The Almighty Buck

Prime Day Loses Its Spark As Sales Nosedive 41% (pymnts.com) 241

Amazon's Prime Day sales plunged 41% on the first day compared to last year's kickoff, with experts attributing the drop to shoppers delaying purchases in anticipation of better deals during the extended four-day event. From a report: Momentum Commerce reported that figure for Tuesday (July 8), with Momentum's Founder and CEO John Shea saying that the sales numbers for this year's longer event could still surpass those of last year's shorter one, Bloomberg reported Wednesday (July 9). Shea attributed the drop in first-day sales to consumers putting items in their shopping carts but holding off on completing the purchase in case better deals come along, according to the report. Last year's shorter event encouraged shoppers to head to checkout to ensure they wouldn't miss out on the discounts, Shea said, per the report. Amazon Prime Vice President Jamil Ghani remains optimistic, telling Bloomberg Television the company was "pleased by the engagement" with shoppers during the event and that it is "very early." He said the company extended the duration of Prime Day because shoppers wanted more time to discover the deals.

According to numbers provided by Adobe, Prime Day's kickoff surpassed Thanksgiving 2024's $6.1 billion in eCommerce spend. The software company also found that 50.2% of sales came through a mobile device and that buy now, pay later orders for Amazon's Prime Day were up 13.6% year over year.
Software

Soundslice Adds ASCII Tab Support After ChatGPT Hallucinates Feature 39

After discovering that ChatGPT was falsely telling users that Soundslice could convert ASCII tablature into playable music, founder Adrian Holovaty decided to actually build the feature -- even though the app was never designed to support that format. TechCrunch reports: Soundslice is an app for teaching music, used by students and teachers. It's known for its video player synchronized to the music notations that guide users on how the notes should be played. It also offers a feature called "sheet music scanner" that allows users to upload an image of paper sheet music and, using AI, will automatically turn that into an interactive sheet, complete with notations. [Adrian Holovaty, founder of music-teaching platform Soundslice] carefully watches this feature's error logs to see what problems occur, where to add improvements, he said. That's where he started seeing the uploaded ChatGPT sessions.

They were creating a bunch of error logs. Instead of images of sheet music, these were images of words and a box of symbols known as ASCII tablature. That's a basic text-based system used for guitar notations that uses a regular keyboard. (There's no treble key, for instance, on your standard QWERTY keyboard.) The volume of these ChatGPT session images was not so onerous that it was costing his company money to store them and crushing his app's bandwidth, Holovaty said. He was baffled, he wrote in a blog post about the situation.

"Our scanning system wasn't intended to support this style of notation. Why, then, were we being bombarded with so many ASCII tab ChatGPT screenshots? I was mystified for weeks -- until I messed around with ChatGPT myself." That's how he saw ChatGPT telling people they could hear this music by opening a Soundslice account and uploading the image of the chat session. Only, they couldn't. Uploading those images wouldn't translate the ASCII tab into audio notes. He was struck with a new problem. "The main cost was reputational: New Soundslice users were going in with a false expectation. They'd been confidently told we would do something that we don't actually do," he described to TechCrunch.

He and his team discussed their options: Slap disclaimers all over the site about it -- "No, we can't turn a ChatGPT session into hearable music" -- or build that feature into the scanner, even though he had never before considered supporting that offbeat musical notation system. He opted to build the feature. "My feelings on this are conflicted. I'm happy to add a tool that helps people. But I feel like our hand was forced in a weird way. Should we really be developing features in response to misinformation?" he wrote.
Robotics

Hugging Face Launches $299 Robot That Could Disrupt Entire Robotics Industry (venturebeat.com) 69

An anonymous reader quotes a report from VentureBeat: Hugging Face, the $4.5 billion artificial intelligence platform that has become the GitHub of machine learning, announced Tuesday the launch of Reachy Mini, a $299 desktop robot designed to bring AI-powered robotics to millions of developers worldwide. The 11-inch humanoid companion represents the company's boldest move yet to democratize robotics development and challenge the industry's traditional closed-source, high-cost model.

The announcement comes as Hugging Face crosses a significant milestone of 10 million AI builders using its platform, with CEO Clement Delangue revealing in an exclusive interview that "more and more of them are building in relation to robotics." The compact robot, which can sit on any desk next to a laptop, addresses what Delangue calls a fundamental barrier in robotics development: accessibility. "One of the challenges with robotics is that you know you can't just build on your laptop. You need to have some sort of robotics partner to help in your building, and most people won't be able to buy $70,000 robots," Delangue explained, referring to traditional industrial robotics systems and even newer humanoid robots like Tesla's Optimus, which is expected to cost $20,000-$30,000.

Reachy Mini emerges from Hugging Face's April acquisition of French robotics startup Pollen Robotics, marking the company's most significant hardware expansion since its founding. The robot represents the first consumer product to integrate natively with the Hugging Face Hub, allowing developers to access thousands of pre-built AI models and share robotics applications through the platform's "Spaces" feature. [...] Reachy Mini packs sophisticated capabilities into its compact form factor. The robot features six degrees of freedom in its moving head, full body rotation, animated antennas, a wide-angle camera, multiple microphones, and a 5-watt speaker. The wireless version includes a Raspberry Pi 5 computer and battery, making it fully autonomous. The robot ships as a DIY kit and can be programmed in Python, with JavaScript and Scratch support planned. Pre-installed demonstration applications include face and hand tracking, smart companion features, and dancing moves. Developers can create and share new applications through Hugging Face's Spaces platform, potentially creating what Delangue envisions as "thousands, tens of thousands, millions of apps."
Reachy Mini's $299 price point could significantly transform robotics education and research. "Universities, coding bootcamps, and individual learners could use the platform to explore robotics concepts without requiring expensive laboratory equipment," reports VentureBeat. "The open-source nature enables educational institutions to modify hardware and software to suit specific curricula. Students could progress from basic programming exercises to sophisticated AI applications using the same platform, potentially accelerating robotics education and workforce development."

"... For the first time, a major AI platform is betting that the future of robotics belongs not in corporate research labs, but in the hands of millions of individual developers armed with affordable, open-source tools."
AI

McDonald's AI Hiring Bot Exposed Millions of Applicants' Data To Hackers 25

An anonymous reader quotes a report from Wired: If you want a job at McDonald's today, there's a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and resume, directs them to a personality test, and occasionally makes them "go insane" by repeatedly misunderstanding their most basic questions. Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants -- including all the personal information they shared in those conversations -- with tricks as straightforward as guessing the username and password "123456."

On Wednesday, security researchers Ian Carroll and Sam Curryrevealedthat they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with along track record of independent security testing, discovered that simple web-based vulnerabilities -- including guessing one laughably weak password -- allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.

Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener and personality test. "I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more," says Carroll. "So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years."
Paradox.ai confirmed the security findings, acknowledging that only a small portion of the accessed records contained personal data. The company stated that the weak-password account ("123456") was only accessed by the researchers and no one else. To prevent future issues, Paradox is launching a bug bounty program. "We do not take this matter lightly, even though it was resolved swiftly and effectively," Paradox.ai's chief legal officer, Stephanie King, told WIRED in an interview. "We own this."

In a statement to WIRED, McDonald's agreed that Paradox.ai was to blame. "We're disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us," the statement reads. "We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection."
AI

Microsoft Touts $500 Million in AI Savings While Slashing Jobs (yahoo.com) 28

Microsoft is keen to show employees how much AI is transforming its own workplace, even as the company terminates thousands of personnel. From a report: During a presentation this week, Chief Commercial Officer Judson Althoff said artificial intelligence tools are boosting productivity in everything from sales and customer service to software engineering, according to a person familiar with his remarks.

Althoff said AI saved Microsoft more than $500 million last year in its call centers alone and increased both employee and customer satisfaction, according to the person, who requested anonymity to discuss an internal matter. The company is also starting to use AI to handle interactions with smaller customers, Althoff said. This effort is nascent, but already generating tens of millions of dollars, he said.

Data Storage

UK Police Dangle $102 Million To Digitize Its VHS Tape Archives (theregister.com) 34

The UK police plan to spend up to 75 million pounds ($102 million) to digitize their vast archive of VHS tapes, aiming to preserve evidence by converting analog media into digital files integrated with evidence management systems. The procurement includes both in-house solutions and outsourced services, with additional funding earmarked for converting other legacy formats like microfiche and DVDs. The Register reports: According to a tender notice published last week, Bluelight Commercial - a not-for-profit buyer that acts on behalf of the emergency services - says the police force requires either in-house technology or outsourced services to convert the arcane magnetic tape format to digital storage. The notice, which sets out procurement plans, says the framework agreement will help forces with the "conversion of analog media to digital records, including metadata for integration with a digital evidence management system."

In the first lot of the framework, Bluelight asks for in-house VHS media digitization software, hardware, and training to "enable a Police Force to convert VHS tapes to digital files." This chunk of the arrangement could be worth 50 million pounds ($68 million) for four years, excluding VAT. The second lot asks for outsourced VHS media digitization "for the provision of conversion services delivered completely by a third party with electronic files being returned securely to the customer force." The output is also set to be ingested by a digital evidence management solution. It could be worth up to 25 million pounds ($34 million) over the same period. In addition, Bluelight Commercial is looking for a provider to help with more niche media digitization, including converting microfiche, CD, DVDs to an electronic file format, in an arrangement which could be worth a total of up to 25 million pounds ($34 million).

AI

Linux Foundation Adopts A2A Protocol To Help Solve One of AI's Most Pressing Challenges 38

An anonymous reader quotes a report from ZDNet: The Linux Foundation announced at the Open Source Summit in Denver that it will now host the Agent2Agent (A2A) protocol. Initially developed by Google and now supported by more than 100 leading technology companies, A2A is a crucial new open standard for secure and interoperable communication between AI agents. In his keynote presentation, Mike Smith, a Google staff software engineer, told the conference that the A2A protocol has evolved to make it easier to add custom extensions to the core specification. Additionally, the A2A community is working on making it easier to assign unique identities to AI agents, thereby improving governance and security.

The A2A protocol is designed to solve one of AI's most pressing challenges: enabling autonomous agents -- software entities capable of independent action and decision-making -- to discover each other, securely exchange information, and collaborate across disparate platforms, vendors, and frameworks. Under the hood, A2A does this work by creating an AgentCard. An AgentCard is a JavaScript Object Notation (JSON) metadata document that describes its purpose and provides instructions on how to access it via a web URL. A2A also leverages widely adopted web standards, such as HTTP, JSON-RPC, and Server-Sent Events (SSE), to ensure broad compatibility and ease of integration. By providing a standardized, vendor-neutral communication layer, A2A breaks down the silos that have historically limited the potential of multi-agent systems.

For security, A2A comes with enterprise-grade authentication and authorization built in, including support for JSON Web Tokens (JWTs), OpenID Connect (OIDC), and Transport Layer Security (TLS). This approach ensures that only authorized agents can participate in workflows, protecting sensitive data and agent identities. While the security foundations are in place, developers at the conference acknowledged that integrating them, particularly authenticating agents, will be a hard slog.
Antje Barth, an Amazon Web Services (AWS) principal developer advocate for generative AI, explained what the adoption of A2A will mean for IT professionals: "Say you want to book a train ride to Copenhagen, then a hotel there, and look maybe for a fancy restaurant, right? You have inputs and individual tasks, and A2A adds more agents to this conversation, with one agent specializing in hotel bookings, another in restaurants, and so on. A2A enables agents to communicate with each other, hand off tasks, and finally brings the feedback to the end user."

Jim Zemlin, executive director of the Linux Foundation, said: "By joining the Linux Foundation, A2A is ensuring the long-term neutrality, collaboration, and governance that will unlock the next era of agent-to-agent powered productivity." Zemlin expects A2A to become a cornerstone for building interoperable, multi-agent AI systems.
United States

A Marco Rubio Impostor is Using AI Voice To Call High-Level Officials (msn.com) 45

An impostor pretending to be Secretary of State Marco Rubio contacted foreign ministers, a U.S. governor and a member of Congress by sending them voice and text messages that mimic Rubio's voice and writing style using AI-powered software, Washington Post reported Tuesday, citing a senior U.S. official and a State Department cable. From the report: U.S. authorities do not know who is behind the string of impersonation attempts but they believe the culprit was probably attempting to manipulate powerful government officials "with the goal of gaining access to information or accounts," according to a cable sent by Rubio's office to State Department employees.

Using both text messaging and the encrypted messaging app Signal, which the Trump administration uses extensively, the impostor "contacted at least five non-Department individuals, including three foreign ministers, a U.S. governor, and a U.S. member of Congress," said the cable, dated July 3. The impersonation campaign began in mid-June when the impostor created a Signal account using the display name "Marco.Rubio@state.gov" to contact unsuspecting foreign and domestic diplomats and politicians, said the cable.

Open Source

The Open-Source Software Saving the Internet From AI Bot Scrapers (404media.co) 33

An anonymous reader quotes a report from 404 Media: For someone who says she is fighting AI bot scrapers just in her free time, Xe Iaso seems to be putting up an impressive fight. Since she launched it in January, Anubis, a "program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies," has been downloaded nearly 200,000 times, and is being used by notable organizations including GNOME, the popular open-source desktop environment for Linux, FFmpeg, the open-source software project for handling video and other media, and UNESCO, the United Nations organization for educations, science, and culture. [...]

"Anubis is an uncaptcha," Iaso explains on her site. "It uses features of your browser to automate a lot of the work that a CAPTCHA would, and right now the main implementation is by having it run a bunch of cryptographic math with JavaScript to prove that you can run JavaScript in a way that can be validated on the server." Essentially, Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot. One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do. This check is invisible to the user, and most browsers since 2022 are able to complete this test. In theory, bot scrapers could pretend to be users with browsers as well, but the additional computational cost of doing so on the scale of scraping the entire internet would be huge. This way, Anubis creates a computational cost that is prohibitively expensive for AI scrapers that are hitting millions and millions of sites, but marginal for an individual user who is just using the internet like a human.

Anubis is free, open source, lightweight, can be self-hosted, and can be implemented almost anywhere. It also appears to be a pretty good solution for what we've repeatedly reported is a widespread problem across the internet, which helps explain its popularity. But Iaso is still putting a lot of work into improving it and adding features. She told me she's working on a non cryptographic challenge so it taxes users' CPUs less, and also thinking about a version that doesn't require JavaScript, which some privacy-minded disable in their browsers. The biggest challenge in developing Anubis, Iaso said, is finding the balance. "The balance between figuring out how to block things without people being blocked, without affecting too many people with false positives," she said. "And also making sure that the people running the bots can't figure out what pattern they're hitting, while also letting people that are caught in the web be able to figure out what pattern they're hitting, so that they can contact the organization and get help. So that's like, you know, the standard, impossible scenario."

Nintendo

Nintendo Wants To Keep 'Traditional Approach' To Development as Costs Skyrocket (theverge.com) 27

Nintendo plans to maintain its "traditional approach" to game development while managing rising costs during the Switch 2 transition, company president Shuntaro Furukawa said during a recent shareholders meeting.

"Recent game software development has become larger in scale and longer in duration, resulting in higher development costs," he said, adding that "rising development costs are increasing that risk" in what has always been "a high-risk business."

Nintendo's development teams are "currently devising various ways to maintain our traditional approach to creating games amidst the increasing scale and length of development," Furukawa said. The company believes, he said, "it is important to make the necessary investments for more efficient development."

The early Switch 2 lineup reflects increased ambition, with Mario Kart World introducing open-world structure to the racing series and Donkey Kong Bananza adding destructive elements to 3D platforming. Mario Kart World sells for $79.99, $10 more than most Nintendo games, while the Switch 2 costs $449.99, a $100 increase over the Switch OLED.
GNU is Not Unix

The FSF Faces Active 'Ongoing and Increasing' DDoS Attacks (fsf.org) 34

The Free Software Foundation's services face "ongoing (and increasing) distributed denial of service (DDoS) attacks," senior systems administrator Ian Kelling wrote Wednesday. But "Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins."

"We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue." Our infrastructure has been under attack since August 2024. Large Language Model (LLM) web crawlers have been a significant source of the attacks, and as for the rest, we don't expect to ever know what kind of entity is targeting our sites or why.

- In the fall Bulletin, we wrote about the August attack on gnu.org. That attack continues, but we have mitigated it. Judging from the pattern and scope, the goal was likely to take the site down and it was not an LLM crawler. We do not know who or what is behind the attack, but since then, we have had more attacks with even higher severity.

- To begin with, GNU Savannah, the FSF's collaborative software development system, was hit by a massive botnet controlling about five million IPs starting in January. As of this writing, the attack is still ongoing, but the botnet's current iteration is mitigated. The goal is likely to build an LLM training dataset. We do not know who or what is behind this.

- Furthermore, gnu.org and ftp.gnu.org were targets in a new DDoS attack starting on May 27, 2025. Its goal seems to be to take the site down. It is currently mitigated. It has had several iterations, and each has caused some hours of downtime while we figured out how to defend ourselves against it. Here again, the goal was likely to take our sites down and we do not know who or what is behind this.

- In addition, directory.fsf.org, the server behind the Free Software Directory, has been under attack since June 18. This likely is an LLM scraper designed to specifically target Media Wiki sites with a botnet. This attack is very active and now partially mitigated...

Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins. We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue.

The full-time FSF tech staff is just two systems administrators, "and we currently lack the funds to hire more tech staff any time soon," Kelling points out. Kelling titled his post "our small team vs millions of bots," suggesting that supporters purchase FSF memberships "to improve our staffing situation... Can you join us in our crucial work to guard user freedom and defy dystopia?"

Kelling also points out they're also facing "run-of-the-mill standard crawlers, SEO crawlers, crawlers pretending to be normal users, crawlers pretending to be other crawlers, uptime systems, vulnerability scanners, carrier-grade network address translation, VPNs, and normal browsers hitting our sites..."

"Some of the abuse is not unique to us, and it seems that the health of the web has some serious problems right now."
AI

'Vibe Coder' Who Doesn't Know How to Code Keeps Winning Hackathons in San Francisco (sfstandard.com) 179

An anonymous reader shared this report from the San Francisco Standard: About an hour into my meeting with the undisputed hackathon king of San Francisco, Rene Turcios asked if I wanted to smoke a joint with him. I politely declined, but his offer hardly surprised me. Turcios has built a reputation as a cannabis-loving former professional Yu-Gi-Oh! player who resells Labubus out of his Tenderloin apartment when he's not busy attending nearly every hackathon happening in the city. Since 2023, Turcios, 29, has attended more than 200 events, where he's won cash, software credits, and clout. "I'm always hustling," he said.

The craziest part: he doesn't even know how to code.

"Rene is the original vibe coder," said RJ Moscardon, a friend and fellow hacker who watched Turcios win second place at his first-ever hackathon at the AGI House mansion in Hillsborough. "All the engineers with prestigious degrees scoffed at him at first. But now they're all doing exactly the same thing...." Turcios was vibe coding long before the technique had a name — and was looked down upon by longtime hackers for using AI. But as Tiger Woods once said, "Winning takes care of everything...."

Instead of vigorously coding until the deadline, he finished his projects hours early by getting AI to do the technical work for him. "I didn't write a single line of code," Turcios said of his first hackathon where he prompted ChatGPT using plain English to generate a program that can convert any song into a lo-fi version. When the organizers announced Turcios had won second place, he screamed in celebration.... "I realized that I could compete with people who have degrees and fancy jobs...."

Turcios is now known for being able to build anything quickly. Businesses reach out to him to contract out projects that would take software engineering teams weeks — and he delivers in hours. He's even started running workshops to teach non-technical groups and experienced software engineers how to get the most out of AI for coding.

"He grew up in Missouri to parents who worked in an international circus, taming bears and lions..."
Programming

How Do You Teach Computer Science in the Age of AI? (thestar.com.my) 177

"A computer science degree used to be a golden ticket to the promised land of jobs," a college senior tells the New York Times. But "That's no longer the case."

The article notes that in the last three years there's been a 65% drop from companies seeking workers with two years of experience or less (according to an analysis by technology research/education organization CompTIA), with tech companies "relying more on AI for some aspects of coding, eliminating some entry-level work."

So what do college professors teach when AI "is coming fastest and most forcefully to computer science"? Computer science programs at universities across the country are now scrambling to understand the implications of the technological transformation, grappling with what to keep teaching in the AI era. Ideas range from less emphasis on mastering programming languages to focusing on hybrid courses designed to inject computing into every profession, as educators ponder what the tech jobs of the future will look like in an AI economy... Some educators now believe the discipline could broaden to become more like a liberal arts degree, with a greater emphasis on critical thinking and communication skills.

The National Science Foundation is funding a program, Level Up AI, to bring together university and community college educators and researchers to move toward a shared vision of the essentials of AI education. The 18-month project, run by the Computing Research Association, a research and education nonprofit, in partnership with New Mexico State University, is organising conferences and roundtables and producing white papers to share resources and best practices. The NSF-backed initiative was created because of "a sense of urgency that we need a lot more computing students — and more people — who know about AI in the workforce," said Mary Lou Maher, a computer scientist and a director of the Computing Research Association.

The future of computer science education, Maher said, is likely to focus less on coding and more on computational thinking and AI literacy. Computational thinking involves breaking down problems into smaller tasks, developing step-by-step solutions and using data to reach evidence-based conclusions. AI literacy is an understanding — at varying depths for students at different levels — of how AI works, how to use it responsibly and how it is affecting society. Nurturing informed skepticism, she said, should be a goal.

The article raises other possibilities. Experts also suggest the possibility of "a burst of technology democratization as chatbot-style tools are used by people in fields from medicine to marketing to create their own programs, tailored for their industry, fed by industry-specific data sets." Stanford CS professor Alex Aiken even argues that "The growth in software engineering jobs may decline, but the total number of people involved in programming will increase."

Last year, Carnegie Mellon actually endorsed using AI for its introductory CS courses. The dean of the school's undergraduate programs believes that coursework "should include instruction in the traditional basics of computing and AI principles, followed by plenty of hands-on experience designing software using the new tools."
AI

XBOW's AI-Powered Pentester Grabs Top Rank on HackerOne, Raises $75M to Grow Platform (csoonline.com) 10

We're living in a new world now — one where it's an AI-powered penetration tester that "now tops an eminent US security industry leaderboard that ranks red teamers based on reputation." CSO Online reports: On HackerOne, which connects organizations with ethical hackers to participate in their bug bounty programs, "Xbow" scored notably higher than 99 other hackers in identifying and reporting enterprise software vulnerabilities. It's a first in bug bounty history, according to the company that operates the eponymous bot...

Xbow is a fully autonomous AI-driven penetration tester (pentester) that requires no human input, but, its creators said, "operates much like a human pentester" that can scale rapidly and complete comprehensive penetration tests in just a few hours. According to its website, it passes 75% of web security benchmarks, accurately finding and exploiting vulnerabilities.

Xbow submitted nearly 1,060 vulnerabilities to HackerOne, including remote code execution, information disclosures, cache poisoning, SQL injection, XML external entities, path traversal, server-side request forgery (SSRF), cross-site scripting, and secret exposure. The company said it also identified a previously unknown vulnerability in Palo Alto's GlobalProtect VPN platform that impacted more than 2,000 hosts. Of the vulnerabilities Xbow submitted over the last 90 days, 54 were classified as critical, 242 as high and 524 as medium in severity. The company's bug bounty programs have resolved 130 vulnerabilities, and 303 are classified as triaged.

Notably, though, roughly 45% of the vulnerabilities it found are still awaiting resolution, highlighting the "volume and impact of the submissions across live targets," Nico Waisman, Xbow's head of security, wrote in a blog post this week... To further hone the technology, the company developed "validators," — automated peer reviewers that confirm each uncovered vulnerability, Waisman explained.

"As attackers adopt AI to automate and accelerate exploitation, defenders must meet them with even more capable systems," XBOW's CEO said this week, as the company raised $75 million in Series B funding to grow its platform, bringing its total funding to $117 million. Help Net Security reports: With the new funding, XBOW plans to grow its engineering team and expand its go-to-market efforts. The product is now generally available, and the company says it is working with large banks, tech firms, and other organizations that helped shape the platform during its early testing phase. XBOW's long-term goal is to help security teams stay ahead of adversaries using advanced automation. As attackers increasingly turn to AI, the company argues that defenders will need equally capable systems to match their speed and sophistication.
HP

HPE Acquires Juniper Networks for $14B After Settling Antitrust Case (telecoms.com) 29

This week Hewlett-Packard Enterprise settled its antitrust case with America's Justice Department, "paving the way for its acquisition of rival kit maker Juniper Networks," reported Telecoms.com: Under the agreement, HPE has agreed to divest its Instant On unit, which sells a range of enterprise-grade Wi-Fi networking equipment for campus and branch deployments. It has also agreed to license Juniper's Mist AIOps source code — a software suite that enables AI-based network automation and management. HPE can live with that, since its primary motivation for buying Juniper is to improve its prospects in an IT networking market dominated by Cisco, where others like Arista and increasingly Nokia and Nvidia are also trying to make inroads.
And after receiving regulatory clearance, HPE "very quickly closed the deal..." reports The Motley Fool. "In the press release heralding the news, the buyer wrote that it "doubles the size of HPE's networking business and provides customers with a comprehensive portfolio of networking solutions." Investors were obviously happy about this, as according to data compiled by S&P Global Market Intelligence the company's stock price ballooned by nearly 16% across the week, largely on the news.... The Justice Department had alleged, in a lawsuit filed in January, that an HPE/Juniper tie-up would essentially result in a duopoly in networking equipment. It claimed that a beefed-up HPE and networking incumbent Cisco would hold more than 70% combined of the domestic market.
Thanks to long-time Slashdot reader AmiMoJo for sharing the news.
AI

AI Coding Agents Are Already Commoditized (seangoedecke.com) 64

Software engineer Sean Goedecke argues that AI coding agents have already been commoditized because they require no special technical advantages, just better base models. He writes: All of a sudden, it's the year of AI coding agents. Claude released Claude Code, OpenAI released their Codex agent, GitHub released its own autonomous coding agent, and so on. I've done my fair share of writing about whether AI coding agents will replace developers, and in the meantime how best to use them in your work. Instead, I want to make what I think is now a pretty firm observation: AI coding agents have no secret sauce.

[...] The reason everyone's doing agents now is the same reason everyone's doing reinforcement learning now -- from one day to the next, the models got good enough. Claude Sonnet 3.7 is the clear frontrunner here. It's not the smartest model (in my opinion), but it is the most agentic: it can stick with a task and make good decisions over time better than other models with more raw brainpower. But other AI labs have more agentic models now as well. There is no moat.

There's also no moat to the actual agent code. It turns out that "put the model in a loop with a 'read file' and 'write file' tool" is good enough to do basically anything you want. I don't know for sure that the closed-source options operate like this, but it's an educated guess. In other words, the agent hackers in 2023 were correct, and the only reason they couldn't build Claude Code then was that they were too early to get to use the really good models.

Software

The Software Engineering 'Squeeze' (manager.dev) 113

Software developer Anton Zaides argues that software engineers have had it easy over the decades and the "best profession" on earth deserved the wake up call. He writes:It's not just one of the hardest times, it's also one of the most exciting.

I'm hugely optimistic about the software engineering career. All those companies started by vibe-coders all around you? Many will succeed, and will need great engineers to scale up.

Some engineers understand this, and use the chance to skill up. To succeed, you'll probably need all the skills of an engineer, some of a PM, and even a bit of design taste. It's not just about shipping code anymore.

But if you work as a code monkey, getting detailed tickets and just shipping them, you've done this to yourself. You won't be needed pretty soon.

I believe there are too many mediocre engineers, but also not enough great ones.

Microsoft

Microsoft Shuts Down Operations in Pakistan After 25 Years (pakistantoday.com.pk) 38

Newspaper Pakistan Today: In a significant moment for Pakistan's technology sector, Microsoft has officially shut down its operations in the country, concluding a 25-year journey that began with high hopes for digital transformation and global partnership.

The move, confirmed by employees and media sources, marks the quiet departure of the software giant, which had launched its Pakistan presence in June 2000. The last remaining employees were formally informed of the closure in recent days, signalling the end of an era that saw Microsoft play a key role in developing local talent, building enterprise partnerships, and promoting digital literacy across sectors.

United Kingdom

Nearly 1,000 Britons Will Keep Four-Day Work Week After Trial (theguardian.com) 38

An anonymous reader quotes a report from The Guardian: Nearly 1,000 British workers will keep a shorter working week after the latest trial of a four-day week and similar changes to traditional working patterns. All 17 British businesses in a six-month trial of the four-day week said they would continue with an arrangement consisting of either four days a week or nine days a fortnight. All the employees remained on their full salary. The trial was organized by the 4 Day Week Foundation, a group campaigning for more businesses to take up shorter working weeks.

The latest test follows a larger six-month pilot in 2022, involving almost 3,000 employees, which ended in 56 of 61 companies cutting down their hours from a five-day working week. [...] Researchers at Boston College, a US university, said the findings from the latest trial were "extremely positive" for workers. They found that 62% of workers reported that they experienced less burnout during the trial, according to a poll of 89 people. Forty-five percent of those polled said they felt "more satisfied with life."

The 4 Day Week Foundation has run successive trials to gather data and demonstrate how companies can make the switch. In January, the foundation said more than 5,000 people from a previous wave had started the year permanently working a four-day week. Companies involved in the latest trial, which started in November, included charities and professional services firms, with the number of employees at each employer ranging between five and 400. They included the British Society for Immunology and Crate Brewery in Hackney, east London. [...] The small web software company BrandPipe said that the latest trial had been a success for the business, coinciding with increased sales.
Geoff Slaughter, BrandPipe's chief executive, said: "The trial's been an overwhelming success because it has been the launchpad for us to consider what constitutes efficiency, and financial performance is double what it was before."

Slaughter added: "If we're going to see it rolled out more substantially across different sectors, there should be incentives for early adopters, because we're creating the blueprint for the future."
IT

Citi Spends $9 Billion on Tech Overhaul After Series of Costly Errors (yahoo.com) 13

Citigroup spent over $9 billion on technology and communications last year, almost a fifth of total operating expenses and a larger proportion than competitors, as the bank works to fix legacy software systems that have produced costly errors including accidentally wiring more than $900 million to Revlon creditors.

The bank has consolidated 12 international sanctions screening systems into one platform, retired 20 cash equities platforms and launched a replacement, and automated high-risk processes where "fat-finger" errors previously occurred. Recent mistakes included crediting one account with $81 trillion after an employee failed to remove zeros from an electronic form and a copy-paste error that almost missent $6 billion.

Slashdot Top Deals