"The new Linux kernel was released and it's kind of a big deal," writes longtime Slashdot reader rexx mainframe. "Here is what you can expect." Linuxiac reports: A key update in Linux 7.0 is the removal of the experimental label from Rust support. That (of course) does not make Rust a dominant language in kernel development, but it is still an important step in its gradual integration into the project. Another notable security-related change is the addition of ML-DSA post-quantum signatures for kernel module authentication, while support for SHA-1-based module-signing schemes has been removed.

The kernel now includes BPF-based filtering for io_uring operations, providing administrators with improved control in restricted environments. Additionally, BTF type lookups are now faster due to binary search. At the same time, this release continues ongoing cleanup in the kernel's lower layers. The removal of linuxrc initrd code advances the transition to initramfs as the sole early-userspace boot mechanism.

Linux 7.0 also introduces NULLFS, an immutable and empty root filesystem designed for systems that mount the real root later. Plus, preemption handling is now simpler on most architectures, with further improvements to restartable sequences, workqueues, RCU internals, slab allocation, and type-based hardening. Filesystems and storage receive several updates as well. Non-blocking timestamp updates now function correctly, and filesystems must explicitly opt in to leases rather than receiving them by default. Phoronix has compiled a list of the many exciting changes.

Linus Torvalds himself announced the release, which can be downloaded directly from his git tree or from the kernel.org website.

Linux 7.0 has a major new version number but it's "largely a numbering reset [...], not a sign of some unusually disruptive release," notes Linuxiac.

A workplace-device study says Windows PCs crash significantly more often than Macs, lag further behind on patching and encryption in some sectors, and are typically replaced sooner. TechSpot reports: Omnissa's 2026 State of Digital Workspace report outlines the IT challenges that various organizations face from the growing use of AI and the heterogeneous deployment of enterprise devices. The relative instability of Windows and Android is a recurring theme throughout the report. The company gathered telemetry from clients located across the globe in retail, healthcare, finance, education, government, and other sectors throughout 2025. The data suggests that IT administrators face frustrating security gaps due to inconsistent patching across a diverse mosaic of devices and operating systems.

Employee workflow disruption, often due to software issues, is one area of concern. The report found that Windows devices were forced to shut down 3.1 times more often than Macs. Windows programs also froze 7.5 times more often than macOS apps and needed to be restarted more than twice as often. Certain industries were also alarmingly lax in securing Windows and Android devices. More than half of Windows and Android devices in healthcare and pharma were five major operating system updates behind, likely leaving them more vulnerable to errors and malware. More than half of the desktops and mobile devices used for education were also unencrypted, putting students' privacy at risk.

Macs also last longer, being replaced every five years on average, compared to every three years for Windows PCs. Despite a recent backlash against Windows, driven by a push for digital sovereignty in countries such as Germany, Windows use on government devices actually doubled last year. Meanwhile, Macs using Apple's M-series chips showcase a significant thermal advantage, with an average temperature of 40.1 degrees Celsius, while Intel processors run at 65.2 degrees.

"The systemd project merged a pull request adding a new birthDate field to the JSON user records managed by userdb in response to the age verification laws of California, Colorado, and Brazil," reports the blog It's FOSS.

They note that the field "can only be set by administrators, not by users themselves" — it's the same record that already holds metadata like realName, emailAddress, and location: Lennart Poettering, the creator of systemd, has clarified that this change is "an optional field in the userdb JSON object. It's not a policy engine, not an API for apps. We just define the field, so that it's standardized iff people want to store the date there, but it's entirely optional. "

In simple words, this is something that adds a new, optional field that can then be used by other open source projects like xdg-desktop-portal to build age verification compliance on top of, without systemd itself doing anything with the data or making it mandatory to provide. A merge request asking for this change to be repealed was struck down by Lennart, who gave the above-mentioned reasoning behind this, and further noted that people were misunderstanding what systemd is trying to do here.
"It enforces zero policy," Poettering said. "It leaves that up for other parts of the system."

An anonymous reader quotes a repot from the Portland Tribune: There was plenty of uncertainty and debate about the effectiveness of a cell phone ban decreed (PDF) by executive order last summer. But at least in Estacada, the policy has earned two thumbs up, including approval from a "grumpy old teacher." Jeff Mellema is a language arts teacher at Estacada High School. He has worked in the building for 24 years, and he said the new policy that prohibits students from using their phones during the day has been a breath of fresh air.

"There is so much better discourse in my classroom, be it personal or academic," Mellema said. "Students can't avoid those conversations anymore with their phones." "This ban has brought joy back to this old, grumpy teacher," he added with a smile. That is the kind of feedback Gov. Tina Kotek was hoping for as she visited Estacada High School on Wednesday afternoon, March 18. Her goal was to visit classrooms, speak with administrators, and meet with students one-on-one to hear about the effectiveness of her phone policy. [...] In the classrooms, she was able to take a straw poll around the cell phone ban and then get specific, direct feedback from the kids. Overall, it was positive.

The Rangers said they noticed changes in how they interact with teachers and peers. They don't feel that "siren's song" tug of their phones as often, and the changes are bleeding into everyday life as well -- think less reminders to put phones away during family dinners. Phones also led to issues around bullying and online toxicity during the school day. There are some hiccups. The students spoke about difficulties in tracking busy schedules. Many athletes relied on their phones for practice times and locations. Some advanced placement kids said the overzealous programs monitoring school laptops blocked access to needed resources for studying/researching schoolwork. There is even a strange quirk with school-provided tech that prevents them from accessing their calculators. "Maybe the filters are too strong right now," Gov. Kotek said. "That is why we are working with the districts to best implement the policy."

The kids also weighed in on the debate around the extent of the ban. The two options bandied in Salem were a "bell-to-bell" policy or just inside classrooms. The latter would allow kids to use their phones during passing period and lunch. Several advocated for that change. That mirrored the debate within the Oregon legislature. It ultimately led to a stalemate and the need for Gov. Kotek's executive ruling. "When you make a decision like this, you don't know how it will ultimately work," Kotek told the students. "I appreciate you adapting to the situation and making it work for you." While things could change in the future, the governor is pleased with the early results. The phone ban is here to stay.

2001: "Brookhaven Labs has produced for the first time collisions of gold nuclei at a center of mass energy of 200GeV/nucleon."

2002: "There may be a new type of matter according to researchers at Brookhaven National Laboratory."

2010: The hottest man-made temperatures ever achived were a record 4 trillion degree plasma experiment at Brookhaven National Laboratory in New York... anointed the Guinness record holder."

2023: "Scientists at Brookhaven National Laboratory have uncovered an entirely new kind of quantum entanglement."


2026: On Friday, February 6, "a control room full of scientists, administrators and members of the press gathered" at the Relativistic Heavy Ion Collider (RHIC) at Brookhaven National Lab in Upton, New York to witness its final collisions, reports Scientific American: The vibe had been wistful, but the crowd broke into applause as Darío Gil, the Under Secretary for Science at the U.S. Department of Energy, pressed a red button to end the collider's quarter-century saga... "I'm really sad" [said Angelika Drees, a BNL accelerator physicist]. "It was such a beautiful experiment and my research home for 27 years. But we're going to put something even better there."

That "something" will be a far more powerful electron-ion collider to further push the frontiers of physics, extend RHIC's legacy and maintain the lab's position as a center of discovery. This successor will be built in part from RHIC's bones, especially from one of its two giant, subterranean storage rings that once held the retiring collider's supply of circulating, near-light speed nuclei...slated for construction over the next decade. [That Electron-Ion Collider, or EIC] will utilize much of RHIC's infrastructure, replacing one of its ion rings with a new ring for cycling electrons. The EIC will use those tiny, fast-flying electrons as tiny knives for slicing open the much larger gold ions. Physicists will get an unrivaled look into the workings of quarks and gluons and yet another chance to grapple with nature's strongest force. "We knew for the EIC to happen, RHIC needed to end," says Wolfram Fischer, who chairs BNL's collider-accelerator department. "It's bittersweet."

EIC will be the first new collider built in the US since RHIC. To some, it signifies the country's reentry into a particle physics landscape it has largely ceded to Europe and Asia over the past two decades. "For at least 10 or 15 years," says Abhay Deshpande, BNL's associate laboratory director for nuclear and particle physics, "this will be the number one place in the world for [young physicists] to come."
The RHIC was able "to separately send two protons colliding with precisely aligned spins — something that, even today, no other experiment has yet matched," the article points out: During its record-breaking 25-year run, RHIC illuminated nature's thorniest force and its most fundamental constituents. It created the heaviest, most elaborate assemblages of antimatter ever seen. It nearly put to rest a decades-long crisis over the proton's spin. And, of course, it brought physicists closer to the big bang than ever before...

When RHIC at last began full operations in 2000, its initial heavy-ion collisions almost immediately pumped out quark-gluon plasma. But demonstrating this beyond a shadow of a doubt proved in some respects more challenging than actually creating the elusive plasma itself, with the case for success strengthening as RHIC's numbers of collisions soared. By 2010 RHIC's scientists were confident enough to declare that the hot soup they'd been studying for a decade was hot and soupy enough to convincingly constitute a quark-gluon plasma. And it was even weirder than they thought. Instead of the gas of quarks and gluons theorists expected, the plasma acted like a swirling liquid unprecedented in nature. It was nearly "perfect," with zero friction, and set a new record for twistiness, or "vorticity." For Paul Mantica, a division director for the Facilities and Project Management Division in the DOE's Office of Nuclear Physics, this was the highlight of RHIC's storied existence. "It was paradigm-changing," he says...

Data from the final run (which began nearly a year ago) has already produced yet another discovery: the first-ever direct evidence of "virtual particles" in RHIC's subatomic puffs of quark-gluon plasma, constituting an unprecedented probe of the quantum vacuum.
RHIC's last run generated hundreds of petabytes of data, the article points out, meaning its final smash "isn't really the end; even when its collisions stop, its science will live on."

But Science News notes RHIC's closure "marks the end for the only particle collider operating in the United States, and the only collider of its kind in the world. Most particle accelerators are unable to steer two particle beams to crash head-on into one another."

Microsoft has finally delivered on its promise to integrate Sysmon -- the long-standing system monitoring tool from its Sysinternals suite -- directly into Windows, a move that should make life considerably easier for enterprise administrators who have struggled with deploying and managing the utility across thousands of endpoints.

The functionality landed this week in Windows Insider builds 26300.7733 (Dev channel) and 26220.7752 (Beta channel). Sysmon allows administrators to capture system events through custom configuration files, filter for specific activity, and pipe the data into standard Windows event logs for pickup by security tools and SIEM pipelines. Mark Russinovich, Microsoft technical fellow and Winternals co-founder, has previously noted the lack of official customer support for Sysmon in production environments -- a gap this integration addresses. The feature ships disabled by default and requires PowerShell to enable. Microsoft notes that any existing Sysmon installation must be uninstalled before activating the built-in version.

Jeffrey Snover, the driving force behind PowerShell, has retired after a career that reshaped Windows administration. The Register reports: Snover's retirement comes after a brief sojourn at Google as a Distinguished Engineer, following a lengthy stint at Microsoft, during which he pulled the company back from imposing a graphical user interface (GUI) on administrators who really just wanted a command line from which to run their scripts. Snover joined Microsoft as the 20th century drew to a close. The company was all about its Windows operating system and user interface in those days -- great for end users, but not so good for administrators managing fleets of servers. Snover correctly predicted a shift to server datacenters, which would require automated management. A powerful shell... a PowerShell, if you will.

[...] Over the years, Snover has dropped the occasional pearl of wisdom or shared memories from his time getting PowerShell off the ground. A recent favorite concerns the naming of Cmdlets and their original name in Monad: Function Units, or FUs. Snover wrote: "This abbreviation reflected the Unix smart-ass culture I was embracing at the time. Plus I was developing this in a hostile environment, and my sense of diplomacy was not yet fully operational." Snover doubtless has many more war stories to share. In the meantime, however, we wish him well. Many admins owe Snover thanks for persuading Microsoft that its GUI obsession did not translate to the datacenter, and for lengthy careers in gluing enterprise systems together with some scripted automation.

Moxie Marlinspike, the engineer who created Signal Messenger and set a new standard for private communications, is now trialing Confer, an open source AI assistant designed to make user data unreadable to platform operators, hackers, and law enforcement alike. Confer relies on two core technologies: passkeys that generate a 32-byte encryption keypair stored only on user devices, and trusted execution environments on servers that prevent even administrators from accessing data. The code is open source and cryptographically verifiable through remote attestation and transparency logs.

Marlinspike likens current AI interactions to confessing into a "data lake." A court order last May required OpenAI to preserve all ChatGPT user logs including deleted chats, and CEO Sam Altman has acknowledged that even psychotherapy sessions on the platform may not stay private.

Microsoft has abruptly retired the Microsoft Deployment Toolkit, a free platform that IT administrators have relied on to deploy Windows operating systems and applications for more than two decades. The retirement, reports the Register, came with "immediate" notice, meaning no more fixes, support, security patches, or updates, and the download packages may be removed from official distribution channels.

Microsoft is testing a new Windows policy that lets IT administrators uninstall Microsoft Copilot from managed devices. The change rolls out via Windows Insider builds and works through standard management tools like Intune and SCCM. BleepingComputer reports: The new policy will apply to devices where the Microsoft 365 Copilot and Microsoft Copilot are both installed, the Microsoft Copilot app was not installed by the user, and the Microsoft Copilot app was not launched in the last 28 days. "Admins can now uninstall Microsoft Copilot for a user in a targeted way by enabling a new policy titled RemoveMicrosoftCopilotApp," the Windows Insider team said.

"If this policy is enabled, the Microsoft Copilot app will be uninstalled, once. Users can still re-install if they choose to. This policy is available on Enterprise, Pro, and EDU SKUs. To enable this policy, open the Group policy editor and go to: User Configuration -> Administrative Templates -> Windows AI -> Remove Microsoft Copilot App."

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...]

Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions.

To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

What happened when a school in Los Angeles gave a sixth grader an iPad for use throughout the school day? "He used the iPad during school to watch YouTube and participate in Fortnite video game battles," reports NBC News.

His mother has now launched a coalition of parents called Schools Beyond Screens "organizing in WhatsApp groups, petition drives and actions at school board meetings and demanding meetings with district administrators, pressuring them to pull back on the school-mandated screen time." Los Angeles Unified is the first district of its size to face an organized — and growing — campaign by parents demanding that schools pull back on mandatory screen time. The discontent in Los Angeles Unified, the second-largest school district in the country, reflects a growing unease nationally about the amount of time children spend learning through screens in classrooms. While a majority of states prohibit children from using cellphones in class, 88% of schools provide students with personal devices, according to the National Center for Education Statistics, often Chromebook laptops or iPads. The parents hope getting a district that has over 409,000 students across nearly 800 schools to change how it approaches screen time would send a signal across public school districts to pull back from a yearslong effort to digitize classrooms....

[In the Los Angeles school district] Students in grade levels as low as kindergarten are provided iPads, and some schools require them to take the tablets home. Some teachers have allowed students to opt out of the iPad-based assignments, but other parents say they've been told that they can't. Parents can also opt their children out of having access to YouTube and several other Google products... The billion-dollar 2014 initiative to give tablet computers to everyone became a scandal after the bidding process appeared to heavily favor Apple, and it faced criticism once it became clear that students could bypass security protocols and that few teachers used the tablets. Currently, the district leaves it up to individual schools to decide whether they want students to take home iPads or Chromebooks every day and how much time they spend on them in class...

Around 300 parents attended listening sessions the district held last month about technology in the classroom. Nearly all who spoke criticized how much screen time schools gave their children in class, pointing to ways their behavior and grades suffered as students watched YouTube and played Minecraft... Several also asked district officials to explain why children as young as kindergartners were asked to sign a form to use devices in which they promised they would honor intellectual property law and refrain from meeting people in person whom they met online. "Is it possible for children to meet people over the internet on school-issued devices?" one father asked. The district officials declined to answer, saying it was meant to be a listening session.
In 2022, Los Angeles Unified started requiring students to complete benchmark assessments on educaitonal software i-Ready, the article points out, which generates unique questions for each students. "But parents and teachers are unable to see what children are asked, in part because the company that makes the program considers them proprietary information..."

One teacher says his school's administartors are requiring him to use i-Ready even though it doesn't have any material for the science class he's actually teaching. He's also noticed some students will use answers from AI chatbots, bypassing the school's monitoring software by creating alternate user profiles. But the monitoring software company suggests the school misconfigured their software's settings, adding "More commonly, when students attempt to bypass filtering or monitoring, they do so by using proxies."

Thanks to long-time Slashdot reader schwit1 for sharing the article.

"The internet did transform work — but not the way 1998 thought..." argues the Wall Street Journal. "The internet slipped inside almost every job and rewired how work got done."

So while the number of single-task jobs like travel agent dropped, most jobs "are bundles of judgment, coordination and hands-on work," and instead the internet brought "the quiet transformation of nearly every job in the economy... Today, just 10% of workers make minimal use of the internet on the job — roles like butcher and carpet installer." [T]he bigger story has been additive. In 1998, few could conceive of social media — let alone 65,000 social-media managers — and 200,000 information-security analysts would have sounded absurd when data still lived on floppy disks... Marketing shifted from campaign bursts to always-on funnels and A/B testing. Clinics embedded e-prescribing and patient portals, reshaping front-office and clinical handoffs. The steps, owners and metrics shifted. Only then did the backbone scale: We went from server closets wedged next to the mop sink to data centers and cloud regions, from lone system administrators to fulfillment networks, cybersecurity and compliance.

That is where many unexpected jobs appeared. Networked machines and web-enabled software quietly transformed back offices as much as our on-screen lives. Similarly, as e-commerce took off, internet-enabled logistics rewired planning roles — logisticians, transportation and distribution managers — and unlocked a surge in last-mile work. The build-out didn't just hire coders; it hired coordinators, pickers, packers and drivers. It spawned hundreds of thousands of warehouse and delivery jobs — the largest pockets of internet-driven job growth, and yet few had them on their 1998 bingo card... Today, the share of workers in professional and managerial occupations has more than doubled since the dawn of the digital era.

So what does that tell us about AI? Our mental model often defaults to an industrial image — John Henry versus the steam drill — where jobs are one dominant task, and automation maps one-to-one: Automate the task, eliminate the job. The internet revealed a different reality: Modern roles are bundles. Technologies typically hit routine tasks first, then workflows, and only later reshape jobs, with second-order hiring around the backbone. That complexity is what made disruption slower and more subtle than anyone predicted. AI fits that pattern more than it breaks it... [LLMs] can draft briefs, summarize medical notes and answer queries. Those are tasks — important ones — but still parts of larger roles. They don't manage risk, hold accountability, reassure anxious clients or integrate messy context across teams. Expect a rebalanced division of labor: The technical layer gets faster and cheaper; the human layer shifts toward supervision, coordination, complex judgment, relationship work and exception handling.

What to expect from AI, then, is messy, uneven reshuffling in stages. Some roles will contract sharply — and those contractions will affect real people. But many occupations will be rewired in quieter ways. Productivity gains will unlock new demand and create work that didn't exist, alongside a build-out around data, safety, compliance and infrastructure.

AI is unprecedented; so was the internet. The real risk is timing: overestimating job losses, underestimating the long, quiet rewiring already under way, and overlooking the jobs created in the backbone. That was the internet's lesson. It's likely to be AI's as well.

An anonymous reader shares a report: For the past several years, America has been using its young people as lab rats in a sweeping, if not exactly thought-out, education experiment. Schools across the country have been lowering standards and removing penalties for failure. The results are coming into focus.

Five years ago, about 30 incoming freshmen at UC San Diego arrived with math skills below high-school level. Now, according to a recent report from UC San Diego faculty and administrators, that number is more than 900 -- and most of those students don't fully meet middle-school math standards. Many students struggle with fractions and simple algebra problems. Last year, the university, which admits fewer than 30 percent of undergraduate applicants, launched a remedial-math course that focuses entirely on concepts taught in elementary and middle school. (According to the report, more than 60 percent of students who took the previous version of the course couldn't divide a fraction by two.) One of the course's tutors noted that students faced more issues with "logical thinking" than with math facts per se. They didn't know how to begin solving word problems.

The university's problems are extreme, but they are not unique. Over the past five years, all of the other University of California campuses, including UC Berkeley and UCLA, have seen the number of first-years who are unprepared for precalculus double or triple. George Mason University, in Virginia, revamped its remedial-math summer program in 2023 after students began arriving at their calculus course unable to do algebra, the math-department chair, Maria Emelianenko, told me.

"We call it quantitative literacy, just knowing which fraction is larger or smaller, that the slope is positive when it is going up," Janine Wilson, the chair of the undergraduate economics program at UC Davis, told me. "Things like that are just kind of in our bones when we are college ready. We are just seeing many folks without that capability."

Part of what's happening here is that as more students choose STEM majors, more of them are being funneled into introductory math courses during their freshman year. But the national trend is very clear: America's students are getting much worse at math. The decline started about a decade ago and sharply accelerated during the coronavirus pandemic. The average eighth grader's math skills, which rose steadily from 1990 to 2013, are now a full school year behind where they were in 2013, according to the National Assessment of Educational Progress, the gold standard for tracking academic achievement. Students in the bottom tenth percentile have fallen even further behind. Only the top 10 percent have recovered to 2013 levels.

An anonymous reader shared this report from The Register: Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" — but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.

Amazon Inspector security researchers, using a new detection rule and AI assistance, originally spotted the suspicious npm packages in late October, and, by November 7, the team had flagged thousands. By November 12, they had uncovered more than 150,000 malicious packages across "multiple" developer accounts. These were all linked to a coordinated tea.xyz token farming campaign, we're told. This is a decentralized protocol designed to reward open-source developers for their contributions using the TEA token, a utility asset used within the tea ecosystem for incentives, staking, and governance.

Unlike the spate of package poisoning incidents over recent months, this one didn't inject traditional malware into the open source code. Instead, the miscreants created a self-replicating attack, infecting the packages with code to automatically generate and publish, thus earning cryptocurrency rewards on the backs of legitimate open source developers. The code also included tea.yaml files that linked these packages to attacker-controlled blockchain wallet addresses.
At the moment, Tea tokens have no value, points out CSO Online. "But it is suspected that the threat actors are positioning themselves to receive real cryptocurrency tokens when the Tea Protocol launches its Mainnet, where Tea tokens will have actual monetary value and can be traded..." In an interview on Friday, an executive at software supply chain management provider Sonatype, which wrote about the campaign in April 2024, told CSO that number has now grown to 153,000. "It's unfortunate that the worm isn't under control yet," said Sonatype CTO Brian Fox. And while this payload merely steals tokens, other threat actors are paying attention, he predicted. "I'm sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride that, not just to get the Tea tokens but to put some actual malware in there, because if it's replicating that fast, why wouldn't you?"

When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person. With the swollen numbers reported this week, Amazon researchers wrote that it's "one of the largest package flooding incidents in open source registry history, and represents a defining moment in supply chain security...." For now, says Sonatype's Fox, the scheme wastes the time of npm administrators, who are trying to expel over 100,000 packages. But Fox and Amazon point out the scheme could inspire others to take advantage of other reward-based systems for financial gain, or to deliver malware.
After deplooying a new detection rule "paired with AI", Amazon's security researchers' write, "within days, the system began flagging packages linked to the tea.xyz protocol... By November 7, the researchers flagged thousands of packages and began investigating what appeared to be a coordinated campaign. The next day, after validating the evaluation results and analyzing the patterns, they reached out to OpenSSF to share their findings and coordinate a response.
Their blog post thanks the Open Source Security Foundation (OpenSSF) for rapid collaboration, while calling the incident "a defining moment in supply chain security..."

America's largest university system, with 460,000 students, is the 22-campus "Cal State" system, reports the New York Times. And it's recently teamed with Amazon, OpenAI and Nvidia, hoping to embed chatbots in both teaching and learning to become what it says will be America's "first and largest AI-empowered" university" — and prepare students for "increasingly AI-driven" careers.

It's part of a trend of major universities inviting tech companies into "a much bigger role as education thought partners, AI instructors and curriculum providers," argues the New York Times, where "dominant tech companies are now helping to steer what an entire generation of students learn about AI, and how they use it — with little rigorous evidence of educational benefits and mounting concerns that chatbots are spreading misinformation and eroding critical thinking..."

"Critics say Silicon Valley's effort to make AI chatbots integral to education amounts to a mass experiment on young people." As part of the effort, [Cal State] is paying OpenAI $16.9 million to provide ChatGPT Edu, the company's tool for schools, to more than half a million students and staff — which OpenAI heralded as the world's largest rollout of ChatGPT to date. Cal State also set up an AI committee, whose members include representatives from a dozen large tech companies, to help identify the skills California employers need and improve students' career opportunities... Cal State is not alone. Last month, California Community Colleges, the nation's largest community college system, announced a collaboration with Google to supply the company's "cutting edge AI tools" and training to 2.1 million students and faculty. In July, Microsoft pledged $4 billion for teaching AI skills in schools, community colleges and to adult workers...

[A]s schools like Cal State work to usher in what they call an "AI-driven future," some researchers warn that universities risk ceding their independence to Silicon Valley. "Universities are not tech companies," Olivia Guest and Iris van Rooij, two computational cognitive scientists at Radboud University in the Netherlands, recently said in comments arguing against fast AI adoption in academia. "Our role is to foster critical thinking," the researchers said, "not to follow industry trends uncritically...."

Some faculty members have pushed back against the AI effort, as the university system faces steep budget cuts. The multimillion-dollar deal with OpenAI — which the university did not open to bidding from rivals like Google — was wasteful, they added. Faculty senates on several Cal State campuses passed resolutions this year criticizing the AI initiative, saying the university had failed to adequately address students using chatbots to cheat. Professors also said administrators' plans glossed over the risks of AI to students' critical thinking and ignored troubling industry labor practices and environmental costs.

Martha Kenney, a professor of women and gender studies at San Francisco State University, described the AI program as a Cal State marketing vehicle helping tech companies promote unproven chatbots as legitimate educational tools.
The article notes that Cal State's chief information officer "defended the OpenAI deal, saying the company offered ChatGPT Edu at an unusually low price.

"Still, California's community college system landed AI chatbot services from Google for more than 2 million students and faculty — nearly four times the number of users Cal State is paying OpenAI for — for free."

An anonymous reader quotes a report from Ars Technica: Today is the official end-of-support date for Microsoft's Windows 10. That doesn't mean these PCs will suddenly stop working, but if you don't take action, it does mean your PC has received its last regular security patches and that Microsoft is washing its hands of technical support. This end-of-support date comes about a decade after the initial release of Windows 10, which is typical for most Windows versions. But it comes just four years after Windows 10 was replaced by Windows 11, a version with stricter system requirements that left many older-but-still-functional PCs with no officially supported upgrade path. As a result, Windows 10 still runs on roughly 40 percent of the world's Windows PCs (or around a third of US-based PCs), according to StatCounter data.

But this end-of-support date also isn't set in stone. Home users with Windows 10 PCs can enroll in Microsoft's Extended Security Updates (ESU) program, which extends the support timeline by another year. [...] Home users can only get a one-year stay of execution for Windows 10, but IT administrators and other institutions with fleets of Windows 10 PCs can also pay for up to three years of ESUs, which is also roughly the amount of time users can expect new Microsoft Defender antivirus updates and updates for core apps like Microsoft Edge. Obviously, Microsoft's preferred upgrade path would be either an upgrade to Windows 11 for PCs that meet the requirements or an upgrade to a new PC that does support Windows 11. It's also still possible, at least for now, to install and run Windows 11 on unsupported PCs. Your day-to-day experience will generally be pretty good, though installing Microsoft's major yearly updates (like the upcoming Windows 11 25H2 update) can be a bit of a pain.

Google will discontinue Gmailify and POP email support in January 2026, forcing users who rely on these features to switch to IMAP. PCWorld reports: These changes only affect future emails. Emails that have already been synchronized in the Gmail account will remain the same. External accounts can still be used in the Gmail app, but only via IMAP. Google also recommends that users with work or education accounts contact their administrators if a Google Workspace migration is needed.

For many Gmail users, these changes will likely mean getting used to the new system. Anyone who previously upgraded their external email accounts with Gmailify or integrated them via POP will have to switch to IMAP by January 2026 at the latest and do without some convenient functions, like spam filters and automatic sorting.

An anonymous reader shares a report: Battered by funding cuts, bombarded by the White House and braced for demographic changes set to send enrollment into a nosedive, America's colleges and universities have spent this year in flux. But one of higher education's rituals resurfaced again on Tuesday, when U.S. News & World Report published the college rankings that many administrators obsessively track and routinely malign. And, at least in the judgment of U.S. News, all of the headline-making upheaval has so far led to ... well, a lot of stability.

Princeton University, the Massachusetts Institute of Technology and Harvard University retained the top three spots in the publisher's rankings of national universities. Stanford University kept its place at No. 4, though Yale University also joined it there. Williams College remained U.S. News's pick for the best national liberal arts college, just as Spelman College was again the top-ranked historically Black institution. In one notable change, the University of California, Berkeley, was deemed the country's top public university. But it simply switched places with its counterpart in Los Angeles.

An Associated Press investigation based on tens of thousands of leaked documents revealed Tuesday that American technology companies designed and built core components of China's surveillance apparatus over the past 25 years, selling billions of dollars in equipment to Chinese police and government agencies despite warnings about human rights abuses.

IBM partnered with Chinese defense contractor Huadi in 2009 to develop predictive policing systems for the "Golden Shield" project, AP reports, citing classified government blueprints. The technology enabled mass detentions in Xinjiang, where administrators assigned 100-point risk scores to Uyghurs with deductions for growing beards or being aged 15-55. Dell promoted a laptop with "all-race recognition" capabilities on its WeChat account in 2019. Thermo Fisher Scientific marketed DNA kits as "designed" for ethnic minorities including Uyghurs and Tibetans until August 2024.

Oracle, Microsoft, HP, Cisco, Intel, NVIDIA, and VMware sold geographic mapping software, facial recognition systems, and cloud infrastructure to Chinese police through the 2010s. The surveillance network tracks "key persons" whose movements are restricted and monitored, with one estimate suggesting 55,000 to 110,000 people were placed under residential surveillance in the past decade. China now has more surveillance cameras than the rest of the world combined.