Agreguesi i feed

Apple is allowing iPhone developers in Brazil to distribute apps through authorized alternative marketplaces and use third-party payment systems following action by the country's competition regulator. "In other words, developers in Brazil will be able to circumvent the App Store and Apple's in-app purchase system, but there are still fees," reports MacRumors. Apple will collect commissions ranging from 5% on externally distributed apps to as much as 26% for some App Store transactions using its payment system. From the report: Alternative app marketplaces will have to be authorized by Apple and will need to meet ongoing requirements. For apps that are still distributed through the App Store, developers will be able to include an alternative payment processing method in their app and/or link users to a website to complete a transaction. These changes are available on iOS 26.5 and later, and they are the result of regulatory action from Brazil's competition regulator. Apple has added a new page on its website with additional details for developers in Brazil. Apple said these changes introduce privacy and security risks for users, including children. The company has introduced safeguards to mitigate these risks, including a notarization process for iOS apps, an authorization process for app marketplaces, and limitations on external links and alternative payments for users under the age of 18. Apple has already allowed alternative app stores and/or third-party payment systems on iOS in the EU, Japan, and South Korea, and it will likely be forced to do so in the UK and Australia too, due to similar regulations in those countries.

Read more of this story at Slashdot.

Google has begun rolling out Android 17, the June Pixel Feature Drop, and Wear OS 7 simultaneously across supported Pixel phones and watches. Highlights include floating app bubbles, improved foldable multitasking and gaming, tighter location and contact permissions, stronger lost-device protections, new Pixel AI tools, and up to 10% better Pixel Watch battery life. PhoneArena reports: Pixel owners are the clear winners, since everything here reaches Pixel first and a lot of it goes back to the Pixel 6. Fold owners get the most toys, with the Bubble Bar and foldable gaming mode built for the big screen. Watch wearers get the quietly important upgrade. Better battery and Live Updates make an everyday wearable easier to rely on, especially if you keep it on overnight. Google's latest Pixel Drop combines several AI-powered tools with a broader slate of Android 17 upgrades. Pixel owners gain Lyria 3 for generating music from text or images, Gemini Omni for creating custom video clips, enhanced call translation and screening, AirDrop-compatible Quick Share, expanded Magic Cue support, and conversational photo editing. Android 17 builds on those additions with floating app Bubbles, selfie-camera Screen Reactions, and a split-screen gaming mode for foldables, while also strengthening privacy and security with more granular location and contact permissions, improved lost-device protection, tighter PIN-guessing limits, and enhanced threat detection. Other additions include expanded parental controls, separate assistant volume and app memory settings, and an option to hide app names for greater privacy. You can read more about everything new in Android 17 in Google's blog post.

Read more of this story at Slashdot.

Security researcher Justin O'Leary says Google initially accepted his Config Connector privilege-escalation report as a high-priority, high-severity bug, then denied a bounty by declaring the behavior "working as intended." According to The Register, a Google rep initially praised O'Leary's report with a "Nice catch!" before the cloud giant reversed course, declaring that no vulnerability existed and therefore no fix or reward was warranted. "The bug report, however, is still marked high-priority and accepted," the publication notes. The alleged flaw, dubbed ConfigConfusion, could let a Kubernetes namespace user exploit an overprivileged service account to become a GCP organization owner with only a few lines of YAML and little apparent audit visibility. O'Leary details the incident in a blog post. The Register reports: According to O'Leary, Config Connector doesn't perform an authorization check, and this allows any Config Connector service account with org-level permissions to bypass Identity and Access Management (IAM) authorization and gain the highest level of control (roles/owner) to an entire GCP Organization -- the root node of all of a company's resources within Google Cloud. On March 27, a Google security engineer accepted O'Leary's report and told him: "Nice catch!" The employee said that they filed a bug based on O'Leary's report with the relevant product team and assured him the Chocolate Factory's security squad would work with relevant Google Cloud people to fix the flaw. "We'll work with the product team to ensure this issue is address. We'll let you know when the issue was fixed," the engineer said. "In the meantime, review the payment option selected in your bughunters.google.com profile." Google assigned the bug P1 priority and S1 severity, signifying a flaw worthy of urgent repair because it affects a large percentage of users and can disrupt core organizational functions. "I figured that was the end of that," O'Leary said in a phone interview with The Register. Eleven days later, on April 7, he received a new message from a Google Security Bot reversing the earlier decision. The Reg viewed the email, and O'Leary included a screenshot in his Thursday writeup. The message said that the Cloud Vulnerability Reward Program panel decided that the "security impact of this issue does not meet the criteria to qualify for a reward." After reviewing the bug report, Google determined the software "is working as intended," the message continued. It also noted that the program's decision not to pay a bounty "does not mean that the product team won't fix the issue." Nearly three months later, the case remains P1/S1 with the status "in progress (accepted)." Google hasn't assigned a CVE or issued a fix. O'Leary didn't receive any reward for his research. [...] "This is a pattern," O'Leary told [The Register]. "This is just how these trillion-dollar companies deal with people like me. In my day job, we use GKE, and it's incredibly frustrating on my end, when I find a critical vulnerability in the system that's being widely used, and I can't even get the vendor to patch their own stuff." A Google spokesperson told The Register: "The issue reported does not qualify for a reward because the GCP IAM authorization bypass is only exploitable if an attacker has access to a Config Connector Service Account that's been granted the Organization Admin role by the organization (i.e., it is privileged). Additionally, an attacker would first need to gain entry to an organization's environment (e.g., an exposed container) in order to leverage the privileged Config Connector instance and execute commands with administrative authority, such as the IAM bypass. Granting this level of access to the Config Connector Service Account goes against Google Cloud's publicly shared best practices and the principle of least privilege."

Read more of this story at Slashdot.

An anonymous reader quotes a report from MacRumors: Apple is raising its prices to offset the high cost of memory and storage, CEO Tim Cook told The Wall Street Journal. Apple is no longer able to absorb the increased prices and will need to pass some of the cost on to consumers. "Unfortunately, price increases are unavoidable," said Cook. "We're doing our best to mitigate the huge increases that are being passed to us, and we've been trying to shield our customers from the increases, but the situation has become unsustainable." Growing demand for memory and storage chips from AI companies has led to chip shortages and higher costs. The Wall Street Journal suggests Apple will need to increase device costs "substantially" to maintain its current profit margins given the cost of memory chips and SSDs. Research firm TechInsights claims Apple will need to make the iPhone 18 Pro around $270 more expensive to keep its existing profit margin. Apple is struggling more with memory chips, but storage chips are also an issue. "There's less supply at a time when consumers want devices and the memory guys are passing along huge price increases," Cook told The Wall Street Journal. Cook said Apple will use its cash to increase memory supply, but he did not give details on what that means. Apple does not plan to create its own memory and storage factories. "We can't do everything," Cook said. "We know what we're good at." Cook likened the memory shortages to a hundred-year flood. "I've never seen anything like it in any area in over 40 years," he said. Further reading: Smartphone Market To Shrink 15% This Year Due To Memory Crisis

Read more of this story at Slashdot.

Longtime Slashdot reader schwit1 shares a report from PetaPixel: China dominates the consumer drone market, so it is perhaps surprising that it is no longer possible to fly or even purchase a drone in Beijing. The new law that passed last month makes it illegal to buy, rent, or fly a drone without prior approval from the authorities. Users must also complete an online training session and pass a test on drone regulations. Under the new rules, drone users are also not allowed to repair or replace their drones in Beijing. Not only that, but a drone in a repair shop must be picked up in-person, rather than sent back by delivery. The BBC reports that drones must now be registered before being brought into and out of the Chinese capital. "I have to apply for permission for each flight, which is very inconvenient," drone enthusiast Steven Wang tells CNN. "And starting this year, the wait time is getting longer, and the reasons for rejection are becoming more vague." Despite China being the birthplace of the consumer drone industry, it is increasingly difficult for hobbyists to fly there. Beijing authorities say that the rules are made to "strengthen the management of unmanned aerial vehicles" and "safeguard the security of the capital."

Read more of this story at Slashdot.

Fortinet has confirmed active exploitation of three FortiSandbox vulnerabilities. One allows attackers to bypass login controls, while the other two enable command execution directly on the appliance. Combined, they create a path from unauthenticated access to direct interaction with a system many organizations trust to analyze suspicious content.

Version:next-20260618 (linux-next) Released:2026-06-18

Special-effects designer Brian Johnson, known for his groundbreaking work on Space: 1999, The Empire Strikes Back, Alien, and Aliens, has died at the age of 86. Johnson began his career creating models and explosions for Gerry and Sylvia Anderson productions, later designed the iconic Eagle Transporter, and became one of science fiction cinema's most influential behind-the-scenes artists. Longtime Slashdot reader sandbagger remembers the SFX legend, writing: "The Space: 1999 Eagle is one of the great space ships of science fiction."

Read more of this story at Slashdot.

This month I’m mostly listening to music by Nu Genea, Danalogue and Noon Garden.

I’m going to tell you about a big change I’m proposing for folks using Freedesktop SDK to build operating systems. And I’m also going to talk a bit about the GNOME Foundation elections. Maybe I’ll do that first.

GNOME Foundation elections

The GNOME Foundation is a democratically organised not-for-profit that grew from the GNOME open source project around the year 2000. Anyone who contributes to the GNOME open source project can be a member of the Foundation, which allows (among other things) periodically voting in a Board of Directors who govern the Foundation. You probably know all of this.

Back in 2001 the Foundation was a lively active space. Check out the election results from 2001: 11 candidates were selected out of 25 candidates, some of whom made pretty wild campaign promises such as banning all mentions of proprietary software.

When I became more involved in GNOME, ten or fifteen years ago, the Foundation seemed pretty boring and sensible and not many people volunteered to be directors. Here’s a mail from 2017 of someone complaining about not enough candidates and low voter turnout.

This year’s election has nine eight candidates for five seats, and a lively debate. Two years ago a big explosion happened in the community, and we are still dealing with the fallout and, in many cases, still piecing together what actually happened. (It seems like the explosion had been building for a long time and maybe the boring and sensible days of 2017 weren’t as boring and sensible as they appeared from outside.) I am not impressed by the tone of some of the discourse, everyone involved in the campaign believes in what they are doing and deserves respect, but it does make me optimistic about the future of the GNOME Foundation. Questioning things is healthier than ignoring them.

My quiet theory is that the dynamics of open source have changed fundamentally now that LLMs are a mainstream technology. Code is less of an asset than it ever was. A lot of work in the desktop space since 1997 has been simply keeping pace with the rest of the industry: Apple introduced glassy window bars and so we had to have them in GNOME too, Apple introduced “retina” displays and now we need fractional scaling, Apple introduced the App Store and now we need Flatpak, and so on. All of these are huge engineering efforts requiring a lot of new code.

Now the industry is out of ideas. Apple this year are announcing AI integration and more glassy window bars.

So if code is not the asset, what is? The people, as it always ways. And in an increasingly hostile and untrustworthy internet, where you can’t even trust websites any more, a resilient autonomous and trusted structure like the GNOME Foundation, with a battle-tested democratic structure, and strong moderation capabilities to keep out the increasingly automated and vociferous trolls, is a very valuable thing indeed. (No wonder the trolls see it as a threat).

It’s hard to imagine a parallel universe where there’s no KDE eV and no GNOME Foundation, but I suspect we would miss both of them. Clearly all of the candidates believe in the Foundation enough to run for election. Remember that it’s an unpaid position with a lot of responsibility and minimal benefits. Being a director is a personal sacrifice. So thanks to everyone who keeps it working.

freedesktop-sdk.bst:public-stacks/runtime-gnu.bst

Onto the more technical material, I guess. The Freedesktop SDK is a widely used Flatpak app runtime that powers thousands of apps on Flathub. You probably know that, too.

Flatpak aimed from the beginning to be distro-independent, and consequently the Freedesktop SDK isn’t a repackaging of Debian or Fedora or Alpine Linux, but something more like a DIY Linux From Scratch build. As an app user you don’t notice any of this, because it’s very well executed and apps just work. Again, it’s hard now to imagine a parallel universe where the main Flatpak runtime was Fedora in a trenchcoat, but perhaps that would have impeded the success of Flatpak. (Of course Canonical still built their own app store technology, but I suspect that Canonical re-inventing things is part of every parallel universe).

So Freedesktop SDK has build instructions for common Linux tools, utilities and libraries, and they are so good that most BuildStream projects end up junctioning Freedesktop SDK to reuse them. (I covered this in more detail back in April). In theory this brings a virtuous cycle: we use FDSDK in industry and that funds maintenance and improvement of the build instructions, which in turn benefits the Flatpak runtime which doesn’t have any source of funding of its own.

I’ve been working on a slightly tricky intersection between these two worlds, which I call “Choose your own userland”. It makes a relatively small change to a stack element in Freedesktop SDK, but one which has big consequences for BuildStream projects that junction the project. (And no immediate consequences for Flatpak users, but you could see it as future-proofing).

A stack element is a group of elements. Freedesktop SDK provides various “public stacks” with useful element groupings. Most of these are related to build systems, like public-stacks/buildsystem-autotools.bst which includes everything you need to run builds with the crusty old GNU Autotools build system. Then there’s this special one: public-stacks/runtime-minimal.bst, which as of today includes the following:

• Root filesystem symlinks
• C/C++ platform libraries like GNU GLIBC,
• The GNU Bash shell (and its dependencies Readline and ncurses)
• GNU Coreutils, and all their dependencies

This stack is a recent addition, announced in the release notes of last year’s FDSDK 25.08 major release:

[BREAKING CHANGE] It’s now possible to create more minimal runtimes thanks to rework of bootstrap-import.bst. This adds a new stack public-stacks/buildsystem-make.bst which is essentially same as the original bootstrap-import.bst. There is also a new stack public-stacks/runtime-minimal.bst that is intended to provide a minimal environment that you can shell into. More info in the related issues: #1728 (closed), #1523

My selfish motivation for this change is I want to build embedded systems that don’t include GNU Bash and Coreutils at all, using BusyBox to provide the shell and utilities instead. This is hard today with FDSDK because every element unconditionally depends on Bash and Coreutils, so how can I remove them from my final system? But coincidentally, in the desktop world we are also seeing GNU Coreutils replaced with uutils/coreutils, a reimplementation in Rust which is already the default in Ubuntu since 25.10. So there’s another reason we might not want to hardcode a specific coreutils implementation in the lowest level stack.

The idea implemented in my branch came from Abderrahim and is delightfully simple: just drop Bash and Coreutils from the runtime-minimal stack, and have elements opt into them explictly.

On hearing the idea, I wasn’t sure how this would work, so of course I was effectively nerd-sniped into trying it. The result is as we’d hoped, it allows you to build systems with alternative coreutils. The FDSDK includes some example VMs, and here’s an example of one of them booting with uutils/coreutils (taken from MR!31779):

https://gitlab.com/-/project/4339844/uploads/04ea5b38ae78b5ee6ed175ea9ea54369/FDSDK_example_system_with_uutils-coreutils.webm

So the approach works. My main concern was the amount of churn we would cause if we change the meaning of runtime-minimal.bst. Of course, we often still want GNU Bash and GNU Coreutils, so my branch adds an additional public-stacks/runtime-gnu.bst element that brings in a GNU userland. I added Bash and Coreutils into all the public-stacks/buildsystem-*.bst elements too as we still want them at build time. That means that for most elements the change is actually transparent. You just need to ensure that each output explicitly includes a shell and utilities of your choice as runtime-depensd.

To test things further I tested the changes in branch of gnome-build-meta. It was pretty boring working through various build failures to get to a new dependency graph, but I came out the other side still convinced that this change is a good idea. (You can see my gnome-build-meta branch here, bearing in mind half the changes are actually dealing with differences between FDSDK 25.08 and ‘master’).

There was some lively discussion on the MR and I’m still not entirely clear if this change is going to land, much as I like it. One sticking point is a fear of landing big changes and not having enough people to deal with the fallout, and as an open source maintainer I certainly know that feeling, so I have more testing planned still.

Another complaint is that this change reneges on the promise from 25.08 about public-stacks/runtime-minimal.bst, that it “is intended to provide a minimal environment that you can shell into.“. You can’t shell into anything if there’s no shell, of course, so I can’t argue with the premise. But I am missing why this is a big deal. I’ve always had a bad time in BuildStream build shells because I just want to edit a file for testing and dammit there’s no Vim or even Vi or even Nano… in fact we don’t even seem to have less?! So I’ve always wanted a way to overlay elements with debug tools in my shell, and it turns out that “bst shell should be able to stage the specified element on top of a base element” is a feature request that’s been open since 2018.

If you use FDSDK as a junction and you like the idea then I’d appreciate comments on the MR. (If you hate the idea, I’m sure you’ve already switched tabs and are half way through posting an irate comment ;-). I am of course prepared for an outcome where this change doesn’t land, and it may indeed lead to some separation of “Linux OS & compiler bootstrap using BuildStream” and “Base Flatpak runtime” into different projects. My gut feeling is that this would be a bit like trying to carve a single grape into two pieces, i.e. there are still few enough people who actually want to maintain build instructions that it makes more sense to collaborate in the same repo.

Thanks as always for reading!

Longtime Slashdot reader schwit1 shares a report from Autoblog: For years, the Chinese auto industry has employed a hostile price war to kneecap global competitors. Armed with massive state subsidies, cheap raw materials, and an aggressive "scale-first" business model, Chinese automakers flooded the market with electric vehicles priced so low that legacy manufacturers stood no chance to compete. How did they do it? Simple, they couldn't. They did it anyway. Reports from CarNewsChina show that Chinese automakers have been selling vehicles at a loss until a recent law passed by the Chinese government banned below-cost sales of new vehicles. During the ongoing sales slump in China caused by rolled-back subsidies and direct government intervention banning below-cost sales, the truth behind the rapid expansion of the Chinese auto industry has been exposed. "By the first quarter of 2026, China captured 32 percent of the global auto market, with its New Energy Vehicles (NEVs) controlling an incredible 61 percent of global share," the report notes. Yet that dominance has come at a steep cost: throughout 2025, "the profit margin for China's auto industry plunged to 4.4 percent and dropped further to a historic low of 3.2 percent in early 2026." "Gross profit, not net profit, per vehicle, plummeted to a mere $2,000. We can expect the net figure to be loss-making." Autoblog adds: "Data shows over 70 percent of Chinese car sales were loss-making. This left more than half of the country's auto industry in the red. Great Wall Motor (GWM) even saw net profits drop 17 percent despite steady revenue growth." China's EV price war has now hit a wall. New regulations are discouraging below-cost sales, rising material costs are forcing automakers to cut discounts and raise prices, and reduced tax incentives are weakening domestic demand. To sustain growth, manufacturers are increasingly turning to exports.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Tesco, a retail conglomerate headquartered in the United Kingdom, is moving 40,000 server workloads off of VMware amid "abusive conduct" from Broadcom, recent legal filings claim. Tesco filed a lawsuit in the UK's High Court against Broadcom alleging breach of contract last year. According to a September report from The Register, the lawsuit claimed that in January 2021, Tesco bought perpetual licenses for VMware's vSphere Foundation and Cloud Foundation, a subscription to VMware Tanzu, plus support services until 2026, with the option to extend support for four additional years. But when Broadcom took over VMware in November 2023, it would not honor the deal and instead tried to get Tesco to pay "excessive and inflated prices for virtualization software for which Tesco has already paid" and would not allow it to buy support services for its perpetually licensed software without buying "duplicative subscription-based licenses for those same Software products," the initial complaint read, The Register reported at the time. Tesco, which reported 73.7 billion pounds (about $98.7 billion) in revenue in its fiscal year 2026, has since started migrating away from VMware and Broadcom's mainframe products, according to late-May court filings reported on by The Register today. In January, Broadcom stopped supporting Tesco's VMware products, Tesco said, and Tesco has been paying for third-party support since. In its initial filing, Tesco also said that Broadcom refused to upgrade software or provide all security updates to customers without subscriptions. One of Tesco's recent filings, per The Register, reads: "Faced with Broadcom's abusive conduct, and given the criticality of virtualization and mainframe software and services to its business, Tesco has been forced to incur material costs to procure alternative solutions with reduced functionality, and to migrate to that software in a manner, and on a timeframe, that creates very significant risks to its business." If it works "at exceptional pace," Tesco will be completely off VMware by the end of 2027 at the earliest. However, "the timeframe in which that migration must be undertaken has created and continues to create operational and commercial risk, and at material ongoing cost and disruption to the business," Tesco reportedly noted. Tesco is also dealing with migration challenges related to data security because its new, unnamed virtualization software is incompatible with the Veeam and Zerto products it uses. Tesco initially requested at least 100 million pounds (about $133.6 million) in damages each from Broadcom, VMware, and reseller Computacenter, plus interest. In its recent filings, Tesco said it turned down at least four offers from Broadcom to continue using VMware and Broadcom's mainframe tech. [...] The case is expected to go to court between November 1, 2027, and February 25, 2028, The Register reported. Afterward, it could go to trial. Further reading: HPE Tempts VMware Users, Partners With Year of Free Virtualization Software

Read more of this story at Slashdot.

wiredmikey shares a report from SecurityWeek: Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse). "We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available," Microsoft adds. RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges. The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed. [...] On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode, the researcher said.

Read more of this story at Slashdot.

CCS Insight expects global smartphone shipments to fall 15% this year as AI-driven demand pushes memory manufacturers toward higher-margin server chips. "[S]ome entry-level devices have already seen their sticker prices go up by more than 50 percent since last year," reports The Register. From the report: The firm found that the primary smartphone market (meaning new devices) contracted 4.4 percent in the first quarter of this year, despite sales channels front-loading (meaning stockpiling) product inventory, as device prices begin to rise sharply. As CCS notes, this casts an ominous shadow on the outlook for the rest of the year, and it seems things have worsened since The Register first started reporting on the smartphone memory woes. Back in January, the forecast was for handset price rises of 6-8 percent, while the most pessimistic outlook was that the global market might contract as much as 5.2 percent. By February, analysts were expecting to see a decline in shipments of around 8 percent across the global market, and for prices to increase by about 14 percent. The root cause of all this is the AI craze, which has seen huge demand for high-performance GPU-filled servers to process it all. Chipmakers have moved to capitalize on this by prioritizing production of high-margin memory components for those servers, rather than making the plain old DRAM and NAND needed for PCs and phones. "The memory chip crisis shows no sign of slowing down in the near future, ramping up the pressure on manufacturers and consumers. Memory components now account for more than 30 percent of a manufacturer's bill of materials in some smartphones." said CCS research analyst Ben Hatton. "The full impact has yet to be felt in many regions, but it's clear that device prices will accelerate over the rest of the year."

Read more of this story at Slashdot.

Carvana is testing a radically different new-car dealership model in Dallas, turning the location into a test-drive center and themed "playground" while requiring every purchase to be completed through its online platform. "Every single car that we sell, whether it's used or new, is online," said Tom Taira, Carvana president of special projects who's leading the new vehicle operations. "That's a very inherent difference. Even coming into the store, you're buying it online, and that's a big difference in how people think about it." The company hopes its no-haggle pricing, hourly employees, service operations, and national logistics network can reshape franchised auto retail. CNBC reports: Through its used vehicles sales, Carvana has become the most valuable auto retailer in the U.S. with a more than $70 billion market cap. Carvana's target with the new vehicle business is to grow its market share and customer base as well as assist used vehicle sales through trade-ins and other means, according to Taira. If the company is successful, the strategy could cause a ripple effect across the U.S. franchised dealership model, which the National Automobile Dealers Association reports includes 16,990 retailers that topped $1.3 trillion in sales last year. [...] Carvana is using a location in Dallas as a test center for its foray into new vehicle sales. The facility looks like a traditional Stellantis dealership from the outside, but the consumer process for purchasing a vehicle and the responsibilities of its employees are unprecedented. Couches and chairs replace cubicles and sales offices. There are no finance and insurance departments, and instead of an army of commission-based employees, the facility has associates that are paid hourly to assist customers -- if they want the help. The experience is meant to be as self-guided as a customer wants. By scanning QR codes located on 10-foot-by-10-foot screens inside the building or on vehicles and displays outside, shoppers can customize a vehicle, learn about a product's features and conduct test drives before deciding whether to purchase anything. If they do decide to buy something, it's online and not originated from a sales person, the company said. The "playground" has roughly 50 vehicles divided by brand, with each having a theme. Jeep has an off-road display. Dodge has race tracks, including a Carvana-themed Charger pace car and part of a traditional track fence barrier. Chrysler minivans, meanwhile, have a soccer net and Ram's area is truck-centric. Carvana is not committing to expanding the exact experience to its other franchised dealer locations, but Taira told CNBC that the overall process of online sales, vehicle testing and service are expected to be consistent throughout the locations. Further reading:: Online Car Retailer Launching Nation's First Car "Vending Machine

Read more of this story at Slashdot.

BrianFagioli writes: Google, Microsoft, OpenAI, Arm, Mastercard, Siemens, and other companies have joined the newly launched Appia Foundation under the Linux Foundation. The project aims to create common specifications and assessment frameworks that organizations can use to demonstrate AI systems meet emerging safety, trust, and compliance requirements. According to the Linux Foundation, the framework is designed to allow conformity evidence to be reused across the AI supply chain, potentially reducing duplicate assessments and compliance costs. The announcement comes as governments around the world move toward enforcing AI regulations and organizations face increasing pressure to prove AI systems are trustworthy. "As international standards and legal frameworks become more established, global organizations need a consistent, practical way to verify that AI systems conform to new expectations," said Jim Zemlin, CEO of the Linux Foundation. "The Appia Foundation establishes a neutrally governed environment where the entire industry can collaborate on a common assessment framework. By building this infrastructure in the open, we are helping organizations reduce complexity, lower operational costs and build trust." Craig Shank, Executive Director of the Appia Foundation, added: "AI systems now make decisions about people's loans, their children's schools and their jobs. People on the receiving end deserve to know those systems were built and assessed against criteria that hold up to scrutiny. The Appia Foundation was formed to do that work: creating publicly available specifications that organizations across the AI value chain use to demonstrate their systems meet those criteria. By establishing this open framework, we are building the accountability layer required to scale safe and trusted AI across major industries."

Read more of this story at Slashdot.

Anthropic employees say they remain confused and increasingly convinced that the Trump administration is singling out the company after officials gave it less than 90 minutes to disable Fable 5 and Mythos 5 over alleged national security concerns. Cybersecurity experts, however, argue that the cited behavior of helping to identify vulnerabilities in software is also available in rival models and is more valuable to defenders than attackers. The New York Times reports: Inside the company, employees' private group chats immediately lit up. Managers were instructed to prepare customers for a potential service disruption to the models, called Fable 5 and Mythos 5. But the messaging kept changing, with workers initially being told that the security problem was the ability of foreign companies to gain access to the systems, and later that a major vulnerability had been discovered in the models. In employee chats, Anthropic engineers asked one another if the company's plan to go public this year would be harmed by the White House directive. Many shared news reports that offered conflicting information about why the White House had ordered Anthropic to suspend access to Fable 5 and Mythos 5 for all foreign nationals. "What are you telling your clients?" one employee asked in a chat viewed by The New York Times. Another said, "Does anyone know what to believe?" In another message, a worker said, "I don't understand what the issue is." Six days later, Anthropic's roughly 3,000 employees still have few answers. The San Francisco company is continuing to grapple with internal confusion as Dario Amodei, the chief executive, and some of his lieutenants meet with the Trump administration to try and resolve the situation. But after discussions on Monday and Tuesday, there was no breakthrough over ending the U.S. order to limit access to the company's new A.I. models. In a statement on Monday, Anthropic said it would continue meeting with government officials and pledged its "ongoing commitment to working alongside the administration." The dispute highlights how singular Anthropic has become in Washington. It was the second time in six months that the fast-growing A.I. start-up has become embroiled in a fight with the Trump administration over its powerful technologies, even as other A.I. companies offer similar models that have not received the same attention. And it has left Anthropic's employees in what they described as a holding pattern, with some wondering if they were being picked on by President Trump. "Are we being bullied based on bad vibes?" one employee asked in a chat viewed by The Times. Yesterday, TechCrunch's Zack Whittaker argued that the move sets a troubling precedent: the government can unilaterally disrupt American software products without court approval, potentially undermining trust in U.S. AI providers.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Artificial Intelligence will lead to labour shortages, not the replacement of humans, Amazon founder Jeff Bezos predicted in a highly optimistic appearance at the VivaTech technology conference in Paris on Wednesday. Bezos put forward a rosy vision of how technology will help humanity, speaking about projects including his space venture Blue Origin and his new AI startup Prometheus, which is aimed at speeding up physical manufacturing. "I know there's a lot of concern that many people have, including many smart people, that AI is going to make humans redundant and so on," Bezos said. "I totally disagree with this point of view. And I think, in fact, AI is going to create a labor shortage." Half of Americans fear the rise of AI could put them or someone in their household out of work, a Reuters/Ipsos poll found this month. Bezos, the world's fourth-richest person with a net worth around $250 billion, argued that people have "endless" things to do, and are currently limited by barriers that he said AI would lower. One goal of space exploration is to move polluting industries off Earth, said Bezos, whose Blue Origin aims to compete with trillionaire Elon Musk's SpaceX in rockets. "If space travel gets reliable enough and inexpensive enough, and we can get materials from asteroids and near-Earth objects and the moon, then this garden planet can be returned to its pre-Industrial Revolution state," Bezos said.

Read more of this story at Slashdot.

Epic Games has released Lore, an MIT-licensed version control system written in Rust and designed specifically for "games and entertainment purposes with large file sizes," reports Phoronix. From the report: While there is Git LFS for large file storage with Git, Epic Games has crated Lore as a version control system designed entirely around the large file needs of modern game development as well as multimedia/entertainment purposes. Lore is designed to be fast and efficient for large files including binary files, and be easy-to-use including for 3D artists and more. The Lore documentation elaborates more on its differences and motivation for development compared to Git: "No existing system was designed for the combination of constraints that large game and entertainment projects require: arbitrary content types, multi-axis scale, multi-tenant safety, and a fully open specification and license. [...] Lore is designed to combine what works in each (Git's content-addressed revision graph and centralized systems): a centralized server-of-record for durability, access control, and conflict resolution; content-addressed storage with fragment-level deduplication that is as effective on a multi-gigabyte binary as on a kilobyte of text; sparse, lazy working copies that materialize only what you need; free branching; and a fully open, publicly versioned specification and MIT license. Normal editing operations -- staging, committing, branching, diffing -- never require a network round trip." You can learn more at Lore.org. All the code is available on GitHub.

Read more of this story at Slashdot.

The Joomla Content Editor (JCE), one of the most widely deployed editor extensions for Joomla websites, is currently under active attack due to a critical vulnerability.

At least 15 malicious plugins and nearly 70,000 installs later, developers are being reminded that trusted marketplaces can become supply-chain attack vectors overnight.