I suspect part of it is that the mitigation for DirtyFrag covers it, so everyone who blocked all the modules in question when that had only an incomplete patch probably hasn't unblocked them yet. I think this is the 4th patch for these modules, and only got a new name rather than just "there's still a way to get this code to do the wrong thing" because a different outside team found this one.

Yeah, and the person who released the information first was operating in an "if I noticed this, doing only as much as I'm doing, surely attackers would also notice" mode. Possibly some patches these days are sufficiently obvious as to their correctness and also effect that they should first become public as a set of stable releases. This was a kind of special case, as CopyFail was the combination of some code doing something strange with one user not being prepared for it, and fixed the user. If there are other users that also aren't prepared, fixing them isn't going to be subtle.

How shadows and reflections move when you're 10 milies from a mostly flat surface a thousand miles across is legitimately hard to analyze for a visual system that evolved on the ground, especially if you throw in small periodic surface orientation variations. Given how complicated it is to explain rare rainbow-related phenomena like sun dogs, it would be surprising if we'd identified and explained everything that can appear when flying above the ocean.

While you're at it, you also need to block installing esp4, esp6, and rxrpc, for, y'know, reasons.

Even if training is legal (and I don't concede it is), you still have to have a legally authorized copy to train from to begin with. Unless Meta paid for every book they trained their AI from, they're already guilty of copyright infringement.

According to the article, they (by way of their cloud provider) had DR backups, which they were able to get restored. But getting offline backups restored takes longer than the SLAs they give their customers and loses some data that hasn't been copied offline yet, which is why they also have backups that are complete and immediately available, using the API key that the attacker -- sorry, AI -- found in a file it wasn't supposed to have access to.

Acting - as part of "the arts" - is more play than work for the people who do it. That merits not automating it because without enjoyable things to do, we become nothing but consumption machines.

Why should the movie studio executives, board of directors, or shareholders care? To them, it's a business to maximize profit. You can do that if using AI costs less than paying actors.

Verizon's 2 Gbps Fios home service doesn't support IPv6, due apparently to them picking hardware for this particular service that doesn't handle it. Their other service does handle it, including slower home Fios, but not that in particular.

It uses VRTX, reportedly. Linux wasn't suitable as a real-time OS when the Hubble was designed, or really even when the Hubble got the 486 installed in 2009.

Woz, despite his technical chops, had no influence after the Apple ][ days, so while he was initially influential, he hasn't been influential over most of Apple's history.

What if nobody implemented it?

Then Microsoft and Apple among others would be fined per day until they implemented it; or perhaps even being held in contempt of court if the government sued them and won up to and including jail time for executives; or given the current regime, being designated a supply chain risk.

Even if the companies eventually prevail in court, most wouldn't want the hassle or being on the bad side of Orange Man.

I know. My point is that all the site should guarantee to the advertiser is transmission of the ad. What happens to it once it reaches my browser should be irrelevant.

There are sites I like and do not block ads because I want them to be around, and in the end they either need to paywall or run ads to stay in business.

But the company whose ad it is has already paid to be shown on the site, hasn't it? Why should they care whether I choose to block ads via my browser? I'm never going to click on any as anyway.

The LitleLLM packages were comprimosed on Tuesday. The packages compromised today were telnyx 4.87.1 and 4.87.2. It's the same root cause: credentials exposed to a compromised version of Trivy earlier were used to make an unauthorized release of a compromised version of a different package.

One of the lessons we've had as the Federal, multi-branch nature of the US governmennt has frustrated Trump is that the government may be fucking us over, but it's not doing it in *unison*. It's doing it piecemiel, on the initiative of many interests working against each other, just as the framers intended. The motto on the Great Seal notwithstanding, there are myriad roadblocks to consolidating power in the hands of a single individual. It takes time and repeated failures. This is why the second Trump Adminsitration is worse than the first; they've figured out ways around things like Congressional power of the purse, put more of their henchmen in the judiciary, and normalized Congress lying down and letting the president walk all over them. It's a serious situation, although fortunately Trump isn't long for this world.