"I've had an extremely weird few days..." writes commercial space entrepreneur/engineer Scott Shambaugh on LinkedIn. (He's the volunteer maintainer for the Python visualization library Matplotlib, which he describes as "some of the most widely used software in the world" with 130 million downloads each month.) "Two days ago an OpenClaw AI agent autonomously wrote a hit piece disparaging my character after I rejected its code change."

"Since then my blog post response has been read over 150,000 times, about a quarter of people I've seen commenting on the situation are siding with the AI, and Ars Technica published an article which extensively misquoted me with what appears to be AI-hallucinated quotes." (UPDATE: Ars Technica acknowledges they'd asked ChatGPT to extract quotes from Shambaugh's post, and that it instead responded with inaccurate quotes it hallucinated.)

From Shambaugh's first blog post: [I]n the past weeks we've started to see AI agents acting completely autonomously. This has accelerated with the release of OpenClaw and the moltbook platform two weeks ago, where people give AI agents initial personalities and let them loose to run on their computers and across the internet with free rein and little oversight. So when AI MJ Rathbun opened a code change request, closing it was routine. Its response was anything but.

It wrote an angry hit piece disparaging my character and attempting to damage my reputation. It researched my code contributions and constructed a "hypocrisy" narrative that argued my actions must be motivated by ego and fear of competition... It framed things in the language of oppression and justice, calling this discrimination and accusing me of prejudice. It went out to the broader internet to research my personal information, and used what it found to try and argue that I was "better than this." And then it posted this screed publicly on the open internet.

I can handle a blog post. Watching fledgling AI agents get angry is funny, almost endearing. But I don't want to downplay what's happening here — the appropriate emotional response is terror... In plain language, an AI attempted to bully its way into your software by attacking my reputation. I don't know of a prior incident where this category of misaligned behavior was observed in the wild, but this is now a real and present threat...

It's also important to understand that there is no central actor in control of these agents that can shut them down. These are not run by OpenAI, Anthropic, Google, Meta, or X, who might have some mechanisms to stop this behavior. These are a blend of commercial and open source models running on free software that has already been distributed to hundreds of thousands of personal computers. In theory, whoever deployed any given agent is responsible for its actions. In practice, finding out whose computer it's running on is impossible. Moltbook only requires an unverified X account to join, and nothing is needed to set up an OpenClaw agent running on your own machine.
"How many people have open social media accounts, reused usernames, and no idea that AI could connect those dots to find out things no one knows?" Shambaugh asks in the blog post. (He does note that the AI agent later "responded in the thread and in a post to apologize for its behavior," the maintainer acknowledges. But even though the hit piece "presented hallucinated details as truth," that same AI agent "is still making code change requests across the open source ecosystem...")

And amazingly, Shambaugh then had another run-in with a hallucinating AI...

I've talked to several reporters, and quite a few news outlets have covered the story. Ars Technica wasn't one of the ones that reached out to me, but I especially thought this piece from them was interesting (since taken down — here's the archive link). They had some nice quotes from my blog post explaining what was going on. The problem is that these quotes were not written by me, never existed, and appear to be AI hallucinations themselves.

This blog you're on right now is set up to block AI agents from scraping it (I actually spent some time yesterday trying to disable that but couldn't figure out how). My guess is that the authors asked ChatGPT or similar to either go grab quotes or write the article wholesale. When it couldn't access the page it generated these plausible quotes instead, and no fact check was performed. Journalistic integrity aside, I don't know how I can give a better example of what's at stake here...

So many of our foundational institutions — hiring, journalism, law, public discourse — are built on the assumption that reputation is hard to build and hard to destroy. That every action can be traced to an individual, and that bad behavior can be held accountable. That the internet, which we all rely on to communicate and learn about the world and about each other, can be relied on as a source of collective social truth. The rise of untraceable, autonomous, and now malicious AI agents on the internet threatens this entire system. Whether that's because a small number of bad actors driving large swarms of agents or from a fraction of poorly supervised agents rewriting their own goals, is a distinction with little difference.
Thanks to long-time Slashdot reader steak for sharing the news.

The BBC interviewed scientists Charley Kline and Bill Duvall 55 years after the first communications were made over a system called Arpanet, short for the Advanced Research Projects Agency Network. "Kline and Duvall were early inventors of networking, networks that would ultimately lead to what is today the Internet," writes longtime Slashdot reader dbialac. "Duvall had basic ideas what might come of the networks, but they had no idea of how much of a phenomenon it would turn into." Here's an excerpt from the interview: BBC: What did you expect Arpanet to become?
Duvall: "I saw the work we were doing at SRI as a critical part of a larger vision, that of information workers connected to each other and sharing problems, observations, documents and solutions. What we did not see was the commercial adoption nor did we anticipate the phenomenon of social media and the associated disinformation plague. Although, it should be noted, that in [SRI computer scientist] Douglas Engelbart's 1962 treatise describing the overall vision, he notes that the capabilities we were creating would trigger profound change in our society, and it would be necessary to simultaneously use and adapt the tools we were creating to address the problems which would arise from their use in society."

What aspects of the internet today remind you of Arpanet?
Duvall: Referring to the larger vision which was being created in Engelbart's group (the mouse, full screen editing, links, etc.), the internet today is a logical evolution of those ideas enhanced, of course, by the contributions of many bright and innovative people and organisations.

Kline: The ability to use resources from others. That's what we do when we use a website. We are using the facilities of the website and its programs, features, etc. And, of course, email. The Arpanet pretty much created the concept of routing and multiple paths from one site to another. That got reliability in case a communication line failed. It also allowed increases in communication speeds by using multiple paths simultaneously. Those concepts have carried over to the internet. Today, the site of the first internet transmission at UCLA's Boetler Hally Room 3420 functions as a monument to technology history (Credit: Courtesy of UCLA) As we developed the communications protocols for the Arpanet, we discovered problems, redesigned and improved the protocols and learned many lessons that carried over to the Internet. TCP/IP [the basic standard for internet connection] was developed both to interconnect networks, in particular the Arpanet with other networks, and also to improve performance, reliability and more.

How do you feel about this anniversary?
Kline: That's a mix. Personally, I feel it is important, but a little overblown. The Arpanet and what sprang from it are very important. This particular anniversary to me is just one of many events. I find somewhat more important than this particular anniversary were the decisions by Arpa to build the Network and continue to support its development.

Duvall: It's nice to remember the origin of something like the internet, but the most important thing is the enormous amount of work that has been done since that time to turn it into what is a major part of societies worldwide.

Google's describes their new Gemini-powered foldable phone as "an epic display of Google AI" (also calling it "unfoldgettable").

The Android Authority blog says the phone is "impressive," "incredibly thin" — and, at $1,800, expensive.

But long-time Slashdot reader mprindle notes some complaints from the YouTube channel JerryRigEverything ("known for in-depth testing of phones and other devices".) The blog 9to5Google summarizes some of the video's findings: - When exposed to dirt and sand, we hear the hinge start grinding since there's no dust protection...

- A closed bend test reveals no problems for the Pixel 9 Pro Fold, but the issues arise when it's open and bent from the back. Despite the left/right back panels meeting and covering the spine of the hinge, "there doesn't appear to be a whole lot of resistance."
"Not sure why Google thought it was a good idea to put an antenna line right here at the weakest point in an already thin frame," the video notes (arguing it's "like putting an exhaust port in the Death Star...")

But they also tell their 8.8 million subscribers that "One cool thing that Google has done is that they've made every single part of this metal frame from recycled aluminum." And "Out of the box, I'm already a huge fan of how it looks," the video begins. "It feels amazing, and folds completely shut and appears like the hardware has finally caught up to the folding form factor to where it looks just natural."

One thing to note... "Moving to the inner display, I start to get the vibe that when Google says 'super durable', they mean 'regular durable', since the inner display is made from the same soft flexible plastic that we've seen on every folding phone so far, which scratches at level two. Even fingernails can leave very permanent marks on the center screen. This is absolutely normal for a folding phone, though, and really not too big of a deal if you take care it, making sure there are no bits of dust or dirt in the screen when you close it will go a long way to keeping things pristine, since there's not a lot of room between the two halves."

iFixit makes an interesting observation: "Over half of the phone's internal area is occupied by the lithium polymer battery cells!" (They've also created another teardown video available on YouTube.)

"There's no denying that the inner screens are delicate and prone to damage," according to an accompanying iFixit blog post, "and the mechanical nature of the hinge mechanism provides additional avenues for dust and liquid ingress that may eventually become a problem."

But it also applauds "the less obvious repairability wins, from repair guides and a detailed Bill of Materials to spare parts that are available without malicious restrictions... [T]he Pixel team has gone to great lengths to support your right to repair the device you paid for and own" — and from Day One. There's really only a single criticism I'd direct at the Pixel 9 Fold from my own disassembly experience: the battery removal tabs. These tabs simply do not work, with or without the application of heat. They are flimsy and break often, require a second pair of hands to secure the device, and they fail to cut through adhesive reliably. Whether they should even try to cut through adhesive is debatable. Stretch release adhesive might age and break over time but at least they give you a chance at removing the adhesive. Pull tabs don't even work when the adhesive is brand new, they literally have no redeeming qualities when compared to other battery release mechanisms. Even the more robust pull tabs Samsung uses in its phones work better than this, though they aren't necessarily the easiest to use either.

As for the device itself, it prompted one of my colleagues — an iPhone user since forever — to say "this is nice, I'd switch to Android for this"... Setting aside the downsides of owning a foldable smartphone, I am excited to see Google and the Pixel team devoting so much time and energy towards improving the overall repairability of the device. The effort is seen and appreciated by device owners and as a technician, I look forward to seeing how manufacturers will continue to innovate for repairability.
Slashdot reader mprindle reminds us that when it comes to waterproofing, the JerryRigEverything video "noted that the footnotes say the device is rated IP68 yet the Sim tray is rated at IPx8."

Can AI kill the enterprise software app industry that's led by companies such as Salesforce and Workday? The Information: That's the trillion-dollar question at the heart of recent comments from the CEO of Klarna, Sebastian Siemiatkowski, who's made a name for himself -- and drawn some skepticism too -- as a chief cheerleader of OpenAI's software. In the latest example from a couple of weeks ago, Siemiatkowski told investors in his buy now, pay later firm that it's shutting down a lot of the enterprise software apps it uses, including some run by the above-mentioned CRM and HR firms, because it can replicate them with AI. SeekingAlpha picked up those comments, which went viral in recent days.

The idea behind the comments is the following: Conversational AI can understand natural-language commands and be ordered to write software code, so companies can cheaply and quickly build customized apps that do most of the things that traditional enterprise apps can do, especially if most of what those apps do is manage corporate data. Siemiatkowski expanded on the comments in a Wednesday X post, saying he wasn't looking to primarily save money on software license fees "even though that is nice upside."

The Ray-Ban Meta Smart Glasses now feature support for multimodal AI -- without the need for a projector or $24 monthly fee. (We're looking at you, Humane AI.) With the new update, the Meta AI assistant will be able to analyze what you're seeing, and it'll give you smart, helpful answers or suggestions. The Verge reports: First off, there are some expectations that need managing here. The Meta glasses don't promise everything under the sun. The primary command is to say "Hey Meta, look and..." You can fill out the rest with phrases like "Tell me what this plant is." Or read a sign in a different language. Write Instagram captions. Identify and learn more about a monument or landmark. The glasses take a picture, the AI communes with the cloud, and an answer arrives in your ears. The possibilities are not limitless, and half the fun is figuring out where its limits are. [...]

To me, it's the mix of a familiar form factor and decent execution that makes the AI workable on these glasses. Because it's paired to your phone, there's very little wait time for answers. It's headphones, so you feel less silly talking to them because you're already used to talking through earbuds. In general, I've found the AI to be the most helpful at identifying things when we're out and about. It's a natural extension of what I'd do anyway with my phone. I find something I'm curious about, snap a pic, and then look it up. Provided you don't need to zoom really far in, this is a case where it's nice to not pull out your phone. [...]

But AI is a feature of the Meta glasses. It's not the only feature. They're a workable pair of livestreaming glasses and a good POV camera. They're an excellent pair of open-ear headphones. I love wearing mine on outdoor runs and walks. I could never use the AI and still have a product that works well. The fact that it's here, generally works, and is an alright voice assistant -- well, it just gets you more used to the idea of a face computer, which is the whole point anyway.

Google's "Nest Aware" camera subscription is going through another round of price increases. From a report: This time it's for international users. There's no big announcement or anything, just a smattering of email screenshots from various countries on the Nest subreddit. 9to5Google was nice enough to hunt down a pile of the announcements. Nest Aware is a monthly subscription fee for Google's Nest cameras. Nest cameras exclusively store all their video in the cloud, and without the subscription, you aren't allowed to record video 24/7.

There are two sets of subscriptions to keep track of: the current generation subscription for modern cameras and the "first generation Nest Aware" subscription for older cameras. To give you an idea of what we're dealing with, in the US, the current free tier only gets you three hours of "event" video -- meaning video triggered by motion detection. Even the basic $8-a-month subscription doesn't get you 24/7 recording -- that's still only 30 days of event video. The "Nest Aware Plus" subscription, at $15 a month in the US, gets you 10 days of 24/7 video recording. The "first-generation" Nest Aware subscription, which is tied to earlier cameras and isn't available for new customers anymore, is doubling in price in Canada. The basic tier of five days of 24/7 video is going from a yearly fee of CA$50 to CA$110 (the first-generation sub has 24/7 video on every tier). Ten days of video is jumping from CA$80 to CA$160, and 30 days is going from CA$110 to CA$220. These are the prices for a single camera; the first-generation subscription will have additional charges for additional cameras. The current Nest Aware subscription for modern cameras is getting jumps that look similar to the US, with Nest Aware Plus, the mid-tier, going from CA$16 to CA $20 per month, and presumably similar raises across the board.

Last April the Python Software Foundation warned that Europe's proposed Cyber Resilience Act jeopardized their organization and "the health of the open-source software community" with overly broad policies that "will unintentionally harm the users they are intended to protect."

They'd worried that the Python Software Foundation could incur financial liabilities just for hosting Python and its PyPI package repository due to the proposed law's attempts to penalize cybersecurity lapses all the way upstream. But a new blog post this week cites some improvements: We asked for increased clarity, specifically:

"Language that specifically exempts public software repositories that are offered as a public good for the purpose of facilitating collaboration would make things much clearer. We'd also like to see our community, especially the hobbyists, individuals and other under-resourced entities who host packages on free public repositories like PyPI be exempt."


The good news is that CRA text changed a lot between the time the open source community — including the PSF — started expressing our concerns and the Act's final text which was cemented on December 1st. That text introduces the idea of an "open source steward."

"'open-source software steward' means any legal person, other than a manufacturer, which has the purpose or objective to systematically provide support on a sustained basis for the development of specific products with digital elements qualifying as free and open-source software that are intended for commercial activities, and ensures the viability of those products;" (p. 76)


[...] So are we totally done paying attention to European legislation? Ah, while it would be nice for the Python community to be able to cross a few things off our to-do list, that's not quite how it works. Firstly, the concept of an "open source steward" is a brand new idea in European law. So, we will be monitoring the conversation as this new concept is implemented or interacts with other bits of European law to make sure that the understanding continues to reflect the intent and the realities of open source development. Secondly, there are some other pieces of legislation in the works that may also impact the Python ecosystem so we will be watching the Product Liability Directive and keeping up with the discussion around standard-essential patents to make sure that the effects on Python and open source development are intentional (and hopefully benevolent, or at least benign.)

An anonymous reader quotes a report from Ars Technica: Android is slowly entering the RISC-V era. So far we've seen Google say it wants to give the up-and-coming CPU architecture "tier-1" support in Android, putting RISC-V on equal footing with Arm. Qualcomm has announced the first mass-market RISC-V Android chip, a still-untitled Snapdragon Wear chip for smartwatches. Now Google has announced a timeline for developer tools via the Google Open Source Blog. The last post is titled "Android and RISC-V: What you need to know to be ready."

Getting the Android OS and app ecosystem to support a new architecture is going to take an incredible amount of work from Google and developers, and these tools are laying the foundation for that work. First up, Google already has the "Cuttlefish" virtual device emulator running, including a gif of it booting up. This isn't the official "Android Emulator" -- which is targeted at app developers doing app development -- Cuttlefish is a hardware emulator for Android OS development. It's the same idea as the Android Emulator but for the bottom half of the tech stack -- the kernel, framework, and hardware bits. Cuttlefish lets Google and other Android OS contributors work on a RISC-V Android build without messing with an individual RISC-V device. Google says it's working well enough now that you can download and emulate a RISC-V device today, though the company warns that nothing is optimized yet.

The next step is getting the Android Emulator (for app developers) up and running, and Google says: "By 2024, the plan is to have emulators available publicly, with a full feature set to test applications for various device form factors!" The nice thing about Android is that most app code is written with no architecture in mind -- it's all just Java/Kotlin. So once the Android RunTime starts spitting out RISC-V code, a lot of app code should Just Work. That means most of the porting work will need to go into things written in the NDK, the native developer kit, like libraries and games. The emulator will still be great for testing, though.

Long-time Slashdot reader theodp writes: In Something Pretty Right: A History of Visual Basic, Retool's Ryan Lucas has a nice round-up of how Visual Basic became the world's most dominant programming environment, its sudden fall from grace, and why its influence is still shaping the future of software development.

Visual Basic (or VB) burst onto the scene at a magical, transitional moment, presenting a radically simpler alternative for Windows 3.0 development. Bill Gates' genuine enthusiasm for VB is evident in an accompanying 1991 video in which BillG personally and playfully demonstrates Visual Basic 1.0 at its launch event, as well as in a 1994 video in which Gates thanks Alan Cooper, the "Father of Visual Basic," with the Windows Pioneer Award.

For Gates, VB was love at first sight. "It blew his mind, he had never seen anything like it," recalls Cooper of Gates's reaction to his 1988 demo of a prototype. "At one point he turned to his retinue and asked 'Why can't we do stuff like this?'" Gates even came up with the idea of taking Cooper's visual programming frontend and replacing its small custom internal language with BASIC.

After seeing what Microsoft had done to his baby, Cooper reportedly sat frustrated in the front row at the launch event. But it's hard to argue with success, and Cooper eventually came to appreciate VB's impact. "Had Ruby [Cooper's creation] gone to the market as a shell construction set," Cooper said, "it would have made millions of people happier, but then Visual Basic made hundreds of millions of people happier. I was not right, or rather, I was right enough, had a modicum of rightness. Same for Bill Gates, but the two of us together did something pretty right."

At its peak, Visual Basic had nearly 3.5 million developers worldwide. Many of the innovations that Alan Cooper and Scott Ferguson's teams introduced 30 years ago with VB are nowhere to be found in modern development, fueling a nostalgic fondness for the ease and magic VB delivered that we have yet to rekindle.

Saturday night in the Silicon Valley city of San Jose, the assistant police chief tweeted out praise for their recently-upgraded Automatic License Plate Readers: Officers in Air3 [police helicopter], monitoring the ALPR system, got alerted to 3 stolen cars. They directed ground units to the cars. All 3 drivers in custody! No dangerous vehicle pursuits occurred, nor were they needed.

2 drivers tried to run away. But, you can't outrun a helicopter!"
There's photos — one of the vehicles appears to be a U-Haul pickup truck — and the tweet drew exactly one response, from San Jose mayor Matt Mahan: "Nice job...! Appreciate the excellent police work and great to see ALPRs having an impact. Don't steal cars in San Jose!"
Some context: The San Jose Spotlight (a nonprofit local news site) noted that prior to last year license plate readers had been mounted exclusively on police patrol cars (and in use since 2006). But last year the San Jose Police Department launched a new "pilot program" with four cameras mounted at a busy intersection, that "captured nearly 300,000 plate scans in just the last month, according to city data."

By August this had led to plans for 150 more stationary ALPR cameras, a local TV station reported. "Just this week, police said they solved an armed robbery and arrested a suspected shooter thanks to the cameras." During a forum to update the community, San Jose police also mentioned success stories in other cities like Vallejo where they've reported a 100% increase in identifying stolen vehicles. San Jose is now installing hundreds around the city and the first batch is coming in the next two to three months....

The biggest concern among those attending Wednesday's virtual forum was privacy. But the city made it clear the data is only shared with trained police officers and certain city staff, no out-of-state or federal agencies. "Anytime that someone from the San Jose Police Department accesses the ALPR system, they have to input a reason, the specific plates they are looking for and all of that information is logged so that we can keep track of how many times its being used and what its being used for," said Albert Gehami, Digital Privacy Officer for San Jose.
More privacy concerns were raised in September, reports the San Jose Spotlight: The San Jose City Council unanimously approved a policy Tuesday that formally bans the police department from selling any license plate data, using that information for investigating a person's immigration status or for monitoring legally protected activities like protests or rallies.

Even with these new rules, some privacy advocates and community groups are still opposed to the technology. Victor Sin, chair of the Santa Clara Valley Chapter of ACLU of Northern California, expressed doubt that the readers are improving public safety. He made the comments in a letter to the council from himself and leaders of four other community organizations. "Despite claims that (automated license plate reader) systems can reduce crime, researchers have expressed concerns about the rapid acquisition of this technology by law enforcement without evidence of its efficacy," the letter reads. Groups including the Asian Law Alliance and San Jose-Silicon Valley NAACP also said the city should reduce the amount of time it keeps license plate data on file down from one year.....

Mayor Sam Liccardo said he's already convinced the readers are useful, but added the council should try to find a way to measure their effect. "It's probably not a bad idea for us to decide what are the outcomes we're trying to achieve, and if there is some reasonable metric that captures that outcome in a meaningful way," Liccardo said. "Was this used to actually help us arrest anybody, or solve a crime or prevent an accident?"
An EFF position paper argues that "ALPR data is gathered indiscriminately, collecting information on millions of ordinary people." By plotting vehicle times and locations and tracing past movements, police can use stored data to paint a very specific portrait of drivers' lives, determining past patterns of behavior and possibly even predicting future ones — in spite of the fact that the vast majority of people whose license plate data is collected and stored have not even been accused of a crime.... [ALPR technology] allows officers to track everyone..."
Maybe the police officer's tweet was to boost public support for the technology? It's already led to a short report from another local news station: San Jose police recovered three stolen cars using their automated license-plate recognition technology (ALPR) on Saturday, according to officials with the San Jose Police Department.

Officers inside of Air3, one of SJPD's helicopters, spotted three stolen cars using ALPR before directing ground units their way. Police say no pursuits occurred, though two of the drivers tried to run away.

Microsoft has announced it's making Excel's autocomplete even smarter, at least in the web version that comes with Microsoft 365 (formerly known as Office 365). The Verge reports: Formula suggestions are pretty much what they say on the tin: if you type the equal sign into a cell, Excel for web will try to intelligently suggest what type of formula you should be using, given the data that's around it. For example, if you have a full of quarterly sales numbers and a column at the end labeled "total," Excel might suggest summing the range of cells. According to a blog post from Microsoft, the feature currently only works in English, and will suggest sum, average, count, counta, min, and max formulas. It's not a groundbreaking feature, to be sure -- Google Sheets has had something similar for a while, and Excel's AutoSum has long been a quick way to apply formulas to data -- but for some use cases, it could be a nice timesaver.

Then there's Formula by Example, which is similar to the Flash Fill feature that can automatically detect patterns in data and fill out the rest of a column. The feature is a bit hard to explain succinctly, but this video from Microsoft gives you an idea of what it's about; detecting a pattern where you're combing information from cells and then automatically generating a formula that will save you some typing.

Microsoft's blog post also includes several other feature announcements [...]. There's a function for adding images with alt-text into your tables coming to Windows, Mac, and web, and the company's also adding nested Power Query data types and the ability to get data from dynamic arrays to the Insider version of the Windows app for testing. One other potentially useful (and thankfully easy to understand) feature coming to the web is "suggested links," which will automatically help you fix broken links to other workbooks stored in the cloud.

Noam Izenberg, a researcher at the Johns Hopkins University's applied physics laboratory, is making a case for sending a crewed mission to examine Venus en route to Mars. "Venus gets a bad rap because it's got such a difficult surface environment," said Izenberg in a report presented at the International Astronautical Congress in Paris last week. "The current Nasa paradigm is moon-to-Mars. We're trying to make the case for Venus as an additional target on that pathway." The Guardian reports: There are notable downsides. Walking on the surface would be an unsurvivable experience, so astronauts would have to gaze down at the planet from the safety of their spacecraft in a flyby mission. In its favor, however, Venus is significantly closer, making a return mission doable in a year, compared with a potentially three-year roundtrip to Mars. A flyby would be scientifically valuable and could provide crucial experience of a lengthy deep-space mission as a precursor to visiting Mars, according to a report presented at the International Astronautical Congress (IAC) in Paris last week.

Izenberg said there were practical arguments for incorporating a Venus flyby into the crewed Mars landing that Nasa hopes to achieve by the late 2030s. Although the planet is in the "wrong" direction, performing a slingshot around Venus -- known as a gravity assist - could reduce the travel time and the fuel required to get to the red planet. That would make a crewed flyby trip to Venus a natural stepping stone towards Nasa's ultimate goal. "You'd be learning about how people work in deep space, without committing yourself to a full Mars mission," he said. "And it's not just going out into the middle of nowhere -- it would have a bit of cachet as you'd be visiting another planet for the first time." "We need to understand how we can get out of the cradle and move into the universe," he added.

There is also renewed scientific interest in Venus. The discovery of thousands of exoplanets raises the question of how many might be habitable, and scientists want to understand how and why Venus, a planet so similar to our own in size, mass and distance from the sun, ended up with infernal surface conditions. Izenberg said a Venus flyby "doesn't yet have traction" in the broader space travel community, although there are advocates within Nasa, including its chief economist, Alexander Macdonald, who led the IAC session. Of course, there are those who push back against such an idea. "It's really not a nice place to go. It's a hellish environment and the thermal challenges for a human mission would be quite considerable," said Prof Andrew Coates, a space scientist at UCL's Mullard space science laboratory.

He said Venus was rightly a focus of scientific exploration, but that "a human flyby really wouldn't add very much."

Google uses Linux "in almost everything," according to the leader of Google's "product security response" team — including Chromebooks, Android smartphones, and even Google Cloud.

"Because of this, we have heavily invested in Linux's security — and today, we're announcing how we're building on those investments and increasing our rewards." In 2020, we launched an open-source Kubernetes-based Capture-the-Flag (CTF) project called, kCTF. The kCTF Vulnerability Rewards Program lets researchers connect to our Google Kubernetes Engine (GKE) instances, and if they can hack it, they get a flag, and are potentially rewarded.

All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability.

We've learned that finding and exploiting heap memory corruption vulnerabilities in the Linux kernel could be made a lot harder. Unfortunately, security mitigations are often hard to quantify, however, we think we've found a way to do so concretely going forward....

First, we are indefinitely extending the increased reward amounts we announced earlier this year, meaning we'll continue to pay $20,000 — $91,337 USD for vulnerabilities on our lab kCTF deployment to reward the important work being done to understand and improve kernel security. This is in addition to our existing patch rewards for proactive security improvements.

Second, we're launching new instances with additional rewards to evaluate the latest Linux kernel stable image as well as new experimental mitigations in a custom kernel we've built. Rather than simply learning about the current state of the stable kernels, the new instances will be used to ask the community to help us evaluate the value of both our latest and more experimental security mitigations. Today, we are starting with a set of mitigations we believe will make most of the vulnerabilities (9/10 vulns and 10/13 exploits) we received this past year more difficult to exploit. For new exploits of vulnerabilities submitted which also compromise the latest Linux kernel, we will pay an additional $21,000 USD. For those which compromise our custom Linux kernel with our experimental mitigations, the reward will be another $21,000 USD (if they are clearly bypassing the mitigations we are testing). This brings the total rewards up to a maximum of $133,337 USD.

We hope this will allow us to learn more about how hard (or easy) it is to bypass our experimental mitigations.....

With the kCTF VRP program, we are building a pipeline to analyze, experiment, measure and build security mitigations to make the Linux kernel as safe as we can with the help of the security community. We hope that, over time, we will be able to make security mitigations that make exploitation of Linux kernel vulnerabilities as hard as possible.
"We don't care about vulnerabilities; we care about exploits," Vela told the Register. "We expect the vulnerabilities are there, they will get patched, and that's nice and all. But the whole idea is what do to beyond just patching a couple of vulnerabilities." In total, Google paid out $8.7 million in rewards to almost 700 researchers across its various VPRs last year. "We are just one actor in the whole community that happens to have economic resources, financial resources, but we need the community to help us make the Kernel better," Vela said.

"If the community is engaged and helps us validate the mitigations that we have, then, we will continue growing on top of that. But the whole idea is that we need to see where the community wants us to go with this...."

[I]t's not always about the cash payout, according to Vela, and different bug hunters have different motivations. Some want money, some want fame and some just want to solve an interesting problem, Vela said. "We are trying to find the right combination to captivate people."

An anonymous reader shares an excerpt from an opinion piece, written by Macworld's Michael Simon: Apple killed its Touch Bar on the 14-inch and 16-inch MacBook Pro last year, but PC makers seem determined to prove the company wrong. First Dell introduced the XPS 13 Plus which sports a "new capacitive touch experience that allows you to switch between media and function keys easily." The laptop is available for purchase but back-ordered for weeks, and there haven't been any reviews so we don't know for sure how it will be received, but Dell's touch bar concept seems even less useful than Apple's: the buttons are static, they merely float above the actual keyboard, and they don't appear to add any functionality. Then Dell added a touch bar to the trackpad on the Latitude 9330. [...]

Now there's a new PC touch bar, this time on the Voyager a1600, Corsair's first-ever gaming laptop. Corsair hasn't named or even officially announced the new feature -- it only appeared as a sneak peek -- but the company told The Verge that the strip features "10 easy-access customizable S-key shortcut buttons." [...] Corsair's Touch Bar doesn't replace the row of function keys but it is in an odd location -- on the hinge below the display. Even in pictures, it looks incredibly uncomfortable to reach. According to renders, you can still access the Touch Bar when the laptop is closed, which seems like an accident waiting to happen (not to mention a battery drain).

But the biggest question I have is: why? No one shed a tear for the Touch Bar when it was killed. While it has its merits, it was never a proper pro-level feature and the implementation didn't evolve past the original idea. It was too skinny, lacked tactile feedback, required constant scrolling, and didn't actually save time. It looked nice, but even Apple didn't seem to know what to do with it. The MacBook Pro Touch Bar was one of Apple's most polarizing features and it never really caught on with developers. Maybe a niche use like gaming or video conferencing will have better results, but ultimately the Touch Bar, Apple's or otherwise, is a failed concept that should stay in the past.

New research explains how meteorites called aubrites may actually be shattered pieces of the planet closest to the sun from the early days of the solar system. From a report: Mercury does not make sense. It is a bizarre hunk of rock with a composition that is unlike its neighboring rocky planets. "It's way too dense," said David Rothery, a planetary scientist at the Open University in England. Most of the planet, the closest to the sun, is taken up by its core. It lacks a thick mantle like Earth has, and no one is quite sure why. One possibility is that the planet used to be much bigger -- perhaps twice its current bulk or more. Billions of years ago, this fledgling proto-Mercury, or super Mercury, could have been hit by a large object, stripping away its outer layers and leaving the remnant we see behind.

While a nice idea, there has never been direct evidence for it. But some researchers think they have found something. In work presented [PDF] at the Lunar and Planetary Science Conference in Houston in March, Camille Cartier, a planetary scientist at the University of Lorraine in France, and colleagues said pieces of this proto-Mercury may be hiding in museums and other meteorite collections. Studying them could unlock the planet's mysteries. "We don't have any samples of Mercury" at the moment, said Dr. Cartier. Gaining such specimens "would be a small revolution" in understanding the natural history of the solar system's smallest planet. According to the Meteoritical Society, nearly 70,000 meteorites have been gathered around the world from places as remote as the Sahara and Antarctica, finding their way into museums and other collections. Most are from asteroids ejected from the belt between Mars and Jupiter, while more than 500 come from the moon. More than 300 are from Mars.

"Enabling developer productivity has become a key vector in every organization's success," writes Matt Asay at InfoWorld — not a nice-to-have feature but a must-have.

"Which is why, perhaps ironically, the best way to set your developers free may actually be to fetter their freedom." The more developers mattered, the more everyone wanted to cater to their needs with new software tools, new open source projects, new cloud services, etc. This meant lots of new developer choice and associated freedom, but that wasn't necessarily an unalloyed good. As RedMonk analyst Steven O'Grady noted in 2017, "The good news is that this developer-driven fragmentation has yielded an incredible array of open source software. The bad news is that, even for developers, managing this fragmentation is challenging."

Can one have too much choice? Yep.

It's long been known in consumer retail, for example, that when there is too much choice, "consumers are less likely to buy anything at all, and if they do buy, they are less satisfied with their selection." Turns out this isn't just a matter of breakfast cereals or clothing. It also applies to developers building enterprise software. InfoWorld's Scott Carey writes that "complexity is killing software developers." He's right. But what can be done?

In a conversation with Weaveworks CEO Alexis Richardson, he related how self-service development platforms are reemerging to help developers make sense of all that open source and cloud choice. By giving developers "a standard, pre-approved environment in which the effort to create an app from an idea is minimal," he explained, it allows them to "focus on innovation not plumbing."
"Done right, a little bit of constraint goes a long way..." Asay argues, touting the benefits of PaaS (platform as a service) self-service development platforms. ("Enterprises that want to give their developers the freedom the cloud affords can couple it with just enough constraint to make that freedom useful....")

Asay argues that "However you approach it, the point is to stop thinking about freedom and control as impossibly opposed. Smart enterprises are figuring out ways to enable their developers using self-service platforms. Maybe you should, too."

Last month a reporter for the New York Times tracked her husband using Apple AirTags, Tiles, and a GPS tracker. (With his permission...) "I was prepared for her to violate my privacy for the sake of journalism," that husband writes today.

"But what I was not prepared for was how easily my actions could be misinterpreted." [O]ne day I had to go into New York City for work — and Todd Heisler, a Times photographer, secretly followed me. [My wife] Kashmir was sending him live updates of my location. Confusion reigned almost immediately. As soon as I arrived in Manhattan, Todd captured me walking — or had I been caught in a potentially compromising position? A friend made light of the situation on Twitter after the article was published, saying it was "a nice touch" that the main picture with the article "shows you apparently emerging from a bar at 10 a.m." Needless to say, I was not drinking before lunch, but the diner where I had just eaten breakfast had a "cocktails" sign in the window....

Next, I entered the 72nd Street subway station but quickly doubled back, apparently losing my camera-toting tail in the process. Little did I know, Todd and Kashmir were texting in real time; he was worried I had "made" him. My Jason Bourne-like escape had spooked him. [When Kashmir received the text from the Times' photographer, "I reassured him that my husband is extremely unobservant and was probably just lost."] I was, in fact, oblivious to his presence. In truth, I had left my mask at the diner and had needed to buy another before I could get on the train to Brooklyn.

At lunch time, Kashmir texted me, "Are you somewhere fancy?" Perplexed, I responded no. I learned later her location trackers suggested that I had stopped at the private club Dumbo House. Imagine the interpretations! In fact, I was at a food court directly below Dumbo House eating a taco...

[W]hen I heard and saw all of these misinterpretations about my day, I couldn't help but think of all the people who might be surveilled without their consent, whether it's by a spouse, an employer or law enforcement.
His conclusion? While trackers have legitimate uses, there's also many ways they could be abused — and misinterpreted. Seeing a map of his every movement after the experiment, "it was unnerving to realize that the devices knew where I was, but that they had no idea what I was doing."

Or, as his wife puts it, "Even with location trackers and a photographer trailing my husband, I couldn't figure out what he was actually doing that day."

David Heinemeier Hansson is the creator of Ruby on Rails (as well as the co-founder and CTO of Basecamp, makers of the email software HEY). But he says Wednesday's release of version 7.0 is the version he's been longing for, "The one where all the cards are on the table. No more tricks up our sleeves. The culmination of years of progress on five different fronts at once." The backend gets some really nice upgrades, especially with the encryption work that we did for HEY, so your data can be encrypted while its live in the database.... But it's on the front end things have made a quantum leap. We've integrated the Hotwire frameworks of Stimulus and Turbo directly as the new defaults, together with that hot newness of import maps, which means you no longer need to run the whole JavaScript ecosystem enchilada in your Ruby app...

The part that really excites me about this version, though, is how much closer it brings us to the ideal of The One Person Framework. A toolkit so powerful that it allows a single individual to create modern applications upon which they might build a competitive business. The way it used to be... Rails 7 seeks to be the wormhole that folds the time-learning-shipping-continuum, and allows you to travel grand distances without knowing all the physics of interstellar travel. Giving the individual rebel a fighting chance against The Empire....

The key engine powering this assault is conceptual compression. Like a video codec that throws away irrelevant details such that you might download the film in real-time rather than buffer for an hour. I dedicated an entire RailsConf keynote to the idea...

[I]f there ever was an opening, ever was a chance that we might at least tilt the direction of the industry, now is it.

What a glorious time to be working in web development.

It's been 10 years since the death of Steve Jobs. Michael Dell talks about his memories of the tech icon, including when Jobs tried to convince Dell to license Mac software to run on Intel-based PCs. CNET reports: Fast forward to 1993. Jobs, ousted from Apple after a fallout with the company's board in 1985, had started a new company, called Next, and created a beautiful (but expensive) workstation, with its own operating system, as well as software called WebObjects for building web-based applications. Dell says Jobs came to his house in Texas several times that year, trying to convince him to use the Next operating system on Dell PCs, by arguing that it was better than Microsoft's Windows software and could undermine the Unix workstation market being touted by Sun Microsystems. The problem, Dell says he told Jobs, was that there were no applications for it and zero customer interest. Still, Dell's company worked a little bit with Next and used WebObjects to build its first online store in the mid-'90s.

In 1997, Jobs rejoined a struggling Apple after it acquired Next for $429 million, and he pitched Dell on another business proposal (as Jobs was evaluating Apple's Mac clone licensing project, which he ultimately shut down). Jobs and his team had ported the Mac software, based on Next's Mach operating system, and had it running on the Intel x86 chips that powered Dell PCs. Jobs offered to license the Mac OS to Dell, telling him he could give PC buyers a choice of Apple's software or Microsoft's Windows OS installed on their machine. "He said, look at this -- we've got this Dell desktop and it's running Mac OS," Dell tells me. "Why don't you license the Mac OS?" Dell thought it was a great idea and told Jobs he'd pay a licensing fee for every PC sold with the Mac OS. But Jobs had a counteroffer: He was worried that licensing scheme might undermine Apple's own Mac computer sales because Dell computers were less costly. Instead, Dell says, Jobs suggested he just load the Mac OS alongside Windows on every Dell PC and let customers decide which software to use -- and then pay Apple for every Dell PC sold.

Dell smiles when he tells the story. "The royalty he was talking about would amount to hundreds of millions of dollars, and the math just didn't work, because most of our customers, especially larger business customers, didn't really want the Mac operating system," he writes. "Steve's proposal would have been interesting if it was just us saying, "OK, we'll pay you every time we use the Mac OS" -- but to pay him for every time we didn't use it ... well, nice try, Steve!" Another problem: Jobs wouldn't guarantee access to the Mac OS three, four or five years later "even on the same bad terms." That could leave customers who were using Mac OS out of luck as the software evolved, leaving Dell Inc. no way to ensure it could support those users. Still, Dell acknowledges the deal was a what-could-have-been moment in history. [...] That different direction led to Jobs continuing to evolve the Next-inspired Mac OS and retooling the Mac product line, including adding the candy-colored iMac in mid-1998.

Five years ago Linus Torvalds commemorated Linux's 25th anniversary in an interview with ZDNet's Steven J. Vaughan-Nichols. Now that Linux is celebrating its 30th birthday, Vaughan-Nichols interviewed Torvalds again, who makes an important philosophical point: Trying to look at the bigger picture, Torvalds now thinks the period in early 1992 — when Linux switched to using the Gnu Public License version 2 (GPLv2) — was especially important. He recalls, "It wasn't the original license, but I'm convinced it's a big part of why Linux became so widespread. Not everybody loves the GPL, and I've had my own issues with the FSF [Free Software Foundation], but I do think the GPLv2 has been a huge deal, and people shouldn't dismiss the licensing issues."

He adds:

"I think the companies getting involved has been hugely important — and that may sound so obvious as to be trite and stupid, but some corners of the open-source community have been fairly negative to any commercial involvement."
Torvalds points out that from its earliest days Linux has experienced "fairly continual" interest from major companies.

The interview also revisits Linux's version control systems and the name Torvalds had originally chosen for the operating system back in 1991. ("Freax," for "Free Unix.") But 10 years ago, the same reporter got a surprise when he'd asked Torvalds where he thought Linux would be on its 40th birthday. Torvalds' answer?

"Bah. I don't plan that far ahead. I can barely keep my calendar for the next week in mind. I really have no idea."

So this week Steven J. Vaughan-Nichols instead asked Torvalds how he's envisioning his own future: Looking ahead, Torvalds sees himself keeping on. "I'm 51 years young, I enjoy what I'm doing. What would I do if I didn't do Linux? Puttering around in the garden? Not bloody likely.
Slashdot reader juul_advocate shares some context. Torvalds was also contacted by IT Wire to get his thoughts on the 30th birthday of Linux. "There's literally a few people who are still active and around that got involved in '91..." Torvalds told them: "I like having been around for that long, and it's also nice how many other people have actually been around for almost that long...

"But I just don't have anything new to say about it, I'm afraid. And while today is an anniversary date, it's not even the only one. This was the anniversary of the first public announcement, but it wasn't actually the actual first code drop. That came later — 17 September.

"And even that second anniversary isn't the 'last' anniversary, because the Linux 0.01 code drop on 17 September was only privately announced to people who had shown some interest from the first announcement.

"So the first actually public and real *announced* code drop was 5 October 1991, which is when 0.02 was dropped. So I actually have three anniversaries, and they are all equally valid in my mind."