Agreguesi i feed

Tony Isaac shares a report from NPR: A United Airlines flight traveling from Newark, New Jersey, to Palma de Mallorca, Spain, was forced to make a U-turn and return to Newark after more than four hours in the air due to a security concern. According to passenger reports and air traffic control audio, the disruption was caused by a personal Bluetooth speaker -- reportedly belonging to a teenager -- that had been named "BOMB." Upon returning to Newark, passengers were evacuated so that security details could inspect the entire aircraft and cargo area. The flight was ultimately cleared, reboarded, and arrived at its destination in Spain approximately nine and a half hours behind schedule. Multiple posts on social media from self-identified passengers indicate that the problem was a Bluetooth device on board the plane. One post referenced in-flight announcements with "lots of comments like 'this little joke is ruining it for everyone.'" Audio from air traffic control sheds a little more light on the situation: "There's a security detail out there, someone had a Bluetooth speaker and they named it a certain four-letter word," another voice responded. "So they have to inspect the whole aircraft including the cargo area [and] passengers have to evacuate."

Read more of this story at Slashdot.

Version:next-20260601 (linux-next) Released:2026-06-01

Aikido Security says more than 30 official @redhat-cloud-services npm packages were compromised with a credential-stealing worm called "Miasma," a variant resembling the open-sourced Mini Shai-Hulud supply-chain malware. "The packages were published via GitHub Actions OIDC, indicating the CI/CD pipeline was compromised rather than an npm token," the report says. "If you have installed any affected package versions since June 1, 2026, treat all CI secrets, cloud credentials, SSH keys, and npm tokens as compromised and rotate them immediately." From the report: Each compromised package declares a preinstall script in its package.json that executes node index.js automatically on every npm install, before any application code runs and before the developer has any indication something is wrong. The index.js file is 4.2 MB payload hidden behind multiple layers of obfuscation. As with previous Mini Shai-Hulud attacks, the payload performs a broad credential sweep across cloud providers, CI/CD environments, and developer tooling. On the CI side it targets GitHub Actions secrets including GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN. For cloud credentials it collects AWS access keys and session tokens, GCP application default credentials and service account key files, and Azure service principal credentials and managed identity tokens. It also sweeps for HashiCorp Vault tokens, Kubernetes service account tokens and kubeconfig files, npm and PyPI publish tokens, SSH private keys, Docker registry credentials, GPG keys, and any .env files it can find across the filesystem.

Read more of this story at Slashdot.

Dell has introduced a redesigned $699 XPS 13 aimed squarely at Apple's budget MacBook Neo, offering a premium aluminum design, touch display, backlit keyboard, Wi-Fi 7, 512GB of base storage, and various other configuration options. Dell's machine costs more than Apple's entry model but tries to justify the difference with lighter weight, better display specs, and upgrade paths Apple doesn't offer. "The XPS 13 begins at $699 -- students can purchase it for $599 -- while the MacBook Neo costs $599 and drops to $499 for education buyers," notes Bloomberg. From the report: Dell's product allows for more configuration, with up to 32GB of memory compared with the Neo's nonupgradeable 8GB of unified memory. Its display can also produce a wider spectrum of colors and supports refresh rates up to 120 hertz, while Apple reserves its best screens for the pricier MacBook Pro line. The inclusion of a backlit keyboard should allow for easier typing in dark conditions. Dell has also tossed in other nice-to-have upgrades over the Neo like more robust Wi-Fi 7 wireless networking. As for battery life, Dell is touting "up to 17 hours of streaming" versus a comparable 16 hours on the Neo. Still, the XPS comes with compromises of its own: Unlike the Neo, there's no built-in headphone jack, which means owners will need to rely on its quad-speaker audio system, use Bluetooth earbuds or plug a headphone adapter into one of the two USB-C ports. You can learn more via Dell.com.

Read more of this story at Slashdot.

Version:7.0.11 (stable) Released:2026-06-01 Source:linux-7.0.11.tar.xz PGP Signature:linux-7.0.11.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-7.0.11

Version:6.18.34 (longterm) Released:2026-06-01 Source:linux-6.18.34.tar.xz PGP Signature:linux-6.18.34.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.34

Version:6.12.92 (longterm) Released:2026-06-01 Source:linux-6.12.92.tar.xz PGP Signature:linux-6.12.92.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.92

Version:6.6.142 (longterm) Released:2026-06-01 Source:linux-6.6.142.tar.xz PGP Signature:linux-6.6.142.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.142

Version:6.1.175 (longterm) Released:2026-06-01 Source:linux-6.1.175.tar.xz PGP Signature:linux-6.1.175.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.175

Version:5.15.209 (longterm) Released:2026-06-01 Source:linux-5.15.209.tar.xz PGP Signature:linux-5.15.209.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.209

Version:5.10.258 (longterm) Released:2026-06-01 Source:linux-5.10.258.tar.xz PGP Signature:linux-5.10.258.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.10.258

An anonymous reader quotes a report from Ars Technica: Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center. The action, announced Thursday, came about after a security researcher reported the sprawling network to authorities. The host infrastructure was located in the Netherlands. "The police then seized several botnet servers from a hosting provider for investigation," the NCSC said. "The botnet was taken offline by the provider because it was used for criminal purposes." According to a report Thursday by the NL Times, the botnet was linked to ASOCKS, a Russia-based company that provides residential proxy services. These services cater to people and organizations who want to obscure their locations or identities by proxying their Internet traffic through third-party devices. Proxy services are often used for illicit or unethical purposes such as performing DDoS attacks, running botnet command-and-control servers, operating phishing operations, and scraping website content. [...] It's unclear how the 17 million devices controlled by the botnet taken down by the Dutch police came to be that way.

Read more of this story at Slashdot.

"The company best known for powering the AI boom is coming for the PC," reports Axios. Nvidia's CEO unveiled a new ARM-based "N1X processor made alongside Microsoft," reports CNBC, that "will be incorporated into a new RTX Spark superchip, debuting in the fall on a fresh line of Windows PCs from Microsoft, Dell, HP, ASUS, Lenovo and MSI." More details from Engadget: It was only a matter of time before NVIDIA released a powerful system-on-a-chip (SOC) to take on AMD's Ryzen AI Max and Qualcomm's latest Snapdragon X2 chips. At Computex today, NVIDIA unveiled the RTX Spark, a "superchip" meant to give both laptops and small desktops fast AI and graphics performance... The company says it offers 1 petaflop of AI computing power, and that it has 6,144 Blackwell RTX cores and 20 Mediatek Arm CPU cores. NVIDIA claims it's similar to the RTX 5070 laptop GPU but with much lower power draw. RTX Spark also has an NPU that's fast enough to be part of Microsoft's Copilot+ initiative, which requires a 40 TOPS NPU, but NVIDIA says it's mainly touting the tensor cores as part of the chip's Blackwell GPU for AI performance. RTX Spark's GPU can directly draw on the chip's large pool of unified memory, which can span from 16GB to 128GB, and the chip itself can use anywhere from single-digit wattage up to 80W... NVIDIA CEO Jensen Huang positions RTX Spark as a complete reinvention of the PC, eventually turning them more into devices meant for AI agents than manual human input... NVIDIA has been working together with Microsoft for "several years" while designing the RTX Spark, according to NVIDIA representatives... In a blog post provided to media, Microsoft head of Windows and devices, Pavan Davuluri, noted that the company optimized Windows 11's workload profile scheduling for the RTX Spark. "Whether you're checking your email or running an agent locally to debug code, the Windows scheduler on RTX Spark will ensure you get the best performance and efficiency out of your CPU," he wrote.

Read more of this story at Slashdot.

Amazon's "Subscribe & Save" program — for recurring purchasees — has triggered a new lawsuit, reports Oregon Live. "The lawsuit contends that after luring in customers with 'artificially low prices,' the world's biggest online retailer jacked up the prices in the months after their first shipments arrived." In some cases, the lawsuit claims that customers were paying more for the exact same items through the Subscribe & Save program than they would be if they bought the items from other sellers on the site. That was true even when the up to 15% discount that the subscription program offers was calculated into the final purchase price, according to the suit. The Seattle law firm that filed the May 15 lawsuit says that Amazon's business practices amount to "deceptive," "misleading" and "bait and switch tactics." The firm is seeking class-action status in U.S. District Court for western Washington, a move that could potentially draw tens of millions of Amazon customers from across the U.S. into the litigation... [The suit says the plaintiffs' first order of espresso coffee grounds was $16.60.] When their order auto-renewed a few months later, the price had gone up to $17.04. A few months later, it rose to $21.25. Then in October 2024, the price increased to $28.69 — about $12 more than the Hermans had paid at the beginning of their subscription, according to the lawsuit. [The discount can be as little as 5% or up to 15%, Amazon told Oregon Live in a statement, noting customers do receive an email showing "applicable savings" before the orders ship. But...] The suit says Amazon gave the Hermans little notice to cancel the order or to shop around because it notified them of the latest price increase in an email at 8:54 p.m. — the same night it processed their order and charged them. The suit says if the Hermans had been given the time to shop around for a better price, they would have found that another Amazon seller was charging $25.90 — or $2.79 less — for the identical item. Amazon's "Subscribe & Save Terms & Conditions" page tells customers that it "may change the price for a Subscribe & Save subscription at any time for any reason...." The analytical group Consumer Intelligence Research Partners says about 25% of U.S. Amazon customers are enrolled in the Subscribe & Save program. Oregon Live got Amazon's response, which suggested their program saves customers time and money "through convenient, flexible, and recurring deliveries". (So when customers saw "Subscribe and Save", they were perhaps supposed to intuit the word save referred in part to... time-saving?) The plaintiffs' lawyer argues instead that "When you sign up for something that is called 'Subscribe & Save,' you'd expect that you're saving by subscribing. But that's not actually what's happening in many cases."

Read more of this story at Slashdot.

"Scientists have developed a solar desalination system that turns seawater into drinking water without creating environmentally damaging brine," reports ScienceDaily. "Special laser-textured metal panels use sunlight to evaporate water while automatically moving salt deposits away from the working surface, preventing clogging. The process was successfully tested with water from three oceans and can recover nearly all salts as solids. Those leftover materials could even become a source of valuable lithium for batteries." (The research team was led by University of Rochest professor Chunlei Guo and published their results in the journal Light: Science & Applications.) The University of Rochester has made an announcement: The technology uses solar panels made of black metal etched with femtosecond lasers to make the surface super light-absorbing and superwicking — or extremely attractive to water. The panels have a laser-treated active region that pulls a thin layer of water across the surface, absorbs nearly all solar radiation, distills the water, and deposits the leftover salts and minerals into the panel's untreated sides or "passive" region so that the salt does not clog the active region and disrupt continuous desalination... Guo's team precisely etched the black metal's grooves so the various salts and minerals in ocean water would simply slough off... [I]t extracts nearly 100 percent of the salts in solid form. This could not only produce an abundant supply of table salt, but it could also be used to extract more precious minerals, including lithium, which is used in the lithium-ion batteries that power electric vehicles and other electronics. In a related paper in the Journal of Materials Chemistry A, Guo and his colleagues show how they can use the same superwicking solar panels to separate lithium from the rest of other salts in desalination. Embedding nanoparticles made of hydrogen titanate in the tiny grooves of the black metal surface isolates the lithium from other salts and minerals...Using water samples from Great Salt Lake, the researchers extracted about 50 percent of the lithium from the salts left behind by the desalination process. Guo says now that the superwicking desalination technology has been demonstrated in proofs of concept on small-scale devices, he sees the technology inherently scalable, capable of improving global access to drinking water and building more sustainable supply chains for precious minerals. "The National Science Foundation, the Bill & Melinda Gates Foundation, and Worldwide Universities Network supported this research."

Read more of this story at Slashdot.

ScienceAlert reports: In the molten ocean of iron churning in Earth's outer core, a section deep beneath the Pacific Ocean suddenly reversed direction and started moving eastward against the planet's usual westward flow. This happened in 2010, according to satellite measurements of Earth's magnetic field, and scientists are still trying to figure out what caused it... [I]t seemed to have a large, wave-like structure — as though a chunk of molten core material suddenly thought better of where it wanted to go, surging in the other direction... This finding suggests that there are processes that can influence it strongly enough to alter its behavior in bulk — and that our planet's interior may be more dynamic and variable than we thought. A new analysis captures what we know so far — and "It's from the roiling, molten, conducting metal at Earth's heart that the planetary magnetic field is generated... vital to our continued existence. It helps keep the atmosphere we breathe in and harmful cosmic radiation out."

Read more of this story at Slashdot.

Nine months ago, I had to field quite a few angry comments from folks who told me they intended to drop their GNOME Foundation memberships in the wake of confusing and opaque board behaviour. I say to you now what I told each of them back in September:

Stay and fight.

 

The GNOME Foundation saw a much needed — and long overdue — changing of the guard back in August of 2025. In the past 12 months, the Foundation has finally made the improvements it should have been making over the past decade:

• 2025-05-09 – GNOME’s infra team had its first management review — it was spotless.
• 2025-05-16 – Foundation Reports begin in earnest as a first small step toward a transparent GNOME Foundation. We begin the hunt for a new Treasurer.
• 2025-05-23 – We started a Foundation Handbook to match handbook.gnome.org. (This has since migrated to a wiki.) We started moving all the Foundation’s documents into a central location. Project management began at the Foundation for the first time ever.
• 2025-05-28 – The Foundation publicly acknowledged that attacks on our Matrix servers, using illegal images, constitute crimes.
• 2025-06-06 – Both donate.gnome.org and (later) fellowship.gnome.org are pitched and accepted by the board. We brought on Deepa Venkatraman as Treasurer. Bart Piotrowski set up vault.gnome.org for passwords.
• 2025-06-14 – Andrea Veri completed the transition to donated AWS resources for GNOME infra.
• 2025-06-20 – donate.gnome.org is released, thanks to the hard work of Bart, Sam Hewitt, and Jakub Steiner.
• 2025-06-26 – The “Donate Less” campaign begins, in anticipation of the outbound program that would become fellowship.gnome.org.
• 2025-07-05 – The concept of fellowship.gnome.org goes public. Work on the corresponding donate.gnome.org shell notification starts. We tightened fiscal controls. We added redundancy to all our financial, legal, and operational processes. We interviewed a pipeline of candidates and selected Ignacy Kuchciński to complete the work under the Digital Wellbeing grant.
• 2025-07-12 – We invited postmarketOS to the Advisory Board.
• 2025-07-21 – We started stabilizing the GNOME Foundation’s finances for the long term by redefining the Board Reserve and taking a hard look at balancing year-on-year (annual recurring) revenue and expenses. We added the first-ever redundant signatories on bank accounts.
• 2025-08-08 – We created a shared online space for Advisory Board members to collaborate.
• 2025-09-05 – First corporate sponsor.
• 2025-09-12 – Deepa’s budget process is “the best the Foundation has ever had,” according to multiple directors.
• 2025-10-10 – Digital Wellbeing is delivered. The Foundation gets a much-needed credit card policy.
• 2025-10-24 – A new Finance Advisor arrives. (An important role at a 501c3.)
• 2025-11-28 – The budget is balanced. More importantly, the budget report contains the commitment to balancing recurring expenses and recurring revenue, continuously.
• 2025-12-19 – Deepa joins as a full director and remains Treasurer.
• 2026-01-09 – A new automated accounts payable and accounts receivable system is installed.
• 2026-03-20 – Financial reporting moves from quarterly to monthly.
• 2026-04-17 – The Fellowship Program begins! Users’ donations come full-circle: a percentage of every donation now goes directly to developers.
• 2026-05-15 – Finances are on-target. The Foundation opens a position for Finance Director.
• 2026-05-29 – Four old finance platforms are retired as the finances of the Foundation are automated and simplified. The Foundation introduces a Concern Escalation Policy: if members feel that directors or staff are abusing their positions with policy violations, illegal activity, discrimination, or conflicted behaviour, they’re provided the reassurance that they can blow the whistle without risk of retaliation.

 

That’s a lot for one little nonprofit. But this is the beginning of GNOME Foundation 2.0, not the end. The work must continue and there is still plenty to be done.

If you let your membership expire in recent years, get it back. If you are thinking of leaving, don’t. And if you are thinking of running for board elections, run.

The GNOME Foundation is the healthiest it’s ever been. It’s reducing costs and focusing on its actual mission: GNOME. The excellence demanded of GNOME hackers is now demanded of the Foundation, too. You can be a part of continuing that trajectory.

There has never been a more meaningful time to join the GNOME Foundation board.

 

"Around 570 cables (plus a further 80 planned) carry between 95% and 99% of the world's intercontinental telecommunications data," reports CNN (since fiber cables offer speeds of terabits per second, carry much more data than satellite links). And "networks of green energy cables carrying electricity are also starting to sprawl across the world's seabeds." Now to protect them, the U.S., Australia and the U.K. "are planning to develop new unmanned undersea vehicles" as part of their trilateral security partnership. Western governments see a growing risk of Russian and Chinese sabotage of undersea cables and are also concerned that Iran may seek to exploit the many data networks running through the shallow waters of the Persian Gulf. The "seabed is a battlefield" said Australia's Defence Minister, Richard Marles, in Singapore, calling for tougher action against so-called shadow-fleet vessels... The programme will improve the three nations' reconnaissance and strike capabilities, "and bolster superiority in anti-submarine and anti-surface warfare," as well as mine countermeasures, [according to a statement from their trilateral AUKUS partnership]... The new AUKUS project will sharpen all three countries' ability to respond to threats, including those targeting underwater cables and pipelines, through a range of "cutting edge sensors and weapons systems for undersea drones," UK Defence Secretary John Healey said. Marles said undersea internet cables — "the arteries of modern civilization" — were being cut at an unprecedented rate, with island nations like Australia acutely vulnerable. "Over the past 18 months, we have witnessed a series of attacks against subsea critical infrastructure at a scale and frequency that is historically unprecedented," he said. The UK government has also highlighted the vulnerability of the world's digital highways. "Every international payment, every cross-border trade executed in milliseconds, every flow of data between businesses here in the UK and markets overseas — all travel along the seabed," Telecoms Minister Liz Lloyd said Friday... Last month, the UK said it had tracked three Russian submarines covertly surveying undersea cables in the north Atlantic... A UK parliamentary inquiry warned last year that UK infrastructure might be targeted in a crisis, adding it was "not confident that the UK could prevent such attacks or recover within an acceptable time period." The UK Navy is already exploring the creation of a hybrid force that incorporates the widespread use of underwater drones to combat Russian threats in the Atlantic.

Read more of this story at Slashdot.

A historian-turned-software engineer warns that "so little is ever written down" by professional programmers in a new article for Fast Company: Perhaps there's an early design doc, but then it turns out that everything was substantially revised before work began. Maybe there are a few wiki pages explaining known issues, some of which were solved a long time ago and others that have been left to molder in the codebase. Somebody might have left a comment in the code itself, but typically it's a warning not to change something or else something else will break... Software engineering has an ambivalent relationship with documentation. Everyone agrees documentation matters in theory, but in practice it's inconsistent, outdated, or missing entirely. Part of that is simple inertia. Writing documentation is usually less interesting than writing the code itself. But it's also ideological. The Agile movement emerged in part as a reaction against the heavily documented Waterfall methodology, and one of Agile's core values explicitly prioritizes "working software over comprehensive documentation." In escaping bureaucratic overdocumentation, the industry also normalized underdocumentation. High turnover at software jobs always brings "a constant drain of domain knowledge." And he's he's skeptical that generative AI will be able to fill in those gaps: [H]aving it generate documentation on the codebase itself might sound like a solution to the absence of other written information. LLMs can certainly summarize code back to you. But hold up with that idea. Beyond hallucinations, there's a deeper problem: Writing documentation is itself part of the thinking process. Whether I'm writing history or software, putting an approach into words helps refine it before I sink hours into implementation. Documentation also captures intent. An LLM may be able to summarize what a codebase does, but it cannot reliably explain why a developer chose one approach over another, or what trade-offs shaped that decision... An LLM can read code that I've written. It might even scan a large codebase and accurately summarize what it's doing. But it can't assess authorial intent. Thanks to long-time Slashdot reader smooth wombat for sharing the article.

Read more of this story at Slashdot.

Version:7.1-rc6 (mainline) Released:2026-05-31 Source:linux-7.1-rc6.tar.gz Patch:full (incremental)