Memory safety bugs are "eroding trust in technology and costing billions," argues a new post on Google's security blog — adding that "traditional approaches, like code auditing, fuzzing, and exploit mitigations — while helpful — haven't been enough to stem the tide."

So the blog post calls for a "common framework" for "defining specific, measurable criteria for achieving different levels of memory safety assurance." The hope is this gives policy makers "the technical foundation to craft effective policy initiatives and incentives promoting memory safety" leading to "a market in which vendors are incentivized to invest in memory safety." ("Customers will be empowered to recognize, demand, and reward safety.")

In January the same Google security researchers helped co-write an article noting there are now strong memory-safety "research technologies" that are sufficiently mature: memory-safe languages (including "safer language subsets like Safe Buffers for C++"), mathematically rigorous formal verification, software compartmentalization, and hardware and software protections. (With hardware protections including things like ARM's Memory Tagging Extension and the (Capability Hardware Enhanced RISC Instructions, or "CHERI", architecture.) Google's security researchers are now calling for "a blueprint for a memory-safe future" — though Importantly, the idea is "defining the desired outcomes rather than locking ourselves into specific technologies."

Their blog post this week again urges a practical/actionable framework that's commonly understood, but one that supports different approaches (and allowing tailoring to specific needs) while enabling objective assessment: At Google, we're not just advocating for standardization and a memory-safe future, we're actively working to build it. We are collaborating with industry and academic partners to develop potential standards, and our joint authorship of the recent CACM call-to-action marks an important first step in this process... This commitment is also reflected in our internal efforts. We are prioritizing memory-safe languages, and have already seen significant reductions in vulnerabilities by adopting languages like Rust in combination with existing, wide-spread usage of Java, Kotlin, and Go where performance constraints permit. We recognize that a complete transition to those languages will take time. That's why we're also investing in techniques to improve the safety of our existing C++ codebase by design, such as deploying hardened libc++.

This effort isn't about picking winners or dictating solutions. It's about creating a level playing field, empowering informed decision-making, and driving a virtuous cycle of security improvement... The journey towards memory safety requires a collective commitment to standardization. We need to build a future where memory safety is not an afterthought but a foundational principle, a future where the next generation inherits a digital world that is secure by design.
The security researchers' post calls for "a collective commitment" to eliminate memory-safety bugs, "anchored on secure-by-design practices..." One of the blog post's subheadings? "Let's build a memory-safe future together."

And they're urging changes "not just for ourselves but for the generations that follow."

New submitter TronNerd82 writes: Linuxiac reports that the 6th alpha release of the COSMIC desktop environment has been released. The new alpha release includes zooming, desktop icon management, some new scaling options, and improved accessibility features. Also included in the release are a number of bug fixes.

These include, but are not limited to:
- Fixing a crash issue in Steam, and fixing certain issues for Radeon RX GPUs
- Fixing a bug that prevented icons from appearing in screenshots
- Adding a layer of polish to the COSMIC Files application by adding folder size metadata and preventing crashes

Also of note are a number of memory usage reductions across the board. COSMIC Alpha 6 also replaces the default font, changing from Fira Sans to Open Sans, with Noto Sans Mono as the default monospace font. Additional changes can be found in System76's official announcement.

Autodesk said it would cut 1,350 employees, or about 9% of its workforce, as part of a pivot to the cloud and artificial intelligence. Fast Company reports: Companies across sectors such as architecture, engineering, construction, and product design are making extensive use of Autodesk's 3D design solutions, with the software maker's artificial intelligence and machine learning capabilities further driving spending on its products. Autodesk saw a 23% jump in total billings to $2.11 billion in the fourth quarter ended January 31.

The company's international operations have particularly shown strength, while analysts have also noted that the company was outpacing peers in the manufacturing sector, driven by the performance of its "Fusion" design software.

The Ninth Circuit Court of Appeals is set to review a California district court's ruling in Neo4j v. PureThink, which upheld Neo4j's right to modify the GNU AGPLv3 with additional binding terms. If the appellate court affirms this decision, it could set a precedent allowing licensors to impose unremovable restrictions on open-source software, potentially undermining the enforceability of GPL-based licenses and threatening the integrity of the open-source ecosystem. The Register reports: The GNU AGPLv3 is a free and open source software (FOSS) license largely based on the GNU GPLv3, both of which are published by the Free Software Foundation (FSF). Neo4j provided database software under the AGPLv3, then tweaked the license, leading to legal battles over forks of the software. The AGPLv3 includes language that says any added restrictions or requirements are removable, meaning someone could just file off Neo4j's changes to the usage and distribution license, reverting it back to the standard AGPLv3, which the biz has argued and successfully fought against in that California district court.

Now the matter, the validity of that modified FOSS license, is before an appeals court in the USA. "I don't think the community realizes that if the Ninth Circuit upholds the lower court's ruling, it won't just kill GPLv3," PureThink's John Mark Suhy told The Register. "It will create a dangerous legal precedent that could be used to undermine all open-source licenses, allowing licensors to impose unexpected restrictions and fundamentally eroding the trust that makes open source possible."

Perhaps equally concerning is the fact that Suhy, founder and CTO of PureThink and iGov (the two firms sued by Neo4j), and presently CTO of IT consultancy Greystones Group, is defending GPL licenses on his own, pro se, without the help of the FSF, founded by Richard Stallman, creator of the GNU General Public License. "I'm actually doing everything pro se because I used up all my savings to fight it in the lower court," said Suhy. "I'm surprised the Free Software Foundation didn't care too much about it. They always had an excuse about not having the money for it. Luckily the Software Freedom Conservancy came in and helped out there."

Mozilla has denied allegations that its new Firefox browser terms of service allow it to harvest user data for artificial intelligence training, following widespread criticism of the recently updated policy language. The controversy erupted after Firefox introduced terms that grant Mozilla "a nonexclusive, royalty-free, worldwide license to use that information" when users upload content through the browser, prompting competitor Brave Software's CEO Brendan Eich to suggest a business pivot toward data monetization.

"These changes are not driven by a desire by Mozilla to use people's data for AI or sell it to advertisers," Mozilla spokesperson Kenya Friend-Daniel told TechCrunch. "Our ability to use data is still limited by what we disclose in the Privacy Notice." The company clarified that its AI features operate locally on users' devices and don't send content data to Mozilla. Any data shared with advertisers is provided only on a "de-identified or aggregated basis," according to the spokesperson. Mozilla explained it used specific legal terms -- "nonexclusive," "royalty-free," and "worldwide" -- because Firefox is free, available globally, and allows users to maintain control of their own data.

Researchers at George Mason University discovered a vulnerability in Apple's Find My network that allows hackers to silently track any Bluetooth device as if it were an AirTag, without the owner's knowledge. 9to5Mac reports: Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for Bluetooth addresses. This was made possible by using "hundreds" of GPUs to find a key match. The exploit called "nRootTag" has a frightening success rate of 90% and doesn't require "sophisticated administrator privilege escalation."

In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person's flight path by tracking their game console. "While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this," said one of the researchers. Apple has acknowledged the George Mason researchers for discovering a Bluetooth exploit in its Find My network but has yet to issue a fix. "For now, they advise users to never allow unnecessary access to the device's Bluetooth when requested by apps, and of course, always keep their device's software updated," reports 9to5Mac.

OpenAI released an early version of its new AI model GPT-4.5 to select users on Thursday, following development challenges that delayed the project last year. The Microsoft-backed startup said the new model responds better to subtle cues in written prompts and excels at chatting, writing and coding. OpenAI expects it will produce fewer fabricated responses than previous versions.

Initially available as a "research preview," access is limited to software developers and users who pay $200 monthly for ChatGPT Pro subscriptions. The company plans to gather feedback before wider distribution. According to OpenAI's blog post, GPT-4.5 will be the company's last model that doesn't use additional computing power to analyze queries before responding. Future releases will incorporate the reasoning approach already used in its newer models like o1 and o3.

When developers boast "I could write that in a weekend," they're missing the painful reality that haunts software maintainers for years. In a candid blog post, Construct developer Ashley explains why maintaining large software projects is a burden most programmers fail to appreciate. "Writing the initial code for a feature is only a fraction of the work," Ashley explains, estimating it represents just "25% of the total work" in Construct's 750,000-line codebase. The rest? A grinding cycle of "testing, diagnosing and fixing bugs, optimizing performance, upgrading it to work with other changes, refactoring, customer support, writing documentation and similarly revising the documentation over time."

Ashley describes how accepting code contributions feels like someone offering to build you a free extension -- initially attractive until the roof starts leaking years later and the original builder is nowhere to be found. Meanwhile, your tenants (users) are furious, and you're stuck with "no good options." The post recounts Construct's own bruises: a community-contributed storage plugin still causing compatibility headaches a decade later, and third-party libraries that became maintenance nightmares after their creators vanished.

These experiences explain why seasoned maintainers eye large code contributions with deep suspicion rather than gratitude. "If you suggest some software project uses some code -- even a small amount -- will you be there in literally 10 year's time sorting out all the issues that arise from it?" Ashley asks. "Usually the answer is no."

What Chris Horsley expected to be a 10-minute washing machine installation stretched to four hours and required five trips to the hardware store. The CTO of security consultancy firm documented how unexpected obstacles -- drilling through shelves, replacing incompatible hoses, and removing hidden caps -- derailed his timeline.

Horsley draws a direct parallel to software development, where estimation regularly fails despite experience. "While 90% of the project will be the same, there's going to be one critical difference between the last 5 projects and this project that seemed trivial at the time of estimation but will throw off our whole schedule," he writes in a blog.

These disruptions often appear as unmaintained frameworks, obsolete development tools, or incompatible infrastructure components that weren't visible during planning. The software development environment changes rapidly, creating what Horsley describes as "unknown unknowns." Despite thorough requirements gathering, developers inevitably encounter unanticipated blockers, transforming familiar-looking tasks into complex challenges.

In an interview with CNBC's Jon Fortt on Wednesday, Nvidia CEO Jensen Huang said next-gen AI will need 100 times more compute than older models as a result of new reasoning approaches that think "about how best to answer" questions step by step. From a report: "The amount of computation necessary to do that reasoning process is 100 times more than what we used to do," Huang told CNBC's Jon Fortt in an interview on Wednesday following the chipmaker's fourth-quarter earnings report. He cited models including DeepSeek's R1, OpenAI's GPT-4 and xAI's Grok 3 as models that use a reasoning process.

Huang pushed back on that idea in the interview on Wednesday, saying DeepSeek popularized reasoning models that will need more chips. "DeepSeek was fantastic," Huang said. "It was fantastic because it open sourced a reasoning model that's absolutely world class." Huang said that company's percentage of revenue in China has fallen by about half due to the export restrictions, adding that there are other competitive pressures in the country, including from Huawei.

Developers will likely search for ways around export controls through software, whether it be for a supercomputer, a personal computer, a phone or a game console, Huang said. "Ultimately, software finds a way," he said. "You ultimately make that software work on whatever system that you're targeting, and you create great software." Huang said that Nvidia's GB200, which is sold in the United States, can generate AI content 60 times faster than the versions of the company's chips that it sells to China under export controls.

A Disney employee's download of an AI image generation tool from GitHub led to a massive data breach in July 2024, exposing over 44 million internal Slack messages. The software contained infostealer malware that compromised Matthew Van Andel's computer [non-paywalled source] for five months, giving hackers access to his 1Password manager.

The attackers used the stolen credentials to access Disney's corporate systems, publishing sensitive information including customer data, employee passport numbers, and revenue figures from Disney's theme parks and streaming services. The breach also devastated Van Andel personally. Hackers exposed his Social Security number, financial login details, and even credentials for his home's Ring cameras. Shortly after the incident, Disney fired Van Andel following a forensic analysis of his work computer, citing misconduct he denies. Security researchers believe the attacker, who identified as part of a Russia-based hacktivist group called Nullbulge, is likely an American individual.

An anonymous reader quotes a report from 9to5Google: Starting with the Snapdragon 8 Elite, Qualcomm will offer device manufacturers (OEMs) the "ability to provide support for up to eight consecutive years of Android software and security updates." Qualcomm today announced a "program" in partnership with Google: "What this means is that support for platform software included in this program will be made available to OEMs for eight consecutive years, including both Android OS and kernel upgrades, without requiring significant changes or upgrades to the platform and OEM code on the device (a separation commonly referred as 'Project Treble' or the 'vendor implementation'). While kernel changes will require updating kernel mode drivers, the vendor code can remain unchanged while the software support is being provided."

This program specifically includes "two upgrades to the mobile platform's Android Common Kernel (ACK) to support the eight-year window." It's ultimately up to manufacturers to update their devices, but the bottleneck going forward won't be the chip. Qualcomm today notes how the extended software support it's providing can "lower costs for OEMs interested in supporting their devices longer." The first devices to benefit are Snapdragon 8 Elite-powered smartphones launching with Android 15. Notably, the program runs for the "next five generations" of SoCs, including Snapdragon 8 and 7-series chips launching "later this year." Older chipsets will not benefit from this program.

Microsoft has updated its CPU compatibility list for Windows 11 24H2, excluding pre-11th-generation Intel processors for OEMs building new PCs. The Register reports: Windows 11 24H2 has been available to customers for months, yet Microsoft felt compelled in its February update to confirm that builders, specifically, must use Intel's 11th-generation or later silicon when building brand new PCs to run its most recent OS iteration. "These processors meet the design principles around security, reliability, and the minimum system requirements for Windows 11," Microsoft says.

Intel's 11th-generation chips arrived in 2020 and were discontinued last year. It would be surprising, if not unheard of, for OEMs to build machines with unsupported chips. Intel has already transitioned many pre-11th generation chips to "a legacy software support model," so Microsoft's decision to omit the chips from the OEM list is understandable. However, this could be seen as a creeping problem. Chips made earlier than that were present very recently, in the list of supported Intel processors for Windows 11 22H2 and 23H2.

This new OEM list may add to worries of some users looking at the general hardware compatibility specs for Windows 11 and wondering if the latest information means that even the slightly newer hardware in their org's fleet will soon no longer meet the requirements of Microsoft's flagship operating system. It's a good question, and the answer -- currently -- appears to be that those "old" CPUs are still suitable. Microsoft has a list of hardware compatibility requirements that customers can check, and they have not changed much since the outcry when they were first published.

An anonymous reader quotes a report from Reuters: Cloud communications software firm Bird, one of the Netherlands' most prominent tech startups, plans to move most of its operations out of Europe, its CEO said, citing restrictive regulations and difficulties hiring skilled technology workers. "We are mostly leaving Europe as it lacks the environment we need to innovate in an AI-first era of technology," CEO Robert Vis told Reuters on Monday. "We foresee that regulations in Europe will block true innovation in a global economy moving extremely fast to AI," he said in a text message response to Reuters queries.

Bird's operations in future will be mostly split between New York, Singapore and Dubai, he said. Vis first announced the move abroad in a LinkedIn post over the weekend. Bird, formerly known as Message Bird, was founded in Amsterdam in 2011. It is a competitor of U.S.-based Twilio in the market for helping companies manage their communications with consumers across digital mediums such as messaging, email and video apps. It says it has developed an AI-powered platform that automates and streamlines business operations across entire organizations including tech leaders.

Microsoft has quietly launched a new version of Microsoft Office for Windows that can be used to edit documents for free, no Microsoft 365 subscription or Office license key required. From a report: This free version of Office is based on the full desktop apps, but has most features locked behind the Microsoft 365 subscription. The free version of Office for Windows includes ads that are permanently on screen when within a document in Word, PowerPoint, and Excel. Additionally, this new free version of Office also only allows you to save files to OneDrive, meaning no support for editing local files. To access the free version of Office, just skip the prompt to sign-in when you first run an Office app. From there, you will be given the choice to continue to use Office for free in exchange for ads and limited features. In this mode, you can open, view, and even edit documents, just like you can with the web version of Office.

Major corporations are reshaping their workforces around AI with Salesforce announcing it will not hire software engineers in 2025 and other companies laying off thousands while shifting focus to AI-specific roles. Duolingo has laid off thousands after implementing ChatGPT-4, UPS cut 4,000 jobs in its largest layoff in 116 years, and IBM paused hiring for back-office and HR positions that AI can now handle.

Amazon is redirecting staff from Alexa to AI areas, while Intuit is laying off 10% of its non-AI workforce. Cisco plans to cut 7% of employees in its second round of job cuts this year as it prioritizes AI and cybersecurity. Salesforce reports its AI platform is boosting software engineering productivity by 30%. SAP is restructuring 8,000 positions to focus on AI-driven business areas. The trend extends globally, with Microsoft relocating thousands during an "exodus" from China, while entry-level jobs on Wall Street are becoming obsolete.

A study found that 3 out of 10 companies replaced workers with AI last year, with over one-third of firms using AI likely to automate more roles in 2025. Job listings at large privately-held AI companies have dropped 14.2% over six months, JP Morgan wrote in a note seen by Slashdot. The transformation is creating new opportunities, with rising demand for AI skills in job postings. A survey of more than 1,200 users found nearly two-thirds of young professionals use AI tools at work, with 93% not worried about job threats, as business leaders view Generation Z's digital skills as beneficial for leveraging AI.

Oracle founder Larry Ellison's agricultural technology venture Sensei Ag has largely failed to deliver on its ambitious goals despite costing more than half a billion dollars, more than he spent to purchase Hawaii's Lanai island itself. Eight years after its founding, little of the revolutionary technology Sensei promised - including AI crop breeding, robotic harvesting, and advanced sensors - is being utilized in its six greenhouses on Lanai, according to WSJ.

The company has faced numerous setbacks, including greenhouses that weren't built to withstand Lanai's strong winds, solar panels that malfunctioned, and executives with limited agricultural experience. Far from its original mission to "feed the world," Sensei currently grows lettuce and cherry tomatoes primarily for Hawaii's local market, while its Canadian operations supply some East Coast supermarkets. The company has pivoted to focus on developing software and robotics at test centers in Southern California, aiming to eventually license technology packages to other indoor farms.

Cloud communications software firm Bird, one of the Netherlands' most prominent tech startups, plans to move most of its operations out of Europe, its CEO said, citing restrictive regulations and difficulties hiring skilled technology workers. From a report: "We are mostly leaving Europe as it lacks the environment we need to innovate in an AI-first era of technology," CEO Robert Vis told Reuters on Monday. "We foresee that regulations in Europe will block true innovation in a global economy moving extremely fast to AI," he said in a text message response to Reuters queries. Bird's operations in future will be mostly split between New York, Singapore and Dubai, he said.

America's Labor Department includes the fact-finding Bureau of Labor Statistics — and they recently explained how AI impacts their projections for the next 10 years. Their conclusion, writes Investopedia, was that "tech workers might not have as much to worry about as one might think." Employment in the professional, scientific, and technical services sector is forecast to increase by 10.5% from 2023 to 2033, more than double the national average. According to the BLS, the impact AI will have on tech-sector employment is highly uncertain. For one, AI is adept at coding and related tasks. But at the same time, as digital systems become more advanced and essential to day-to-day life, more software developers, data managers, and the like are going to be needed to manage those systems. "Although it is always possible that AI-induced productivity improvements will outweigh continued labor demand, there is no clear evidence to support this conjecture," according to BLS researchers.
Their employment projections through 2033 predict the fastest-growing sector within the tech industry will be computer system design, while the fastest-growing occupation will be data scientist.

And they also project that from 2023 through 2033 AI will "primarily affect occupations whose core tasks can be most easily replicated by GenAI in its current form." So over those 10 years they project a 4.7% drop in employment of medical transcriptionists and a 5.0% drop in employment of customer service representatives. Other occupations also may see AI impacts, although not to the same extent. For instance, computer occupations may see productivity impacts from AI, but the need to implement and maintain AI infrastructure could in actuality boost demand for some occupations in this group.
They also project decreasing employment for paralegals, but with actual lawyers being "less affected."

This year's "State of Rust" survey was completed by 7,310 Rust developers. DevClass note some key findings: When asked about their biggest worries for Rust's future, 45.5 percent cited "not enough usage in the tech industry," up from 42.5 percent last year, just ahead of the 45.2 percent who cited complexity as a concern... Only 18.6 percent declared themselves "not worried," though this is a slight improvement on 17.8 percent in 2023...

Another question asks whether respondents are using Rust at work. 38.2 percent claimed to use it for most of their coding [up from 34% in 2023], and 13.4 percent a few times a week, accounting for just over half of responses. At the organization level there is a similar pattern. 45.5 percent of organizations represented by respondents make "non-trivial use of Rust," up from 38.7 percent last year.
More details from I Programmer: On the up are "Using Rust helps us achieve or goals", now 82% compared to 72% in 2022; "We're likely to use Rust again in the future", up 3% to 78%; and "Using Rust has been worth the cost of Adoption". Going down are "Adopting Rust has been challenging", now 34.5% compared to 38.5% in 2022; and "Overall adopting Rust has slowed down our team" down by over 2% to 7%.
"According to the survey, organizations primarily choose Rust for building correct and bug-free software (87.1%), performance characteristics (84.5%), security and safety properties (74.8%), and development enjoyment (71.2%)," writes The New Stack: Rust seems to be especially popular for creating server backends (53.4%), web and networking services, cloud technologies and WebAssembly, the report said. It also seems to be gaining more traction for embedded use cases... Regarding the preferred development environment, Linux remains the dominant development platform (73.7%).

However, although VS Code remains the leading editor, its usage dropped five percentage points, from 61.7% to 56.7%, but the Zed editor gained notable traction, from 0.7% to 8.9%. Also, "nine out of 10 Rust developers use the current stable version, suggesting strong confidence in the language's stability," the report said...

Overall, 82% of respondents report that Rust helped their company achieve its goals, and daily Rust usage increased to 53% (up four percentage points from 2023). When asked why they use Rust at work, 47% of respondents cited a need for precise control over their software, which is up from 37% when the question was asked two years ago.