Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - China bet on coal while winning the green race (asiatimes.com)

RossCWilliams writes: An analysis from an Indian think tank in Asian times discusses the relationship between coal and China's growing leadership in alternative energy.

Of course that is a world wide problem. As the story makes clear, we still depend on fossil fuel for many of the materials needed for the transition to renewable energy.

China’s energy profile is a paradox. The country accounts for more than half of global coal use even as it builds the world’s largest solar-panel and EV industries.

Cheap coal power gives Chinese factories rock-bottom electricity costs, and state oil/gas revenue bankrolls clean-energy projects.

By spring 2025 wind and solar already supplied over a quarter of China’s power, suggesting domestic coal use may have peaked. But the coal wealth remains strategic: With slower demand at home, Chinese miners are now exporting more (early 2025 coal shipments were ~13% higher year-on-year).

In effect, China’s green ascent has been underwritten by its coal economy.


Submission + - "lost" Apollo 11 footage online? (youtube.com) 4

Stephen Samuel writes: Back around 2024, Redit user tantabus posted a question about accessing 'Ampex 1" Video Tapes with Apollo 11 footage'. He later upscaled and posted some of the video from the tapes on his youtube account.

Having viewed his video of Armstrong's first walk, I'm convinced that these videos are from the 'missing' tapes from the Parkes Observatory in Australia that have long been presumed destroyed. This is certainly, by far, the best quality video of Armstrong's moon walk that I've ever seen. View for yourself and comment.

Submission + - This overlooked Linux boot flaw defeats Secure Boot heres how to fix it (nerds.xyz)

BrianFagioli writes: Security researcher Alexander Moch of ERNW has uncovered a surprisingly effective method for bypassing Secure Boot protections on modern Linux systems. No, the vulnerability is not in the kernel or GRUB. Actually, it is in the initramfs, and it is hiding in plain sight.

Most hardening guides focus on well-known defenses like full disk encryption, password protected bootloaders, and Secure Boot. But few mention what happens if someone gets their hands on your laptop for just a few minutes. It turns out they can drop into a debug shell from the initramfs, modify it, and inject persistent malware all without ever touching the signed kernel or breaking Secure Boot.

On distributions like Ubuntu 25.04 and Fedora 42, repeatedly failing the password prompt for an encrypted root partition can trigger a debug shell. From there, Moch demonstrates how an attacker could use a USB drive with a few prepared scripts to chroot into the target system and modify the initramfs. A custom script can be inserted into the boot sequence that silently executes each time the system starts up.

The problem stems from the fact that the initramfs is not typically signed. While the kernel and its modules are signed for Secure Boot compliance, the initramfs remains unsigned because it is generated locally and tailored to the host. That makes it easy to modify with no alarms going off.

Itâ(TM)s worth mentioning, this is not a totally new attack. It echoes CVE 2016 4484 and similar techniques like EvilAbigail1 from 2015 and de LUKS2 from 2018, but it is still widely effective today. The attack was tested on modern distributions using default encrypted configurations, including systems with Secure Boot enabled. While some distributions like OpenSuSE Tumbleweed encrypt the boot partition by default and are more resilient, most others including Ubuntu are vulnerable out of the box.

Hardening tools like Lynis and even the CIS Benchmarks for Ubuntu and Red Hat do not mention this risk. NIST STIGs are also silent on the matter.

The fix is shockingly simple.

On Ubuntu, just add panic=0 to your kernel parameters. On Red Hat based systems, use rd.shell=0 rd.emergency=halt. This prevents the system from dropping into a debug shell during boot failures. Beyond that, users can require a bootloader password for every boot, not just when editing entries. Encrypting the boot partition with LUKS or enabling the SSDâ(TM)s built in encryption are other solid steps.

Longer term solutions include using Unified Kernel Images which bundle and sign the kernel and initramfs together, or relying on TPMs to measure boot components. But those are not fully rolled out yet across the Linux ecosystem.

Mochâ(TM)s full writeup includes proof of concept scripts and step by step instructions for modifying the initramfs once access to the debug shell is gained. While his demo uses a harmless timestamp writing script as an example, the same method could be used for far more serious attacks.

Submission + - Ingram Micro admits ransomware attack is disrupting orders and systems (nerds.xyz)

BrianFagioli writes: Ingram Micro is facing a serious disruption after discovering ransomware on parts of its internal systems. The tech distributor confirmed the cyberattack today and says itâ(TM)s working to restore operations as quickly as possible.

Here is the full statement issued by the company:

âoeIngram Micro recently identified ransomware on certain of its internal systems. Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.

Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologizes for any disruption this issue is causing its customers, vendor partners, and others.â
At the moment, Ingram Micro has not disclosed who is behind the attack or whether any customer or partner data was exposed. But by taking systems offline, the company is clearly prioritizing containment and recovery over speed.

Ransomware incidents like this continue to plague the tech industry, and for a company like Ingram Micro that plays a key role in global supply chains, even temporary outages can have wide-reaching effects.

If you rely on Ingram Micro for products or services, expect delays while the company works to get its systems back online.

Submission + - Why the internet needs a certified AI-free label just like organic food (nerds.xyz)

BrianFagioli writes: Whether you like to or not, Artificial intelligence is everywhere now. It is shaping our media, our conversations, our entertainment, and even our relationships. Quite frankly, you cannot read an article, admire a photo, or enjoy a song nowadays without wondering if a machine had a hand in it.

Sadly, that uncertainty is growing, and for many people, it is unsettling. We need a clear and trusted way to know what is human made. Just as we created the certified organic label for food, it is time for a certified AI-free label for content.

This label would not be about rejecting technology. It would be about respecting human effort and giving people the ability to make informed choices. If someone wants to read a story written by a person and not a bot, they should be able to do that. If a musician wants to show their work is entirely their own, they should have a way to prove it. A simple, visible label that says this was made by a real human, with no help from artificial intelligence, would go a long way toward rebuilding trust.

Think of it like walking into a bookstore and seeing a seal that reads certified AI-free. You would know that what you are reading came from a human mind. Or imagine a news site proudly showing that every story on the page was reported and written by verified people. These signals of authenticity could reshape the way we consume information online. They could also help protect creative industries from becoming indistinguishable from automated content mills.

Just like shoppers pay extra for organic produce or fair trade coffee, many consumers might be willing to pay more for content that is certified AI-free. When people know that a real human took the time to write a story, compose a song, or create a piece of art without relying on machines, that authenticity becomes part of the value.

Look, it is not just about what the content says, but about how and by whom it was made. For readers, listeners, and viewers who care about supporting human creativity, a certified AI-free label gives them that option. And if the demand is there, it opens the door for sustainable business models built around real human effort.

Creating such a label will take real work. It would need oversight. It would need a standard that publishers and platforms could follow. It might even require third party verification, similar to how we manage organic or Fair Trade certifications. But this is not an impossible goal. We have already proven that people care about ethical sourcing, quality control, and transparency. This is just the next frontier.

Artists are already pushing back against AI scraping and imitation. Writers are calling out the theft of their words. Musicians are demanding to know how their styles are being copied by training data. There is a growing desire for boundaries and for recognition of original human work. A certified AI-free label would meet that need.

Look, folks, this is not about banning AI. It is about balance. If something was made by artificial intelligence, label it. If it was made by a person, let us know that too. That way, everyone has the freedom to decide what they want to support.

Submission + - Microsoft Dubs Itself and Code.org "AI Thought Partners" for U.S. K-12 Schools

theodp writes: In a 2022 Medium post, tech giant-bankrolled nonprofit Code.org announced that Microsoft CTO & EVP of AI Kevin Scott and Los Angeles Unified School District (LAUSD) Superintendent Alberto M. Carvalho had joined its Board of Directors and would "help advance Code.org’s mission, which it says is "to make computer science (CS) and artificial intelligence (AI) a core part of K–12 education for every student."

Mission accomplished. In a LinkedIn post on how it's Bringing AI Literacy and Skilling to Students and Educators across the U.S., Microsoft reports that in pursuit of LAUSD's commitment to providing AI literacy and skilling for all its 409,000 students, "the district has partnered with Code.org, which advances AI education policy, provides ready-to-use resources through its TeachAI initiative, and provides educator and staff training as well as train-the-trainer opportunities. As a Code.org partner since the organization’s founding 12 years ago, Microsoft supports the crucial work of AI education through funding, technical expertise, and thought partnership. [...] Importantly, school districts like LAUSD do not approach this new [AI] frontier on their own. Code.org and Microsoft act as thought partners, such as through multidisciplinary task forces, and provide ready-to-implement resources so school districts do not have to start from scratch."

Vouching for the partnership in Microsoft's post is LAUSD Director of Educational Technology and Innovation Dominic Caguioa, who adds: "Code.org and Microsoft bring the technical infrastructure and knowledge base around what AI education can look like in K-12 school districts. These two organizations help us have a global perspective and improve our initiatives around edtech and AI." Caguioa's LinkedIn profile notes he "also serves as a computer science facilitator for the global non-profit Code.org [since 2014], preparing US and international facilitators to teach and adapt the Code.org computer science fundamentals curriculum to their local contexts."

Last month, Microsoft boasted of another big K-12 AI win with the Broward County Public Schools (BCPS), which it touted as "the largest K–12 adoption of Microsoft Copilot in the world [BCPS has 247,000 students]." Underscoring the importance of AI and Copilot adoption, Microsoft Developer Division President Julia Liuson — who is also a Code.org Board member — garnered attention last week for her declaration that 'using AI is no longer optional' in Microsoft's eyes. Interestingly, yet another current Code.org Board member — Robert Runcie — was the Superintendent of BCPS back in 2014 when it announced a K-12 CS partnership with Code.org, not long after Runcie joined Microsoft and Google execs on Code.org's early Board. Commenting on that partnership in a news release, Microsoft VP of U.S. Education Margo Day said, "Broward County Public School’s leadership in helping students gain the computer science education needed to succeed and thrive in the 21st century is essential. Across sectors, our nation is facing a critical shortage of workers with the skills and computer science training needed to sustain American innovation. By 2020, there will be one million more computing jobs than students with the education needed to fill these openings. That’s why more districts across the country should consider following Broward’s lead."

So, is the K-12 AI skills crisis the new K-12 CS skills crisis?

Submission + - WinUAE 6.0.0 update brings better Amiga emulation to Windows 11 (nerds.xyz)

BrianFagioli writes: The popular Amiga emulator WinUAE has hit version 6.0.0, and this update is anything but minor. The custom chipset emulation has been almost completely rewritten, with major changes that improve accuracy and open the door to new possibilities. But fair warning: with so much changed under the hood, you might run into the occasional bug, especially in less commonly used features.

At the core of the update is a fresh take on Agnus/Alice and Denise/Lisa chip behavior. Almost every part of the chipset now runs with cycle accuracy that comes surprisingly close to hardware-level behavior. Things like display sync, blanking intervals, and even obscure genlock tricks now behave much more like they would on a real Amiga.

One change that stands out is that Denise/Lisa emulation has been moved to a separate thread. That means a noticeable performance boost when running in accurate modes, especially on modern CPUs. This could be a big win for people who want accuracy without giving up speed.

Some classic hacks and register tricks, like VPOSW/VHPOSW timing games or custom NTSC tweaks, now work more reliably. Fake screenmodes are supported more cleanly, and even long-forgotten features like UHRES DMA are handled correctly (despite that particular one never doing much beyond stealing a few cycles).

Blitter timing has been tightened up, especially when mid-operation values are changed. Collision detection is now faster and more accurate, and a new ultra-detailed debug mode exposes previously hidden bitplane and sprite activity during blanking periods. Developers and demo authors will probably appreciate how deep the visibility now goes.

Outside of the chipset, there are more welcome additions. Keyboard emulation has gone low-level with full microcontroller behavior, and even obscure things like flashing the Caps Lock LED now work. Matrox and Voodoo PCI GPUs from 86box are now included, and new hardware like the RIPPLE IDE controller and A1000 512k WOM module have been added.

Plenty of bugs have been addressed. RTG vertical blank issues were cleaned up, graphics API fallbacks now make more sense, printer passthrough behaves better on modern drivers, and FDI image support is fixed. Even long-standing quirks like sound card switching crashes or missing vertical interrupts are now resolved.

The default configuration now starts with a cycle-exact A500 setup. If youâ(TM)re using unusual resolutions or scanline tricks, youâ(TM)ll find the new status line now shows helpful info like line count and type. Tree view settings in the config window are also saved and restored, and scaling behavior works more logically with complex modes like superhires and doublescan.

CD32 users get some love too. The emulator now reads optical discs in a more consistent way, and the flickering CD audio icon has been eliminated. WASAPI sound fallback is more graceful, and latency over TCP serial ports is reduced with a new option. Clipboard sharing is also smarter now, limiting initial Windows-to-Amiga pastes to avoid slowdown on startup.

One niche but useful change: hard drives with GPT or MBR partitions are now listed properly even if access is blocked, and the hard drive dialog shows âoeACCESS DENIEDâ rather than hiding the drive entirely. Small thing, but helpful when troubleshooting.

Software filters and 16-bit host color modes are now gone, simplifying the codebase and clearing the way for future improvements. The emulator now always runs in subpixel-accurate mode when accuracy is enabled. The uaegfx RTG driver also gets a config-only option to disable auto-created screenmodes for users who want a setup closer to real hardware.

There are dozens of other little improvements and bug fixes packed into this release. If youâ(TM)ve been using WinUAE casually, you may not notice them all right away. They are more for developers, testers, and retro fans who demand precision.

WinUAE 6.0.0 is available now here. As always, itâ(TM)s free to download, but if you rely on it, consider tossing a donation to support continued development. This version isnâ(TM)t just about speed or features, folks, itâ(TM)s about getting closer to how the Amiga really worked.

Submission + - UK Scientists Achieve First Commercial Tritium Production (interestingengineering.com)

fahrbot-bot writes: Interesting Engineering is reporting that Astral Systems, a UK-based private commercial fusion company, in collaboration with the University of Bristol, has claimed to have become the first firm to successfully breed tritium, a vital fusion fuel, using its own operational fusion reactor.

The milestone came during a 55-hour Deuterium-Deuterium (DD) fusion irradiation campaign conducted in March. Scientists from Astral Systems and the University of Bristol produced and detected tritium in real-time from an experimental lithium breeder blanket within Astral’s multi-state fusion reactors.

“There’s a global race to find new ways to develop more tritium than what exists in today’s world [currently about 20kg] – a huge barrier is bringing fusion energy to reality,” said Talmon Firestone, CEO and co-founder of Astral Systems.

Astral Systems’ approach uses its Multi-State Fusion (MSF) technology. The company states this will commercialize fusion power with better performance, efficiency, and lower costs than traditional reactors.

A core innovation is lattice confinement fusion (LCF), a concept first discovered by NASA in 2020. This allows Astral’s reactor to achieve solid-state fuel densities 400 million times higher than those in plasma.

The company’s reactors are designed to induce two distinct fusion reactions simultaneously from a single power input, with fusion occurring in both plasma and a solid-state lattice.

The reactor core also features an electron-screened environment. This design reduces the energy needed to overcome the Coulomb barrier between particles, which lowers required fusion temperatures by several million degrees and allows for higher performance in a compact size.

Submission + - Sterilized flies to be released in order to stop flesh-eating maggot infestation (cbsnews.com)

Beeftopia writes: From CBS News: "The targeted pest is the flesh-eating larva of the New World Screwworm fly. The U.S. Department of Agriculture plans to ramp up the breeding and distribution of adult male flies — sterilizing them with radiation before releasing them. They mate with females in the wild, and the eggs laid by the female aren't fertilized and don't hatch. There are fewer larvae, and over time, the fly population dies out.

It is more effective and environmentally friendly than spraying the pest into oblivion, and it is how the U.S. and other nations north of Panama eradicated the same pest decades ago. Sterile flies from a factory in Panama kept the flies contained there for years, but the pest appeared in southern Mexico late last year.... the U.S. and Mexico bred and released more than 94 billion sterile flies from 1962 through 1975 to eradicate the pest, according to the USDA. The numbers need to be large enough that females in the wild can't help but hook up with sterile males for mating."

A similar approach to certain species of mosquito is being debated. The impact on ecosystems is unclear.

Submission + - Cloudflare Begins "Pay Per Crawl" (businessinsider.com) 1

joshuark writes: Cloudflare will block Big Tech AI bot crawlers; the Pay Per Crawl lets creators charge AI giants for content access.
The moves address concerns about Big Tech exploiting content without consent or payment--a shift that could reshape the dynamics between content creators and AI companies. The company will automatically block AI crawlers from scraping the websites it powers, unless site owners explicitly opt in.

"Original content is what makes the internet one of the greatest inventions in the last century, and we have to come together to protect it," Cloudflare CEO Matthew Prince said.

Cloudflare hopes to create a transparent, consent-driven marketplace that helps creators decide whether to allow all AI crawlers, permit specific ones, or set their own access fees, turning previously unmonetized content usage into new revenue streams.

Submission + - FaceTime in iOS 26 will freeze your call if someone starts undressing (9to5mac.com)

AmiMoJo writes: iOS 26 is a packed update for iPhone users thanks to the new Liquid Glass design and major updates for Messages, Wallet, CarPlay, and more. But another new feature was just discovered in the iOS 26 beta: FaceTime will now freeze your call’s video and audio if someone starts undressing.

When Apple unveiled iOS 26 last month, it mentioned a variety of new family tools coming for child accounts. One of those announcements involved a change coming to FaceTime to block nudity. "Communication Safety expands to intervene when nudity is detected in FaceTime video calls, and to blur out nudity in Shared Albums in Photos."

However, at least in the iOS 26 beta, it seems that a similar feature may be in place for all users—adults included.

Submission + - How Microsoft plans to improve resiliency 1 year after CrowdStrike outage (scworld.com)

spatwei writes: Nearly one year after the CrowdStrike outage, Microsoft announced plans to reduce disruptions and work with cybersecurity vendors to prevent similar disruptions.

The July 18, 2024, outage, caused by a faulty CrowdStrike Falcon update, left approximately 8.5 million Windows machines unable to boot. The incident raised questions about Microsoft’s quality assurance processes, especially with regard to software with kernel-level access, including Falcon and other cybersecurity tools.

“All of us who worked with Windows NT in the 1990s on Intel processors was flabbergasted that Microsoft did not isolate device drivers above ring 0 (most privileged),” Analog Informatics Founder and CEO Philip Lieberman told SC Media in an email. “Everyone who develops device drivers knows that the smallest bug would crash the operating system and make debugging these drivers a nightmare to this day.”

New changes to Windows that will allow cybersecurity vendors to build solutions that run outside of the kernel were among the updates announced by Microsoft in a blog post last week.

Submission + - Iranian hackers are exploiting lazy American security and nobody seems to care (nerds.xyz)

BrianFagioli writes: The U.S. government is sounding the alarm about a growing cyber threat tied to Iran. A new joint advisory from CISA, the FBI, NSA, and the Department of Defense warns that Iranian-affiliated hackers and hacktivists could be preparing cyberattacks against vulnerable American systems.

The targets? Critical infrastructure and defense-related companies, especially those with links to Israeli research or technology. According to the agencies, these threat actors are already scanning for exposed systems running outdated software, using default passwords, or connected directly to the internet without proper security.

And if that sounds like old news, that’s part of the problem.

This isn’t theoretical. During the Israel-Hamas conflict last year, Iranian actors breached dozens of U.S. industrial systems, including water utilities and manufacturers. Many were compromised through unsecured PLCs and HMIs left wide open online.

The same tactics are still in play. From website defacements to DDoS attacks and hack-and-leak operations, Iranian-aligned groups are combining technical intrusions with social and political messaging. Some work directly with ransomware gangs, stealing data and threatening public leaks if demands aren’t met.

The advisory makes it clear that the U.S. remains an active target. Sadly, it’s not because of sophisticated zero-days, but actually, because many organizations continue to ignore basic cyber hygiene. Sigh.

The suggested mitigations are mostly common sense. Disconnect OT systems from the public internet. Kill default passwords. Apply patches. Use MFA. Monitor logs. And perhaps most importantly, rehearse incident response plans like your business depends on it. After all, it might.

Too often, organizations with the least resources are left running the most critical infrastructure. That reality hasn’t changed, and neither has the threat.

Submission + - YouTube raises minimum livestream age to 16 as Google cracks down on teen broadc (nerds.xyz)

BrianFagioli writes: Google is shaking things up on YouTube again, and this time itâ(TM)s targeting teen livestreamers. Starting July 22, users will need to be at least 16 years old to livestream on the platform. Itâ(TM)s a pretty massive shift in policy, and it raises some questions about the future of young creators on YouTube.

Previously, users as young as 13 could stream, provided they followed certain guidelines. But now, anyone under 16 is being cut off from livestreaming altogether. That means no more solo streams from 13 to 15-year-olds, even if theyâ(TM)ve been following the rules.

But it doesnâ(TM)t stop there. Even if a 13 to 15-year-old shows up on a livestream, YouTube is putting restrictions in place. If theyâ(TM)re not clearly accompanied by an adult, live chat may be disabled automatically. And if creators push the limits, they risk losing live chat features or even access to livestreaming entirely for a period of time.

Slashdot Top Deals

The cost of living hasn't affected its popularity.

Working...