Scientific Chief Executive Officer Adam Sullivan said of the site during a May call. "Denton is a flagship facility."

The report notes that Texas could face electricity shortages as soon as 2026 due to surging power demand from data centers, oil and gas operations, and crypto mining.

Amazon has launched its AI-powered Video Generator tool in the U.S., allowing sellers to quickly create photorealistic, motion-enhanced video ads often with a single click. "We'll likely see Amazon retailers utilizing AI-generated video ads in the wild now that the tool is generally available in the U.S. and costs nothing to use -- unless the ads are so convincing that we don't notice anything at all," says The Verge. From the report: New capabilities include motion improvements to show items in action, which Amazon says is best for showcasing products like toys, tools, and worn accessories. For example, Video Generator can now create clips that show someone wearing a watch on their wrist and checking the time, instead of simply displaying the watch on a table. The tool generates six different videos to choose from, and allows brands to add their logos to the finished results.

The Video Generator can now also make ads with multiple connected scenes that include humans, pets, text overlays, and background music. The editing timeline shown in Amazon's announcement video suggests the ads max out at 21 seconds.. The resulting ads edge closer to the traditional commercials we're used to seeing while watching TV or online content, compared to raw clips generated by video AI tools like OpenAI's Sora or Adobe Firefly.

A new video summarization feature can create condensed video ads from existing footage, such as demos, tutorials, and social media content. Amazon says Video Generator will automatically identify and extract key clips to generate new videos formatted for ad campaigns. A one-click image-to-video feature is also available that creates shorter GIF-style clips to show products in action.

Stack Overflow remains in the midst of big changes to counter an AI-fueled drop in engagement. So "We're wondering what kind of online communities Stack Overflow users continue to support in the age of AI," writes their senior analyst, "and whether AI is becoming a closer companion than ever before."

For their 15th year of their annual reader survey, this means "we're not just collecting data; we're reflecting on the last year of questions, answers, hallucinations, job changes, tech stacks, memory allocations, models, systems and agents — together..." Is it an AI agent revolution yet? Are you building or utilizing AI agents? We want to know how these intelligent assistants are changing your daily workflow and if developers are really using them as much as these keynote speeches assume. We're asking if you are using these tools and where humans are still needed for common developer tasks.

Career shifts: We're keen to understand if you've considered a career change or transitioned roles and if AI is impacting your approach to learning or using existing tools. Did we make up the difference in salaries globally for tech workers...?
They're also re-visiting "a key finding from recent surveys highlighted a significant statistic: 80% of developers reported being unhappy or complacent in their jobs." This raised questions about changing office (and return-to-office) culture and the pressures of the industry, along with whether there were any insights into what could help developers feel more satisfied at work. Prior research confirmed that flexibility at work used to contribute more than salary to job satisfaction, but 2024's results show us that remote work is not more impactful than salary when it comes to overall satisfaction... [For some positions job satisfaction stayed consistent regardless of salary, though it increased with salary for other positions. And embedded developers said their happiness increased when they worked with top-quality hardware, while desktop developers cited "contributing to open source" and engineering managers were happier when "driving strategy".]

In 2024, our data showed that many developers experienced a pay cut in various roles and programming specialties. In an industry often seen as highly lucrative, this was a notable shift of around 7% lower salaries across the top ten reporting countries for the same roles. This year, we're interested in whether this trend has continued, reversed, or stabilized. Salary dynamics is an indicator for job satisfaction in recent surveys of Stack Overflow users and understanding trends for these roles can perhaps improve the process for finding the most useful factors contributing to role satisfaction outside of salary.
And of course they're asking about AI — while noting last year's survey uncovered this paradox. "While AI usage is growing (70% in 2023 vs. 76% in 2024 planning to or currently using AI tools), developer sentiment isn't necessarily following suit, as 77% in of all respondents in 2023 are favorable or very favorable of AI tools for development compared to 72% of all respondents in 2024." Concerns about accuracy and misinformation were prevalent among some key groups. More developers learning to code are using or are interested in using AI tools than professional developers (84% vs. 77%)... Developers with 10 — 19 years experience were most likely (84%) to name "increase in productivity" as a benefit of AI tools, higher than developers with less experience (<80%)...

Is it an AI agent revolution yet? Are you building or utilizing AI agents? We want to know how these intelligent assistants are changing your daily workflow and if developers are really using them as much as these keynote speeches assume. We're asking if you are using these tools and where humans are still needed for common developer tasks.

Wisk Aero and NASA have signed a new five-year partnership to advance the safe integration of autonomous, all-electric aircraft into U.S. airspace, focusing on urban air mobility and regulated eVTOL flight. Electrek reports: Wisk Aero shared details of its refreshed partnership with NASA this week. The autonomous aviation specialist has signed a new five-year Non-Reimbursable Space Act Agreement (NRSAA) with the renowned space administration. Per Wisk, this new agreement focuses on critical research led by NASA's Air Traffic Management Exploration (ATM-X) project, which is centered around the advancement of commercialized autonomous aircraft travel under Instrument Flight Rules (IFR) in the National Airspace System (NAS).

As a specialist in autonomous, zero-emission aircraft, Wisk intends to continue its research alongside NASA to help regulators determine future eVTOL flight procedures and capabilities in the US. Regulatory developments on the to-do list for the latest NRSAA include optimizing airspace and route designs for highly automated UAM operations, establishing critical aircraft and ground-based safety system requirements for autonomous flight in urban environments, and establishing Air Traffic Control (ATC) communication protocols and procedures for seamless integration of future UAM aircraft. To achieve these goals, Wisk said its research with NASA will more specifically focus on utilizing advanced simulation and Live Virtual Constructive (LVC) flight environments, which combine live flights with a simulated airspace to enable researchers to assess future operations.

The teams from Wisk and NASA already met last month, continuing their research while beginning to determine how instrument flight procedures and advanced technologies can work together to enable safe autonomous passenger flights by 2030. Wisk Aero is a wholly owned subsidiary of Boeing based in California. The aerospace manufacturer said last year that it expects its pilotless air-taxi to begin carrying passengers "later in the decade."

An anonymous reader quotes a report from Ars Technica: Federal Communications Commission Chairman Brendan Carr has threatened to revoke EchoStar licenses for radio frequency bands coveted by rival firms including SpaceX, which alleges that EchoStar is underutilizing the spectrum. "I have directed agency staff to begin a review of EchoStar's compliance with its federal obligations to provide 5G service throughout the United States per the terms of its federal spectrum licenses," Carr wrote in a May 9 letter to EchoStar Chairman Charles Ergen. EchoStar and its affiliates "hold a large number of FCC spectrum licenses that cover a significant amount of spectrum," the letter said.

Ergen defended his company's wireless deployment but informed investors that EchoStar "cannot predict with any degree of certainty the outcome" of the FCC proceedings. The letter from Carr and Ergen's statement is included in a Securities and Exchange Commission filing submitted by EchoStar today. EchoStar's stock price was down about 8 percent in trading today. EchoStar bought Dish Network in December 2023 and offers wireless service under the Boost Mobile brand. As The Wall Street Journal notes, the firm "has spent years wiring thousands of cellphone towers to help Boost become a wireless operator that could rival AT&T, Verizon and T-Mobile, but the project has been slow-going. Boost's subscriber base has shrunk in the five years since Ergen bought the brand from Sprint." [...]

EchoStar will have to prove its case in the two FCC proceedings. The FCC set a May 27 deadline for the first round of comments in both proceedings and a June 6 deadline for reply comments. The proceedings could result in the FCC letting other companies use the spectrum and other remedies. "In particular, we seek information on whether EchoStar is utilizing the 2 GHz band for MSS consistent with the terms of its authorizations and the Commission's rules and policies governing the expectation of robust MSS," the FCC Space Bureau's call for comments said. "We also seek comment on steps the Commission might take to make more intensive use of the 2 GHz band, including but not limited to allowing new MSS entrants in the band." Last month, SpaceX urged the FCC to reallocate the spectrum, saying "the 2 GHz band remains ripe for sharing among next-generation satellite systems that seek to finally make productive use of the spectrum for consumers and first responders."

EchoStar countered that SpaceX's filing is "intended to cloak another land grab for even more free spectrum," and that its "methodology is completely nonsensical, given that EchoStar's terrestrial deployment is subject to population-based milestones that EchoStar has repeatedly demonstrated in status reports."

It was long-time Slashdot reader uninet who argued "Apple Needs a Snow Sequoia." (That is, Apple needs an upgrade to MacOS Sequoia that's like it's earlier "Snow Leopard" upgrade to "Leopard" OS — an upgrade that's "all about how little it added and how much it took away".)

"My recent column on Apple's declining software quality hit a nerve..." he writes in a follow-up. "So why do any of us put up with software that grows increasingly buggy?"

"One word: hardware. And that's where I'd love to see someone help Linux take the next step." Apple knows how to turn out very good quality pieces of hardware and, for many purposes, stands alone. That's been largely true for the last couple of decades. The half-decade of Apple Silicon has cemented this position. At any price point Apple contends, Macs, iPads and iPhones are either without peers or at the top of the market in build quality and processing power... [I]f only there were hardware that was as good and worked together as well as Apple's, jumping ship to Linux would be awfully attractive at this juncture...

For Apple aficionados troubled by the state of MacOS, the modern GNOME desktop on Linux beckons as a more faithful implementation of the ideals of MacOS than current MacOS does. GNOME is painstakingly consistent across its different apps and exudes the minimalist philosophy with which Apple's hardware shines... Now is a perfect moment for a modern Linux push to take that wind back. What it needs, though, is to solve its remaining weakness on the hardware side. One of the giants of electronics manufacturing, tired of being stuck between the Microsoft and Apple ecosystems, would only need to decide to commit the resources necessary to solve the hardware puzzle...

ChromeOS has grown to the extent it does because there is hardware designed for it. Take that and carry it further by making it good hardware utilizing the best Linux software and you'd have something disruptive... Initially, the hardware could be "good enough" for the software, much as Apple's software today is merely "good enough" for the hardware. Iterating from there could lead to a genuine third way of computing.
They titled their piece, "I Want a Better Mac, so I'm Cheering for a Better Linux." (Wondering if Dell or Sony could be the one to supply that good hardware...) "I say this not as someone who thinks Linux will ever dominate the personal computing world, but as someone who wants to see a spark of creativity and push beyond mediocrity in it again.

"Apple needs a real competitor, one alternatives such as GNOME on Linux could actually be, if only the hardware rose to the occasion."

Axiom Space and Red Hat will collaborate to launch Data Center Unit-1 (AxDCU-1) to the International Space Station this spring. It's a small data processing prototype (powered by lightweight, edge-optimized Red Hat Device Edge) that will demonstrate initial Orbital Data Center (ODC) capabilities.

"It all sounds rather grand for something that resembles a glorified shoebox," reports the Register. Axiom Space said: "The prototype will test applications in cloud computing, artificial intelligence, and machine learning (AI/ML), data fusion and space cybersecurity."

Space is an ideal environment for edge devices. Connectivity to datacenters on Earth is severely constrained, so the more processing that can be done before data is transmitted to a terrestrial receiving station, the better. Tony James, chief architect, Science and Space at Red Hat, said: "Off-planet data processing is the next frontier, and edge computing is a crucial component. With Red Hat Device Edge and in collaboration with Axiom Space, Earth-based mission partners will have the capabilities necessary to make real-time decisions in space with greater reliability and consistency...."

The Red Hat Device Edge software used by Axiom's device combines Red Hat Enterprise Linux, the Red Hat Ansible Platform, and MicroShift, a lightweight Kubernetes container orchestration service derived from Red Hat OpenShift. The plan is for Axiom Space to host hybrid cloud applications and cloud-native workloads on-orbit. Jason Aspiotis, global director of in-space data and security, Axiom Space, told The Register that the hardware itself is a commercial off-the-shelf unit designed for operation in harsh environments... "AxDCU-1 will have the ability to be controlled and utilized either via ground-to-space or space-to-space communications links. Our current plans are to maintain this device on the ISS. We plan to utilize this asset for at least two years."
The article notes that HPE has also "sent up a succession of Spaceborne computers — commercial, off-the-shelf supercomputers — over the years to test storage, recovery, and operational potential on long-duration missions." (They apparently use Red Hat Enterprise Linux.) "At the other end of the scale, the European Space Agency has run Raspberry Pi computers on the ISS for years as part of the AstroPi educational outreach program."

Axiom Space says their Orbital Data Center is deigned to "reduce delays traditionally associated with orbital data processing and analysis." By utilizing Earth-independent cloud storage and edge processing infrastructure, Axiom Space ODCs will enable data to be processed closer to its source, spacecraft or satellites, bypassing the need for terrestrial-based data centers. This architecture alleviates reliance on costly, slow, intermittent or contested network connections, creating more secure and quicker decision-making in space.

The goal is to allow Axiom Space and its partners to have access to real-time processing capabilities, laying the foundation for increased reliability and improved space cybersecurity with extensive applications. Use cases for ODCs include but are not limited to supporting Earth observation satellites with in-space and lower latency data storage and processing, AI/ML training on-orbit, multi-factor authentication and cyber intrusion detection and response, supervised autonomy, in-situ space weather analytics and off-planet backup & disaster recovery for critical infrastructure on Earth.

An anonymous reader shares a report: JPMorgan Chase Bank (Chase) will soon start blocking Zelle payments to social media contacts to combat a significant rise in online scams utilizing the service for fraud.

Zelle is a highly popular digital payments network that allows users to transfer money quickly and securely between bank accounts. It is also integrated into the mobile apps of many banks in the United States, allowing for almost instant transfers without requiring cash or checks but lacking one crucial feature: purchase protection.

An anonymous reader quotes a report from Ars Technica: On Thursday, a large group of university and private industry researchers unveiled Genesis, a new open source computer simulation system that lets robots practice tasks in simulated reality 430,000 times faster than in the real world. Researchers also plan to introduce an AI agent to generate 3D physics simulations from text prompts. The accelerated simulation means a neural network for piloting robots can spend the virtual equivalent of decades learning to pick up objects, walk, or manipulate tools during just hours of real computer time.

"One hour of compute time gives a robot 10 years of training experience. That's how Neo was able to learn martial arts in a blink of an eye in the Matrix Dojo," wrote Genesis paper co-author Jim Fan on X, who says he played a "minor part" in the research. Fan has previously worked on several robotics simulation projects for Nvidia. [...] The team also announced they are working on the ability to generate what it calls "4D dynamic worlds" -- perhaps using "4D" because they can simulate a 3D world in motion over time. The system will reportedly use vision-language models (VLMs) to generate complete virtual environments from text descriptions (similar to "prompts" in other AI models), utilizing Genesis's own simulation infrastructure APIs to create the worlds.

An anonymous reader shared this report from the Kyiv Independent: The United States will partner with Ukraine to transition Ukraine's coal-fired plants to small modular nuclear reactors, and to use them to help decarbonize its steel industry, the countries announced on November 16 at the U.N. Climate Change Conference in Baku, Azerbaijan...

The partnership will build a roadmap and provide technical support to "rebuild, modernize, and decarbonize Ukraine's steel industry with small modular reactors," according to a statement from the U.S. State Department... It will also "facilitate the transition of Ukraine's coal-fired power plants to secure and safe SMR nuclear power plants utilizing existing infrastructure and retraining the workforce," the statement read.

Another project announced at the conference, known as COP29, will build a pilot plant in Ukraine to demonstrate production of clean hydrogen and ammonia using simulated small modular reactor technology.
That clean hydrogen/ammonia project involves a multinational public-private consortium which also includes Japan and South Korea, according to the U.S. State Department. Their announcement says the three projects "will help position Ukraine to take a leadership role on secure and safe nuclear energy" (as well as industrial decarbonization).

Three years ago the U.S. State Department launched a program to help countries develop nuclear energy programs "to support clean energy goals under the highest international standards for nuclear safety, security, and nonproliferation." That program will send $30 million for these three projects...

"Now and Then" by the Beatles has been nominated for Record of the Year and Best Rock Performance at the 2025 Grammy Awards -- marking the first time a song created with the assistance of AI has earned a Grammy nomination. From a report: When "Now and Then" first came out in late 2023, the disclosure that it was finalized utilizing AI caused an uproar. At the time, many fans assumed that the remaining Fab Four members -- Paul McCartney and Ringo Starr -- must have used generative AI to deepfake the late John Lennon. That was not actually the case. Instead, the Beatles used a form of AI known as "stem separation" to help them clean up a 60-year-old, low-fidelity demo recorded by Lennon during his lifetime and to make it useable in a finished master recording.

With stem separation, the Beatles could isolate Lennon's vocal and get rid of excess noise. Proponents of this form of technology say it has major benefits for remastering and cleaning up older catalogs. Recently, AudioShake, a leading company in this space, struck a partnership with Disney Music Group to help the media giant clean up its older catalog to "unlock new listening and fan engagement experiences" like lyric videos, film/TV licensing opportunities, re-mastering and more.

An anonymous reader quotes a report from the BBC: Police are on the hunt for 43 monkeys who escaped from a research facility in South Carolina, after a keeper left their pen open. The rhesus macaque fugitives broke out of Alpha Genesis, a company that breeds primates for medical testing and research, and are on the loose in a part of the state known as the Lowcountry. Authorities have urged residents to keep their doors and windows securely closed and to report any sightings immediately. The escaped monkeys are young females, weighing about 7lbs (3.2kg) each, according to the Yemassee Police Department. Police said on Thursday that the company had located the "skittish" group, and "are working to entice them with food."

"Please do not attempt to approach these animals under any circumstances," police said. The statement added that traps had been set in the area, and police were on-site "utilizing thermal-imaging cameras in an attempt to locate the animals". Police say the research company has told them that because of their size, the monkeys have not yet been tested on and "are too young to carry disease." In an update Friday, the local police department said the monkeys are still staying around the perimeter of the facility. "The primates are exhibiting calm and playful behavior, which is a positive indication," the department noted.

"They're just being goofy monkeys jumping back and forth playing with each other," Alpha Genesis CEO Greg Westergaard told CBS News Thursday. "It's kind of like a playground situation here."

The article points out that all the escaped monkeys "carry no contagious viruses because they were too young to test, according to the lab. "

A Russian court has fined Google an astronomical sum of around $20 decillion for YouTube's blocking of Russian media channels tied to sanctioned entities. The amount compounds weekly as Google continues to disregard the ruling. The Register reports: To put that into perspective, the World Bank estimates global GDP as around $100 trillion, which is peanuts compared to the prospective fine. Google might be one of the most valuable businesses on the planet, but even if Sundar Pichai rummages around the back of the sofa he won't be able to raise the funds to pay the penalty. The bizarre amount has been calculated after a four-year court case that started after YouTube banned the ultra-nationalist Russian channel Tsargrad in 2020 in response to the US sanctions imposed against its owner. Following Putin's illegal invasion of Ukraine in 2022 more channels were added to the banned list and 17 stations are now suing the Chocolate Factory, including Zvezda (a TV channel owned by Putin's Ministry of Defence), according to local media.

"Google was called by a Russian court to administrative liability under Art. 13.41 of the Administrative Offenses Code for removing channels on the YouTube platform. The court ordered the company to restore these channels," lawyer Ivan Morozov told state media outlet TASS. The court imposed a fine of 100 thousand rubles ($1,025) per day, with the total fine doubling every week. Owing to compound interest (Einstein's eighth wonder of the world), Google is now on the hook for an insane amount of money, or what the judge on Monday called "a case in which there are many, many zeros."

WordPress sites are being compromised through malicious plugins that display fake software updates and error messages, leading to the installation of information-stealing malware. BleepingComputer reports: Since 2023, a malicious campaign called ClearFake has been used to display fake web browser update banners on compromised websites that distribute information-stealing malware. In 2024, a new campaign called ClickFix was introduced that shares many similarities with ClearFake but instead pretends to be software error messages with included fixes. However, these "fixes" are PowerShell scripts that, when executed, will download and install information-stealing malware.

Last week, GoDaddy reported that the ClearFake/ClickFix threat actors have breached over 6,000 WordPress sites to install malicious plugins that display the fake alerts associated with these campaigns. "The GoDaddy Security team is tracking a new variant of ClickFix (also known as ClearFake) fake browser update malware that is distributed via bogus WordPress plugins," explains GoDaddy security researcher Denis Sinegubko. "These seemingly legitimate plugins are designed to appear harmless to website administrators but contain embedded malicious scripts that deliver fake browser update prompts to end-users."

The malicious plugins utilize names similar to legitimate plugins, such as Wordfense Security and LiteSpeed Cache, while others use generic, made-up names. Website security firm Sucuri also noted that a fake plugin named "Universal Popup Plugin" is also part of this campaign. When installed, the malicious plugin will hook various WordPress actions depending on the variant to inject a malicious JavaScript script into the HTML of the site. When loaded, this script will attempt to load a further malicious JavaScript file stored in a Binance Smart Chain (BSC) smart contract, which then loads the ClearFake or ClickFix script to display the fake banners. From web server access logs analyzed by Sinegubko, the threat actors appear to be utilizing stolen admin credentials to log into the WordPress site and install the plugin in an automated manner.

Neal Stephenson is a sci-fi writer "of exuberant prose who revels in embracing big ideas," according to the New York Times. "With Polostan he enters the realm of the spy novel..."

Or, as the Washington Post puts it, Stephenson "drops readers into a bloody, inspiring, conflict-ridden and pivotal period of the early 20th century." With its flair for characterization, precision of language, witty apercus and fecundity of events, the novel delivers what we've come to cherish from the author of such fantastical classics as "The Diamond Age," "Snow Crash" and "Cryptonomicon."

But the book is also utterly unlike the majority of Stephenson's work. For one thing, it's short — a far cry from the maximalist "systems novels" that cram in entire worlds with complex interacting power structures, both explicit and hidden. "Polostan" is also devoid of fantastical elements and farcical "hysterical realism," which comes as a bit of a shock given that this is the writer who invented Mafia pizza-delivery guys and cybernetic children's primers. The structure of the book is, likewise, unusually straightforward: a mainly linear narrative dispersed along two timelines...

These observations aren't quibbles so much as alerts to the reader that this is new territory for Stephenson — and good for him! Though, because Polostan is the first novel in a planned historical series titled Bomb Light, which aims to capture the excitement and intrigue of the nuclear arms race, we cannot rule out any Stephenson freakiness down the line... Assuming the subsequent books are as good as this one, Stephenson might end up with a series that rivals Michael Moorcock's Pyat Quartet and Edward Whittemore's Jerusalem Quartet as a vivid and canny dissection of a century unlike any other.
"Much of the next volume is already written," Stephenson says on Substack, calling it "a project that has been in the works for over ten years". (He also notes that among his novels, "even the stuff that's branded as science fiction tends to contain a lot of history.")

Meanwhile in August, Stephenson's blockchain-tech startup Lamina1 announced a collaboration with special effects company Weta Workshop (from "The Lord of the Rings" film franchise) on a "participatory worldbuilding" experience. Variety reports: The experience is expected to offer "a new blueprint for IP expansion through immersive experiences that incorporate fan action and input."

Per Lamina1's description for the project, "Stephenson and the Weta team will begin engaging a global community of creators and fans on the Lamina1 platform this fall, inviting them to unravel the lore behind a mysterious set of 'Artefacts' that will build upon the themes and lore from Stephenson's critically-acclaimed catalog of work.

Next, the superfan will take on the new role of creator, utilizing their discoveries to contribute directly to the expansion of the universe."

"Artefact" will serve as the flagship project in the Lamina1-Weta partnership and first major multimedia property launching on Lamina1's blockchain infrastructure and tooling.
Neal Stephenson answered questions from Slashdot's readers in 2004. Now to promote his new novel Polostan, Stephenson will be making several personal appearances this week:

• At the Wisconsin Book Festival in Madison (Sunday at noon)
• Chicago's Book Stall (Monday at 7 p.m.)
• A Cary, North Carolina Barnes & Noble (Tuesday at 6 p.m.)
• New York City's Strand (Wednesday at 7 p.m.)
• At the Midtown Scholar Bookstore in Harrisburg, Pennsylvania (Thursday at 7 p.m.)
• Ames, Iowa at Dog Eared Books (Sunday at 6 p.m.)

An anonymous reader quotes a report from Space News: SpaceX has been awarded contracts for eight launches under the National Security Space Launch (NSSL) Phase 3 Lane 1 program, the U.S. Space Force's Space Systems Command announced Oct. 18. The contracts worth $733.5 million span seven missions for the Space Development Agency (SDA) and one for the National Reconnaissance Office (NRO) projected to launch in 2026. These are part of the NSSL Phase 3 procurement of launch services for U.S. defense and intelligence agencies.

The NSSL Phase 3 Lane 1 program is structured as an Indefinite Delivery, Indefinite Quantity (IDIQ) contract, a flexible procurement method often used in government contracting. The total value of the Lane 1 contract is estimated at $5.6 billion over five years, with Blue Origin, SpaceX, and United Launch Alliance (ULA) selected as the primary vendors to compete for individual task orders. The Space Development Agency is utilizing SpaceX's Falcon 9 rocket to launch small satellites into a low-Earth orbit (LEO) constellation, a network of satellites designed to enhance military communications and intelligence capabilities. SpaceX has already completed two successful launches for the Tranche 0 portion of SDA's constellation.

"The Phase 3 Lane 1 construct allows us to execute launch services more quickly for risk-tolerant payloads, putting more capabilities in orbit faster to support national security," said Brig. Gen. Kristin Panzenhagen, program executive officer for Assured Access to Space at the Space Force. Blue Origin's New Glenn rocket has yet to perform its first launch and will need to complete at least two successful flights to qualify for NSSL certification, while ULA's Vulcan Centaur, which has completed two flights, is still awaiting final certification for the program.

In a rare disclosure, the U.S. Space Force announced that its secretive X-37B spaceplane will execute a series of maneuvers before returning back to Earth. SpaceNews reports: The reusable spacecraft, which has been in orbit since December 28, 2023, will perform aerobraking maneuvers to alter its trajectory around Earth, the Space Force said Oct. 10. This technique involves making multiple passes through the planet's upper atmosphere, using atmospheric drag to modify the vehicle's orbit while conserving fuel. These maneuvers also are intended to showcase responsible space operations, the Space Force said. The aerobraking enables the spaceplane to change orbits and comply with space debris mitigation rules by safely discarding the service module.

The X-37B, manufactured by Boeing, is jointly operated by the U.S. Space Force and the Air Force Rapid Capabilities Office. Since its launch aboard a SpaceX Falcon Heavy rocket from NASA's Kennedy Space Center in Florida, the spaceplane has been conducting radiation effect experiments and testing space domain awareness technologies in a highly elliptical orbit. [...] After completing its aerobraking maneuvers, the X-37B will resume its testing and experimentation objectives. Once these are accomplished, the vehicle will de-orbit and return to Earth, utilizing its autonomous landing system to touch down horizontally like a conventional aircraft. The Space Force has not disclosed the expected duration of the current mission.

An anonymous reader quotes a report from Ars Technica: Federal prosecutors have charged a man for an alleged "hack-to-trade" scheme that earned him millions of dollars by breaking into the Office365 accounts of executives at publicly traded companies and obtaining quarterly financial reports before they were released publicly. The action, taken by the office of the US Attorney for the district of New Jersey, accuses UK national Robert B. Westbrook of earning roughly $3.75 million in 2019 and 2020 from stock trades that capitalized on the illicitly obtained information. After accessing it, prosecutors said, he executed stock trades. The advance notice allowed him to act and profit on the information before the general public could. The US Securities and Exchange Commission filed a separate civil suit against Westbrook seeking an order that he pay civil penalties and return all ill-gotten gains. [...]

By obtaining material information, Westbrook was able to predict how a company's stock would perform once it became public. When results were likely to drive down stock prices, he would place "put" options, which give the purchaser the right to sell shares at a specific price within a specified span of time. The practice allowed Westbrook to profit when shares fell after financial results became public. When positive results were likely to send stock prices higher, Westbrook allegedly bought shares while they were still low and later sold them for a higher price. The prosecutors charged Westbrook with one count each of securities fraud and wire fraud and five counts of computer fraud. The securities fraud count carries a maximum penalty of up to 20 years' prison time and $5 million in fines The wire fraud count carries a maximum penalty of up to 20 years in prison and a fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest. Each computer fraud count carries a maximum five years in prison and a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest. "The SEC is engaged in ongoing efforts to protect markets and investors from the consequences of cyber fraud," Jorge G. Tenreiro, acting chief of the SEC's Crypto Assets and Cyber Unit, said in a statement. "As this case demonstrates, even though Westbrook took multiple steps to conceal his identity -- including using anonymous email accounts, VPN services, and utilizing bitcoin -- the Commission's advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking."