I have a student who is writing a paper about exactly this topic. Almost any large project nowadays uses dozens of external libraries, which in turn use dozens or hundreds more. This creates a huge, almost unknowable dependency tree. Any of those libraries may be updated at any time, and be pulled into a new release of your software. Any of those libraries may contain a security flaw that could be discovered and exploited. Any of those libraries may be deliberately compromised - and how would you know?

As a current example, consider the recently discovered flaw in Starlette, which the developer claims is downloaded 325 million times per week. Never heard of Starlette? That's because it is a fundamental building block buried deep in that dependency tree. Despite the title of the article, this flaw affects far more that just AI apps.

IMHO, the best solution - if you can afford it - is to write as much of your own code as you can. Sure, you may also have security flaws, but you are a far smaller and less interesting target. If there is a better solution, I don't know what it is...

The US government can compel any US company to release data that it holds, even if that data is stored outside the US. Pretending that any US company can comply with the GDPR is a fantasy.

This might, might be acceptable, if one could trust the US government. At latest after the Snowdon revelations, we all know that you cannot.

Please tell us where the 40,000 dead Iranian protesters fit into this Trump-caused catastrophe...

Please, run the numbers for us - how could Musk "single-handedly" solve world hunger?

I once heard a kid at a sandwich shop say "Elon Musk could give everyone on the planet $1M and it wouldn't even affect him"... I explained to him that's not how math works, if there are 9 billion people on the planet and Musk has $90BN, he could give everyone $10 and be destitute.

But please, I'm all ears - how could Elon Musk end world hunger?

What is it with the addiction our governments have to mass surveillance? Were the police unable to do their jobs before the Internet? When correspondence was by physical mail instead of Email? When they had to get warrants before invading a person's privacy?

That's an excellent write-up by curl. It shows that the entire reporting system needs revised, in the age of AI reports. Automatically assigned the highest scores to vague reports can no longer be justified.

I have no idea what your point is at all. Seriously, are you OK? Just to make it clear - I am against governments, I am against governments using any technology to make it easier for government to oppress people and this is one instrument of oppression.

> Disney's gotta nail the sweet, sweet merchandising.

Problem is that kids aren't generally buying Star Wars toys anymore, adults are, and they are increasingly detached from the new parts of the franchise.

Nothing is being spoofed.

Typically, the spammers find a support ticket submission page, or a bug tracker or some other quasi-public system. Then they open a ticket or report a bug using YOUR email address and a name like "YOURNAME, we are going to charge your credit card $587.16 for Norton Antivirus if you don't call XXX or email YYY in the next 24 hours"

YOU then get an email from the ticketing system or bug tracker or whatever it is. This email contains the spammer's message, plus whatever is in the stock "your report is now in our system" email template the system is using.

This was all over Zendesk a few months ago. I was getting them from seemingly every company on the planet that had outsourced ticket tracking to their system.

So how can this be allowed if there is so much graft around this technology that is flowing through thousands of hands in the government offices?

Here is an example: https://www.fmcsa.dot.gov/news...

This here: https://simpler.grants.gov/opp...

Funding Opportunity Number: FM-MHP-26-002
Assistance Listing: 20.245
Funding Details: $52.7 million expected total amount to award

Executive Summary:
The objective of the HP-ITD program is to advance the
technological capability and promote the deployment of
intelligent transportation system applications for CMV
operations, including CMV, commercial driver, and carrier-
specific information systems and networks, and to
support/maintain CMV information systems and networks to
(i) link Federal motor carrier safety information systems with
State CMV systems; (ii) improve safety and productivity of
CMVs and commercial drivers; (iii) and reduce costs
associated with CMV operations and regulatory
requirements.

Eligible Applicants
1.1 General
The HP-ITD awards are available to States, the District of Columbia, the Commonwealth of Puerto
Rico, the Commonwealth of the Northern Mariana Islands, American Samoa, Guam, and the U.S. Virgin
Islands. FMCSA may award HP-ITD funds to eligible applicants that have an approved program plan as
outlined in the Fixing Americaâ(TM)s Surface Transportation (FAST) Act. Individuals and businesses are
not eligible to apply for HP-ITD funding.

This entire thing is premised on the idea that there will be *more* information available to the federal government to work with, not less. They are fully committed to using these ALPR cameras that are everywhere now to track everything all the time and to put every truck driver out of service for any inconsistency in their visual data and thus hand out more fines, more court time, more oppression.

This is just one single program, one example, there are so much more, there is so much money at stake, never mind the actual flock graft itself.

The Cybertruck was delayed for years and the price (initial) was two to two and a half times what was discussed when Tesla started taking reservations.

The Trump Phone was delayed, but AFAIK the price didn't creep up.

Like you, not sure which was worse.

There are Pre-Orders, then there are Actual Orders, then there are the number of Orders that were leaked by the third-party (Leaked Orders)

Pre-orders > Actual Orders > Leaked Orders

There is no reason to assume that every Actual Order was leaked by the third-party. - it might be, but the report doesn't support that conclusion.

Oh, hello, you must be new here - welcome to slashdot!

Anything that remotely involves Trump, Bezos, Gates, Amazon, Microsoft, or Windows will be blamed on Trump, Bezos, Gates, Amazon, Microsoft, or Windows, no matter who actually is to blame/caused the issue.

When I was a kid, we called that a Phone Book, now it's "Exposing Customer Data"? OK, whatever.

Over 60% of VMs on Azure run a version of Linux, not Windows - but you knew that, right?

https://commandlinux.com/stati...