Agreguesi i feed

This blog post is a sequel to Your _get_type() function is not G_GNUC_CONST.

GNOME developers have long used G_GNUC_CONST, which expands to __attribute__((const)), to annotate GObject _get_type() functions, despite knowing that it is incorrect to do so. const functions by definition have no side effects, but _get_type() functions actually have a side effect the first time the function is called: they initialize the type. Why apply an incorrect annotation to these functions? Because it makes the code faster.

Although this was long known to be incorrect, it worked fine in practice… until now. Regrettably, Sam James has discovered that GCC 16 may optimize away the type initialization, resulting in crashes. This is our fault for providing the compiler with wrong information about our code, so it’s time to audit your use of const attributes to remove them from _get_type() functions. Most GNOME programs use these attributes only for _get_type() functions, but if you use it in more places, then check to make sure those functions are actually const, as defined by the GCC documentation.

Sadly, there is no suitable replacement attribute for _get_type() functions. Two decades ago, Behdad requested a new idempotent attribute for expressing the desired semantics, but nobody has implemented it.

File under: brief half-year catch-ups, me not remembering when I last updated the back-end of this blog

I’m writing this from a terrible AirBnB in Reading, having just wrapped up a four-day visit to my old Typography & Graphic Communication alma mater and happy to have an excuse to put off re-packing. I’ve been fortunate in the first six months of this year to have time to participate in a number of in-person conferences after a few years of not being able to travel, and when I was looking back at the calendar I noticed that these events have been evenly split between FOSS events and type-related events, so I decided it’s worth jotting down a few of the thoughts that presented themselves before they fade away entirely. Here’s a recap:

SCALE: The Southern California Linux Expo (which, for the record, I refuse to bacronymize in a mixed-case form, so don’t at me about the capital A). I’ve been a regular for yikes years at this point, and have helped coordinate the “libre graphics track” for the past several, but this time I actually had to present a workshop as part of that. It was on the subject of learning Scribus if you’re coming from the world of LibreOffice / Microsoft Word / Google Docs / Etc. Turns out that’s an ambitious subject, scope-wise, and we didn’t get through everything I wanted to.

But for me, that highlights the fact that shifting from one Do Real Work application to another is always a monumental effort. Sure, you can fire up GIMP and do some cropping of images in a matter of minutes. But you can’t drop a full production workflow without a lot of spare time, because every individual sub-task now involves a different order of operations (or different operations), a different cycle of tool-switching, and a different set of cross-checks and QA. I don’t think we give this problem enough attention, especially when the well-meaningers on social media (and yeah, that includes Mastodon, as fully as whatever platform you don’t like) entice people to give it a try like it’s no big thing.

It also reiterated for me how important document templates are. Those are fairly forgettable 99% of the time, but what ships in the template choosers of LibreOffice, WhateverOfficeOnline, and in more specialist apps is what people end up using when they need to get things done. The typography in most FOSS templates is pretty awful: the fonts are weak, the hierarchies are non-existent, the alignments are haphazard, and the optical balance is even more non-existent than the hierarchies. I suspect that this can only being improved with a long, slow, many-person grind. I don’t know where to start.

WAVE and ATypI: Both of these are type-related or type-adjacent events, so I don’t have much that feels relevant to say about them here. WAVE is quite specialized, since it focuses on human writing: just as many of the presenters are linguists as anything else, and the type people made a stronger showing this year than they did in the original event a couple of years back but aren’t the majority. It is genuinely a wake-up call to sit down and learn about a written language that does not operate in the way that your own does, and to hear exactly how many people use it every day (as well as to see photos to remind you that all of this happens in the present, when it’s incredibly easy to write off those concerns as belonging to an earlier era in printing and just presume that Computers Fixed All That. Or that OpenType and Unicode did. Or that FOSS did.).

I do think, however, that most of the FOSS projects I’m involved with keep a stout set of blinders on about non-majority language systems and scripts, and that that’s deeply problematic. Indeed, it was not long ago that I mentioned IRL that GNOME could do a valuable bit of good for the global user community by finding and supporting scripts other than Latin/Greek/Cyrillic — in contrast to today, where the attitude is “oh, those users will figure it out for themselves like they always do aren’t they great over there” and/or “Noto Fixed All That.” It’s not hard to say that the next release of your project will also support, say, Arabic, and to at the very least be deliberate about bringing people into the room to find and test the fonts you need to determine if things are working and look good. Yes, you do have to do actual tests. Yes, I mean you.

ATypI, in contrast, is very much a “type production” event. For me, this year the bit that stood out was behind-the-scenes stuff that eeped out around the seams and got more widely discussed. Like, there was evidently initial interest from some on the local organizing side that there would be a verrrry small list of presenters: less than two dozen, total, for 3–4 days (depending on how you count workshops and exhibits). Far less than two dozen. There are two big gotchas there. First, you have to contend with gatekeeping. All of the well-known people are likely to be the ones with The Exciting Announcement to announce and, in theory, they’re a big part of the draw. But that keeps all the new community members out. Second, it crashes the economic viability of attending the event. The locale this time was Stanford, which (despite being perhaps the world’s only Junior University, look it up) is outrageously expensive, even if you already live outrageously in nearby northern California. And any time people can’t justify the cost of travel, yes you’re gatekeeping again (particularly of the hallway track), but you’re also twisting the dial on your conference further from “I Should Go” over to “Going Is Just Paying Money To Be In The Audience Of A YouTube Video That I Can Watch Any Other Time” … which is a hard dial to reverse.

LGM: The Libre Graphics Meeting seems to be back on its feet and in good form after several post-pandemic years of bumping into things. Massive props. I had a lot of side-project stuff I brought along in disorganized form, although I attended every session. I also quasi-roundtabled a session to talk about how the now defunct “Planet LibreGraphics”, may it rest unpeacefully, used to be the clear answer to the perpetual question of “how do we maintain momentum and connection the rest of the year?”

But whereas the old Planet site was a garden variety class-M aggregator of individual blogs’ RSS or Atom feeds, I’m of the unprofessional opinion that a true community aggregator today has to account for different types of inputs and outputs and user modes (sideputs?). E.g., many projects don’t announce new releases on their project blog anymore; they tag a release on GitHub. That’s a different input. A lot of people don’t post long-form content anymore, but do a lot of microblogging. That might suggest having an ActivityPub output … but it would be a bot, and it would incur a TON of overhead and put scores of messages out all day long, which you definitely couldn’t use on the traditional RSS output. So you probably need to handle those differently, maybe batching the Mastodon bits into a once-per-day blog output?

Ultimately, I’m not sure; there are a lot of these details. We’re way out in the high-cosmic-ray environment of the trans-neptunians here, or some other metaphor. Ping me if you find the question interesting, because I want to talk a lot more about it.

LAS: It was my first time going to the Linux Application Summit, as the kids call it these days, so I have more thoughts to get down about that one. For starters, it wasn’t what I expected, because I expected there to be more people there who develop Linux applications. I covered a lot of growth of post–CD-delivered-and-RPM/Apt-updated packaging efforts when I was toiling as a not-so-young FOSS journalist, so I do think I have the right grounding in systems like Snap, Flatpak, FlatHub, AppKit, immutable-image OS approaches and other user-code–confinement technical building blocks. Except Kubernetes; I never cared about that and never will.

Anyway, all of that stuff (hand-waving) is very much where LAS takes place. It’s really good to see that there are people from multiple application ecosystems talking about how they handle the current set of unsolved problems. Selfishly, one of the sessions that stood out most to me was Carlos Garnacho’s talk about the data-search layer that he’s been working on. The gist there is that it’s for searching local data … which you might think you can already do, but you’d be wrong. You can sort of do filesystem-level text searching, but that doesn’t handle complex stuff, and it really, really doesn’t let you handle per-application searching well. I’ve got a keen interest in what people do with their “big data exports” — we FOSS people like to look down our noses at the public and tell them that they should take all of their content out of The Bad Services and walk into the sunlight. But there’s not anything they can do with it when they get here (or there, depending on how you feel), and they’re the ones holding the bag. The TinySparql and LocalSearch stuff, I think, holds the potential to improve on that in a big way.

I was also quite interested to learn more about how the KDE ecosystem does its builds. I don’t do … builds, at least not in the sense that KDE and GNOME do (nor, who else, who else … Enlightenment, maybe?). But I have been forced against my will to get up to speed on some things like GitHub Actions, and the session about KDE’s build architecture did make me want to go back and re-examine some stuff I’ve built. That being the other sense of “build.” I was also very interested in Evangelos Paterakis’s talk about the gritty realities of picking up an abandoned project, reviving it in fork-form, and getting hit with the consequences of that discussion from both upstream and downstream.

For most people, what matters in these sort of pseudoplumbing projects in what’s going to be accessible in end-user applications whenever they land on the next platform releases. That’s why I thought I might encounter app developers at LAS. Instead, much of the session content was about enhancing the the plumbing layer themselves: what’s going on with portals, how sandbox/confinement techniques either fail-open or fail-close, and where the confined-application model is still leaking.

I suggest checking out Sebastien Wick’s talk about the portal situation if nothing else; the slides are available now, even if the video is not. Whenever the videos go up, I also suggest that everyone watches the session about forking a defunct project … not because it’s something everyone should do, although let’s face it, projects appear and fizzle all the time. But mainly because the social aspects of how a revived fork does or doesn’t catch on are things the FOSS community doesn’t say out loud. Not bad or shameful things, just sharp corners.

All that said, I think that what really needs to happen is for application developers to actually go to this event. I know you think you don’t need to. But the platform layer is another one of those things about which you can easily say “Didn’t Somebody Already Handle That?” and be incorrect for a long period of time before it bites you. Moreover, every time I’ve ever asked the developer of a Mac or Windows desktop app what they know about developing Linux apps, they tell me a story about running into giant potholes, missing documentation, and mismatched API expectations. The presence of Linux app developers at a plumbing-layer conference will not instantly fix that, but I do know that a lot of those Linux developers hit the same roadblocks.

LGM made a massive improvement to the ecosystem of creative-arts apps in FOSS specifically because it involved getting users, app developers, and subsystem developers into a single space. That’s not a magic trick, and the general Linux app universe would benefit from repeating the technique.

Grapholinguistics in the 21st century, also known as /gʁafematik/: This is the one I just came from, and I don’t quite have it all simmered from ingredients into stew just yet. Apart from being hosted in an initially un-airconditioned spot at the university in the hottest UK week since 1666, I don’t think I have any complaints. I introduced speakers and acted as moderator for Q&A blocks, and apart from that I visited with most but not all of the rest of the quantitative type-research clique. You know where to find us.

One takeaway, perhaps, that will be generally useful is that I spent much of the inter-session time when I was on moderator duty trying to gauge the level of nervousness of the upcoming speaker and attempting to defuse it. I don’t know how successful that actually was, but I do think there were sessions elsewhere where it might have made a difference. I don’t know; perhaps that’s projecting.

Anyway, before the Internet runs out of bits, I should wrap up. I do need to be sure to express my appreciation to the GNOME Foundation, who chipped in with some travel expense assistance for LAS, as well as to my friend and mentor-in-a-few-very,-very-limited-capacities-I-can’t-emphasize-that-part-enough Sri Ramkrishna for pinging me about it and then reminding me. I’m definitely glad I went.

At the moment, I’m halfway through reconfiguring the blog site here into static format (fighting Unicode support in the old platform), so don’t count on commenting to work. If you want to reply to anything I said here, try me on Mastodon.

Rockstar Games has revealed the price of Grand Theft Auto VI to be $79.99, and confirmed that the physical versions of the game won't include a disc. Instead, they'll contain a one-time download code when it launches November 19. "Not only is that a disappointing decision for people who like to own physical games, but given the scale of the next GTA, it also sets a bad precedent for the rest of the industry," reports The Verge. From the report: There are a lot of advantages to buying digital. You can start a download from your couch. You can store multiple games on one hard drive so you don't have to get up to play something else. Storefronts like Steam or the PlayStation Store don't run out of inventory of the newest game you're interested in, and you can often get games at a cheaper price thanks to frequent sales. But it's becoming increasingly clear that digital ownership has significant disadvantages, too. If a game you don't own digitally is removed from a storefront, whether that's for things like licensing, artificially limited availability, or even the store eventually closing down, your only option is to hope you can find a physical version. If your account on a platform is banned, even if that ban isn't warranted, you might be locked out of your digital library with no way to play those games unless you buy them again or hope your account gets restored. You can't sell or trade digital games you've purchased, and while there are ways to share digital games, they require some work and are usually intended just for families. It's also much harder to preserve digital games because they only "exist" on the hard drive of a console, PC, or device they were downloaded to. This is an issue across many industries, not just console games; there are multiple examples of things like mobile games and streaming shows becoming lost for good when they don't have a physical version. Without physical versions, you also can't find a used version of a game at a garage sale or a local game shop. It's unclear whether Rockstar will ever release a physical version of the game. As for why, The Verge suspects the decision was made in part to prevent leaks; "by only being available digitally, Rockstar can ensure that GTA VI unlocks at the same exact time for everyone." "The digital-only choice might also indicate that the game has a massive file size that's too big for PlayStation and Xbox game discs."

Read more of this story at Slashdot.

OpenAI and Broadcom have unveiled Jalapeno, OpenAI's first custom AI chip, designed primarily to handle inference for ChatGPT and other services. It's a major step in OpenAI's plan to "build the full stack behind its models and products," says OpenAI. "By designing more of the stack ourselves, we can serve more intelligence with greater efficiency and keep pushing advanced AI toward broader access." CNBC reports: The chip with Broadcom is an ASIC, which industry experts say is less flexible than Nvidia's GPU, but is also less expensive and can be designed for specific AI tasks. OpenAI said that it designed the chip in nine months, and that it also crafted large parts of the computer system where it will be used. The companies are calling the chip an "Intelligence Processor" and describe it as the first "AI accelerator" in a platform they're building "to make advanced AI faster, more reliable, and more accessible to more people." [...] A physical sample of the new chip will be delivered to OpenAI on Wednesday. The companies said they're aiming for initial deployment of the Jalapeno chips by the end of 2026, "expanding in the years ahead."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Barron's: Walmart is signing a long-term contract to buy nuclear power for the first time ever, a promising sign that the industry's future is supported by more than just the AI data center boom. The retail giant agreed on Tuesday to buy power from a nuclear plant in Illinois owned by Constellation Energy for its operations in the area, including its stores and a high-tech warehouse in Illinois that stores and sorts perishable food. Walmart will buy 176 megawatts of power from the plant over a 15-year period, or enough power to serve around 150,000 homes. The Walmart deal will allow Constellation to expand the capacity of the Illinois plant by 30 megawatts, a process known as an uprate, which can involve replacing older equipment and improving efficiency. Walmart, which has pledged to eliminate net carbon emissions from its U.S. operations by 2040, will also receive the environmental attributes associated with the nuclear energy, which generates electricity without carbon emissions. Further reading: Trump Admin Announces $17.5 Billion In Loans For 10 New Large Nuclear Reactors

Read more of this story at Slashdot.

In an exit interview with The Financial Times (paywalled), former Disney CEO Bob Iger says the company seriously considered buying Twitter, explored a potential merger with Apple, and pursued the James Bond franchise during his tenure. The Verge reports: According to Iger, Disney came close to buying Twitter from co-founder Jack Dorsey "at a very attractive price," sometime prior to Elon Musk buying the social media platform in 2022 and changing its name to X. Iger had plans to turn Twitter into a global distribution platform for Disney, but walked away on the morning of the deal over concerns that it would be "a horrible distraction." Disney was also at one point involved in early conversations regarding a potential merger with Apple, something Iger thinks would have been "truly transformational." In the end, Iger says these conversations "never went anywhere," and that "Apple didn't show that much interest." The two companies have a mixed history -- Iger was an Apple board member from 2011 to 2019, and notably a driving force behind Disney acquiring Pixar in 2006, which was led by Apple co-founder Steve Jobs at the time. According to Iger, his first call with Jobs resulted in an almost immediate deal to put Disney content on the first video iPod. "All of a sudden, I'm now someone Steve likes and respects," Iger told The Financial Times. "The old Disney that he knew was lumbering in terms of bureaucracy. And so he thought, this is a new day." The Pixar acquisition spurred Iger to find more companies to bring under Disney's wing, though not every attempt was successful. "We felt unstoppable. We put together a list of acquisition targets," said Iger. "Marvel was one, Star Wars was another, James Bond was one. We had a list and I figured let's just tick them off and buy them all." Iger provides no details about Disney's attempt to buy the James Bond franchise, but we know it obviously failed -- Amazon bought the 007 distribution rights when it acquired MGM in 2022, and later paid more than $1 billion to take full creative control of the franchise in February 2025.

Read more of this story at Slashdot.

A peer-reviewed Nature critique argues that Microsoft's 2025 Majorana quantum-computing breakthrough -- and its claim that it could enable "a truly meaningful quantum computer not in decades, as some have predicted, but in years" -- is fundamentally flawed. According to Dr Henry Legg, a lecturer at the University of St Andrews, the claims were undermined by omitted data, selective plotting, and basic Python errors that concealed alternative results. Microsoft, for its part, says the bugs were minor and stands by its findings and roadmap. The Register reports: "Last year they claimed to be years, not decades from a 'topological quantum supercomputer,'" Legg told The Register in an email. "My feeling is that they are centuries, not decades away. If it works at all -- and, based on what I have seen, the most likely scenario is that it doesn't work." Based on his analysis of the research Microsoft published in 2025, Legg argues that the company's claims about finding and being able to control the elusive Majorana particle to build a topological superconductor do not withstand scrutiny. "I demonstrate that Microsoft's tune-up software is flawed and that coding errors resulted in incorrect statements to peer reviewers," said Legg. "Raw data, which was omitted from the original paper, also appears to indicate Microsoft's devices contain considerable disorder and are not compatible with the existence of a topological gap. In other words, the prerequisites for Microsoft's claims do not appear to be met, but this was obscured because this data did not appear in the original publication." Essentially, Microsoft has proposed a Topological Gap Protocol (TGP) that can be used to detect the phase transition deemed to be a prerequisite for conducting quantum calculations using Majorana particles. Legg argues that based on his analysis of underlying transport data (measurements of particle change) -- omitted from the original publication -- Microsoft chose to focus on results that supported its thesis and ignored data that could be interpreted as a negative result. As he notes in his critique: "The TGP plotting code was set to highlight only the largest purportedly topological region." "The primary consequence was the omission of other regions that passed their tune-up protocol (the TGP)," said Legg. "When peer reviewers asked if other regions existed, Microsoft inaccurately stated that they had investigated the only region passing the protocol within the explored range. This was not correct." Legg also argues that Microsoft mishandled its code. "The code antisymmetrized bias voltage based on array index rather than physical value," his analysis says. In other words, Microsoft's researchers made a basic programming mistake by evaluating the array index -- the number identifying a value's position in an array -- instead of the value to which the index refers. "There were two pretty basic Python programming errors that hid these alternative regions," Legg explained. "Their plotting software was hardcoded with a filter (zbp_cluster_numbers=[1]) that forced it to display only the single largest region, concealing other successful results from their phase maps. Changing this to zbp_cluster_numbers=[1,2] shows already a second region." Legg added: "The TGP software transformed the data by simply reversing a Python array (x[::-1]) based on its index position, ignoring the actual physical bias voltages."

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: The Trump administration is providing $17.5 billion to speed the development of 10 new large nuclear reactors to meet the skyrocketing power demand from massive data centers. Energy Secretary Chris Wright cited "tremendous interest" among developers of data centers that would buy the power, as well as utilities and energy companies. The nuclear plants could begin construction by 2030 and become operational in the mid-2030s, Wright and other officials said Tuesday. "This is the start," Wright said on a call with reporters. "We're going to move with the players that are ready to stand up and move quickly. Once that supply chain is up and running, do we think there will be dozens of these built going forward? I'd be very surprised if there were not." Most U.S. nuclear power plants were built between 1970 and 1990. Only two new large reactors have been built from scratch in the United States in recent decades. Those two reactors, at Georgia Power Co.'s Plant Vogtle, were completed years late and billions of dollars over budget. The 10 new reactors will use the same design, Westinghouse's AP1000. Wright said the Plant Vogtle project struggled because of bad planning, supply chain problems and the COVID-19 pandemic. But, he said, the reactor design is "robust and sound."

Read more of this story at Slashdot.

Most security teams are locked into a perimeter-first mindset. They obsess over north-south traffic—the data hitting the edge—while ignoring the reality of the modern data center. Once an attacker gets a foothold, they don't stay at the edge. They pivot. They move laterally. That's the east-west traffic problem: the internal chatter between servers, microservices, and databases that we treat as "trusted" simply because it’s inside the fence.

Ancient Slashdot reader Mark Round writes: Longtime reader here (since mid-1999 -- Hot Grits! Oog the Caveman! Beowulf clusters!), and I can still remember posting back on Slashdot's own 5th anniversary. Time's rolled on: my own blog just turned 25, and it's now roughly 40 years since I first sat down at a computer. So I went digging through archive.org, old backups, and a box of ZIP disks, and wrote up a long look back at four decades of computing through the one website that's been my online home along the way. It runs from my first 8-bit micro and a 1,200-baud modem through discovering the actual Internet at university (and burning far too many hours on Slashdot and sister sites like freshmeat.net), past gloriously pimped-out Enlightenment Linux desktops, all the way to the modern cloud-native world. Plenty of dodgy screenshots, terrible code, and fond memories of long-gone haunts like kuro5hin.org and Linux Coffee Talk along the way.

Read more of this story at Slashdot.

alternative_right shares a report from ScienceAlert: If you consumed a wild mushroom and suddenly started seeing tiny people around you, you might reasonably assume it contained a familiar psychedelic. But that does not appear to be the case with Lanmaoa asiatica, known locally as jian shou qing, a mushroom species sold in markets in Yunnan, southwestern China. When eaten undercooked, the mushroom can produce vivid visions of miniature people -- not unlike Gulliver on his travels to Lilliput. To try and find out the root cause, University of Utah mycologists Colin Domnauer and Bryn Dentinger sequenced the genomes of 53 mushroom samples from across the wider Lanmaoa genus. And despite the reported hallucinations, they found no close matches to genes associated with psilocybin or ibotenic acid, two well-known mushroom hallucinogens whose biosynthetic pathways were specifically examined in the study. "Biosynthetic gene mining of the L. asiatica genome found no close hits with any genes known in the production of mushroom psychoactive compounds," write the researchers in their published paper. "This supports our hypothesis of the presence of a novel unidentified metabolite responsible for the unique hallucinogenic properties of L. asiatica." [...] Whatever chemical pathways are causing these effects in the brain, the responsible compound appears to be something scientists have not yet identified. [...] By identifying 1,515 corresponding genes across the selected specimens, the researchers obtained a clearer answer to the question of what defines a mushroom species as part of the genus Lanmaoa. There are now 17 recognized species in the genus, including four that haven't been identified before, two of which the researchers specifically named here: Lanmaoa fallax and Lanmaoa carbonilivor. The researchers say the Lanmaoa family and evolutionary tree can now be more fully mapped out, and some existing specimens may need to be reclassified.

Read more of this story at Slashdot.

fjo3 shares a report from the AFP: The latest heatwave sweeping across Europe is a stark reminder that it is the world's fastest-warming continent, stretching into an Arctic that is heating at an even greater pace. Britain, France, Italy and Spain have issued red alerts and health warnings for much of their territory this week as the region endures its second heat episode since May. Here is a look at why Europe is warming faster than elsewhere: The planet as a whole is around 1.4C warmer than in preindustrial times, defined as 1850-1900. By comparison, Europe is around 2.4C hotter than the preindustrial era, according to the EU's Copernicus Climate Change Service. The long-term rise in global average temperatures is mainly due to greenhouse gas emissions from burning oil, gas and coal, but it varies by regions due to a combination of factors. Land warms faster than the ocean as water can absorb more heat and cool through evaporation. Shifts in atmospheric circulation have driven more frequent and more intense heatwaves in the European summer, according to Copernicus. High-pressure systems, which bring settled weather and higher temperatures, have become more common in Europe, Copernicus director Carlo Buontempo said. [...] Another major reason is geography as Europe is connected to the Arctic, which is 3.2C warmer than in preindustrial times. The region's rising temperatures are partly due to a process known as the albedo feedback. Bright snow and ice reflect much of the sun's heat back into space, but as they melt they reveal darker, heat-absorbing surfaces such as land and the ocean. In other parts of Europe, areas where snow was very frequent in winter have seen this coverage shrink, exposing dark land. Stricter air quality regulations have reduced aerosol emissions since the 1980s. But tackling the pollutant had the side effect of contributing to global warming, as these tiny airborne particles have a cooling effect by reflecting sunlight and making clouds more reflective.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: A tech sell-off shook global markets on Tuesday as attention turned away from developments in the US war with Iran and toward the future of AI companies and chipmakers that have driven stock markets to record highs. The tech-heavy Nasdaq index closed 2.2% lower on Tuesday. The S&P 500 was also down by Tuesday afternoon, dropping 1.43% while the Dow remained steady. All three major US indices have hit record highs this year, riding off a rush of funding to support AI technology and infrastructure. Nasdaq is up 10% for the year, while the Dow jumped 6% so far this year, breaching past 51,000 points, and the S&P 500 is up 7.3%. But some economists have warned that the influx of AI spending is a bubble reminiscent of the dot-com bubble that burst in the early 2000s. Seven tech companies make up 30% of the S&P 500's value. The heavy reliance on a single industry and a few key companies has some investors wondering if it's a matter of when, not if, there will be a burst. Those concerns have been heightened by signals from the Federal Reserve last week that it may increase interest rates, and therefore the cost of borrowing, in order to tackle rising inflation. Alphabet fell 5% on Monday. SpaceX plunged 16%. The selloff also spread to Asia, with South Korea's benchmark dropping 10% as SK Hynix and Samsung Electronics each lost more than 12%, while Japan's Nikkei 225 declined 3.5%.

Read more of this story at Slashdot.

A 29-year-old bug in the Squid web proxy, dubbed Squidbleed and tracked as CVE-2026-47729, can let an authorized proxy user retrieve fragments of another user's cleartext HTTP requests, including credentials and session tokens. The security researcher who reported the flaw credited Anthropic's Claude Mythos Preview for the discovery. The Hacker News reports: Squid describes this as an attack by a trusted client: someone already permitted to use the proxy, not any random host on the internet. That matches Squid's usual home, shared networks like schools, offices, and public Wi-Fi. In those setups, the attacker is just another user of the same proxy. The leak also only reaches traffic that Squid can read. Normal HTTPS rides an opaque CONNECT tunnel, so Squid never sees inside it; the exposed traffic is cleartext HTTP, plus TLS-terminating setups where Squid decrypts and inspects. The attacker also needs the proxy to reach an FTP server they control on port 21. Both FTP and that port are on by default. [...] If you patch, verify the fix, not just the version. Confirm the guard is in FtpGateway.cc, or check your distribution's backport, since distros ship their own builds (Debian packages Squid 5.7). The public thread is still inconsistent: maintainer Amos Jeffries first said Squid 7.6 carried the fix, then corrected that to 7.7, and on June 22 Debian's Salvatore Bonaccorso noted the referenced commit looks like it is already in 7.6. The fix is small, a null-terminator check before the vulnerable strchr calls, merged to the development branch in April and v7 in May. Squid 7.6 does separately patch CVE-2026-50012, an unrelated cache_digest heap overflow. The cleaner move is the one the researchers recommend anyway: turn FTP off. Chromium dropped FTP years ago, and most networks carry almost none of it, so disabling it removes this attack surface for free, whatever build you run. The risk is real but bounded. SUSE rates it moderate, CVSS 6.5, and the vector explains the score: the attacker needs proxy access (low privileges), and the only impact is confidentiality, nothing on integrity or availability.

Read more of this story at Slashdot.

Longtime Slashdot reader hackingbear shares a report from TOP500: The 67th edition of the TOP500 list of the world's most powerful supercomputers was announced today at the ISC 2026 conference in Hamburg, Germany. LineShine, a previously unlisted system installed in China, debuts at No. 1, displacing El Capitan as the world's most powerful supercomputer as measured by the High Performance Linpack (HPL) benchmark. LineShine achieved 2.198 Exaflop/s on HPL -- about 80 percent of its 2.736 Exaflop/s theoretical peak -- making it the first system on the TOP500 to exceed two exaflops of sustained double-precision performance using CPUs only. Installed at the National Supercomputing Centre in Shenzhen (NSCS) and built by the Shenzhen Cloud Computing Center, the system is based on a custom Chinese processor and the "LingKun" platform: 13.79 million cores across 304-core LX2 processors running at 1.55 GHz, linked by the proprietary LingQi interconnect and running Kylin OS. LineShine draws approximately 42.2 megawatts of power, for an efficiency of 52.07 Gigaflops/Watt. Its debut marks the first time since 2017 that a Chinese system has led the TOP500, and it also takes over the No. 1 position on the HPCG ranking with 22.00 HPCG-Petaflop/s. On the HPL-MxP mixed-precision benchmark, LineShine reached 7.92 Exaflop/s for fourth place, a comparatively modest 3.6x speedup over its HPL score that points to a CPU-only design without dedicated low-precision accelerators. While impressive, "the results may say more about Beijing's desire to show self-sufficiency in computing systems than its standing in the global AI race," reports Reuters. Reuters interviewed tech and policy experts who said that the results "do not mean that China has the world's fastest computer for AI work because of changes in the computing industry in recent years and the methods used to compile the list." The reports notes that LineShine "ranked fourth on a benchmark test designed to simulate computing work that is more similar to AI." Jimmy Goodrich, a senior fellow at the University of California's Institute for Global Conflict and Cooperation, said: "If the hyperscalers submitted their systems, this 'world's fastest' would not crack the top five." Addison Snell, CEO of Intersect360 Research, a firm that focuses on supercomputers, added: "I'm not surprised it's the number one system. What I'm surprised by is that they submitted it and want recognition for it."

Read more of this story at Slashdot.

Wikipedia cofounder Larry Sanger has been indefinitely banned from editing the site after editors concluded that he violated its canvassing rules, "or in other words, calling on his followers off platform in order to influence Wikipedia's content," reports 404 Media. Sanger says the ban proves Wikipedia suppresses ideological diversity, while editors argue he was trying to mobilize an outside audience to influence internal decisions and had ignored an earlier warning. From the report: The discussion that led to the decision to ban Sanger concluded with what an editor called a "clear consensus" to ban Sanger. "There is general agreement among participants that he has engaged in off-wiki canvassing and is not here to constructively build the encyclopedia," the editor said in a note closing the discussion. "There is also a significant concern shared by many editors that his actions constitute calls for outing." While Sanger has been railing about bias on Wikipedia for years, the specific issue here is around his WikiProject Intellectual Diversity. WikiProjects are group efforts among Wikipedia volunteers to deal with certain issues on the site. [...] Sanger's WikiProject Intellectual Diversity, as its name implies, aims to bring more intellectual diversity to the site, mostly meaning more right-leaning perspectives. Sanger's WikiProject Intellectual Diversity and its goals alone do not merit a ban according to Wikipedia's policies. The problem, according to Wikipedia editors, is that during the discussion about whether to allow WikiProject Intellectual Diversity to become an official WikiProject, Sanger invited his 91,000 followers on X to influence that discussion. Discussions about potential bans are supposed to remain open for at least 72 hours. While consensus that Sanger had violated Wikipedia policies was clear, Sanger was banned at some point before that deadline. He was then briefly unbanned, and then again indefinitely banned once 72 hours had elapsed and the discussion about the ban closed. "Wikipedia has become more of a mob-rule anarchy than ever," Sanger said in a statement sent to me by a spokesperson. "In the kangaroo court in which a mob ousted me, Wikipedia's administrators showed that they don't appear to value details like formal charges, a designated prosecutor, basic decorum, distinction between prosecution and judge, dispassionate adjudication, and so forth. They have no proper system other than triggering a mob to selectively enforce their hodgepodge of vague rules." "Now that same mob has blocked me for trying to bring an intellectually diverse group of thinkers and editors to the site," Sanger continued. "Subscribing to their groupthink is now an official requirement of being a member in good standing. Something must change, and now. I only wonder if the system as it currently stands can even allow the discourse necessary to fix the system."

Read more of this story at Slashdot.

Walmart is acquiring self-serve connected-TV ad platform Vibe.co for a reported $1.4 billion, adding it to an advertising ecosystem that already includes smart-TV maker Vizio. AdExchanger reports: On Tuesday, Walmart announced that it is buying Vibe.co, the French self-serve ad platform that specializes in helping small brands buy streaming commercials with similar ease and precision as they get from search and social. Vibe has been vying for a bigger share of the ad dollars moving to connected TV, especially in the US, as evidenced by the company's ubiquitous billboards in major cities including New York and San Francisco. Now, Vibe joins Walmart Connect's commerce ecosystem alongside the smart TV maker Vizio. And Vibe's tech is poised to help unify Walmart's growing CTV footprint with the closed-loop attribution provided by its retail sales data. [...] Together, Walmart and Vibe.co strive to "build the best ecosystem for the performance TV market," Vibe CEO and Co-Founder Arthur Querou told AdExchanger. Performance CTV has a high ceiling for growth. The performance budgets dedicated for streaming platforms are still small potatoes compared to search and social, Querou said. Only one-quarter of CTV ad campaigns have lower-funnel objectives, and that number has been static for years, according to data from Advertiser Perceptions. Now that Walmart owns both Vibe and Vizio, advertisers should have an easier time tying streaming campaigns to shopper data. That promise stands to win Walmart more marketing dollars earmarked for retail media and streaming behemoths -- including Amazon. Walmart is especially interested in attracting more small- and medium-sized businesses (SMBs) who lack the tools, budgets or teams to invest in streaming TV, a Walmart spokesperson told AdExchanger. Other ad platforms, including MNTN and Magnite, have likewise targeted SMB advertisers as a source for continued growth in the CTV market. By adding Vibe.co, Walmart can court SMBs with the pitch that its new self-serve tools will make it easier for them to execute CTV campaigns. Plus, SMBs tend to prioritize performance campaigns, since they are under more pressure to justify tighter ad budgets and thus have to be more selective about which platforms they advertise on. And Walmart is better positioned than most platforms to prove its ads drove performance thanks to its retail data foundation.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: Mr. Zuckerberg, the chief executive of Meta, recently dispatched a small team at his company to create a smartphone app similar to Polymarket and Kalshi, two employees with knowledge of the matter said. Users would not wager money, and the app would probably rely on a video game-like points system instead, one person said, though the company had not ruled out the eventual use of real money betting. The app is internally referred to as "Arena" and would function independently from Meta's social networking apps, which include Facebook, Instagram, WhatsApp and Messenger, said the employees, who spoke on the condition of anonymity to discuss confidential plans. Meta aims to grow the app by leveraging its large social networking audiences and directing them toward using it, they said. The effort, which insiders characterized as experimental but a top priority, is part of a broader push by Mr. Zuckerberg to create new types of apps based on emerging social behavior online. More than 3.56 billion people visit one or more of Meta's apps every day, an amount that has raised questions about whether those platforms have reached a saturation point. Arena is one of a handful of apps that Meta is trying out. Others include one called Meta Photos, another stand-alone app which would create new types of media using artificial intelligence, the employees said. [...] Meta insiders have cautioned that Arena remains in development and may not be released. But as executives search for ways to keep the world's largest social media sites thriving, Mr. Zuckerberg appears to be relying on his well-worn product development strategy: Follow the users.

Read more of this story at Slashdot.

When a production server spikes at 99% CPU or the disk starts grinding, the knee-jerk reaction is usually to blame a bad code push or a runaway backup job. But if you’ve spent enough time in security incident response, you know that "performance issues" are often the first sign that you’re dealing with Linux malware.

A newly disclosed FFmpeg vulnerability, known as PixelSmash (CVE-2026-8461), affects the MagicYUV decoder and can be triggered by specially crafted video files.